BLOB='fd=', @ANYRESHEX=r2, @ANYBLOB="2c726f6f746d6f64026e0a7409e9653d3030300600000032303030302e5d194252fbf03e3030302c7573", @ANYRESDEC=r3, @ANYBLOB=',group_id=', @ANYRESDEC=r1, @ANYBLOB=',blksize=0x0000000000000000,blksize=0x0000000000001400,default_permissions,dont_hash,\x00']) (async) r4 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) r5 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) read$FUSE(r4, &(0x7f0000000680)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_STATFS(r5, &(0x7f0000000080)={0x60, 0x0, r6}, 0x60) (async) write$FUSE_WRITE(r2, &(0x7f0000000080)={0x18, 0xffffffffffffffda, r6, {0x4}}, 0x18) (async) write$FUSE_NOTIFY_DELETE(r0, &(0x7f0000000040)={0x29, 0x6, 0x0, {0x5, 0x1}}, 0x29) 10:58:02 executing program 2: sendmsg$RDMA_NLDEV_CMD_RES_PD_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x40, 0x140e, 0x100, 0x70bd2e, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x1}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x1}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8}, @RDMA_NLDEV_ATTR_RES_PDN={0x8, 0x3c, 0x2}]}, 0x40}, 0x1, 0x0, 0x0, 0x1}, 0x20000090) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x28002, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) read$msr(r0, &(0x7f0000000040)=""/164, 0xa4) 10:58:02 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 14) 10:58:02 executing program 3: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) write$FUSE_NOTIFY_POLL(0xffffffffffffffff, &(0x7f0000000000)={0x18, 0x1, 0x0, {0x10001}}, 0x18) 10:58:02 executing program 2: sendmsg$RDMA_NLDEV_CMD_RES_PD_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x40, 0x140e, 0x100, 0x70bd2e, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x1}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x1}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8}, @RDMA_NLDEV_ATTR_RES_PDN={0x8, 0x3c, 0x2}]}, 0x40}, 0x1, 0x0, 0x0, 0x1}, 0x20000090) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x28002, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) read$msr(r0, &(0x7f0000000040)=""/164, 0xa4) [ 2033.869614] RIP: 0033:0x7fc09e230109 [ 2033.873303] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2033.880999] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 [ 2033.888246] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 [ 2033.895495] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 [ 2033.902747] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2033.909991] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 10:58:02 executing program 3: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) write$FUSE_NOTIFY_POLL(0xffffffffffffffff, &(0x7f0000000000)={0x18, 0x1, 0x0, {0x10001}}, 0x18) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) (async) write$FUSE_NOTIFY_POLL(0xffffffffffffffff, &(0x7f0000000000)={0x18, 0x1, 0x0, {0x10001}}, 0x18) (async) 10:58:02 executing program 5: sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x401400}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x30, 0x140b, 0x414, 0x70bd25, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_RES_CM_IDN={0x8, 0x3f, 0x4}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @RDMA_NLDEV_ATTR_RES_CM_IDN={0x8, 0x3f, 0x3}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000800}, 0x4) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) ioctl$PPPIOCSFLAGS1(r0, 0x40047459, &(0x7f0000000100)=0x5) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) 10:58:03 executing program 2: sendmsg$RDMA_NLDEV_CMD_RES_PD_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x40, 0x140e, 0x100, 0x70bd2e, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x1}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x1}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8}, @RDMA_NLDEV_ATTR_RES_PDN={0x8, 0x3c, 0x2}]}, 0x40}, 0x1, 0x0, 0x0, 0x1}, 0x20000090) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x28002, 0x0) (async) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) read$msr(r0, &(0x7f0000000040)=""/164, 0xa4) 10:58:03 executing program 5: sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x401400}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x30, 0x140b, 0x414, 0x70bd25, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_RES_CM_IDN={0x8, 0x3f, 0x4}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @RDMA_NLDEV_ATTR_RES_CM_IDN={0x8, 0x3f, 0x3}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000800}, 0x4) (async) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) (async) ioctl$PPPIOCSFLAGS1(r0, 0x40047459, &(0x7f0000000100)=0x5) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) 10:58:03 executing program 2: prctl$PR_SET_KEEPCAPS(0x8, 0x1) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0x3, 0x3, 0x1f, 0x200, 0x10, 0x1, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x3, 0x5}, 0x48) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f00000002c0)={&(0x7f0000000000)="1765230681d6186a3db153a991e91b7dab3976ab9625f6830dc413908d169d5f", &(0x7f0000000300)=""/71, &(0x7f00000000c0)="8716537a3bd1f11e314649b5289c651e0532fa36e2bd60a3951d5c14c2fcd0e291707b43a68c4b191fcdeee5ab71c95e6b68b202227e93616b0f366ad80c7d45abb3abc0f19f7fa40dcf158f32e350e166d3bb8830207bde2aa4936aaa4d653872b826cf44ae4db5a219198835065966f060accce912a4edd5e1eaa4d5a5be4a8e897ac48892913e409c34b3138e0e55972d192e802ff427e95f27627157e46b5167c5831d04b0bd41f44ef0484eb379747bb9080af6ec0fbed1255c1fa23530a2065c809a9c36062e0d4f6ff7", &(0x7f0000000040)="657444833d79005691b2878e824fb3c8e443c0cd2821b6ca9d2179507f2e2b9e2f45622cacc8f28293291195dd490e41e28b6384628103dc3d1d14366b84", 0x6001c, r0}, 0x38) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000004c0)={&(0x7f0000000080)="f7b7f0", &(0x7f00000001c0)=""/23, &(0x7f0000000380)="adfb1ede59e9f57fb5c4a5ae91ffa353e761ab4abbde4bb95b3e5befe1dff2f92a89327bf6f2f8b45f5f590c54782175db12e3a74738f0c04ff659494a7fe356e1d4ab1266f27b427fc7d482f3d7dc0c0f939d08d137a6074ab58dd8e6f77b978d476f66fb6c0da1eac99b699aaac2d5e0bddeef55d38155b410d9fe31d2dbb825bbf7a49bdcf92799f3b4ed44aade0a89f5836f1ec13a47036a8d4e0ca25e1756ed79875051bba2b85ff781c0ee4aade5d5c1aa72e6bd74c09d500df87de0f21b79338a7e297ba66cc3ef08b98cf05eb6fe818f46e6d6d748d0b565a658289307c50a830e2fff00e69015273d6f33ce", &(0x7f0000000480)="f08dfadee0fa181d04f775d169f51ba77f01e60b", 0xffffff63, r0, 0x4}, 0x38) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000580)={r1, &(0x7f0000000500)="b11d5be6c5b341753b317bd8588fc54fb65095acab3f65ea8a22b16ac9ac58940e8d4dacd9bee35415fddf4752aa756ef183c679794a7caeb27278712158bde173cb7e1efc1a7d9e71a4a75e68db203934aa721f437a370810c08f70e5693ea77fbc02c68066d661192b546a"}, 0x20) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) [ 2033.999456] FAULT_INJECTION: forcing a failure. [ 2033.999456] name failslab, interval 1, probability 0, space 0, times 0 [ 2034.032959] FAULT_INJECTION: forcing a failure. [ 2034.032959] name failslab, interval 1, probability 0, space 0, times 0 [ 2034.057095] CPU: 0 PID: 22932 Comm: syz-executor.0 Not tainted 4.14.286-syzkaller #0 [ 2034.065000] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2034.067504] FAULT_INJECTION: forcing a failure. [ 2034.067504] name failslab, interval 1, probability 0, space 0, times 0 [ 2034.074346] Call Trace: [ 2034.074364] dump_stack+0x1b2/0x281 [ 2034.074378] should_fail.cold+0x10a/0x149 [ 2034.074391] should_failslab+0xd6/0x130 [ 2034.074403] kmem_cache_alloc_trace+0x29a/0x3d0 [ 2034.074416] fuse_fill_super+0x74f/0x15c0 [ 2034.074431] ? fuse_get_root_inode+0xc0/0xc0 [ 2034.113045] ? up_write+0x17/0x60 [ 2034.113057] ? register_shrinker+0x15f/0x220 [ 2034.120886] ? sget_userns+0x768/0xc10 [ 2034.124775] ? get_anon_bdev+0x1c0/0x1c0 [ 2034.128817] ? sget+0xd9/0x110 [ 2034.131994] ? fuse_get_root_inode+0xc0/0xc0 [ 2034.136392] mount_nodev+0x4c/0xf0 [ 2034.139935] mount_fs+0x92/0x2a0 [ 2034.143296] vfs_kern_mount.part.0+0x5b/0x470 [ 2034.147787] do_mount+0xe65/0x2a30 [ 2034.151316] ? copy_mount_string+0x40/0x40 [ 2034.155536] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 2034.160544] ? copy_mnt_ns+0xa30/0xa30 [ 2034.164414] ? copy_mount_options+0x1fa/0x2f0 [ 2034.168890] ? copy_mnt_ns+0xa30/0xa30 [ 2034.172762] SyS_mount+0xa8/0x120 [ 2034.176201] ? copy_mnt_ns+0xa30/0xa30 [ 2034.180071] do_syscall_64+0x1d5/0x640 [ 2034.183943] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2034.189115] RIP: 0033:0x7f1db9ff7109 [ 2034.192804] RSP: 002b:00007f1db896c168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2034.200492] RAX: ffffffffffffffda RBX: 00007f1dba109f60 RCX: 00007f1db9ff7109 [ 2034.207743] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 [ 2034.214997] RBP: 00007f1db896c1d0 R08: 0000000020000000 R09: 0000000000000000 [ 2034.222249] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2034.229500] R13: 00007fffbf242e2f R14: 00007f1db896c300 R15: 0000000000022000 [ 2034.236764] CPU: 1 PID: 22940 Comm: syz-executor.4 Not tainted 4.14.286-syzkaller #0 [ 2034.244652] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2034.254000] Call Trace: [ 2034.256584] dump_stack+0x1b2/0x281 [ 2034.260224] should_fail.cold+0x10a/0x149 [ 2034.260239] should_failslab+0xd6/0x130 [ 2034.260251] kmem_cache_alloc_node+0x263/0x410 [ 2034.260267] __alloc_skb+0x5c/0x510 [ 2034.260282] netlink_sendmsg+0x91e/0xbc0 [ 2034.260296] ? nlmsg_notify+0x1b0/0x1b0 10:58:03 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 11) 10:58:03 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@updsa={0xf0, 0x1a, 0xf03, 0x0, 0x0, {{@in=@local, @in=@loopback}, {@in6=@empty}, @in=@remote}}, 0xf0}}, 0x0) (fail_nth: 2) 10:58:03 executing program 3: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) (async) write$FUSE_NOTIFY_POLL(0xffffffffffffffff, &(0x7f0000000000)={0x18, 0x1, 0x0, {0x10001}}, 0x18) 10:58:03 executing program 2: prctl$PR_SET_KEEPCAPS(0x8, 0x1) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0x3, 0x3, 0x1f, 0x200, 0x10, 0x1, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x3, 0x5}, 0x48) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f00000002c0)={&(0x7f0000000000)="1765230681d6186a3db153a991e91b7dab3976ab9625f6830dc413908d169d5f", &(0x7f0000000300)=""/71, &(0x7f00000000c0)="8716537a3bd1f11e314649b5289c651e0532fa36e2bd60a3951d5c14c2fcd0e291707b43a68c4b191fcdeee5ab71c95e6b68b202227e93616b0f366ad80c7d45abb3abc0f19f7fa40dcf158f32e350e166d3bb8830207bde2aa4936aaa4d653872b826cf44ae4db5a219198835065966f060accce912a4edd5e1eaa4d5a5be4a8e897ac48892913e409c34b3138e0e55972d192e802ff427e95f27627157e46b5167c5831d04b0bd41f44ef0484eb379747bb9080af6ec0fbed1255c1fa23530a2065c809a9c36062e0d4f6ff7", &(0x7f0000000040)="657444833d79005691b2878e824fb3c8e443c0cd2821b6ca9d2179507f2e2b9e2f45622cacc8f28293291195dd490e41e28b6384628103dc3d1d14366b84", 0x6001c, r0}, 0x38) (async) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000004c0)={&(0x7f0000000080)="f7b7f0", &(0x7f00000001c0)=""/23, &(0x7f0000000380)="adfb1ede59e9f57fb5c4a5ae91ffa353e761ab4abbde4bb95b3e5befe1dff2f92a89327bf6f2f8b45f5f590c54782175db12e3a74738f0c04ff659494a7fe356e1d4ab1266f27b427fc7d482f3d7dc0c0f939d08d137a6074ab58dd8e6f77b978d476f66fb6c0da1eac99b699aaac2d5e0bddeef55d38155b410d9fe31d2dbb825bbf7a49bdcf92799f3b4ed44aade0a89f5836f1ec13a47036a8d4e0ca25e1756ed79875051bba2b85ff781c0ee4aade5d5c1aa72e6bd74c09d500df87de0f21b79338a7e297ba66cc3ef08b98cf05eb6fe818f46e6d6d748d0b565a658289307c50a830e2fff00e69015273d6f33ce", &(0x7f0000000480)="f08dfadee0fa181d04f775d169f51ba77f01e60b", 0xffffff63, r0, 0x4}, 0x38) (async) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) (async) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000580)={r1, &(0x7f0000000500)="b11d5be6c5b341753b317bd8588fc54fb65095acab3f65ea8a22b16ac9ac58940e8d4dacd9bee35415fddf4752aa756ef183c679794a7caeb27278712158bde173cb7e1efc1a7d9e71a4a75e68db203934aa721f437a370810c08f70e5693ea77fbc02c68066d661192b546a"}, 0x20) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) 10:58:03 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 15) [ 2034.260303] ? kernel_recvmsg+0x210/0x210 [ 2034.260316] ? security_socket_sendmsg+0x83/0xb0 [ 2034.260326] ? nlmsg_notify+0x1b0/0x1b0 [ 2034.260334] sock_sendmsg+0xb5/0x100 [ 2034.260344] ___sys_sendmsg+0x6c8/0x800 [ 2034.260354] ? get_pid_task+0x91/0x130 [ 2034.260362] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2034.260381] ? lock_downgrade+0x740/0x740 [ 2034.260394] ? __fget+0x23e/0x3e0 10:58:03 executing program 3: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) r1 = bpf$OBJ_GET_MAP(0x7, &(0x7f00000001c0)={&(0x7f0000000180)='./file0\x00', 0x0, 0x8}, 0x10) r2 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000240)={0x0, 0x8}, 0xc) r3 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000280)={0xffffffffffffffff, 0x3, 0x8}, 0xc) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0), 0x44040, 0x0) r5 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r5, 0x6, 0x23, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x16, 0x5, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x6}, [@generic={0x3, 0x7, 0x7, 0x0, 0x8}, @ldst={0x0, 0x2, 0x2, 0x5, 0x1, 0xc, 0x10}]}, &(0x7f0000000040)='syzkaller\x00', 0x12, 0x71, &(0x7f0000000080)=""/113, 0x41000, 0x1, '\x00', 0x0, 0x21, r0, 0x8, &(0x7f0000000100)={0x8, 0x3}, 0x8, 0x10, &(0x7f0000000140)={0x5, 0x3, 0x0, 0xffffffb4}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000300)=[r1, 0xffffffffffffffff, r2, r3, r4, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, r5, 0xffffffffffffffff]}, 0x80) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) 10:58:03 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 16) [ 2034.260406] ? lock_acquire+0x170/0x3f0 [ 2034.260415] ? lock_downgrade+0x740/0x740 [ 2034.260428] ? __fget+0x265/0x3e0 [ 2034.260442] ? __fdget+0x19b/0x1f0 [ 2034.260458] ? sockfd_lookup_light+0xb2/0x160 [ 2034.260469] __sys_sendmsg+0xa3/0x120 [ 2034.260478] ? SyS_shutdown+0x160/0x160 [ 2034.260489] ? wait_for_completion_io+0x10/0x10 [ 2034.260506] ? SyS_read+0x210/0x210 [ 2034.260516] ? __do_page_fault+0x159/0xad0 [ 2034.260526] SyS_sendmsg+0x27/0x40 [ 2034.260534] ? __sys_sendmsg+0x120/0x120 [ 2034.260544] do_syscall_64+0x1d5/0x640 [ 2034.260559] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2034.260566] RIP: 0033:0x7f6ddd5ec109 [ 2034.260572] RSP: 002b:00007f6ddbf61168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2034.260583] RAX: ffffffffffffffda RBX: 00007f6ddd6fef60 RCX: 00007f6ddd5ec109 10:58:03 executing program 5: sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x401400}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x30, 0x140b, 0x414, 0x70bd25, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_RES_CM_IDN={0x8, 0x3f, 0x4}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @RDMA_NLDEV_ATTR_RES_CM_IDN={0x8, 0x3f, 0x3}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000800}, 0x4) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) ioctl$PPPIOCSFLAGS1(r0, 0x40047459, &(0x7f0000000100)=0x5) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x401400}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x30, 0x140b, 0x414, 0x70bd25, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_RES_CM_IDN={0x8, 0x3f, 0x4}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @RDMA_NLDEV_ATTR_RES_CM_IDN={0x8, 0x3f, 0x3}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000800}, 0x4) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (async) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) (async) ioctl$PPPIOCSFLAGS1(r0, 0x40047459, &(0x7f0000000100)=0x5) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) (async) [ 2034.260588] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003 [ 2034.260594] RBP: 00007f6ddbf611d0 R08: 0000000000000000 R09: 0000000000000000 [ 2034.260599] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2034.260605] R13: 00007ffd7370be8f R14: 00007f6ddbf61300 R15: 0000000000022000 [ 2034.286937] CPU: 1 PID: 22946 Comm: syz-executor.1 Not tainted 4.14.286-syzkaller #0 [ 2034.286943] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2034.286946] Call Trace: [ 2034.286961] dump_stack+0x1b2/0x281 [ 2034.286975] should_fail.cold+0x10a/0x149 [ 2034.286988] should_failslab+0xd6/0x130 [ 2034.286999] __kmalloc+0x2c1/0x400 [ 2034.287007] ? register_shrinker+0x1ab/0x220 [ 2034.287019] register_shrinker+0x1ab/0x220 [ 2034.287028] sget_userns+0x9aa/0xc10 [ 2034.287041] ? get_anon_bdev+0x1c0/0x1c0 [ 2034.287053] ? get_anon_bdev+0x1c0/0x1c0 [ 2034.287060] sget+0xd1/0x110 [ 2034.287072] ? fuse_get_root_inode+0xc0/0xc0 [ 2034.287081] mount_nodev+0x2c/0xf0 [ 2034.287090] mount_fs+0x92/0x2a0 [ 2034.287104] vfs_kern_mount.part.0+0x5b/0x470 [ 2034.287117] do_mount+0xe65/0x2a30 [ 2034.287133] ? copy_mount_string+0x40/0x40 [ 2034.287145] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 2034.287155] ? copy_mnt_ns+0xa30/0xa30 [ 2034.287166] ? copy_mount_options+0x1fa/0x2f0 [ 2034.287175] ? copy_mnt_ns+0xa30/0xa30 [ 2034.287186] SyS_mount+0xa8/0x120 [ 2034.287194] ? copy_mnt_ns+0xa30/0xa30 [ 2034.287206] do_syscall_64+0x1d5/0x640 [ 2034.287221] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2034.287229] RIP: 0033:0x7fc09e230109 [ 2034.287234] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2034.287245] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 [ 2034.287251] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 [ 2034.287256] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 [ 2034.287262] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2034.287267] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 [ 2034.377078] FAULT_INJECTION: forcing a failure. [ 2034.377078] name failslab, interval 1, probability 0, space 0, times 0 [ 2034.377195] CPU: 1 PID: 22959 Comm: syz-executor.0 Not tainted 4.14.286-syzkaller #0 [ 2034.377201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2034.377205] Call Trace: [ 2034.377217] dump_stack+0x1b2/0x281 [ 2034.377232] should_fail.cold+0x10a/0x149 [ 2034.377246] should_failslab+0xd6/0x130 [ 2034.377259] kmem_cache_alloc_trace+0x29a/0x3d0 [ 2034.377274] fuse_fill_super+0x74f/0x15c0 [ 2034.377288] ? fuse_get_root_inode+0xc0/0xc0 [ 2034.377300] ? up_write+0x17/0x60 [ 2034.377309] ? register_shrinker+0x15f/0x220 [ 2034.377318] ? sget_userns+0x768/0xc10 [ 2034.377334] ? get_anon_bdev+0x1c0/0x1c0 [ 2034.377341] ? sget+0xd9/0x110 [ 2034.377351] ? fuse_get_root_inode+0xc0/0xc0 [ 2034.377360] mount_nodev+0x4c/0xf0 [ 2034.377370] mount_fs+0x92/0x2a0 [ 2034.377383] vfs_kern_mount.part.0+0x5b/0x470 [ 2034.377395] do_mount+0xe65/0x2a30 [ 2034.377411] ? copy_mount_string+0x40/0x40 [ 2034.377423] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 2034.377433] ? copy_mnt_ns+0xa30/0xa30 [ 2034.377450] ? copy_mount_options+0x1fa/0x2f0 [ 2034.377461] ? copy_mnt_ns+0xa30/0xa30 [ 2034.377472] SyS_mount+0xa8/0x120 [ 2034.377481] ? copy_mnt_ns+0xa30/0xa30 [ 2034.377493] do_syscall_64+0x1d5/0x640 [ 2034.377509] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2034.377517] RIP: 0033:0x7f1db9ff7109 [ 2034.377522] RSP: 002b:00007f1db896c168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2034.377533] RAX: ffffffffffffffda RBX: 00007f1dba109f60 RCX: 00007f1db9ff7109 [ 2034.377539] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 [ 2034.377545] RBP: 00007f1db896c1d0 R08: 0000000020000000 R09: 0000000000000000 [ 2034.377551] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2034.377557] R13: 00007fffbf242e2f R14: 00007f1db896c300 R15: 0000000000022000 [ 2034.410632] FAULT_INJECTION: forcing a failure. [ 2034.410632] name failslab, interval 1, probability 0, space 0, times 0 [ 2034.425861] FAULT_INJECTION: forcing a failure. [ 2034.425861] name failslab, interval 1, probability 0, space 0, times 0 [ 2034.453523] FAULT_INJECTION: forcing a failure. 10:58:03 executing program 2: prctl$PR_SET_KEEPCAPS(0x8, 0x1) (async) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0x3, 0x3, 0x1f, 0x200, 0x10, 0x1, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x3, 0x5}, 0x48) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f00000002c0)={&(0x7f0000000000)="1765230681d6186a3db153a991e91b7dab3976ab9625f6830dc413908d169d5f", &(0x7f0000000300)=""/71, &(0x7f00000000c0)="8716537a3bd1f11e314649b5289c651e0532fa36e2bd60a3951d5c14c2fcd0e291707b43a68c4b191fcdeee5ab71c95e6b68b202227e93616b0f366ad80c7d45abb3abc0f19f7fa40dcf158f32e350e166d3bb8830207bde2aa4936aaa4d653872b826cf44ae4db5a219198835065966f060accce912a4edd5e1eaa4d5a5be4a8e897ac48892913e409c34b3138e0e55972d192e802ff427e95f27627157e46b5167c5831d04b0bd41f44ef0484eb379747bb9080af6ec0fbed1255c1fa23530a2065c809a9c36062e0d4f6ff7", &(0x7f0000000040)="657444833d79005691b2878e824fb3c8e443c0cd2821b6ca9d2179507f2e2b9e2f45622cacc8f28293291195dd490e41e28b6384628103dc3d1d14366b84", 0x6001c, r0}, 0x38) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000004c0)={&(0x7f0000000080)="f7b7f0", &(0x7f00000001c0)=""/23, &(0x7f0000000380)="adfb1ede59e9f57fb5c4a5ae91ffa353e761ab4abbde4bb95b3e5befe1dff2f92a89327bf6f2f8b45f5f590c54782175db12e3a74738f0c04ff659494a7fe356e1d4ab1266f27b427fc7d482f3d7dc0c0f939d08d137a6074ab58dd8e6f77b978d476f66fb6c0da1eac99b699aaac2d5e0bddeef55d38155b410d9fe31d2dbb825bbf7a49bdcf92799f3b4ed44aade0a89f5836f1ec13a47036a8d4e0ca25e1756ed79875051bba2b85ff781c0ee4aade5d5c1aa72e6bd74c09d500df87de0f21b79338a7e297ba66cc3ef08b98cf05eb6fe818f46e6d6d748d0b565a658289307c50a830e2fff00e69015273d6f33ce", &(0x7f0000000480)="f08dfadee0fa181d04f775d169f51ba77f01e60b", 0xffffff63, r0, 0x4}, 0x38) (async, rerun: 32) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (rerun: 32) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) (async, rerun: 64) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000580)={r1, &(0x7f0000000500)="b11d5be6c5b341753b317bd8588fc54fb65095acab3f65ea8a22b16ac9ac58940e8d4dacd9bee35415fddf4752aa756ef183c679794a7caeb27278712158bde173cb7e1efc1a7d9e71a4a75e68db203934aa721f437a370810c08f70e5693ea77fbc02c68066d661192b546a"}, 0x20) (async, rerun: 64) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) [ 2034.453523] name failslab, interval 1, probability 0, space 0, times 0 [ 2034.488578] CPU: 0 PID: 22967 Comm: syz-executor.0 Not tainted 4.14.286-syzkaller #0 [ 2034.488584] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2034.488590] Call Trace: [ 2034.884685] dump_stack+0x1b2/0x281 [ 2034.884700] should_fail.cold+0x10a/0x149 [ 2034.884713] should_failslab+0xd6/0x130 [ 2034.884724] kmem_cache_alloc_trace+0x29a/0x3d0 [ 2034.884737] fuse_dev_alloc+0x4b/0x310 [ 2034.884745] ? task_active_pid_ns+0xa1/0xc0 [ 2034.884754] fuse_fill_super+0x79d/0x15c0 [ 2034.884764] ? fuse_get_root_inode+0xc0/0xc0 [ 2034.884774] ? up_write+0x17/0x60 [ 2034.884781] ? register_shrinker+0x15f/0x220 [ 2034.884787] ? sget_userns+0x768/0xc10 [ 2034.884801] ? get_anon_bdev+0x1c0/0x1c0 [ 2034.884806] ? sget+0xd9/0x110 [ 2034.884814] ? fuse_get_root_inode+0xc0/0xc0 [ 2034.884820] mount_nodev+0x4c/0xf0 [ 2034.884827] mount_fs+0x92/0x2a0 [ 2034.884839] vfs_kern_mount.part.0+0x5b/0x470 [ 2034.884848] do_mount+0xe65/0x2a30 [ 2034.884860] ? copy_mount_string+0x40/0x40 [ 2034.884871] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 2034.884879] ? copy_mnt_ns+0xa30/0xa30 [ 2034.884887] ? copy_mount_options+0x1fa/0x2f0 [ 2034.884894] ? copy_mnt_ns+0xa30/0xa30 [ 2034.884908] SyS_mount+0xa8/0x120 [ 2034.884916] ? copy_mnt_ns+0xa30/0xa30 [ 2034.884928] do_syscall_64+0x1d5/0x640 [ 2034.884944] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2034.884952] RIP: 0033:0x7f1db9ff7109 [ 2034.884957] RSP: 002b:00007f1db896c168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2034.884967] RAX: ffffffffffffffda RBX: 00007f1dba109f60 RCX: 00007f1db9ff7109 [ 2034.884972] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 [ 2034.884978] RBP: 00007f1db896c1d0 R08: 0000000020000000 R09: 0000000000000000 [ 2034.884983] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2034.884989] R13: 00007fffbf242e2f R14: 00007f1db896c300 R15: 0000000000022000 [ 2034.909345] CPU: 1 PID: 22969 Comm: syz-executor.4 Not tainted 4.14.286-syzkaller #0 [ 2035.052484] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2035.052488] Call Trace: [ 2035.052503] dump_stack+0x1b2/0x281 [ 2035.052514] should_fail.cold+0x10a/0x149 [ 2035.052524] should_failslab+0xd6/0x130 [ 2035.052534] kmem_cache_alloc_node_trace+0x25a/0x400 [ 2035.052544] __kmalloc_node_track_caller+0x38/0x70 [ 2035.052554] __alloc_skb+0x96/0x510 [ 2035.052565] netlink_sendmsg+0x91e/0xbc0 [ 2035.052576] ? nlmsg_notify+0x1b0/0x1b0 [ 2035.052581] ? kernel_recvmsg+0x210/0x210 [ 2035.052590] ? security_socket_sendmsg+0x83/0xb0 [ 2035.052598] ? nlmsg_notify+0x1b0/0x1b0 [ 2035.052604] sock_sendmsg+0xb5/0x100 [ 2035.052611] ___sys_sendmsg+0x6c8/0x800 [ 2035.052618] ? get_pid_task+0x91/0x130 [ 2035.052624] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2035.052634] ? lock_downgrade+0x740/0x740 [ 2035.052646] ? __fget+0x23e/0x3e0 [ 2035.052657] ? lock_acquire+0x170/0x3f0 [ 2035.052666] ? lock_downgrade+0x740/0x740 [ 2035.052678] ? __fget+0x265/0x3e0 [ 2035.052691] ? __fdget+0x19b/0x1f0 [ 2035.052702] ? sockfd_lookup_light+0xb2/0x160 [ 2035.052712] __sys_sendmsg+0xa3/0x120 [ 2035.157709] ? SyS_shutdown+0x160/0x160 10:58:04 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 17) 10:58:04 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@updsa={0xf0, 0x1a, 0xf03, 0x0, 0x0, {{@in=@local, @in=@loopback}, {@in6=@empty}, @in=@remote}}, 0xf0}}, 0x0) (fail_nth: 3) [ 2035.157720] ? wait_for_completion_io+0x10/0x10 [ 2035.157735] ? SyS_read+0x210/0x210 [ 2035.157746] ? __do_page_fault+0x159/0xad0 [ 2035.157756] SyS_sendmsg+0x27/0x40 [ 2035.157764] ? __sys_sendmsg+0x120/0x120 [ 2035.157773] do_syscall_64+0x1d5/0x640 [ 2035.157788] entry_SYSCALL_64_after_hwframe+0x46/0xbb 10:58:04 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 12) [ 2035.157796] RIP: 0033:0x7f6ddd5ec109 [ 2035.157801] RSP: 002b:00007f6ddbf61168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2035.157809] RAX: ffffffffffffffda RBX: 00007f6ddd6fef60 RCX: 00007f6ddd5ec109 [ 2035.157813] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003 [ 2035.157817] RBP: 00007f6ddbf611d0 R08: 0000000000000000 R09: 0000000000000000 [ 2035.157822] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2035.157826] R13: 00007ffd7370be8f R14: 00007f6ddbf61300 R15: 0000000000022000 [ 2035.157844] CPU: 0 PID: 22966 Comm: syz-executor.1 Not tainted 4.14.286-syzkaller #0 [ 2035.157850] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2035.157853] Call Trace: [ 2035.157865] dump_stack+0x1b2/0x281 [ 2035.157878] should_fail.cold+0x10a/0x149 [ 2035.157891] should_failslab+0xd6/0x130 [ 2035.157902] __kmalloc+0x2c1/0x400 [ 2035.157911] ? match_number+0x9d/0x200 [ 2035.157923] match_number+0x9d/0x200 [ 2035.157932] ? match_strdup+0xa0/0xa0 [ 2035.157941] ? register_shrinker+0x15a/0x220 [ 2035.157953] fuse_fill_super+0x437/0x15c0 [ 2035.157966] ? fuse_get_root_inode+0xc0/0xc0 [ 2035.157976] ? up_write+0x17/0x60 [ 2035.157982] ? register_shrinker+0x15f/0x220 [ 2035.157990] ? sget_userns+0x768/0xc10 [ 2035.158006] ? get_anon_bdev+0x1c0/0x1c0 [ 2035.158013] ? sget+0xd9/0x110 [ 2035.158022] ? fuse_get_root_inode+0xc0/0xc0 [ 2035.158029] mount_nodev+0x4c/0xf0 [ 2035.158038] mount_fs+0x92/0x2a0 [ 2035.158052] vfs_kern_mount.part.0+0x5b/0x470 [ 2035.158064] do_mount+0xe65/0x2a30 [ 2035.158080] ? copy_mount_string+0x40/0x40 [ 2035.158092] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 2035.158101] ? copy_mnt_ns+0xa30/0xa30 [ 2035.158110] ? copy_mount_options+0x1fa/0x2f0 [ 2035.158118] ? copy_mnt_ns+0xa30/0xa30 [ 2035.158128] SyS_mount+0xa8/0x120 [ 2035.158136] ? copy_mnt_ns+0xa30/0xa30 [ 2035.158146] do_syscall_64+0x1d5/0x640 [ 2035.158161] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2035.158167] RIP: 0033:0x7fc09e230109 [ 2035.158173] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2035.158182] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 [ 2035.158187] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 [ 2035.158192] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 [ 2035.158198] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2035.158203] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 [ 2035.201416] FAULT_INJECTION: forcing a failure. [ 2035.201416] name failslab, interval 1, probability 0, space 0, times 0 [ 2035.239323] FAULT_INJECTION: forcing a failure. [ 2035.239323] name failslab, interval 1, probability 0, space 0, times 0 [ 2035.245502] CPU: 0 PID: 22987 Comm: syz-executor.0 Not tainted 4.14.286-syzkaller #0 [ 2035.284824] FAULT_INJECTION: forcing a failure. [ 2035.284824] name failslab, interval 1, probability 0, space 0, times 0 [ 2035.287460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2035.287465] Call Trace: [ 2035.287481] dump_stack+0x1b2/0x281 [ 2035.287496] should_fail.cold+0x10a/0x149 [ 2035.287510] should_failslab+0xd6/0x130 [ 2035.287525] kmem_cache_alloc_trace+0x29a/0x3d0 10:58:04 executing program 3: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) r1 = bpf$OBJ_GET_MAP(0x7, &(0x7f00000001c0)={&(0x7f0000000180)='./file0\x00', 0x0, 0x8}, 0x10) r2 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000240)={0x0, 0x8}, 0xc) r3 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000280)={0xffffffffffffffff, 0x3, 0x8}, 0xc) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0), 0x44040, 0x0) r5 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r5, 0x6, 0x23, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x16, 0x5, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x6}, [@generic={0x3, 0x7, 0x7, 0x0, 0x8}, @ldst={0x0, 0x2, 0x2, 0x5, 0x1, 0xc, 0x10}]}, &(0x7f0000000040)='syzkaller\x00', 0x12, 0x71, &(0x7f0000000080)=""/113, 0x41000, 0x1, '\x00', 0x0, 0x21, r0, 0x8, &(0x7f0000000100)={0x8, 0x3}, 0x8, 0x10, &(0x7f0000000140)={0x5, 0x3, 0x0, 0xffffffb4}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000300)=[r1, 0xffffffffffffffff, r2, r3, r4, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, r5, 0xffffffffffffffff]}, 0x80) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (async) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) (async) bpf$OBJ_GET_MAP(0x7, &(0x7f00000001c0)={&(0x7f0000000180)='./file0\x00', 0x0, 0x8}, 0x10) (async) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000240)={0x0, 0x8}, 0xc) (async) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000280)={0xffffffffffffffff, 0x3, 0x8}, 0xc) (async) openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0), 0x44040, 0x0) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (async) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r5, 0x6, 0x23, 0x0, 0x0) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x16, 0x5, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x6}, [@generic={0x3, 0x7, 0x7, 0x0, 0x8}, @ldst={0x0, 0x2, 0x2, 0x5, 0x1, 0xc, 0x10}]}, &(0x7f0000000040)='syzkaller\x00', 0x12, 0x71, &(0x7f0000000080)=""/113, 0x41000, 0x1, '\x00', 0x0, 0x21, r0, 0x8, &(0x7f0000000100)={0x8, 0x3}, 0x8, 0x10, &(0x7f0000000140)={0x5, 0x3, 0x0, 0xffffffb4}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000300)=[r1, 0xffffffffffffffff, r2, r3, r4, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, r5, 0xffffffffffffffff]}, 0x80) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) (async) [ 2035.512150] wb_congested_get_create+0x15b/0x360 [ 2035.512163] wb_init+0x4f6/0x7c0 [ 2035.512175] ? __raw_spin_lock_init+0x28/0x100 [ 2035.512183] cgwb_bdi_init+0xe2/0x1e0 [ 2035.512191] bdi_alloc_node+0x224/0x2e0 [ 2035.512201] super_setup_bdi_name+0x8b/0x220 [ 2035.512210] ? kill_block_super+0xe0/0xe0 [ 2035.512218] ? __lockdep_init_map+0x100/0x560 [ 2035.512225] ? do_raw_spin_unlock+0x164/0x220 [ 2035.512240] fuse_fill_super+0x937/0x15c0 [ 2035.512251] ? fuse_get_root_inode+0xc0/0xc0 [ 2035.512260] ? up_write+0x17/0x60 [ 2035.512267] ? register_shrinker+0x15f/0x220 [ 2035.512274] ? sget_userns+0x768/0xc10 [ 2035.512288] ? get_anon_bdev+0x1c0/0x1c0 [ 2035.512294] ? sget+0xd9/0x110 [ 2035.512303] ? fuse_get_root_inode+0xc0/0xc0 [ 2035.512311] mount_nodev+0x4c/0xf0 [ 2035.512320] mount_fs+0x92/0x2a0 [ 2035.512333] vfs_kern_mount.part.0+0x5b/0x470 [ 2035.512344] do_mount+0xe65/0x2a30 [ 2035.512358] ? copy_mount_string+0x40/0x40 [ 2035.512369] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 2035.512379] ? copy_mnt_ns+0xa30/0xa30 [ 2035.512403] ? copy_mount_options+0x1fa/0x2f0 [ 2035.512411] ? copy_mnt_ns+0xa30/0xa30 [ 2035.512420] SyS_mount+0xa8/0x120 [ 2035.512427] ? copy_mnt_ns+0xa30/0xa30 [ 2035.512438] do_syscall_64+0x1d5/0x640 [ 2035.512452] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2035.512459] RIP: 0033:0x7f1db9ff7109 [ 2035.512464] RSP: 002b:00007f1db896c168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2035.512473] RAX: ffffffffffffffda RBX: 00007f1dba109f60 RCX: 00007f1db9ff7109 [ 2035.512478] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 10:58:04 executing program 5: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000080)={&(0x7f0000000000)='./file0\x00'}, 0x10) [ 2035.512483] RBP: 00007f1db896c1d0 R08: 0000000020000000 R09: 0000000000000000 [ 2035.512488] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2035.512493] R13: 00007fffbf242e2f R14: 00007f1db896c300 R15: 0000000000022000 [ 2035.545977] CPU: 1 PID: 22991 Comm: syz-executor.1 Not tainted 4.14.286-syzkaller #0 [ 2035.691055] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2035.691061] Call Trace: [ 2035.702986] dump_stack+0x1b2/0x281 [ 2035.703000] should_fail.cold+0x10a/0x149 [ 2035.710733] should_failslab+0xd6/0x130 10:58:04 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 18) 10:58:04 executing program 2: mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x24888, 0x0) 10:58:04 executing program 5: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) (async) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000080)={&(0x7f0000000000)='./file0\x00'}, 0x10) [ 2035.710743] __kmalloc+0x2c1/0x400 [ 2035.710751] ? match_number+0x9d/0x200 [ 2035.710760] match_number+0x9d/0x200 [ 2035.710768] ? match_strdup+0xa0/0xa0 [ 2035.710775] ? register_shrinker+0x15a/0x220 [ 2035.710786] fuse_fill_super+0x3f2/0x15c0 [ 2035.710796] ? fuse_get_root_inode+0xc0/0xc0 [ 2035.710805] ? up_write+0x17/0x60 [ 2035.710810] ? register_shrinker+0x15f/0x220 [ 2035.710817] ? sget_userns+0x768/0xc10 [ 2035.710829] ? get_anon_bdev+0x1c0/0x1c0 [ 2035.710834] ? sget+0xd9/0x110 [ 2035.710842] ? fuse_get_root_inode+0xc0/0xc0 [ 2035.710848] mount_nodev+0x4c/0xf0 [ 2035.710855] mount_fs+0x92/0x2a0 [ 2035.710866] vfs_kern_mount.part.0+0x5b/0x470 [ 2035.710875] do_mount+0xe65/0x2a30 [ 2035.710887] ? copy_mount_string+0x40/0x40 10:58:04 executing program 5: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) (async) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000080)={&(0x7f0000000000)='./file0\x00'}, 0x10) 10:58:04 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@updsa={0xf0, 0x1a, 0xf03, 0x0, 0x0, {{@in=@local, @in=@loopback}, {@in6=@empty}, @in=@remote}}, 0xf0}}, 0x0) (fail_nth: 4) 10:58:04 executing program 5: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc02c5341, &(0x7f0000000140)) bpf$OBJ_GET_MAP(0x7, &(0x7f00000000c0)={&(0x7f0000000040)='./file0\x00'}, 0x10) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000080)={&(0x7f0000000100)='./file0\x00', r1}, 0x10) [ 2035.710896] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 2035.710903] ? copy_mnt_ns+0xa30/0xa30 [ 2035.710911] ? copy_mount_options+0x1fa/0x2f0 [ 2035.710917] ? copy_mnt_ns+0xa30/0xa30 [ 2035.710925] SyS_mount+0xa8/0x120 [ 2035.710931] ? copy_mnt_ns+0xa30/0xa30 [ 2035.710940] do_syscall_64+0x1d5/0x640 [ 2035.710952] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2035.710958] RIP: 0033:0x7fc09e230109 [ 2035.710962] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2035.710970] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 10:58:04 executing program 2: mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x24888, 0x0) 10:58:04 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 13) [ 2035.710974] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 [ 2035.710979] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 [ 2035.710983] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2035.710987] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 [ 2035.711005] CPU: 0 PID: 22989 Comm: syz-executor.4 Not tainted 4.14.286-syzkaller #0 [ 2035.711011] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2035.711014] Call Trace: [ 2035.711024] dump_stack+0x1b2/0x281 [ 2035.711037] should_fail.cold+0x10a/0x149 [ 2035.711048] should_failslab+0xd6/0x130 [ 2035.711058] kmem_cache_alloc+0x40/0x3c0 [ 2035.711069] skb_clone+0x126/0x9a0 [ 2035.711082] netlink_deliver_tap+0x67e/0x860 [ 2035.711096] netlink_unicast+0x485/0x610 [ 2035.711108] ? netlink_sendskb+0xd0/0xd0 [ 2035.711117] ? __check_object_size+0x179/0x230 [ 2035.711129] netlink_sendmsg+0x648/0xbc0 [ 2035.711142] ? nlmsg_notify+0x1b0/0x1b0 [ 2035.711149] ? kernel_recvmsg+0x210/0x210 [ 2035.711160] ? security_socket_sendmsg+0x83/0xb0 [ 2035.711169] ? nlmsg_notify+0x1b0/0x1b0 [ 2035.711177] sock_sendmsg+0xb5/0x100 [ 2035.711187] ___sys_sendmsg+0x6c8/0x800 [ 2035.711196] ? get_pid_task+0x91/0x130 [ 2035.711204] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2035.711215] ? lock_downgrade+0x740/0x740 [ 2035.711226] ? __fget+0x23e/0x3e0 [ 2035.711235] ? lock_acquire+0x170/0x3f0 [ 2035.711243] ? lock_downgrade+0x740/0x740 [ 2035.711254] ? __fget+0x265/0x3e0 [ 2035.711266] ? __fdget+0x19b/0x1f0 [ 2035.711277] ? sockfd_lookup_light+0xb2/0x160 [ 2035.711286] __sys_sendmsg+0xa3/0x120 [ 2035.711294] ? SyS_shutdown+0x160/0x160 [ 2035.711304] ? wait_for_completion_io+0x10/0x10 [ 2035.711319] ? SyS_read+0x210/0x210 [ 2035.711328] ? __do_page_fault+0x159/0xad0 [ 2035.711336] SyS_sendmsg+0x27/0x40 [ 2035.711342] ? __sys_sendmsg+0x120/0x120 [ 2035.711349] do_syscall_64+0x1d5/0x640 [ 2035.711361] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2035.711367] RIP: 0033:0x7f6ddd5ec109 [ 2035.711371] RSP: 002b:00007f6ddbf61168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2035.711380] RAX: ffffffffffffffda RBX: 00007f6ddd6fef60 RCX: 00007f6ddd5ec109 [ 2035.711385] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003 [ 2035.711390] RBP: 00007f6ddbf611d0 R08: 0000000000000000 R09: 0000000000000000 [ 2035.711395] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2035.711400] R13: 00007ffd7370be8f R14: 00007f6ddbf61300 R15: 0000000000022000 [ 2035.785232] FAULT_INJECTION: forcing a failure. [ 2035.785232] name failslab, interval 1, probability 0, space 0, times 0 [ 2035.880083] FAULT_INJECTION: forcing a failure. [ 2035.880083] name failslab, interval 1, probability 0, space 0, times 0 [ 2035.909283] CPU: 1 PID: 23009 Comm: syz-executor.0 Not tainted 4.14.286-syzkaller #0 [ 2035.985745] FAULT_INJECTION: forcing a failure. [ 2035.985745] name failslab, interval 1, probability 0, space 0, times 0 [ 2035.986837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2035.986842] Call Trace: [ 2035.986856] dump_stack+0x1b2/0x281 [ 2035.986871] should_fail.cold+0x10a/0x149 [ 2035.986886] should_failslab+0xd6/0x130 10:58:05 executing program 2: mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x24888, 0x0) [ 2035.986897] kmem_cache_alloc_trace+0x29a/0x3d0 [ 2035.986910] wb_congested_get_create+0x15b/0x360 [ 2036.201707] wb_init+0x4f6/0x7c0 [ 2036.201718] ? __raw_spin_lock_init+0x28/0x100 [ 2036.201726] cgwb_bdi_init+0xe2/0x1e0 [ 2036.201732] bdi_alloc_node+0x224/0x2e0 [ 2036.201742] super_setup_bdi_name+0x8b/0x220 [ 2036.201749] ? kill_block_super+0xe0/0xe0 [ 2036.201757] ? __lockdep_init_map+0x100/0x560 [ 2036.201764] ? do_raw_spin_unlock+0x164/0x220 [ 2036.201777] fuse_fill_super+0x937/0x15c0 [ 2036.201787] ? fuse_get_root_inode+0xc0/0xc0 [ 2036.201794] ? up_write+0x17/0x60 [ 2036.201800] ? register_shrinker+0x15f/0x220 [ 2036.201806] ? sget_userns+0x768/0xc10 [ 2036.201818] ? get_anon_bdev+0x1c0/0x1c0 [ 2036.201823] ? sget+0xd9/0x110 [ 2036.201831] ? fuse_get_root_inode+0xc0/0xc0 [ 2036.201837] mount_nodev+0x4c/0xf0 [ 2036.201844] mount_fs+0x92/0x2a0 [ 2036.201854] vfs_kern_mount.part.0+0x5b/0x470 [ 2036.201863] do_mount+0xe65/0x2a30 [ 2036.201875] ? copy_mount_string+0x40/0x40 [ 2036.201884] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 2036.201891] ? copy_mnt_ns+0xa30/0xa30 [ 2036.201899] ? copy_mount_options+0x1fa/0x2f0 [ 2036.201905] ? copy_mnt_ns+0xa30/0xa30 [ 2036.201913] SyS_mount+0xa8/0x120 [ 2036.201919] ? copy_mnt_ns+0xa30/0xa30 [ 2036.201927] do_syscall_64+0x1d5/0x640 [ 2036.201939] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2036.201945] RIP: 0033:0x7f1db9ff7109 [ 2036.201949] RSP: 002b:00007f1db896c168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2036.201957] RAX: ffffffffffffffda RBX: 00007f1dba109f60 RCX: 00007f1db9ff7109 [ 2036.201961] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 [ 2036.201965] RBP: 00007f1db896c1d0 R08: 0000000020000000 R09: 0000000000000000 [ 2036.201969] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2036.201973] R13: 00007fffbf242e2f R14: 00007f1db896c300 R15: 0000000000022000 [ 2036.201992] CPU: 0 PID: 23026 Comm: syz-executor.1 Not tainted 4.14.286-syzkaller #0 [ 2036.201998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2036.202001] Call Trace: [ 2036.202012] dump_stack+0x1b2/0x281 [ 2036.202024] should_fail.cold+0x10a/0x149 [ 2036.202037] should_failslab+0xd6/0x130 [ 2036.202046] __kmalloc+0x2c1/0x400 [ 2036.202055] ? match_strdup+0x58/0xa0 [ 2036.202066] match_strdup+0x58/0xa0 [ 2036.202075] fuse_fill_super+0x2e1/0x15c0 [ 2036.202087] ? fuse_get_root_inode+0xc0/0xc0 [ 2036.202096] ? up_write+0x17/0x60 [ 2036.202103] ? register_shrinker+0x15f/0x220 [ 2036.202111] ? sget_userns+0x768/0xc10 [ 2036.202127] ? get_anon_bdev+0x1c0/0x1c0 [ 2036.202134] ? sget+0xd9/0x110 [ 2036.202144] ? fuse_get_root_inode+0xc0/0xc0 [ 2036.202152] mount_nodev+0x4c/0xf0 [ 2036.202161] mount_fs+0x92/0x2a0 [ 2036.202173] vfs_kern_mount.part.0+0x5b/0x470 [ 2036.202185] do_mount+0xe65/0x2a30 [ 2036.202198] ? copy_mount_string+0x40/0x40 [ 2036.202208] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 2036.202216] ? copy_mnt_ns+0xa30/0xa30 [ 2036.202227] ? copy_mount_options+0x1fa/0x2f0 [ 2036.202235] ? copy_mnt_ns+0xa30/0xa30 [ 2036.202245] SyS_mount+0xa8/0x120 [ 2036.202253] ? copy_mnt_ns+0xa30/0xa30 [ 2036.202263] do_syscall_64+0x1d5/0x640 [ 2036.202277] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2036.202283] RIP: 0033:0x7fc09e230109 [ 2036.202288] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2036.202298] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 [ 2036.202303] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 [ 2036.202308] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 [ 2036.202313] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2036.202319] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 [ 2036.242449] CPU: 0 PID: 23020 Comm: syz-executor.4 Not tainted 4.14.286-syzkaller #0 [ 2036.566797] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2036.566801] Call Trace: [ 2036.566819] dump_stack+0x1b2/0x281 [ 2036.566832] should_fail.cold+0x10a/0x149 [ 2036.586483] should_failslab+0xd6/0x130 [ 2036.586495] kmem_cache_alloc_node+0x263/0x410 [ 2036.586509] __alloc_skb+0x5c/0x510 [ 2036.598637] netlink_ack+0x216/0x9a0 [ 2036.598651] ? netlink_sendmsg+0xbc0/0xbc0 [ 2036.606573] netlink_rcv_skb+0x2c5/0x390 [ 2036.610617] ? xfrm_dump_sa_done+0xd0/0xd0 [ 2036.614830] ? netlink_ack+0x9a0/0x9a0 [ 2036.618691] ? netlink_deliver_tap+0x90/0x860 [ 2036.623164] ? lock_downgrade+0x740/0x740 [ 2036.627289] xfrm_netlink_rcv+0x6b/0x90 [ 2036.631238] netlink_unicast+0x437/0x610 [ 2036.635275] ? netlink_sendskb+0xd0/0xd0 [ 2036.639315] ? __check_object_size+0x179/0x230 [ 2036.643872] netlink_sendmsg+0x648/0xbc0 [ 2036.647908] ? nlmsg_notify+0x1b0/0x1b0 [ 2036.651857] ? kernel_recvmsg+0x210/0x210 [ 2036.655996] ? security_socket_sendmsg+0x83/0xb0 [ 2036.660728] ? nlmsg_notify+0x1b0/0x1b0 [ 2036.664685] sock_sendmsg+0xb5/0x100 [ 2036.668376] ___sys_sendmsg+0x6c8/0x800 [ 2036.672374] ? get_pid_task+0x91/0x130 [ 2036.676239] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2036.680976] ? lock_downgrade+0x740/0x740 [ 2036.685097] ? __fget+0x23e/0x3e0 [ 2036.688525] ? lock_acquire+0x170/0x3f0 [ 2036.692475] ? lock_downgrade+0x740/0x740 [ 2036.696602] ? __fget+0x265/0x3e0 [ 2036.700031] ? __fdget+0x19b/0x1f0 [ 2036.703552] ? sockfd_lookup_light+0xb2/0x160 [ 2036.708020] __sys_sendmsg+0xa3/0x120 [ 2036.711797] ? SyS_shutdown+0x160/0x160 [ 2036.715757] ? wait_for_completion_io+0x10/0x10 [ 2036.720406] ? SyS_read+0x210/0x210 [ 2036.724006] ? __do_page_fault+0x159/0xad0 [ 2036.728216] SyS_sendmsg+0x27/0x40 [ 2036.731734] ? __sys_sendmsg+0x120/0x120 [ 2036.735769] do_syscall_64+0x1d5/0x640 [ 2036.739652] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2036.744818] RIP: 0033:0x7f6ddd5ec109 10:58:05 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 19) 10:58:05 executing program 2: mount$fuse(0x0, &(0x7f0000000040)='.\x00', 0x0, 0x24888, 0x0) 10:58:05 executing program 3: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) r1 = bpf$OBJ_GET_MAP(0x7, &(0x7f00000001c0)={&(0x7f0000000180)='./file0\x00', 0x0, 0x8}, 0x10) r2 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000240)={0x0, 0x8}, 0xc) r3 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000280)={0xffffffffffffffff, 0x3, 0x8}, 0xc) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0), 0x44040, 0x0) r5 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r5, 0x6, 0x23, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x16, 0x5, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x6}, [@generic={0x3, 0x7, 0x7, 0x0, 0x8}, @ldst={0x0, 0x2, 0x2, 0x5, 0x1, 0xc, 0x10}]}, &(0x7f0000000040)='syzkaller\x00', 0x12, 0x71, &(0x7f0000000080)=""/113, 0x41000, 0x1, '\x00', 0x0, 0x21, r0, 0x8, &(0x7f0000000100)={0x8, 0x3}, 0x8, 0x10, &(0x7f0000000140)={0x5, 0x3, 0x0, 0xffffffb4}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000300)=[r1, 0xffffffffffffffff, r2, r3, r4, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, r5, 0xffffffffffffffff]}, 0x80) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (async) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) (async) bpf$OBJ_GET_MAP(0x7, &(0x7f00000001c0)={&(0x7f0000000180)='./file0\x00', 0x0, 0x8}, 0x10) (async) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000240)={0x0, 0x8}, 0xc) (async) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000280)={0xffffffffffffffff, 0x3, 0x8}, 0xc) (async) openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0), 0x44040, 0x0) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (async) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r5, 0x6, 0x23, 0x0, 0x0) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x16, 0x5, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x6}, [@generic={0x3, 0x7, 0x7, 0x0, 0x8}, @ldst={0x0, 0x2, 0x2, 0x5, 0x1, 0xc, 0x10}]}, &(0x7f0000000040)='syzkaller\x00', 0x12, 0x71, &(0x7f0000000080)=""/113, 0x41000, 0x1, '\x00', 0x0, 0x21, r0, 0x8, &(0x7f0000000100)={0x8, 0x3}, 0x8, 0x10, &(0x7f0000000140)={0x5, 0x3, 0x0, 0xffffffb4}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000300)=[r1, 0xffffffffffffffff, r2, r3, r4, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, r5, 0xffffffffffffffff]}, 0x80) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) (async) 10:58:05 executing program 5: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) (async) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) (async, rerun: 64) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (rerun: 64) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) (async) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc02c5341, &(0x7f0000000140)) (async) bpf$OBJ_GET_MAP(0x7, &(0x7f00000000c0)={&(0x7f0000000040)='./file0\x00'}, 0x10) (async) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000080)={&(0x7f0000000100)='./file0\x00', r1}, 0x10) [ 2036.748504] RSP: 002b:00007f6ddbf61168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2036.756186] RAX: ffffffffffffffda RBX: 00007f6ddd6fef60 RCX: 00007f6ddd5ec109 [ 2036.763433] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003 [ 2036.770679] RBP: 00007f6ddbf611d0 R08: 0000000000000000 R09: 0000000000000000 [ 2036.777927] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2036.785171] R13: 00007ffd7370be8f R14: 00007f6ddbf61300 R15: 0000000000022000 10:58:05 executing program 2: mount$fuse(0x0, &(0x7f0000000040)='.\x00', 0x0, 0x24888, 0x0) mount$fuse(0x0, &(0x7f0000000040)='.\x00', 0x0, 0x24888, 0x0) (async) 10:58:05 executing program 2: mount$fuse(0x0, &(0x7f0000000040)='.\x00', 0x0, 0x24888, 0x0) 10:58:05 executing program 3: keyctl$KEYCTL_CAPABILITIES(0x1f, &(0x7f0000000080)=""/242, 0xf2) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000180), 0x10800, 0x0) write$ppp(r0, &(0x7f0000000240)="47a3189349f95cb796d263efed7e7ec355dfa2b92bfc214382decdddac993396a40132baad821af998cbe3bedb10b97a64c42259fd53aa66e59ffb03802637cbe863b1df5cafdbea46b0ef8219f293fcd6360dac491f20c6a73b2a8d2032606fb60fb5bee62dd8a672005dcf49363fae2d6ea7520abb6991c100d4f90901c2f9371c991da057117140a3a828bb55c1b78243e7b4a0fa68be51c4f3e064adf9a0118d50495a9c7b6629546617a5a8d2a7adcdf90f696f", 0xb6) ioctl$PPPIOCSPASS(0xffffffffffffffff, 0x40107447, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x3f, 0xe1, 0x2, 0xfffffff7}]}) [ 2036.871738] FAULT_INJECTION: forcing a failure. [ 2036.871738] name failslab, interval 1, probability 0, space 0, times 0 [ 2036.902304] CPU: 1 PID: 23040 Comm: syz-executor.0 Not tainted 4.14.286-syzkaller #0 [ 2036.910209] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2036.919561] Call Trace: 10:58:05 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@updsa={0xf0, 0x1a, 0xf03, 0x0, 0x0, {{@in=@local, @in=@loopback}, {@in6=@empty}, @in=@remote}}, 0xf0}}, 0x0) (fail_nth: 5) 10:58:05 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 14) 10:58:05 executing program 5: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc02c5341, &(0x7f0000000140)) bpf$OBJ_GET_MAP(0x7, &(0x7f00000000c0)={&(0x7f0000000040)='./file0\x00'}, 0x10) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000080)={&(0x7f0000000100)='./file0\x00', r1}, 0x10) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (async) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (async) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) (async) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc02c5341, &(0x7f0000000140)) (async) bpf$OBJ_GET_MAP(0x7, &(0x7f00000000c0)={&(0x7f0000000040)='./file0\x00'}, 0x10) (async) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000080)={&(0x7f0000000100)='./file0\x00', r1}, 0x10) (async) 10:58:05 executing program 2: mount$fuse(0x0, &(0x7f0000000000)='.\x00', 0x0, 0x24888, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) read$FUSE(r1, &(0x7f0000000680)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_STATFS(r2, &(0x7f0000000080)={0x60, 0x0, r3, {{0x0, 0x4}}}, 0x60) write$FUSE_STATFS(r0, &(0x7f0000000080)={0x60, 0xffffffffffffffda, r3, {{0xa11a, 0x1, 0x9, 0x9, 0x1ff, 0x5, 0x20e, 0x800}}}, 0x60) 10:58:05 executing program 3: keyctl$KEYCTL_CAPABILITIES(0x1f, &(0x7f0000000080)=""/242, 0xf2) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000180), 0x10800, 0x0) write$ppp(r0, &(0x7f0000000240)="47a3189349f95cb796d263efed7e7ec355dfa2b92bfc214382decdddac993396a40132baad821af998cbe3bedb10b97a64c42259fd53aa66e59ffb03802637cbe863b1df5cafdbea46b0ef8219f293fcd6360dac491f20c6a73b2a8d2032606fb60fb5bee62dd8a672005dcf49363fae2d6ea7520abb6991c100d4f90901c2f9371c991da057117140a3a828bb55c1b78243e7b4a0fa68be51c4f3e064adf9a0118d50495a9c7b6629546617a5a8d2a7adcdf90f696f", 0xb6) ioctl$PPPIOCSPASS(0xffffffffffffffff, 0x40107447, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x3f, 0xe1, 0x2, 0xfffffff7}]}) keyctl$KEYCTL_CAPABILITIES(0x1f, &(0x7f0000000080)=""/242, 0xf2) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) (async) openat$ppp(0xffffffffffffff9c, &(0x7f0000000180), 0x10800, 0x0) (async) write$ppp(r0, &(0x7f0000000240)="47a3189349f95cb796d263efed7e7ec355dfa2b92bfc214382decdddac993396a40132baad821af998cbe3bedb10b97a64c42259fd53aa66e59ffb03802637cbe863b1df5cafdbea46b0ef8219f293fcd6360dac491f20c6a73b2a8d2032606fb60fb5bee62dd8a672005dcf49363fae2d6ea7520abb6991c100d4f90901c2f9371c991da057117140a3a828bb55c1b78243e7b4a0fa68be51c4f3e064adf9a0118d50495a9c7b6629546617a5a8d2a7adcdf90f696f", 0xb6) (async) ioctl$PPPIOCSPASS(0xffffffffffffffff, 0x40107447, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x3f, 0xe1, 0x2, 0xfffffff7}]}) (async) [ 2036.922155] dump_stack+0x1b2/0x281 [ 2036.925790] should_fail.cold+0x10a/0x149 [ 2036.929940] should_failslab+0xd6/0x130 [ 2036.933920] __kmalloc_track_caller+0x2bc/0x400 [ 2036.938672] ? kvasprintf_const+0x55/0x180 [ 2036.942905] kvasprintf+0xa8/0x100 [ 2036.946449] ? bust_spinlocks+0xc0/0xc0 [ 2036.950422] kvasprintf_const+0x55/0x180 [ 2036.954479] kobject_set_name_vargs+0x56/0x150 [ 2036.958862] FAULT_INJECTION: forcing a failure. [ 2036.958862] name failslab, interval 1, probability 0, space 0, times 0 [ 2036.959056] device_create_groups_vargs+0x1a2/0x250 [ 2036.959069] device_create_vargs+0x3a/0x50 [ 2036.959085] bdi_register_va.part.0+0x35/0x650 [ 2036.959097] bdi_register_va+0x63/0x80 [ 2036.959112] super_setup_bdi_name+0x123/0x220 [ 2036.984765] FAULT_INJECTION: forcing a failure. [ 2036.984765] name failslab, interval 1, probability 0, space 0, times 0 [ 2036.988040] ? kill_block_super+0xe0/0xe0 [ 2036.988054] ? do_raw_spin_unlock+0x164/0x220 [ 2036.988073] fuse_fill_super+0x937/0x15c0 [ 2036.988087] ? fuse_get_root_inode+0xc0/0xc0 [ 2037.020957] ? up_write+0x17/0x60 [ 2037.024418] ? register_shrinker+0x15f/0x220 [ 2037.024428] ? sget_userns+0x768/0xc10 [ 2037.032713] ? get_anon_bdev+0x1c0/0x1c0 [ 2037.036769] ? sget+0xd9/0x110 [ 2037.039961] ? fuse_get_root_inode+0xc0/0xc0 [ 2037.044353] mount_nodev+0x4c/0xf0 [ 2037.047875] mount_fs+0x92/0x2a0 [ 2037.051228] vfs_kern_mount.part.0+0x5b/0x470 [ 2037.055707] do_mount+0xe65/0x2a30 [ 2037.059232] ? copy_mount_string+0x40/0x40 [ 2037.063453] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 2037.068480] ? copy_mnt_ns+0xa30/0xa30 [ 2037.072362] ? copy_mount_options+0x1fa/0x2f0 [ 2037.076855] ? copy_mnt_ns+0xa30/0xa30 [ 2037.080738] SyS_mount+0xa8/0x120 [ 2037.084187] ? copy_mnt_ns+0xa30/0xa30 [ 2037.088066] do_syscall_64+0x1d5/0x640 [ 2037.091945] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2037.097118] RIP: 0033:0x7f1db9ff7109 [ 2037.100814] RSP: 002b:00007f1db896c168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2037.108518] RAX: ffffffffffffffda RBX: 00007f1dba109f60 RCX: 00007f1db9ff7109 [ 2037.115790] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 [ 2037.123039] RBP: 00007f1db896c1d0 R08: 0000000020000000 R09: 0000000000000000 [ 2037.130286] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2037.137537] R13: 00007fffbf242e2f R14: 00007f1db896c300 R15: 0000000000022000 [ 2037.144798] CPU: 0 PID: 23061 Comm: syz-executor.1 Not tainted 4.14.286-syzkaller #0 [ 2037.152680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2037.162020] Call Trace: [ 2037.164599] dump_stack+0x1b2/0x281 [ 2037.168221] should_fail.cold+0x10a/0x149 [ 2037.172368] should_failslab+0xd6/0x130 [ 2037.176337] __kmalloc+0x2c1/0x400 [ 2037.179868] ? match_strdup+0x58/0xa0 [ 2037.183667] ? map_id_down+0xe9/0x180 [ 2037.187451] match_strdup+0x58/0xa0 [ 2037.191059] fuse_fill_super+0x21d/0x15c0 [ 2037.195189] ? fuse_get_root_inode+0xc0/0xc0 [ 2037.199597] ? up_write+0x17/0x60 [ 2037.203026] ? register_shrinker+0x15f/0x220 [ 2037.207413] ? sget_userns+0x768/0xc10 [ 2037.211287] ? get_anon_bdev+0x1c0/0x1c0 [ 2037.215324] ? sget+0xd9/0x110 [ 2037.218506] ? fuse_get_root_inode+0xc0/0xc0 [ 2037.222891] mount_nodev+0x4c/0xf0 [ 2037.226410] mount_fs+0x92/0x2a0 [ 2037.229760] vfs_kern_mount.part.0+0x5b/0x470 [ 2037.234235] do_mount+0xe65/0x2a30 [ 2037.237761] ? copy_mount_string+0x40/0x40 [ 2037.241977] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 2037.246975] ? copy_mnt_ns+0xa30/0xa30 [ 2037.250844] ? copy_mount_options+0x1fa/0x2f0 [ 2037.255319] ? copy_mnt_ns+0xa30/0xa30 [ 2037.259185] SyS_mount+0xa8/0x120 [ 2037.262619] ? copy_mnt_ns+0xa30/0xa30 [ 2037.266486] do_syscall_64+0x1d5/0x640 [ 2037.270359] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2037.275528] RIP: 0033:0x7fc09e230109 [ 2037.279215] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2037.286916] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 [ 2037.294163] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 [ 2037.301422] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 [ 2037.308682] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2037.315940] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 10:58:06 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 20) 10:58:06 executing program 3: keyctl$KEYCTL_CAPABILITIES(0x1f, &(0x7f0000000080)=""/242, 0xf2) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) (async) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000180), 0x10800, 0x0) write$ppp(r0, &(0x7f0000000240)="47a3189349f95cb796d263efed7e7ec355dfa2b92bfc214382decdddac993396a40132baad821af998cbe3bedb10b97a64c42259fd53aa66e59ffb03802637cbe863b1df5cafdbea46b0ef8219f293fcd6360dac491f20c6a73b2a8d2032606fb60fb5bee62dd8a672005dcf49363fae2d6ea7520abb6991c100d4f90901c2f9371c991da057117140a3a828bb55c1b78243e7b4a0fa68be51c4f3e064adf9a0118d50495a9c7b6629546617a5a8d2a7adcdf90f696f", 0xb6) (async) ioctl$PPPIOCSPASS(0xffffffffffffffff, 0x40107447, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x3f, 0xe1, 0x2, 0xfffffff7}]}) 10:58:06 executing program 5: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000040)={&(0x7f00000000c0)="b6e33e91b7dff69187", &(0x7f0000000240)=""/4096, &(0x7f0000000000)="e108d86c452bb328c7a1ee3cf6242ccc4368027f64cf34580ba7f98255bb409e25fe08ef44641a36a671733297a9", &(0x7f0000000080)="652de03967f86b211dd998cd786017ef99ca1642a4686e7af2b1f0d276908f63bf12a12d4765d2b0fef384bc54ba3bacdb31047d6295bc2c1244c3ff", 0x2, 0xffffffffffffffff, 0x4}, 0x38) write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000100)={0x50, 0x0, 0x0, {0x7, 0x24, 0x80000001, 0x4000, 0x1, 0x8000, 0x64, 0x7}}, 0x50) 10:58:06 executing program 2: mount$fuse(0x0, &(0x7f0000000000)='.\x00', 0x0, 0x24888, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) read$FUSE(r1, &(0x7f0000000680)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_STATFS(r2, &(0x7f0000000080)={0x60, 0x0, r3, {{0x0, 0x4}}}, 0x60) write$FUSE_STATFS(r0, &(0x7f0000000080)={0x60, 0xffffffffffffffda, r3, {{0xa11a, 0x1, 0x9, 0x9, 0x1ff, 0x5, 0x20e, 0x800}}}, 0x60) mount$fuse(0x0, &(0x7f0000000000)='.\x00', 0x0, 0x24888, 0x0) (async) openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) read$FUSE(r1, &(0x7f0000000680)={0x2020}, 0x2020) (async) write$FUSE_STATFS(r2, &(0x7f0000000080)={0x60, 0x0, r3, {{0x0, 0x4}}}, 0x60) (async) write$FUSE_STATFS(r0, &(0x7f0000000080)={0x60, 0xffffffffffffffda, r3, {{0xa11a, 0x1, 0x9, 0x9, 0x1ff, 0x5, 0x20e, 0x800}}}, 0x60) (async) [ 2037.323202] CPU: 1 PID: 23062 Comm: syz-executor.4 Not tainted 4.14.286-syzkaller #0 [ 2037.331081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2037.340425] Call Trace: [ 2037.343004] dump_stack+0x1b2/0x281 [ 2037.346630] should_fail.cold+0x10a/0x149 [ 2037.350774] should_failslab+0xd6/0x130 [ 2037.354747] kmem_cache_alloc_node_trace+0x25a/0x400 [ 2037.359851] __kmalloc_node_track_caller+0x38/0x70 [ 2037.364776] __alloc_skb+0x96/0x510 [ 2037.368401] netlink_ack+0x216/0x9a0 10:58:06 executing program 5: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000040)={&(0x7f00000000c0)="b6e33e91b7dff69187", &(0x7f0000000240)=""/4096, &(0x7f0000000000)="e108d86c452bb328c7a1ee3cf6242ccc4368027f64cf34580ba7f98255bb409e25fe08ef44641a36a671733297a9", &(0x7f0000000080)="652de03967f86b211dd998cd786017ef99ca1642a4686e7af2b1f0d276908f63bf12a12d4765d2b0fef384bc54ba3bacdb31047d6295bc2c1244c3ff", 0x2, 0xffffffffffffffff, 0x4}, 0x38) (async, rerun: 64) write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000100)={0x50, 0x0, 0x0, {0x7, 0x24, 0x80000001, 0x4000, 0x1, 0x8000, 0x64, 0x7}}, 0x50) (rerun: 64) [ 2037.372113] ? netlink_sendmsg+0xbc0/0xbc0 [ 2037.376351] netlink_rcv_skb+0x2c5/0x390 [ 2037.380416] ? xfrm_dump_sa_done+0xd0/0xd0 [ 2037.384649] ? netlink_ack+0x9a0/0x9a0 [ 2037.388530] ? netlink_deliver_tap+0x90/0x860 [ 2037.393021] ? lock_downgrade+0x740/0x740 [ 2037.397169] xfrm_netlink_rcv+0x6b/0x90 [ 2037.401142] netlink_unicast+0x437/0x610 [ 2037.405201] ? netlink_sendskb+0xd0/0xd0 [ 2037.409256] ? __check_object_size+0x179/0x230 [ 2037.413843] netlink_sendmsg+0x648/0xbc0 [ 2037.417903] ? nlmsg_notify+0x1b0/0x1b0 10:58:06 executing program 5: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000040)={&(0x7f00000000c0)="b6e33e91b7dff69187", &(0x7f0000000240)=""/4096, &(0x7f0000000000)="e108d86c452bb328c7a1ee3cf6242ccc4368027f64cf34580ba7f98255bb409e25fe08ef44641a36a671733297a9", &(0x7f0000000080)="652de03967f86b211dd998cd786017ef99ca1642a4686e7af2b1f0d276908f63bf12a12d4765d2b0fef384bc54ba3bacdb31047d6295bc2c1244c3ff", 0x2, 0xffffffffffffffff, 0x4}, 0x38) write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000100)={0x50, 0x0, 0x0, {0x7, 0x24, 0x80000001, 0x4000, 0x1, 0x8000, 0x64, 0x7}}, 0x50) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) (async) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000040)={&(0x7f00000000c0)="b6e33e91b7dff69187", &(0x7f0000000240)=""/4096, &(0x7f0000000000)="e108d86c452bb328c7a1ee3cf6242ccc4368027f64cf34580ba7f98255bb409e25fe08ef44641a36a671733297a9", &(0x7f0000000080)="652de03967f86b211dd998cd786017ef99ca1642a4686e7af2b1f0d276908f63bf12a12d4765d2b0fef384bc54ba3bacdb31047d6295bc2c1244c3ff", 0x2, 0xffffffffffffffff, 0x4}, 0x38) (async) write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000100)={0x50, 0x0, 0x0, {0x7, 0x24, 0x80000001, 0x4000, 0x1, 0x8000, 0x64, 0x7}}, 0x50) (async) 10:58:06 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 15) [ 2037.421866] ? kernel_recvmsg+0x210/0x210 [ 2037.426011] ? security_socket_sendmsg+0x83/0xb0 [ 2037.430761] ? nlmsg_notify+0x1b0/0x1b0 [ 2037.434733] sock_sendmsg+0xb5/0x100 [ 2037.438440] ___sys_sendmsg+0x6c8/0x800 [ 2037.442411] ? get_pid_task+0x91/0x130 [ 2037.446292] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2037.451050] ? lock_downgrade+0x740/0x740 [ 2037.455203] ? __fget+0x23e/0x3e0 [ 2037.458670] ? lock_acquire+0x170/0x3f0 [ 2037.462640] ? lock_downgrade+0x740/0x740 [ 2037.466786] ? __fget+0x265/0x3e0 [ 2037.470240] ? __fdget+0x19b/0x1f0 [ 2037.473777] ? sockfd_lookup_light+0xb2/0x160 [ 2037.478273] __sys_sendmsg+0xa3/0x120 [ 2037.479105] FAULT_INJECTION: forcing a failure. [ 2037.479105] name failslab, interval 1, probability 0, space 0, times 0 [ 2037.482063] ? SyS_shutdown+0x160/0x160 [ 2037.482076] ? wait_for_completion_io+0x10/0x10 [ 2037.482095] ? SyS_read+0x210/0x210 [ 2037.482104] ? __do_page_fault+0x159/0xad0 [ 2037.482117] SyS_sendmsg+0x27/0x40 [ 2037.513231] ? __sys_sendmsg+0x120/0x120 [ 2037.517275] do_syscall_64+0x1d5/0x640 [ 2037.521153] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2037.526324] RIP: 0033:0x7f6ddd5ec109 [ 2037.530014] RSP: 002b:00007f6ddbf61168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2037.537707] RAX: ffffffffffffffda RBX: 00007f6ddd6fef60 RCX: 00007f6ddd5ec109 [ 2037.544969] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003 [ 2037.552246] RBP: 00007f6ddbf611d0 R08: 0000000000000000 R09: 0000000000000000 [ 2037.559505] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2037.566760] R13: 00007ffd7370be8f R14: 00007f6ddbf61300 R15: 0000000000022000 [ 2037.574025] CPU: 0 PID: 23099 Comm: syz-executor.1 Not tainted 4.14.286-syzkaller #0 [ 2037.581934] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2037.591294] Call Trace: [ 2037.593862] dump_stack+0x1b2/0x281 [ 2037.597467] should_fail.cold+0x10a/0x149 [ 2037.601594] should_failslab+0xd6/0x130 [ 2037.605546] kmem_cache_alloc_trace+0x29a/0x3d0 [ 2037.610284] fuse_fill_super+0x74f/0x15c0 [ 2037.614409] ? fuse_get_root_inode+0xc0/0xc0 [ 2037.618806] ? up_write+0x17/0x60 [ 2037.622237] ? register_shrinker+0x15f/0x220 [ 2037.626623] ? sget_userns+0x768/0xc10 [ 2037.630490] ? get_anon_bdev+0x1c0/0x1c0 [ 2037.634524] ? sget+0xd9/0x110 [ 2037.637693] ? fuse_get_root_inode+0xc0/0xc0 [ 2037.642082] mount_nodev+0x4c/0xf0 [ 2037.645598] mount_fs+0x92/0x2a0 [ 2037.648949] vfs_kern_mount.part.0+0x5b/0x470 [ 2037.653419] do_mount+0xe65/0x2a30 [ 2037.656943] ? copy_mount_string+0x40/0x40 [ 2037.661153] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 2037.666142] ? copy_mnt_ns+0xa30/0xa30 [ 2037.670005] ? copy_mount_options+0x1fa/0x2f0 [ 2037.674476] ? copy_mnt_ns+0xa30/0xa30 [ 2037.678339] SyS_mount+0xa8/0x120 [ 2037.681767] ? copy_mnt_ns+0xa30/0xa30 [ 2037.685643] do_syscall_64+0x1d5/0x640 [ 2037.689509] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2037.694684] RIP: 0033:0x7fc09e230109 [ 2037.698367] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2037.706051] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 [ 2037.713295] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 10:58:06 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@updsa={0xf0, 0x1a, 0xf03, 0x0, 0x0, {{@in=@local, @in=@loopback}, {@in6=@empty}, @in=@remote}}, 0xf0}}, 0x0) (fail_nth: 6) 10:58:06 executing program 5: bpf$PROG_BIND_MAP(0x23, &(0x7f0000000040)={0xffffffffffffffff, 0x1}, 0xc) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) 10:58:06 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) 10:58:06 executing program 2: mount$fuse(0x0, &(0x7f0000000000)='.\x00', 0x0, 0x24888, 0x0) (async) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) read$FUSE(r1, &(0x7f0000000680)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_STATFS(r2, &(0x7f0000000080)={0x60, 0x0, r3, {{0x0, 0x4}}}, 0x60) write$FUSE_STATFS(r0, &(0x7f0000000080)={0x60, 0xffffffffffffffda, r3, {{0xa11a, 0x1, 0x9, 0x9, 0x1ff, 0x5, 0x20e, 0x800}}}, 0x60) 10:58:06 executing program 3: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000000)={0x3, 0x0}, 0x8) read$FUSE(0xffffffffffffffff, &(0x7f0000000240)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000080)={0x50, 0x0, r1, {0x7, 0x24, 0x3, 0x8800, 0x2, 0x9, 0x1ff, 0x8}}, 0x50) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000040)={r0}, 0x4) read$FUSE(0xffffffffffffffff, &(0x7f0000002280)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r4}, 0x2c, {'group_id', 0x3d, r5}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r6}}]}}) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) r10 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r10, 0x6, 0x23, 0x0, 0x0) ioctl$sock_inet6_tcp_SIOCATMARK(r10, 0x8905, &(0x7f00000042c0)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r7}, 0x2c, {'group_id', 0x3d, r8}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r9}}]}}) setresuid(r4, r2, r7) prctl$PR_SET_PTRACER(0x59616d61, r3) [ 2037.720538] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 [ 2037.727793] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2037.735041] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 10:58:06 executing program 3: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) (async) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000000)={0x3, 0x0}, 0x8) (async) read$FUSE(0xffffffffffffffff, &(0x7f0000000240)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000080)={0x50, 0x0, r1, {0x7, 0x24, 0x3, 0x8800, 0x2, 0x9, 0x1ff, 0x8}}, 0x50) (async, rerun: 64) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000040)={r0}, 0x4) (rerun: 64) read$FUSE(0xffffffffffffffff, &(0x7f0000002280)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r4}, 0x2c, {'group_id', 0x3d, r5}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r6}}]}}) (async) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) (async) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) (async) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) (async, rerun: 64) r10 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (rerun: 64) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r10, 0x6, 0x23, 0x0, 0x0) (async) ioctl$sock_inet6_tcp_SIOCATMARK(r10, 0x8905, &(0x7f00000042c0)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r7}, 0x2c, {'group_id', 0x3d, r8}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r9}}]}}) (async) setresuid(r4, r2, r7) (async) prctl$PR_SET_PTRACER(0x59616d61, r3) 10:58:06 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00'}, 0x10) r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000080), 0x8) write$FUSE_INIT(r0, &(0x7f00000000c0)={0x50, 0x0, 0x0, {0x7, 0x24, 0x31b4af8e, 0x200, 0x8000, 0x5, 0x0, 0x8}}, 0x50) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) r4 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) r5 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) read$FUSE(r4, &(0x7f0000000680)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_STATFS(r5, &(0x7f0000000080)={0x60, 0x0, r6}, 0x60) write$FUSE_LSEEK(r2, &(0x7f0000000140)={0x18, 0x0, r6, {0x3}}, 0x18) 10:58:06 executing program 5: bpf$PROG_BIND_MAP(0x23, &(0x7f0000000040)={0xffffffffffffffff, 0x1}, 0xc) (async) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) 10:58:06 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) 10:58:06 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) (async, rerun: 32) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00'}, 0x10) (async, rerun: 32) r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000080), 0x8) write$FUSE_INIT(r0, &(0x7f00000000c0)={0x50, 0x0, 0x0, {0x7, 0x24, 0x31b4af8e, 0x200, 0x8000, 0x5, 0x0, 0x8}}, 0x50) (async) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) (async) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async) r4 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) r5 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) read$FUSE(r4, &(0x7f0000000680)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_STATFS(r5, &(0x7f0000000080)={0x60, 0x0, r6}, 0x60) write$FUSE_LSEEK(r2, &(0x7f0000000140)={0x18, 0x0, r6, {0x3}}, 0x18) 10:58:06 executing program 3: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) (async) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000000)={0x3, 0x0}, 0x8) (async) read$FUSE(0xffffffffffffffff, &(0x7f0000000240)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000080)={0x50, 0x0, r1, {0x7, 0x24, 0x3, 0x8800, 0x2, 0x9, 0x1ff, 0x8}}, 0x50) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000040)={r0}, 0x4) (async, rerun: 64) read$FUSE(0xffffffffffffffff, &(0x7f0000002280)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) (async, rerun: 64) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) (async) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) (async) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r4}, 0x2c, {'group_id', 0x3d, r5}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r6}}]}}) (async) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) (async) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) (async) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) r10 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r10, 0x6, 0x23, 0x0, 0x0) (async, rerun: 64) ioctl$sock_inet6_tcp_SIOCATMARK(r10, 0x8905, &(0x7f00000042c0)) (async, rerun: 64) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r7}, 0x2c, {'group_id', 0x3d, r8}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r9}}]}}) setresuid(r4, r2, r7) (async) prctl$PR_SET_PTRACER(0x59616d61, r3) 10:58:06 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 16) [ 2037.931185] FAULT_INJECTION: forcing a failure. [ 2037.931185] name failslab, interval 1, probability 0, space 0, times 0 [ 2037.939473] FAULT_INJECTION: forcing a failure. [ 2037.939473] name failslab, interval 1, probability 0, space 0, times 0 [ 2037.946809] CPU: 1 PID: 23149 Comm: syz-executor.4 Not tainted 4.14.286-syzkaller #0 [ 2037.961461] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2037.970798] Call Trace: [ 2037.973527] dump_stack+0x1b2/0x281 [ 2037.977146] should_fail.cold+0x10a/0x149 [ 2037.981296] should_failslab+0xd6/0x130 [ 2037.985261] kmem_cache_alloc+0x40/0x3c0 [ 2037.989318] skb_clone+0x126/0x9a0 [ 2037.992939] netlink_deliver_tap+0x67e/0x860 [ 2037.997355] netlink_sendskb+0x45/0xd0 [ 2038.001230] netlink_unicast+0x50a/0x610 [ 2038.005278] ? netlink_sendskb+0xd0/0xd0 [ 2038.009329] ? __nlmsg_put+0x155/0x1c0 [ 2038.013214] netlink_ack+0x514/0x9a0 [ 2038.016911] ? netlink_sendmsg+0xbc0/0xbc0 [ 2038.021134] netlink_rcv_skb+0x2c5/0x390 [ 2038.025176] ? xfrm_dump_sa_done+0xd0/0xd0 [ 2038.029390] ? netlink_ack+0x9a0/0x9a0 [ 2038.033256] ? netlink_deliver_tap+0x90/0x860 [ 2038.037737] ? lock_downgrade+0x740/0x740 [ 2038.041868] xfrm_netlink_rcv+0x6b/0x90 [ 2038.045823] netlink_unicast+0x437/0x610 [ 2038.049864] ? netlink_sendskb+0xd0/0xd0 [ 2038.053991] ? __check_object_size+0x179/0x230 [ 2038.058555] netlink_sendmsg+0x648/0xbc0 [ 2038.062600] ? nlmsg_notify+0x1b0/0x1b0 [ 2038.066556] ? kernel_recvmsg+0x210/0x210 [ 2038.070686] ? security_socket_sendmsg+0x83/0xb0 [ 2038.075423] ? nlmsg_notify+0x1b0/0x1b0 [ 2038.079376] sock_sendmsg+0xb5/0x100 [ 2038.083071] ___sys_sendmsg+0x6c8/0x800 [ 2038.087025] ? get_pid_task+0x91/0x130 [ 2038.090908] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2038.095645] ? lock_downgrade+0x740/0x740 [ 2038.099873] ? __fget+0x23e/0x3e0 [ 2038.103393] ? lock_acquire+0x170/0x3f0 [ 2038.107522] ? lock_downgrade+0x740/0x740 [ 2038.111661] ? __fget+0x265/0x3e0 [ 2038.115114] ? __fdget+0x19b/0x1f0 [ 2038.118637] ? sockfd_lookup_light+0xb2/0x160 [ 2038.123119] __sys_sendmsg+0xa3/0x120 [ 2038.126899] ? SyS_shutdown+0x160/0x160 [ 2038.130856] ? wait_for_completion_io+0x10/0x10 [ 2038.135512] ? SyS_read+0x210/0x210 [ 2038.139124] ? __do_page_fault+0x159/0xad0 [ 2038.143338] SyS_sendmsg+0x27/0x40 [ 2038.146858] ? __sys_sendmsg+0x120/0x120 [ 2038.150901] do_syscall_64+0x1d5/0x640 [ 2038.154791] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2038.159960] RIP: 0033:0x7f6ddd5ec109 [ 2038.163649] RSP: 002b:00007f6ddbf61168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2038.171340] RAX: ffffffffffffffda RBX: 00007f6ddd6fef60 RCX: 00007f6ddd5ec109 [ 2038.178591] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003 [ 2038.185841] RBP: 00007f6ddbf611d0 R08: 0000000000000000 R09: 0000000000000000 [ 2038.193089] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2038.200340] R13: 00007ffd7370be8f R14: 00007f6ddbf61300 R15: 0000000000022000 [ 2038.207616] CPU: 0 PID: 23150 Comm: syz-executor.1 Not tainted 4.14.286-syzkaller #0 [ 2038.215500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2038.224842] Call Trace: [ 2038.227428] dump_stack+0x1b2/0x281 10:58:07 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@updsa={0xf0, 0x1a, 0xf03, 0x0, 0x0, {{@in=@local, @in=@loopback}, {@in6=@empty}, @in=@remote}}, 0xf0}}, 0x0) (fail_nth: 7) 10:58:07 executing program 5: bpf$PROG_BIND_MAP(0x23, &(0x7f0000000040)={0xffffffffffffffff, 0x1}, 0xc) (async) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) 10:58:07 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00'}, 0x10) r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000080), 0x8) write$FUSE_INIT(r0, &(0x7f00000000c0)={0x50, 0x0, 0x0, {0x7, 0x24, 0x31b4af8e, 0x200, 0x8000, 0x5, 0x0, 0x8}}, 0x50) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) r4 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) r5 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) read$FUSE(r4, &(0x7f0000000680)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_STATFS(r5, &(0x7f0000000080)={0x60, 0x0, r6}, 0x60) write$FUSE_LSEEK(r2, &(0x7f0000000140)={0x18, 0x0, r6, {0x3}}, 0x18) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) (async) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00'}, 0x10) (async) bpf$ITER_CREATE(0x21, &(0x7f0000000080), 0x8) (async) write$FUSE_INIT(r0, &(0x7f00000000c0)={0x50, 0x0, 0x0, {0x7, 0x24, 0x31b4af8e, 0x200, 0x8000, 0x5, 0x0, 0x8}}, 0x50) (async) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)) (async) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) read$FUSE(r4, &(0x7f0000000680)={0x2020}, 0x2020) (async) write$FUSE_STATFS(r5, &(0x7f0000000080)={0x60, 0x0, r6}, 0x60) (async) write$FUSE_LSEEK(r2, &(0x7f0000000140)={0x18, 0x0, r6, {0x3}}, 0x18) (async) 10:58:07 executing program 3: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) r2 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000140)={&(0x7f0000000080)='./file0\x00', 0x0, 0x8}, 0x10) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000180)={r2, 0x58}, 0x61) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0xffffffff, 0x18}, 0xc) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) 10:58:07 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) (async) openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) [ 2038.231053] should_fail.cold+0x10a/0x149 [ 2038.235198] should_failslab+0xd6/0x130 [ 2038.239172] kmem_cache_alloc_trace+0x29a/0x3d0 [ 2038.243838] fuse_dev_alloc+0x4b/0x310 [ 2038.247717] ? task_active_pid_ns+0xa1/0xc0 [ 2038.252036] fuse_fill_super+0x79d/0x15c0 [ 2038.256184] ? fuse_get_root_inode+0xc0/0xc0 [ 2038.260585] ? up_write+0x17/0x60 [ 2038.264032] ? register_shrinker+0x15f/0x220 [ 2038.268435] ? sget_userns+0x768/0xc10 [ 2038.272327] ? get_anon_bdev+0x1c0/0x1c0 [ 2038.276378] ? sget+0xd9/0x110 10:58:07 executing program 2: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0) write$FUSE_DIRENT(r0, &(0x7f0000000500)={0xb8, 0x0, 0x0, [{0x4, 0x101, 0x2, 0xb0fc, 'fd'}, {0x0, 0x8, 0x4, 0x1ff, '\x85&^-'}, {0x3, 0x74, 0x1, 0x8000, '('}, {0x4, 0x911c, 0x8, 0x1, 'rootmode'}, {0x2, 0x7fffffff, 0xb, 0xffffff7f, 'smackfsroot'}]}, 0xb8) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r3}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r4}}]}}) write$FUSE_ENTRY(r1, &(0x7f0000000040)={0x90, 0x0, 0x0, {0x4, 0x1, 0x84a, 0x1, 0x3, 0x400, {0x6, 0x3ff, 0x8, 0x8, 0xbf4, 0x615d, 0x7, 0x2, 0x101, 0xa000, 0x646b, 0xee00, r3, 0x25e4, 0xfffffffd}}}, 0x90) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000480)={&(0x7f0000000440)='./file0\x00', 0x0, 0x18}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000400)={&(0x7f00000003c0)='./file0\x00', 0x0, 0x18}, 0x10) 10:58:07 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 17) 10:58:07 executing program 0: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) read$snapshot(r0, &(0x7f0000000300)=""/178, 0xb2) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000010000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="2c006d112112fa869238fb1b13b9b47d402815a21fec4f8fea43ae6c5a3f05a20b32d0512a60845473d34405b5c05dac"]) write$FUSE_NOTIFY_INVAL_INODE(r1, &(0x7f0000000080)={0x28, 0x2, 0x0, {0x2, 0x7, 0x9}}, 0x28) write$FUSE_NOTIFY_POLL(r1, &(0x7f0000000440)={0x18}, 0x18) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000180)={&(0x7f0000000100)='./file0\x00', 0x0, 0x10}, 0x10) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r2, 0x6, 0x23, 0x0, 0x0) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000540)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r3, &(0x7f00000003c0)={0x50, 0xfffffffffffffff5, r4, {0x7, 0x24, 0x7, 0x1000, 0x7f, 0x8, 0x0, 0x400}}, 0x50) bpf$BPF_MAP_FREEZE(0x16, &(0x7f00000001c0)=r2, 0x4) [ 2038.279580] ? fuse_get_root_inode+0xc0/0xc0 [ 2038.279596] mount_nodev+0x4c/0xf0 10:58:07 executing program 5: mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x82, 0x0) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) write$FUSE_NOTIFY_DELETE(r1, &(0x7f0000000000)={0x2b, 0x6, 0x0, {0x5, 0x6, 0x2, 0x0, '].'}}, 0x2b) 10:58:07 executing program 2: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0) write$FUSE_DIRENT(r0, &(0x7f0000000500)={0xb8, 0x0, 0x0, [{0x4, 0x101, 0x2, 0xb0fc, 'fd'}, {0x0, 0x8, 0x4, 0x1ff, '\x85&^-'}, {0x3, 0x74, 0x1, 0x8000, '('}, {0x4, 0x911c, 0x8, 0x1, 'rootmode'}, {0x2, 0x7fffffff, 0xb, 0xffffff7f, 'smackfsroot'}]}, 0xb8) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) (async) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) (async) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r3}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r4}}]}}) (async) write$FUSE_ENTRY(r1, &(0x7f0000000040)={0x90, 0x0, 0x0, {0x4, 0x1, 0x84a, 0x1, 0x3, 0x400, {0x6, 0x3ff, 0x8, 0x8, 0xbf4, 0x615d, 0x7, 0x2, 0x101, 0xa000, 0x646b, 0xee00, r3, 0x25e4, 0xfffffffd}}}, 0x90) (async) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000480)={&(0x7f0000000440)='./file0\x00', 0x0, 0x18}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000400)={&(0x7f00000003c0)='./file0\x00', 0x0, 0x18}, 0x10) 10:58:07 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 18) [ 2038.279606] mount_fs+0x92/0x2a0 [ 2038.279619] vfs_kern_mount.part.0+0x5b/0x470 [ 2038.279630] do_mount+0xe65/0x2a30 [ 2038.279645] ? copy_mount_string+0x40/0x40 [ 2038.279657] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 2038.279665] ? copy_mnt_ns+0xa30/0xa30 [ 2038.279675] ? copy_mount_options+0x1fa/0x2f0 [ 2038.279682] ? copy_mnt_ns+0xa30/0xa30 [ 2038.279692] SyS_mount+0xa8/0x120 [ 2038.279699] ? copy_mnt_ns+0xa30/0xa30 10:58:07 executing program 5: mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x82, 0x0) (async) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) (async) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async) write$FUSE_NOTIFY_DELETE(r1, &(0x7f0000000000)={0x2b, 0x6, 0x0, {0x5, 0x6, 0x2, 0x0, '].'}}, 0x2b) [ 2038.279710] do_syscall_64+0x1d5/0x640 [ 2038.279724] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2038.279732] RIP: 0033:0x7fc09e230109 [ 2038.279736] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2038.279747] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 [ 2038.279752] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 [ 2038.279758] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 [ 2038.279763] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2038.279769] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 [ 2038.343001] FAULT_INJECTION: forcing a failure. [ 2038.343001] name failslab, interval 1, probability 0, space 0, times 0 [ 2038.343013] CPU: 0 PID: 23180 Comm: syz-executor.1 Not tainted 4.14.286-syzkaller #0 [ 2038.343019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2038.343023] Call Trace: [ 2038.343036] dump_stack+0x1b2/0x281 [ 2038.343051] should_fail.cold+0x10a/0x149 [ 2038.343065] should_failslab+0xd6/0x130 [ 2038.343078] kmem_cache_alloc_node_trace+0x25a/0x400 [ 2038.343090] bdi_alloc_node+0x5d/0x2e0 [ 2038.343102] super_setup_bdi_name+0x8b/0x220 [ 2038.343112] ? kill_block_super+0xe0/0xe0 [ 2038.343127] ? __lockdep_init_map+0x100/0x560 [ 2038.343137] ? do_raw_spin_unlock+0x164/0x220 10:58:07 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) read$FUSE(0xffffffffffffffff, &(0x7f00000003c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_DIRENT(r2, &(0x7f00000000c0)=ANY=[@ANYBLOB="9000ffff00ff0000", @ANYRES64=r4, @ANYBLOB="0600000000000000010000000000000002000000020000005b3a0000000000000000000000000000ff010000000000000100000005d90000000000000000000004000000000000000002000000000000010000000700000000000000000000000500000000000000080000000000000002000000010100002327000000000000"], 0x90) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000040)={0xffffffffffffffff, 0x58, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000280), 0x100) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@updsa={0xf0, 0x1a, 0xf03, 0x0, 0x0, {{@in=@local, @in=@loopback, 0x4e23, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, r5}, {@in=@loopback}, @in=@private=0xa010100, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {}, {0x0, 0x0, 0x7}}}, 0xf0}}, 0x0) 10:58:07 executing program 2: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0) write$FUSE_DIRENT(r0, &(0x7f0000000500)={0xb8, 0x0, 0x0, [{0x4, 0x101, 0x2, 0xb0fc, 'fd'}, {0x0, 0x8, 0x4, 0x1ff, '\x85&^-'}, {0x3, 0x74, 0x1, 0x8000, '('}, {0x4, 0x911c, 0x8, 0x1, 'rootmode'}, {0x2, 0x7fffffff, 0xb, 0xffffff7f, 'smackfsroot'}]}, 0xb8) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r3}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r4}}]}}) write$FUSE_ENTRY(r1, &(0x7f0000000040)={0x90, 0x0, 0x0, {0x4, 0x1, 0x84a, 0x1, 0x3, 0x400, {0x6, 0x3ff, 0x8, 0x8, 0xbf4, 0x615d, 0x7, 0x2, 0x101, 0xa000, 0x646b, 0xee00, r3, 0x25e4, 0xfffffffd}}}, 0x90) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000480)={&(0x7f0000000440)='./file0\x00', 0x0, 0x18}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000400)={&(0x7f00000003c0)='./file0\x00', 0x0, 0x18}, 0x10) openat$cuse(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0) (async) write$FUSE_DIRENT(r0, &(0x7f0000000500)={0xb8, 0x0, 0x0, [{0x4, 0x101, 0x2, 0xb0fc, 'fd'}, {0x0, 0x8, 0x4, 0x1ff, '\x85&^-'}, {0x3, 0x74, 0x1, 0x8000, '('}, {0x4, 0x911c, 0x8, 0x1, 'rootmode'}, {0x2, 0x7fffffff, 0xb, 0xffffff7f, 'smackfsroot'}]}, 0xb8) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async) getresuid(&(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100)) (async) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)) (async) getresuid(&(0x7f0000000200), &(0x7f0000000240), &(0x7f0000000280)) (async) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r3}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r4}}]}}) (async) write$FUSE_ENTRY(r1, &(0x7f0000000040)={0x90, 0x0, 0x0, {0x4, 0x1, 0x84a, 0x1, 0x3, 0x400, {0x6, 0x3ff, 0x8, 0x8, 0xbf4, 0x615d, 0x7, 0x2, 0x101, 0xa000, 0x646b, 0xee00, r3, 0x25e4, 0xfffffffd}}}, 0x90) (async) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000480)={&(0x7f0000000440)='./file0\x00', 0x0, 0x18}, 0x10) (async) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000400)={&(0x7f00000003c0)='./file0\x00', 0x0, 0x18}, 0x10) (async) 10:58:07 executing program 5: mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x82, 0x0) (async) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) (async) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) write$FUSE_NOTIFY_DELETE(r1, &(0x7f0000000000)={0x2b, 0x6, 0x0, {0x5, 0x6, 0x2, 0x0, '].'}}, 0x2b) [ 2038.343154] fuse_fill_super+0x937/0x15c0 [ 2038.343167] ? fuse_get_root_inode+0xc0/0xc0 [ 2038.343178] ? up_write+0x17/0x60 [ 2038.343185] ? register_shrinker+0x15f/0x220 [ 2038.343193] ? sget_userns+0x768/0xc10 [ 2038.343209] ? get_anon_bdev+0x1c0/0x1c0 [ 2038.343215] ? sget+0xd9/0x110 [ 2038.343226] ? fuse_get_root_inode+0xc0/0xc0 [ 2038.343234] mount_nodev+0x4c/0xf0 [ 2038.343243] mount_fs+0x92/0x2a0 [ 2038.343255] vfs_kern_mount.part.0+0x5b/0x470 [ 2038.343267] do_mount+0xe65/0x2a30 [ 2038.343282] ? copy_mount_string+0x40/0x40 [ 2038.343293] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 2038.343303] ? copy_mnt_ns+0xa30/0xa30 [ 2038.343313] ? copy_mount_options+0x1fa/0x2f0 [ 2038.343321] ? copy_mnt_ns+0xa30/0xa30 [ 2038.343332] SyS_mount+0xa8/0x120 [ 2038.343342] ? copy_mnt_ns+0xa30/0xa30 [ 2038.343355] do_syscall_64+0x1d5/0x640 [ 2038.343370] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2038.343378] RIP: 0033:0x7fc09e230109 [ 2038.343383] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2038.343394] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 [ 2038.343399] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 [ 2038.343405] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 [ 2038.343411] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2038.343417] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 [ 2038.510657] FAULT_INJECTION: forcing a failure. [ 2038.510657] name failslab, interval 1, probability 0, space 0, times 0 [ 2038.702039] CPU: 0 PID: 23203 Comm: syz-executor.1 Not tainted 4.14.286-syzkaller #0 [ 2038.709914] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2038.719242] Call Trace: [ 2038.721808] dump_stack+0x1b2/0x281 [ 2038.725413] should_fail.cold+0x10a/0x149 [ 2038.729540] should_failslab+0xd6/0x130 [ 2038.733506] kmem_cache_alloc_trace+0x29a/0x3d0 [ 2038.738171] wb_congested_get_create+0x15b/0x360 [ 2038.742906] wb_init+0x4f6/0x7c0 [ 2038.746252] ? __raw_spin_lock_init+0x28/0x100 [ 2038.750808] cgwb_bdi_init+0xe2/0x1e0 [ 2038.754584] bdi_alloc_node+0x224/0x2e0 [ 2038.758535] super_setup_bdi_name+0x8b/0x220 [ 2038.762922] ? kill_block_super+0xe0/0xe0 [ 2038.767057] ? __lockdep_init_map+0x100/0x560 [ 2038.771530] ? do_raw_spin_unlock+0x164/0x220 [ 2038.776023] fuse_fill_super+0x937/0x15c0 [ 2038.780148] ? fuse_get_root_inode+0xc0/0xc0 [ 2038.784530] ? up_write+0x17/0x60 [ 2038.787962] ? register_shrinker+0x15f/0x220 [ 2038.792344] ? sget_userns+0x768/0xc10 [ 2038.796212] ? get_anon_bdev+0x1c0/0x1c0 [ 2038.800246] ? sget+0xd9/0x110 [ 2038.803413] ? fuse_get_root_inode+0xc0/0xc0 [ 2038.807807] mount_nodev+0x4c/0xf0 [ 2038.811324] mount_fs+0x92/0x2a0 [ 2038.814667] vfs_kern_mount.part.0+0x5b/0x470 [ 2038.819138] do_mount+0xe65/0x2a30 [ 2038.822656] ? copy_mount_string+0x40/0x40 [ 2038.826867] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 2038.831858] ? copy_mnt_ns+0xa30/0xa30 [ 2038.835721] ? copy_mount_options+0x1fa/0x2f0 [ 2038.840193] ? copy_mnt_ns+0xa30/0xa30 [ 2038.844072] SyS_mount+0xa8/0x120 [ 2038.847510] ? copy_mnt_ns+0xa30/0xa30 [ 2038.851371] do_syscall_64+0x1d5/0x640 10:58:07 executing program 3: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) r2 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000140)={&(0x7f0000000080)='./file0\x00', 0x0, 0x8}, 0x10) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000180)={r2, 0x58}, 0x61) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0xffffffff, 0x18}, 0xc) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (async) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (async) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) (async) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000140)={&(0x7f0000000080)='./file0\x00', 0x0, 0x8}, 0x10) (async) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000180)={r2, 0x58}, 0x61) (async) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0xffffffff, 0x18}, 0xc) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) (async) 10:58:07 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) read$FUSE(0xffffffffffffffff, &(0x7f00000003c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_DIRENT(r2, &(0x7f00000000c0)=ANY=[@ANYBLOB="9000ffff00ff0000", @ANYRES64=r4, @ANYBLOB="0600000000000000010000000000000002000000020000005b3a0000000000000000000000000000ff010000000000000100000005d90000000000000000000004000000000000000002000000000000010000000700000000000000000000000500000000000000080000000000000002000000010100002327000000000000"], 0x90) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000040)={0xffffffffffffffff, 0x58, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000280), 0x100) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@updsa={0xf0, 0x1a, 0xf03, 0x0, 0x0, {{@in=@local, @in=@loopback, 0x4e23, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, r5}, {@in=@loopback}, @in=@private=0xa010100, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {}, {0x0, 0x0, 0x7}}}, 0xf0}}, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) (async) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)) (async) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async) read$FUSE(0xffffffffffffffff, &(0x7f00000003c0)={0x2020}, 0x2020) (async) write$FUSE_DIRENT(r2, &(0x7f00000000c0)=ANY=[@ANYBLOB="9000ffff00ff0000", @ANYRES64=r4, @ANYBLOB="0600000000000000010000000000000002000000020000005b3a0000000000000000000000000000ff010000000000000100000005d90000000000000000000004000000000000000002000000000000010000000700000000000000000000000500000000000000080000000000000002000000010100002327000000000000"], 0x90) (async) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000040)={0xffffffffffffffff, 0x58, &(0x7f0000000200)}, 0x10) (async) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000280), 0x100) (async) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@updsa={0xf0, 0x1a, 0xf03, 0x0, 0x0, {{@in=@local, @in=@loopback, 0x4e23, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, r5}, {@in=@loopback}, @in=@private=0xa010100, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {}, {0x0, 0x0, 0x7}}}, 0xf0}}, 0x0) (async) 10:58:07 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) ioctl$KVM_GET_PIT2(r1, 0x8070ae9f, &(0x7f0000000040)) 10:58:07 executing program 5: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000080)={r0}, 0x8) ioctl$PPPIOCSMRRU(r1, 0x4004743b, &(0x7f00000000c0)) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) ioctl$KVM_SET_PIT2(r0, 0x4070aea0, &(0x7f0000000000)={[{0x0, 0xe22, 0x3, 0x8, 0x9, 0x1, 0x9, 0x6, 0x81, 0x40, 0x5, 0x3, 0x2b4f}, {0x2, 0x401, 0x5, 0xff, 0x9, 0x9c, 0xf2, 0xfb, 0x3, 0x3, 0x3, 0xff, 0x4d76bede}, {0x103, 0xdf87, 0xff, 0x5, 0xe0, 0x7f, 0xa2, 0x1, 0x6, 0xfc, 0x20, 0x2, 0x80000001}], 0x6}) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000140)={&(0x7f0000000100)='./file0\x00', 0x0, 0x18}, 0x10) [ 2038.855236] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2038.860397] RIP: 0033:0x7fc09e230109 [ 2038.864082] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2038.871767] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 [ 2038.879013] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 [ 2038.886272] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 [ 2038.893519] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2038.900769] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 10:58:07 executing program 0: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) read$snapshot(r0, &(0x7f0000000300)=""/178, 0xb2) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000010000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="2c006d112112fa869238fb1b13b9b47d402815a21fec4f8fea43ae6c5a3f05a20b32d0512a60845473d34405b5c05dac"]) write$FUSE_NOTIFY_INVAL_INODE(r1, &(0x7f0000000080)={0x28, 0x2, 0x0, {0x2, 0x7, 0x9}}, 0x28) write$FUSE_NOTIFY_POLL(r1, &(0x7f0000000440)={0x18}, 0x18) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000180)={&(0x7f0000000100)='./file0\x00', 0x0, 0x10}, 0x10) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r2, 0x6, 0x23, 0x0, 0x0) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000540)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r3, &(0x7f00000003c0)={0x50, 0xfffffffffffffff5, r4, {0x7, 0x24, 0x7, 0x1000, 0x7f, 0x8, 0x0, 0x400}}, 0x50) bpf$BPF_MAP_FREEZE(0x16, &(0x7f00000001c0)=r2, 0x4) openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) (async) read$snapshot(r0, &(0x7f0000000300)=""/178, 0xb2) (async) openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000010000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="2c006d112112fa869238fb1b13b9b47d402815a21fec4f8fea43ae6c5a3f05a20b32d0512a60845473d34405b5c05dac"]) (async) write$FUSE_NOTIFY_INVAL_INODE(r1, &(0x7f0000000080)={0x28, 0x2, 0x0, {0x2, 0x7, 0x9}}, 0x28) (async) write$FUSE_NOTIFY_POLL(r1, &(0x7f0000000440)={0x18}, 0x18) (async) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000180)={&(0x7f0000000100)='./file0\x00', 0x0, 0x10}, 0x10) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (async) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r2, 0x6, 0x23, 0x0, 0x0) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async) read$FUSE(0xffffffffffffffff, &(0x7f0000000540)={0x2020}, 0x2020) (async) write$FUSE_INIT(r3, &(0x7f00000003c0)={0x50, 0xfffffffffffffff5, r4, {0x7, 0x24, 0x7, 0x1000, 0x7f, 0x8, 0x0, 0x400}}, 0x50) (async) bpf$BPF_MAP_FREEZE(0x16, &(0x7f00000001c0)=r2, 0x4) (async) 10:58:07 executing program 5: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000080)={r0}, 0x8) ioctl$PPPIOCSMRRU(r1, 0x4004743b, &(0x7f00000000c0)) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) ioctl$KVM_SET_PIT2(r0, 0x4070aea0, &(0x7f0000000000)={[{0x0, 0xe22, 0x3, 0x8, 0x9, 0x1, 0x9, 0x6, 0x81, 0x40, 0x5, 0x3, 0x2b4f}, {0x2, 0x401, 0x5, 0xff, 0x9, 0x9c, 0xf2, 0xfb, 0x3, 0x3, 0x3, 0xff, 0x4d76bede}, {0x103, 0xdf87, 0xff, 0x5, 0xe0, 0x7f, 0xa2, 0x1, 0x6, 0xfc, 0x20, 0x2, 0x80000001}], 0x6}) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) (async) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000140)={&(0x7f0000000100)='./file0\x00', 0x0, 0x18}, 0x10) 10:58:07 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) ioctl$KVM_GET_PIT2(r1, 0x8070ae9f, &(0x7f0000000040)) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) (async) bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (async) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (async) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) (async) ioctl$KVM_GET_PIT2(r1, 0x8070ae9f, &(0x7f0000000040)) (async) 10:58:08 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 19) 10:58:08 executing program 3: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) (async) r2 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000140)={&(0x7f0000000080)='./file0\x00', 0x0, 0x8}, 0x10) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000180)={r2, 0x58}, 0x61) (async, rerun: 32) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0xffffffff, 0x18}, 0xc) (async, rerun: 32) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) 10:58:08 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) (async) bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8) (async) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) (async) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) (async, rerun: 32) ioctl$KVM_GET_PIT2(r1, 0x8070ae9f, &(0x7f0000000040)) (rerun: 32) 10:58:08 executing program 5: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000080)={r0}, 0x8) ioctl$PPPIOCSMRRU(r1, 0x4004743b, &(0x7f00000000c0)) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) ioctl$KVM_SET_PIT2(r0, 0x4070aea0, &(0x7f0000000000)={[{0x0, 0xe22, 0x3, 0x8, 0x9, 0x1, 0x9, 0x6, 0x81, 0x40, 0x5, 0x3, 0x2b4f}, {0x2, 0x401, 0x5, 0xff, 0x9, 0x9c, 0xf2, 0xfb, 0x3, 0x3, 0x3, 0xff, 0x4d76bede}, {0x103, 0xdf87, 0xff, 0x5, 0xe0, 0x7f, 0xa2, 0x1, 0x6, 0xfc, 0x20, 0x2, 0x80000001}], 0x6}) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000140)={&(0x7f0000000100)='./file0\x00', 0x0, 0x18}, 0x10) openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (async) bpf$ITER_CREATE(0x21, &(0x7f0000000080)={r0}, 0x8) (async) ioctl$PPPIOCSMRRU(r1, 0x4004743b, &(0x7f00000000c0)) (async) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) (async) ioctl$KVM_SET_PIT2(r0, 0x4070aea0, &(0x7f0000000000)={[{0x0, 0xe22, 0x3, 0x8, 0x9, 0x1, 0x9, 0x6, 0x81, 0x40, 0x5, 0x3, 0x2b4f}, {0x2, 0x401, 0x5, 0xff, 0x9, 0x9c, 0xf2, 0xfb, 0x3, 0x3, 0x3, 0xff, 0x4d76bede}, {0x103, 0xdf87, 0xff, 0x5, 0xe0, 0x7f, 0xa2, 0x1, 0x6, 0xfc, 0x20, 0x2, 0x80000001}], 0x6}) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) (async) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000140)={&(0x7f0000000100)='./file0\x00', 0x0, 0x18}, 0x10) (async) 10:58:08 executing program 2: set_robust_list(&(0x7f0000000140)={&(0x7f0000000100), 0x546f}, 0x18) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) bpf$ITER_CREATE(0x21, &(0x7f0000000040)={r0}, 0x8) socket$inet6_udp(0xa, 0x2, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(r0, 0x4068aea3, &(0x7f0000000480)={0xc1, 0x0, 0x2}) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r2, 0x6, 0x23, 0x0, 0x0) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r2, 0x8008ae9d, &(0x7f0000000440)=""/14) r3 = bpf$ITER_CREATE(0x21, &(0x7f0000000080)={r1}, 0x8) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000180)=0x1, 0x4) ioctl$KVM_GET_PIT2(r3, 0x8070ae9f, &(0x7f0000000200)) socket$nl_rdma(0x10, 0x3, 0x14) syz_open_dev$MSR(&(0x7f00000002c0), 0x6, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x1304082, 0x0) set_robust_list(&(0x7f0000000400)={&(0x7f0000000340)={&(0x7f0000000300)}, 0xfffffffffffff3f2, &(0x7f00000003c0)={&(0x7f0000000380)}}, 0x18) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, &(0x7f00000000c0)="6c970bca45201dc65191e26b6fb4c2e5", 0x10) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, &(0x7f0000000280)="e4b67a2387746b10b69efd0eac468853", 0x10) 10:58:08 executing program 3: openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x2c01000, &(0x7f0000000080)={{}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, 0xee00}, 0x2c, {'group_id', 0x3d, 0xffffffffffffffff}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x800}}], [{@appraise}, {@obj_role={'obj_role', 0x3d, '*'}}, {@dont_measure}, {@euid_gt={'euid>', 0xee01}}, {@uid_eq={'uid', 0x3d, 0xee00}}, {@func={'func', 0x3d, 'FILE_MMAP'}}]}}) read$FUSE(0xffffffffffffffff, &(0x7f0000000240)={0x2020}, 0x2020) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) read$FUSE(0xffffffffffffffff, &(0x7f0000002280)={0x2020, 0x0, 0x0}, 0x2020) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r4}, 0x2c, {'group_id', 0x3d, r5}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r6}}]}}) r7 = openat$vcs(0xffffffffffffff9c, &(0x7f00000063c0), 0x404240, 0x0) write$FUSE_NOTIFY_STORE(r7, &(0x7f0000006400)={0x30, 0x4, 0x0, {0x0, 0x6, 0x8, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, 0x30) read$FUSE(0xffffffffffffffff, &(0x7f00000042c0)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_ENTRY(r1, &(0x7f0000006300)={0x90, 0x0, r3, {0x1, 0x0, 0x0, 0xfffffffffffffffb, 0x80, 0x0, {0x2, 0x3, 0x6, 0x4, 0x2, 0x38af, 0x40, 0x200, 0x101, 0xc000, 0x7, r6, r8, 0x4306, 0x287a}}}, 0x90) 10:58:08 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) read$FUSE(0xffffffffffffffff, &(0x7f00000003c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_DIRENT(r2, &(0x7f00000000c0)=ANY=[@ANYBLOB="9000ffff00ff0000", @ANYRES64=r4, @ANYBLOB="0600000000000000010000000000000002000000020000005b3a0000000000000000000000000000ff010000000000000100000005d90000000000000000000004000000000000000002000000000000010000000700000000000000000000000500000000000000080000000000000002000000010100002327000000000000"], 0x90) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000040)={0xffffffffffffffff, 0x58, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000280), 0x100) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@updsa={0xf0, 0x1a, 0xf03, 0x0, 0x0, {{@in=@local, @in=@loopback, 0x4e23, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, r5}, {@in=@loopback}, @in=@private=0xa010100, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {}, {0x0, 0x0, 0x7}}}, 0xf0}}, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) (async) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)) (async) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async) read$FUSE(0xffffffffffffffff, &(0x7f00000003c0)={0x2020}, 0x2020) (async) write$FUSE_DIRENT(r2, &(0x7f00000000c0)=ANY=[@ANYBLOB="9000ffff00ff0000", @ANYRES64=r4, @ANYBLOB="0600000000000000010000000000000002000000020000005b3a0000000000000000000000000000ff010000000000000100000005d90000000000000000000004000000000000000002000000000000010000000700000000000000000000000500000000000000080000000000000002000000010100002327000000000000"], 0x90) (async) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000040)={0xffffffffffffffff, 0x58, &(0x7f0000000200)}, 0x10) (async) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000280), 0x100) (async) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@updsa={0xf0, 0x1a, 0xf03, 0x0, 0x0, {{@in=@local, @in=@loopback, 0x4e23, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, r5}, {@in=@loopback}, @in=@private=0xa010100, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {}, {0x0, 0x0, 0x7}}}, 0xf0}}, 0x0) (async) 10:58:08 executing program 0: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) read$snapshot(r0, &(0x7f0000000300)=""/178, 0xb2) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000010000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="2c006d112112fa869238fb1b13b9b47d402815a21fec4f8fea43ae6c5a3f05a20b32d0512a60845473d34405b5c05dac"]) (async) write$FUSE_NOTIFY_INVAL_INODE(r1, &(0x7f0000000080)={0x28, 0x2, 0x0, {0x2, 0x7, 0x9}}, 0x28) write$FUSE_NOTIFY_POLL(r1, &(0x7f0000000440)={0x18}, 0x18) (async) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000180)={&(0x7f0000000100)='./file0\x00', 0x0, 0x10}, 0x10) (async) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r2, 0x6, 0x23, 0x0, 0x0) (async) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async) read$FUSE(0xffffffffffffffff, &(0x7f0000000540)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r3, &(0x7f00000003c0)={0x50, 0xfffffffffffffff5, r4, {0x7, 0x24, 0x7, 0x1000, 0x7f, 0x8, 0x0, 0x400}}, 0x50) bpf$BPF_MAP_FREEZE(0x16, &(0x7f00000001c0)=r2, 0x4) 10:58:08 executing program 2: set_robust_list(&(0x7f0000000140)={&(0x7f0000000100), 0x546f}, 0x18) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) bpf$ITER_CREATE(0x21, &(0x7f0000000040)={r0}, 0x8) socket$inet6_udp(0xa, 0x2, 0x0) (async) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) (async, rerun: 32) ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(r0, 0x4068aea3, &(0x7f0000000480)={0xc1, 0x0, 0x2}) (async, rerun: 32) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r2, 0x6, 0x23, 0x0, 0x0) (async, rerun: 32) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r2, 0x8008ae9d, &(0x7f0000000440)=""/14) (rerun: 32) r3 = bpf$ITER_CREATE(0x21, &(0x7f0000000080)={r1}, 0x8) (async) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000180)=0x1, 0x4) ioctl$KVM_GET_PIT2(r3, 0x8070ae9f, &(0x7f0000000200)) socket$nl_rdma(0x10, 0x3, 0x14) (async, rerun: 32) syz_open_dev$MSR(&(0x7f00000002c0), 0x6, 0x0) (async, rerun: 32) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x1304082, 0x0) (async, rerun: 32) set_robust_list(&(0x7f0000000400)={&(0x7f0000000340)={&(0x7f0000000300)}, 0xfffffffffffff3f2, &(0x7f00000003c0)={&(0x7f0000000380)}}, 0x18) (async, rerun: 32) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, &(0x7f00000000c0)="6c970bca45201dc65191e26b6fb4c2e5", 0x10) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, &(0x7f0000000280)="e4b67a2387746b10b69efd0eac468853", 0x10) 10:58:08 executing program 5: mount$fuse(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x22dc886, 0x0) openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) read$FUSE(r0, &(0x7f0000000680)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f00000026c0)={0x50, 0x0, r2, {0x7, 0x24, 0x10000, 0x2040040, 0x5, 0x2, 0x81c, 0x1}}, 0x50) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r1}, 0x2c, {'group_id', 0x3d, r3}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r4}}]}}) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r5}, 0x2c, {'group_id', 0x3d, r6}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r7}}]}}) getresuid(&(0x7f00000001c0)=0x0, &(0x7f0000000200), &(0x7f0000000240)) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r10 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000002740)={{'fd', 0x3d, r10}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r11}, 0x2c, {'group_id', 0x3d, r9}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x8000000000000000}}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}]}}) mount$fuseblk(&(0x7f00000000c0), &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x800080, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000010000,user_id=', @ANYRESDEC=r1, @ANYBLOB=',group_id=', @ANYRESDEC=r6, @ANYBLOB=',max_read=0x00000000000007ff,max_read=0x0000000000000006,default_permissions,max_read=0x0000000000000008,allow_other,allow_other,blksize=0x0000000000001000,context=user_u,uid=', @ANYRESDEC=0x0, @ANYBLOB=',uid<', @ANYRESDEC=r8, @ANYBLOB=',uid=', @ANYRESDEC=r11, @ANYBLOB=',fowner=', @ANYRESDEC=0x0, @ANYBLOB=',uid>', @ANYRESDEC=0x0, @ANYBLOB=',dEfcontext=sysuem_u,\x00']) 10:58:08 executing program 3: openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x2c01000, &(0x7f0000000080)={{}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, 0xee00}, 0x2c, {'group_id', 0x3d, 0xffffffffffffffff}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x800}}], [{@appraise}, {@obj_role={'obj_role', 0x3d, '*'}}, {@dont_measure}, {@euid_gt={'euid>', 0xee01}}, {@uid_eq={'uid', 0x3d, 0xee00}}, {@func={'func', 0x3d, 'FILE_MMAP'}}]}}) read$FUSE(0xffffffffffffffff, &(0x7f0000000240)={0x2020}, 0x2020) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) read$FUSE(0xffffffffffffffff, &(0x7f0000002280)={0x2020, 0x0, 0x0}, 0x2020) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r4}, 0x2c, {'group_id', 0x3d, r5}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r6}}]}}) r7 = openat$vcs(0xffffffffffffff9c, &(0x7f00000063c0), 0x404240, 0x0) write$FUSE_NOTIFY_STORE(r7, &(0x7f0000006400)={0x30, 0x4, 0x0, {0x0, 0x6, 0x8, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, 0x30) read$FUSE(0xffffffffffffffff, &(0x7f00000042c0)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_ENTRY(r1, &(0x7f0000006300)={0x90, 0x0, r3, {0x1, 0x0, 0x0, 0xfffffffffffffffb, 0x80, 0x0, {0x2, 0x3, 0x6, 0x4, 0x2, 0x38af, 0x40, 0x200, 0x101, 0xc000, 0x7, r6, r8, 0x4306, 0x287a}}}, 0x90) openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) (async) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x2c01000, &(0x7f0000000080)={{}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, 0xee00}, 0x2c, {'group_id', 0x3d, 0xffffffffffffffff}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x800}}], [{@appraise}, {@obj_role={'obj_role', 0x3d, '*'}}, {@dont_measure}, {@euid_gt={'euid>', 0xee01}}, {@uid_eq={'uid', 0x3d, 0xee00}}, {@func={'func', 0x3d, 'FILE_MMAP'}}]}}) (async) read$FUSE(0xffffffffffffffff, &(0x7f0000000240)={0x2020}, 0x2020) (async) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)) (async) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async) read$FUSE(0xffffffffffffffff, &(0x7f0000002280)={0x2020}, 0x2020) (async) getresuid(&(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100)) (async) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)) (async) getresuid(&(0x7f0000000200), &(0x7f0000000240), &(0x7f0000000280)) (async) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r4}, 0x2c, {'group_id', 0x3d, r5}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r6}}]}}) (async) openat$vcs(0xffffffffffffff9c, &(0x7f00000063c0), 0x404240, 0x0) (async) write$FUSE_NOTIFY_STORE(r7, &(0x7f0000006400)={0x30, 0x4, 0x0, {0x0, 0x6, 0x8, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, 0x30) (async) read$FUSE(0xffffffffffffffff, &(0x7f00000042c0)={0x2020}, 0x2020) (async) write$FUSE_ENTRY(r1, &(0x7f0000006300)={0x90, 0x0, r3, {0x1, 0x0, 0x0, 0xfffffffffffffffb, 0x80, 0x0, {0x2, 0x3, 0x6, 0x4, 0x2, 0x38af, 0x40, 0x200, 0x101, 0xc000, 0x7, r6, r8, 0x4306, 0x287a}}}, 0x90) (async) 10:58:08 executing program 2: set_robust_list(&(0x7f0000000140)={&(0x7f0000000100), 0x546f}, 0x18) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) bpf$ITER_CREATE(0x21, &(0x7f0000000040)={r0}, 0x8) socket$inet6_udp(0xa, 0x2, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(r0, 0x4068aea3, &(0x7f0000000480)={0xc1, 0x0, 0x2}) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r2, 0x6, 0x23, 0x0, 0x0) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r2, 0x8008ae9d, &(0x7f0000000440)=""/14) r3 = bpf$ITER_CREATE(0x21, &(0x7f0000000080)={r1}, 0x8) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000180)=0x1, 0x4) ioctl$KVM_GET_PIT2(r3, 0x8070ae9f, &(0x7f0000000200)) socket$nl_rdma(0x10, 0x3, 0x14) syz_open_dev$MSR(&(0x7f00000002c0), 0x6, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x1304082, 0x0) set_robust_list(&(0x7f0000000400)={&(0x7f0000000340)={&(0x7f0000000300)}, 0xfffffffffffff3f2, &(0x7f00000003c0)={&(0x7f0000000380)}}, 0x18) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, &(0x7f00000000c0)="6c970bca45201dc65191e26b6fb4c2e5", 0x10) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, &(0x7f0000000280)="e4b67a2387746b10b69efd0eac468853", 0x10) set_robust_list(&(0x7f0000000140)={&(0x7f0000000100), 0x546f}, 0x18) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (async) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) (async) bpf$ITER_CREATE(0x21, &(0x7f0000000040)={r0}, 0x8) (async) socket$inet6_udp(0xa, 0x2, 0x0) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (async) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) (async) ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(r0, 0x4068aea3, &(0x7f0000000480)={0xc1, 0x0, 0x2}) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (async) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r2, 0x6, 0x23, 0x0, 0x0) (async) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r2, 0x8008ae9d, &(0x7f0000000440)=""/14) (async) bpf$ITER_CREATE(0x21, &(0x7f0000000080)={r1}, 0x8) (async) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000180)=0x1, 0x4) (async) ioctl$KVM_GET_PIT2(r3, 0x8070ae9f, &(0x7f0000000200)) (async) socket$nl_rdma(0x10, 0x3, 0x14) (async) syz_open_dev$MSR(&(0x7f00000002c0), 0x6, 0x0) (async) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x1304082, 0x0) (async) set_robust_list(&(0x7f0000000400)={&(0x7f0000000340)={&(0x7f0000000300)}, 0xfffffffffffff3f2, &(0x7f00000003c0)={&(0x7f0000000380)}}, 0x18) (async) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, &(0x7f00000000c0)="6c970bca45201dc65191e26b6fb4c2e5", 0x10) (async) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, &(0x7f0000000280)="e4b67a2387746b10b69efd0eac468853", 0x10) (async) 10:58:08 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {'user_id', 0x3d, 0xee00}}) [ 2039.208081] FAULT_INJECTION: forcing a failure. [ 2039.208081] name failslab, interval 1, probability 0, space 0, times 0 [ 2039.220800] CPU: 1 PID: 23329 Comm: syz-executor.1 Not tainted 4.14.286-syzkaller #0 [ 2039.228683] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2039.238021] Call Trace: [ 2039.240587] dump_stack+0x1b2/0x281 [ 2039.244206] should_fail.cold+0x10a/0x149 [ 2039.248383] should_failslab+0xd6/0x130 [ 2039.252334] kmem_cache_alloc_trace+0x29a/0x3d0 [ 2039.256978] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 2039.262069] device_create_groups_vargs+0x7b/0x250 [ 2039.266976] device_create_vargs+0x3a/0x50 [ 2039.271191] bdi_register_va.part.0+0x35/0x650 [ 2039.276133] bdi_register_va+0x63/0x80 [ 2039.279997] super_setup_bdi_name+0x123/0x220 [ 2039.284475] ? kill_block_super+0xe0/0xe0 [ 2039.288601] ? do_raw_spin_unlock+0x164/0x220 [ 2039.293077] fuse_fill_super+0x937/0x15c0 [ 2039.297206] ? fuse_get_root_inode+0xc0/0xc0 [ 2039.301591] ? up_write+0x17/0x60 [ 2039.305033] ? register_shrinker+0x15f/0x220 [ 2039.309416] ? sget_userns+0x768/0xc10 [ 2039.313282] ? get_anon_bdev+0x1c0/0x1c0 [ 2039.317326] ? sget+0xd9/0x110 [ 2039.320504] ? fuse_get_root_inode+0xc0/0xc0 [ 2039.324887] mount_nodev+0x4c/0xf0 [ 2039.328421] mount_fs+0x92/0x2a0 [ 2039.331765] vfs_kern_mount.part.0+0x5b/0x470 [ 2039.336235] do_mount+0xe65/0x2a30 [ 2039.339755] ? copy_mount_string+0x40/0x40 [ 2039.343980] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 2039.348977] ? copy_mnt_ns+0xa30/0xa30 [ 2039.352843] ? copy_mount_options+0x1fa/0x2f0 [ 2039.357325] ? copy_mnt_ns+0xa30/0xa30 [ 2039.361190] SyS_mount+0xa8/0x120 [ 2039.364618] ? copy_mnt_ns+0xa30/0xa30 [ 2039.368484] do_syscall_64+0x1d5/0x640 [ 2039.372353] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2039.377517] RIP: 0033:0x7fc09e230109 [ 2039.381199] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2039.388884] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 [ 2039.396128] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 10:58:08 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 20) 10:58:08 executing program 5: mount$fuse(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x22dc886, 0x0) openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) (async) read$FUSE(r0, &(0x7f0000000680)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f00000026c0)={0x50, 0x0, r2, {0x7, 0x24, 0x10000, 0x2040040, 0x5, 0x2, 0x81c, 0x1}}, 0x50) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) (async) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r1}, 0x2c, {'group_id', 0x3d, r3}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r4}}]}}) (async) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) (async) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r5}, 0x2c, {'group_id', 0x3d, r6}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r7}}]}}) (async) getresuid(&(0x7f00000001c0)=0x0, &(0x7f0000000200), &(0x7f0000000240)) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) (async) r10 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000002740)={{'fd', 0x3d, r10}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r11}, 0x2c, {'group_id', 0x3d, r9}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x8000000000000000}}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}]}}) (async) mount$fuseblk(&(0x7f00000000c0), &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x800080, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000010000,user_id=', @ANYRESDEC=r1, @ANYBLOB=',group_id=', @ANYRESDEC=r6, @ANYBLOB=',max_read=0x00000000000007ff,max_read=0x0000000000000006,default_permissions,max_read=0x0000000000000008,allow_other,allow_other,blksize=0x0000000000001000,context=user_u,uid=', @ANYRESDEC=0x0, @ANYBLOB=',uid<', @ANYRESDEC=r8, @ANYBLOB=',uid=', @ANYRESDEC=r11, @ANYBLOB=',fowner=', @ANYRESDEC=0x0, @ANYBLOB=',uid>', @ANYRESDEC=0x0, @ANYBLOB=',dEfcontext=sysuem_u,\x00']) 10:58:08 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {'user_id', 0x3d, 0xee00}}) 10:58:08 executing program 2: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) read$FUSE(r1, &(0x7f0000000680)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_STATFS(r2, &(0x7f0000000080)={0x60, 0x0, r3}, 0x60) write$FUSE_WRITE(r0, &(0x7f0000000080)={0x18, 0x0, r3, {0x3}}, 0x18) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x924888, 0x0) 10:58:08 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="f00000001a00030f0000000000000000ac1414aa007d00000000000000000000007f00000100000000000000000000000000000000000000000000000000000000f1fc086429f353573e5231e7ab36c796435f530d156e6f0770fb1f125f32a915", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000ac1414bb00"/168], 0xf0}}, 0x0) 10:58:08 executing program 3: openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) (async) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x2c01000, &(0x7f0000000080)={{}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, 0xee00}, 0x2c, {'group_id', 0x3d, 0xffffffffffffffff}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x800}}], [{@appraise}, {@obj_role={'obj_role', 0x3d, '*'}}, {@dont_measure}, {@euid_gt={'euid>', 0xee01}}, {@uid_eq={'uid', 0x3d, 0xee00}}, {@func={'func', 0x3d, 'FILE_MMAP'}}]}}) (async) read$FUSE(0xffffffffffffffff, &(0x7f0000000240)={0x2020}, 0x2020) (async) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) (async) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async) read$FUSE(0xffffffffffffffff, &(0x7f0000002280)={0x2020, 0x0, 0x0}, 0x2020) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) (async) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r4}, 0x2c, {'group_id', 0x3d, r5}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r6}}]}}) (async) r7 = openat$vcs(0xffffffffffffff9c, &(0x7f00000063c0), 0x404240, 0x0) write$FUSE_NOTIFY_STORE(r7, &(0x7f0000006400)={0x30, 0x4, 0x0, {0x0, 0x6, 0x8, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, 0x30) read$FUSE(0xffffffffffffffff, &(0x7f00000042c0)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_ENTRY(r1, &(0x7f0000006300)={0x90, 0x0, r3, {0x1, 0x0, 0x0, 0xfffffffffffffffb, 0x80, 0x0, {0x2, 0x3, 0x6, 0x4, 0x2, 0x38af, 0x40, 0x200, 0x101, 0xc000, 0x7, r6, r8, 0x4306, 0x287a}}}, 0x90) [ 2039.403370] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 [ 2039.410613] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2039.417856] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 10:58:08 executing program 2: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async, rerun: 32) read$FUSE(r1, &(0x7f0000000680)={0x2020, 0x0, 0x0}, 0x2020) (rerun: 32) write$FUSE_STATFS(r2, &(0x7f0000000080)={0x60, 0x0, r3}, 0x60) write$FUSE_WRITE(r0, &(0x7f0000000080)={0x18, 0x0, r3, {0x3}}, 0x18) (async, rerun: 64) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x924888, 0x0) (rerun: 64) 10:58:08 executing program 3: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000020000,user_id=', @ANYRESDEC=r0, @ANYBLOB=',group_id=', @ANYRESDEC=r1, @ANYBLOB=',allow_other,blksize=0x0000000000000600,smackfsroot=(,euid<', @ANYRESDEC=r2, @ANYBLOB='\v0']) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r4}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r5}}]}}) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x4, &(0x7f0000000080)={{}, 0x2c, {'rootmode', 0x3d, 0x8000}, 0x2c, {'user_id', 0x3d, r0}, 0x2c, {'group_id', 0x3d, 0xffffffffffffffff}, 0x2c, {[{@default_permissions}, {@default_permissions}], [{@obj_role={'obj_role', 0x3d, '^-})--}'}}, {@appraise_type}, {@fsuuid={'fsuuid', 0x3d, {[0x35, 0x64, 0x66, 0xf, 0x65, 0x37, 0x34, 0x38], 0x2d, [0x62, 0x63, 0x36, 0x34], 0x2d, [0x62, 0x38, 0x33, 0x33], 0x2d, [0x37, 0x62, 0x62, 0x31], 0x2d, [0x64, 0x63, 0x39, 0x0, 0x66, 0x57, 0x62, 0x54]}}}, {@fowner_eq={'fowner', 0x3d, r3}}]}}) 10:58:08 executing program 5: mount$fuse(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x22dc886, 0x0) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) (async) read$FUSE(r0, &(0x7f0000000680)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f00000026c0)={0x50, 0x0, r2, {0x7, 0x24, 0x10000, 0x2040040, 0x5, 0x2, 0x81c, 0x1}}, 0x50) (async) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) (async) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r1}, 0x2c, {'group_id', 0x3d, r3}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r4}}]}}) (async) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r5}, 0x2c, {'group_id', 0x3d, r6}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r7}}]}}) getresuid(&(0x7f00000001c0)=0x0, &(0x7f0000000200), &(0x7f0000000240)) (async) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) (async) r10 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000002740)={{'fd', 0x3d, r10}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r11}, 0x2c, {'group_id', 0x3d, r9}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x8000000000000000}}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}]}}) mount$fuseblk(&(0x7f00000000c0), &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x800080, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000010000,user_id=', @ANYRESDEC=r1, @ANYBLOB=',group_id=', @ANYRESDEC=r6, @ANYBLOB=',max_read=0x00000000000007ff,max_read=0x0000000000000006,default_permissions,max_read=0x0000000000000008,allow_other,allow_other,blksize=0x0000000000001000,context=user_u,uid=', @ANYRESDEC=0x0, @ANYBLOB=',uid<', @ANYRESDEC=r8, @ANYBLOB=',uid=', @ANYRESDEC=r11, @ANYBLOB=',fowner=', @ANYRESDEC=0x0, @ANYBLOB=',uid>', @ANYRESDEC=0x0, @ANYBLOB=',dEfcontext=sysuem_u,\x00']) 10:58:08 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {'user_id', 0x3d, 0xee00}}) 10:58:08 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="f00000001a00030f0000000000000000ac1414aa007d00000000000000000000007f00000100000000000000000000000000000000000000000000000000000000f1fc086429f353573e5231e7ab36c796435f530d156e6f0770fb1f125f32a915", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000ac1414bb00"/168], 0xf0}}, 0x0) 10:58:08 executing program 3: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) (async) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) (async) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000020000,user_id=', @ANYRESDEC=r0, @ANYBLOB=',group_id=', @ANYRESDEC=r1, @ANYBLOB=',allow_other,blksize=0x0000000000000600,smackfsroot=(,euid<', @ANYRESDEC=r2, @ANYBLOB='\v0']) (async) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r4}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r5}}]}}) (async) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x4, &(0x7f0000000080)={{}, 0x2c, {'rootmode', 0x3d, 0x8000}, 0x2c, {'user_id', 0x3d, r0}, 0x2c, {'group_id', 0x3d, 0xffffffffffffffff}, 0x2c, {[{@default_permissions}, {@default_permissions}], [{@obj_role={'obj_role', 0x3d, '^-})--}'}}, {@appraise_type}, {@fsuuid={'fsuuid', 0x3d, {[0x35, 0x64, 0x66, 0xf, 0x65, 0x37, 0x34, 0x38], 0x2d, [0x62, 0x63, 0x36, 0x34], 0x2d, [0x62, 0x38, 0x33, 0x33], 0x2d, [0x37, 0x62, 0x62, 0x31], 0x2d, [0x64, 0x63, 0x39, 0x0, 0x66, 0x57, 0x62, 0x54]}}}, {@fowner_eq={'fowner', 0x3d, r3}}]}}) [ 2039.577570] FAULT_INJECTION: forcing a failure. [ 2039.577570] name failslab, interval 1, probability 0, space 0, times 0 [ 2039.589092] CPU: 0 PID: 23392 Comm: syz-executor.1 Not tainted 4.14.286-syzkaller #0 [ 2039.596974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2039.606315] Call Trace: [ 2039.608879] dump_stack+0x1b2/0x281 [ 2039.612490] should_fail.cold+0x10a/0x149 [ 2039.616618] should_failslab+0xd6/0x130 [ 2039.620571] __kmalloc_track_caller+0x2bc/0x400 [ 2039.625212] ? kvasprintf_const+0x55/0x180 [ 2039.629423] kvasprintf+0xa8/0x100 [ 2039.632942] ? bust_spinlocks+0xc0/0xc0 [ 2039.636904] kvasprintf_const+0x55/0x180 [ 2039.640951] kobject_set_name_vargs+0x56/0x150 [ 2039.645512] device_create_groups_vargs+0x1a2/0x250 [ 2039.650505] device_create_vargs+0x3a/0x50 [ 2039.654718] bdi_register_va.part.0+0x35/0x650 [ 2039.659275] bdi_register_va+0x63/0x80 [ 2039.663144] super_setup_bdi_name+0x123/0x220 [ 2039.667616] ? kill_block_super+0xe0/0xe0 [ 2039.671740] ? do_raw_spin_unlock+0x164/0x220 [ 2039.676232] fuse_fill_super+0x937/0x15c0 [ 2039.680365] ? fuse_get_root_inode+0xc0/0xc0 [ 2039.684748] ? up_write+0x17/0x60 [ 2039.688178] ? register_shrinker+0x15f/0x220 [ 2039.692559] ? sget_userns+0x768/0xc10 [ 2039.696425] ? get_anon_bdev+0x1c0/0x1c0 [ 2039.700476] ? sget+0xd9/0x110 [ 2039.703648] ? fuse_get_root_inode+0xc0/0xc0 [ 2039.708033] mount_nodev+0x4c/0xf0 [ 2039.711549] mount_fs+0x92/0x2a0 [ 2039.714908] vfs_kern_mount.part.0+0x5b/0x470 [ 2039.719382] do_mount+0xe65/0x2a30 [ 2039.722903] ? copy_mount_string+0x40/0x40 [ 2039.727118] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 2039.732294] ? copy_mnt_ns+0xa30/0xa30 [ 2039.736184] ? copy_mount_options+0x1fa/0x2f0 [ 2039.740674] ? copy_mnt_ns+0xa30/0xa30 [ 2039.744549] SyS_mount+0xa8/0x120 [ 2039.747982] ? copy_mnt_ns+0xa30/0xa30 [ 2039.751869] do_syscall_64+0x1d5/0x640 [ 2039.755760] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2039.760940] RIP: 0033:0x7fc09e230109 [ 2039.764629] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 10:58:08 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 21) 10:58:08 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000180)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x8000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@default_permissions}]}}) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) read$FUSE(r1, &(0x7f0000000680)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_STATFS(r2, &(0x7f0000000080)={0x60, 0x0, r3, {{0x80000}}}, 0x60) write$FUSE_INIT(r0, &(0x7f0000000380)={0x50, 0xfffffffffffffffe, r3, {0x7, 0x24, 0x4, 0x200000, 0x3ff, 0x2, 0x4, 0x1}}, 0x50) r4 = bpf$ITER_CREATE(0x21, &(0x7f0000000080), 0x8) write$FUSE_NOTIFY_STORE(r4, &(0x7f0000000240)=ANY=[@ANYBLOB="2e000000040000000000000000000000010000000000000097f2ffffffffffff06000000000000000000000000003ed9020e08a926dcca135e93825856fd828144269f61015c844364f904d72463a209e8cfd3e76661316bea91475120f8bc3c8ae3400dc357bac2b0f1788ac1bd669bb0e5cc139e3b974dd2092b0004bde908674e69969fd783753d02dba587e0e7d33e04aa392212c599364168f737b12598452d92bc7c1369d4c0b13115d42b4f1d9538ccd5edfbffaec5c728b4686e6b206acfa1673495453309e83c29cb7a2e99911ba3f2b84353bd38a3c82184a514500016540f3268a4378525f6c88b18da60f4a0c6fc78e78a6948175893d84f6d4dde23acb2df4d155b3a825ab5498d73145017ad974e4e45fad5ce5c216e34cd34a3c8e55dc9f5a7dc223800"/309], 0x2e) sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(r4, &(0x7f00000004c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x40, 0x140c, 0x300, 0x70bd2b, 0x25dfdbff, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_RES_CQN={0x8, 0x3d, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_RES_CQN={0x8}]}, 0x40}, 0x1, 0x0, 0x0, 0x40}, 0x0) 10:58:08 executing program 5: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000300), 0x8) getresgid(&(0x7f0000000340)=0x0, &(0x7f0000000380)=0x0, &(0x7f00000003c0)) mount$fuseblk(&(0x7f0000000240), &(0x7f0000000280)='./file0\x00', &(0x7f00000002c0), 0x2880002, &(0x7f0000000540)=ANY=[@ANYBLOB="6664bd", @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=r2, @ANYBLOB=',max_read=0x7fffffffffffffff,blksize=0x0000000000000400,max_read=0x0000000000000009,allow_other,default_permissions,allow_other,blksize=0x0000000000001000,max_read=0x8000000000000001,audit,pcr=00000000000000000043,smackfsroot=./cgroup.net/syz0\x00,\x00']) r3 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r4, 0x6, 0x23, 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.net/syz0\x00', 0x200002, 0x0) r6 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000001c0)={r3, r5, 0xc}, 0x10) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000140)={r4, &(0x7f0000000080)="ab855aef33c616280ca2d5f46b83fd0592ca05efd801e5151867651a901273d5deb6549aefa2ef712e97982bdda6821af1415048d935e3130269d9d2f6a8174612a96a1ad478d60178e27d27b1b153beb76a6266e4a2f9b777927942e72fe1edfee95c07f85b0e14d1a6", &(0x7f0000000100)=""/52}, 0x20) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r8 = openat$cuse(0xffffffffffffff9c, &(0x7f0000001c00), 0x2, 0x0) getresuid(&(0x7f0000001c40)=0x0, &(0x7f0000001ac0), &(0x7f0000000540)) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f00000019c0)={&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, &(0x7f0000001880)=""/138, 0x8a, 0x1, &(0x7f0000001940)=""/66, 0x42}, &(0x7f0000001a00)=0x40) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f00000017c0)=ANY=[@ANYRESOCT=r8, @ANYRESHEX=r8, @ANYRES16=r5, @ANYRESDEC, @ANYBLOB=',group_id=', @ANYRESDEC=r7, @ANYRES8=r6]) write$FUSE_ATTR(r8, &(0x7f00000016c0)={0x78, 0x0, 0x0, {0x8, 0x2dc000, 0x0, {0x6, 0x0, 0xe05, 0x7, 0x9, 0xc2c, 0xffff, 0x8, 0xfffffffa, 0xc000, 0x7, 0xffffffffffffffff, r1, 0x2, 0x6}}}, 0x78) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt}]}}) mount$fuse(0x0, &(0x7f0000001a40)='./file0\x00', &(0x7f0000001a80), 0x10008, &(0x7f0000001c80)={{}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id', 0x3d, r9}, 0x2c, {}, 0x2c, {[{@allow_other}], [{@mask={'mask', 0x3d, '^MAY_WRITE'}}, {@seclabel}, {@context={'context', 0x3d, 'staff_u'}}, {@subj_user={'subj_user', 0x3d, '\x8aWc\xe3b9\xd7t'}}, {@subj_user={'subj_user', 0x3d, '\xb5!:(@-#'}}, {@seclabel}, {@func={'func', 0x3d, 'KEXEC_KERNEL_CHECK'}}, {@uid_gt}]}}) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000480)={r4, &(0x7f0000000400)="277335024e0c8c652a42844527cfa1f45483219e988dac884bb933831e2a49880c1c6023e68b64e3ebf97d02c92550a2735c2eca35b20e7dc546a2be3785f744a7628529825ee4303a65e0a6", &(0x7f00000006c0)=""/4096}, 0x20) write$FUSE_NOTIFY_POLL(r3, &(0x7f0000000040)={0x18, 0x1, 0x0, {0x8}}, 0x18) 10:58:08 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="f00000001a00030f0000000000000000ac1414aa007d00000000000000000000007f00000100000000000000000000000000000000000000000000000000000000f1fc086429f353573e5231e7ab36c796435f530d156e6f0770fb1f125f32a915", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000ac1414bb00"/168], 0xf0}}, 0x0) 10:58:08 executing program 3: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000020000,user_id=', @ANYRESDEC=r0, @ANYBLOB=',group_id=', @ANYRESDEC=r1, @ANYBLOB=',allow_other,blksize=0x0000000000000600,smackfsroot=(,euid<', @ANYRESDEC=r2, @ANYBLOB='\v0']) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r4}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r5}}]}}) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x4, &(0x7f0000000080)={{}, 0x2c, {'rootmode', 0x3d, 0x8000}, 0x2c, {'user_id', 0x3d, r0}, 0x2c, {'group_id', 0x3d, 0xffffffffffffffff}, 0x2c, {[{@default_permissions}, {@default_permissions}], [{@obj_role={'obj_role', 0x3d, '^-})--}'}}, {@appraise_type}, {@fsuuid={'fsuuid', 0x3d, {[0x35, 0x64, 0x66, 0xf, 0x65, 0x37, 0x34, 0x38], 0x2d, [0x62, 0x63, 0x36, 0x34], 0x2d, [0x62, 0x38, 0x33, 0x33], 0x2d, [0x37, 0x62, 0x62, 0x31], 0x2d, [0x64, 0x63, 0x39, 0x0, 0x66, 0x57, 0x62, 0x54]}}}, {@fowner_eq={'fowner', 0x3d, r3}}]}}) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) (async) getresuid(&(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100)) (async) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)) (async) getresuid(&(0x7f0000000200), &(0x7f0000000240), &(0x7f0000000280)) (async) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000020000,user_id=', @ANYRESDEC=r0, @ANYBLOB=',group_id=', @ANYRESDEC=r1, @ANYBLOB=',allow_other,blksize=0x0000000000000600,smackfsroot=(,euid<', @ANYRESDEC=r2, @ANYBLOB='\v0']) (async) getresuid(&(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100)) (async) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)) (async) getresuid(&(0x7f0000000200), &(0x7f0000000240), &(0x7f0000000280)) (async) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r4}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r5}}]}}) (async) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x4, &(0x7f0000000080)={{}, 0x2c, {'rootmode', 0x3d, 0x8000}, 0x2c, {'user_id', 0x3d, r0}, 0x2c, {'group_id', 0x3d, 0xffffffffffffffff}, 0x2c, {[{@default_permissions}, {@default_permissions}], [{@obj_role={'obj_role', 0x3d, '^-})--}'}}, {@appraise_type}, {@fsuuid={'fsuuid', 0x3d, {[0x35, 0x64, 0x66, 0xf, 0x65, 0x37, 0x34, 0x38], 0x2d, [0x62, 0x63, 0x36, 0x34], 0x2d, [0x62, 0x38, 0x33, 0x33], 0x2d, [0x37, 0x62, 0x62, 0x31], 0x2d, [0x64, 0x63, 0x39, 0x0, 0x66, 0x57, 0x62, 0x54]}}}, {@fowner_eq={'fowner', 0x3d, r3}}]}}) (async) [ 2039.772329] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 [ 2039.779599] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 [ 2039.786999] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 [ 2039.794258] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2039.801512] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 10:58:08 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000180)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x8000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@default_permissions}]}}) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) read$FUSE(r1, &(0x7f0000000680)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_STATFS(r2, &(0x7f0000000080)={0x60, 0x0, r3, {{0x80000}}}, 0x60) (async, rerun: 32) write$FUSE_INIT(r0, &(0x7f0000000380)={0x50, 0xfffffffffffffffe, r3, {0x7, 0x24, 0x4, 0x200000, 0x3ff, 0x2, 0x4, 0x1}}, 0x50) (async, rerun: 32) r4 = bpf$ITER_CREATE(0x21, &(0x7f0000000080), 0x8) write$FUSE_NOTIFY_STORE(r4, &(0x7f0000000240)=ANY=[@ANYBLOB="2e000000040000000000000000000000010000000000000097f2ffffffffffff06000000000000000000000000003ed9020e08a926dcca135e93825856fd828144269f61015c844364f904d72463a209e8cfd3e76661316bea91475120f8bc3c8ae3400dc357bac2b0f1788ac1bd669bb0e5cc139e3b974dd2092b0004bde908674e69969fd783753d02dba587e0e7d33e04aa392212c599364168f737b12598452d92bc7c1369d4c0b13115d42b4f1d9538ccd5edfbffaec5c728b4686e6b206acfa1673495453309e83c29cb7a2e99911ba3f2b84353bd38a3c82184a514500016540f3268a4378525f6c88b18da60f4a0c6fc78e78a6948175893d84f6d4dde23acb2df4d155b3a825ab5498d73145017ad974e4e45fad5ce5c216e34cd34a3c8e55dc9f5a7dc223800"/309], 0x2e) (async) sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(r4, &(0x7f00000004c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x40, 0x140c, 0x300, 0x70bd2b, 0x25dfdbff, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_RES_CQN={0x8, 0x3d, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_RES_CQN={0x8}]}, 0x40}, 0x1, 0x0, 0x0, 0x40}, 0x0) [ 2039.868066] FAULT_INJECTION: forcing a failure. [ 2039.868066] name failslab, interval 1, probability 0, space 0, times 0 [ 2039.900117] CPU: 1 PID: 23408 Comm: syz-executor.1 Not tainted 4.14.286-syzkaller #0 [ 2039.908023] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2039.917478] Call Trace: [ 2039.920071] dump_stack+0x1b2/0x281 [ 2039.923692] should_fail.cold+0x10a/0x149 [ 2039.927823] should_failslab+0xd6/0x130 [ 2039.931877] kmem_cache_alloc_trace+0x29a/0x3d0 [ 2039.936535] device_add+0xd72/0x15c0 [ 2039.940233] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 2039.945664] ? kfree_const+0x33/0x40 [ 2039.949445] ? device_is_dependent+0x2a0/0x2a0 [ 2039.954016] ? kfree+0x1f0/0x250 [ 2039.957377] device_create_groups_vargs+0x1dc/0x250 [ 2039.962374] device_create_vargs+0x3a/0x50 [ 2039.966591] bdi_register_va.part.0+0x35/0x650 [ 2039.971153] bdi_register_va+0x63/0x80 [ 2039.975026] super_setup_bdi_name+0x123/0x220 [ 2039.979499] ? kill_block_super+0xe0/0xe0 [ 2039.983629] ? do_raw_spin_unlock+0x164/0x220 [ 2039.988119] fuse_fill_super+0x937/0x15c0 [ 2039.992264] ? fuse_get_root_inode+0xc0/0xc0 [ 2039.996653] ? up_write+0x17/0x60 [ 2040.000093] ? register_shrinker+0x15f/0x220 [ 2040.004502] ? sget_userns+0x768/0xc10 [ 2040.008371] ? get_anon_bdev+0x1c0/0x1c0 [ 2040.012411] ? sget+0xd9/0x110 [ 2040.015591] ? fuse_get_root_inode+0xc0/0xc0 [ 2040.019976] mount_nodev+0x4c/0xf0 [ 2040.023499] mount_fs+0x92/0x2a0 [ 2040.026863] vfs_kern_mount.part.0+0x5b/0x470 [ 2040.031351] do_mount+0xe65/0x2a30 [ 2040.034874] ? copy_mount_string+0x40/0x40 [ 2040.039094] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 2040.044125] ? copy_mnt_ns+0xa30/0xa30 [ 2040.047993] ? copy_mount_options+0x1fa/0x2f0 [ 2040.052485] ? copy_mnt_ns+0xa30/0xa30 [ 2040.056354] SyS_mount+0xa8/0x120 [ 2040.059791] ? copy_mnt_ns+0xa30/0xa30 [ 2040.063765] do_syscall_64+0x1d5/0x640 [ 2040.067648] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2040.072822] RIP: 0033:0x7fc09e230109 [ 2040.076519] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2040.084222] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 [ 2040.091479] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 [ 2040.098726] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 [ 2040.105977] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2040.113231] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 10:58:09 executing program 2: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) read$FUSE(r1, &(0x7f0000000680)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_STATFS(r2, &(0x7f0000000080)={0x60, 0x0, r3}, 0x60) write$FUSE_WRITE(r0, &(0x7f0000000080)={0x18, 0x0, r3, {0x3}}, 0x18) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x924888, 0x0) openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) read$FUSE(r1, &(0x7f0000000680)={0x2020}, 0x2020) (async) write$FUSE_STATFS(r2, &(0x7f0000000080)={0x60, 0x0, r3}, 0x60) (async) write$FUSE_WRITE(r0, &(0x7f0000000080)={0x18, 0x0, r3, {0x3}}, 0x18) (async) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x924888, 0x0) (async) 10:58:09 executing program 3: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) getresgid(&(0x7f0000000140), &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r4}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r5}}]}}) setresgid(0xffffffffffffffff, r4, r1) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r0}, 0x2c, {'group_id', 0x3d, r2}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r6}}]}}) mount$fuseblk(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x2000010, &(0x7f0000000240)={{}, 0x2c, {'rootmode', 0x3d, 0xa000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x200}}, {@blksize}, {}, {@default_permissions}, {@blksize={'blksize', 0x3d, 0x1000}}, {@max_read={'max_read', 0x3d, 0x1f}}, {@allow_other}], [{@uid_gt={'uid>', r0}}]}}) 10:58:09 executing program 5: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000300), 0x8) getresgid(&(0x7f0000000340)=0x0, &(0x7f0000000380)=0x0, &(0x7f00000003c0)) mount$fuseblk(&(0x7f0000000240), &(0x7f0000000280)='./file0\x00', &(0x7f00000002c0), 0x2880002, &(0x7f0000000540)=ANY=[@ANYBLOB="6664bd", @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=r2, @ANYBLOB=',max_read=0x7fffffffffffffff,blksize=0x0000000000000400,max_read=0x0000000000000009,allow_other,default_permissions,allow_other,blksize=0x0000000000001000,max_read=0x8000000000000001,audit,pcr=00000000000000000043,smackfsroot=./cgroup.net/syz0\x00,\x00']) r3 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r4, 0x6, 0x23, 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.net/syz0\x00', 0x200002, 0x0) r6 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000001c0)={r3, r5, 0xc}, 0x10) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000140)={r4, &(0x7f0000000080)="ab855aef33c616280ca2d5f46b83fd0592ca05efd801e5151867651a901273d5deb6549aefa2ef712e97982bdda6821af1415048d935e3130269d9d2f6a8174612a96a1ad478d60178e27d27b1b153beb76a6266e4a2f9b777927942e72fe1edfee95c07f85b0e14d1a6", &(0x7f0000000100)=""/52}, 0x20) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r8 = openat$cuse(0xffffffffffffff9c, &(0x7f0000001c00), 0x2, 0x0) getresuid(&(0x7f0000001c40)=0x0, &(0x7f0000001ac0), &(0x7f0000000540)) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f00000019c0)={&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, &(0x7f0000001880)=""/138, 0x8a, 0x1, &(0x7f0000001940)=""/66, 0x42}, &(0x7f0000001a00)=0x40) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f00000017c0)=ANY=[@ANYRESOCT=r8, @ANYRESHEX=r8, @ANYRES16=r5, @ANYRESDEC, @ANYBLOB=',group_id=', @ANYRESDEC=r7, @ANYRES8=r6]) write$FUSE_ATTR(r8, &(0x7f00000016c0)={0x78, 0x0, 0x0, {0x8, 0x2dc000, 0x0, {0x6, 0x0, 0xe05, 0x7, 0x9, 0xc2c, 0xffff, 0x8, 0xfffffffa, 0xc000, 0x7, 0xffffffffffffffff, r1, 0x2, 0x6}}}, 0x78) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt}]}}) mount$fuse(0x0, &(0x7f0000001a40)='./file0\x00', &(0x7f0000001a80), 0x10008, &(0x7f0000001c80)={{}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id', 0x3d, r9}, 0x2c, {}, 0x2c, {[{@allow_other}], [{@mask={'mask', 0x3d, '^MAY_WRITE'}}, {@seclabel}, {@context={'context', 0x3d, 'staff_u'}}, {@subj_user={'subj_user', 0x3d, '\x8aWc\xe3b9\xd7t'}}, {@subj_user={'subj_user', 0x3d, '\xb5!:(@-#'}}, {@seclabel}, {@func={'func', 0x3d, 'KEXEC_KERNEL_CHECK'}}, {@uid_gt}]}}) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000480)={r4, &(0x7f0000000400)="277335024e0c8c652a42844527cfa1f45483219e988dac884bb933831e2a49880c1c6023e68b64e3ebf97d02c92550a2735c2eca35b20e7dc546a2be3785f744a7628529825ee4303a65e0a6", &(0x7f00000006c0)=""/4096}, 0x20) write$FUSE_NOTIFY_POLL(r3, &(0x7f0000000040)={0x18, 0x1, 0x0, {0x8}}, 0x18) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) (async) bpf$ITER_CREATE(0x21, &(0x7f0000000300), 0x8) (async) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) (async) mount$fuseblk(&(0x7f0000000240), &(0x7f0000000280)='./file0\x00', &(0x7f00000002c0), 0x2880002, &(0x7f0000000540)=ANY=[@ANYBLOB="6664bd", @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=r2, @ANYBLOB=',max_read=0x7fffffffffffffff,blksize=0x0000000000000400,max_read=0x0000000000000009,allow_other,default_permissions,allow_other,blksize=0x0000000000001000,max_read=0x8000000000000001,audit,pcr=00000000000000000043,smackfsroot=./cgroup.net/syz0\x00,\x00']) (async) bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (async) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r4, 0x6, 0x23, 0x0, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.net/syz0\x00', 0x200002, 0x0) (async) bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000001c0)={r3, r5, 0xc}, 0x10) (async) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000140)={r4, &(0x7f0000000080)="ab855aef33c616280ca2d5f46b83fd0592ca05efd801e5151867651a901273d5deb6549aefa2ef712e97982bdda6821af1415048d935e3130269d9d2f6a8174612a96a1ad478d60178e27d27b1b153beb76a6266e4a2f9b777927942e72fe1edfee95c07f85b0e14d1a6", &(0x7f0000000100)=""/52}, 0x20) (async) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000001c00), 0x2, 0x0) (async) getresuid(&(0x7f0000001c40), &(0x7f0000001ac0), &(0x7f0000000540)) (async) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f00000019c0)={&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, &(0x7f0000001880)=""/138, 0x8a, 0x1, &(0x7f0000001940)=""/66, 0x42}, &(0x7f0000001a00)=0x40) (async) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f00000017c0)=ANY=[@ANYRESOCT=r8, @ANYRESHEX=r8, @ANYRES16=r5, @ANYRESDEC, @ANYBLOB=',group_id=', @ANYRESDEC=r7, @ANYRES8=r6]) (async) write$FUSE_ATTR(r8, &(0x7f00000016c0)={0x78, 0x0, 0x0, {0x8, 0x2dc000, 0x0, {0x6, 0x0, 0xe05, 0x7, 0x9, 0xc2c, 0xffff, 0x8, 0xfffffffa, 0xc000, 0x7, 0xffffffffffffffff, r1, 0x2, 0x6}}}, 0x78) (async) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt}]}}) (async) mount$fuse(0x0, &(0x7f0000001a40)='./file0\x00', &(0x7f0000001a80), 0x10008, &(0x7f0000001c80)={{}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id', 0x3d, r9}, 0x2c, {}, 0x2c, {[{@allow_other}], [{@mask={'mask', 0x3d, '^MAY_WRITE'}}, {@seclabel}, {@context={'context', 0x3d, 'staff_u'}}, {@subj_user={'subj_user', 0x3d, '\x8aWc\xe3b9\xd7t'}}, {@subj_user={'subj_user', 0x3d, '\xb5!:(@-#'}}, {@seclabel}, {@func={'func', 0x3d, 'KEXEC_KERNEL_CHECK'}}, {@uid_gt}]}}) (async) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000480)={r4, &(0x7f0000000400)="277335024e0c8c652a42844527cfa1f45483219e988dac884bb933831e2a49880c1c6023e68b64e3ebf97d02c92550a2735c2eca35b20e7dc546a2be3785f744a7628529825ee4303a65e0a6", &(0x7f00000006c0)=""/4096}, 0x20) (async) write$FUSE_NOTIFY_POLL(r3, &(0x7f0000000040)={0x18, 0x1, 0x0, {0x8}}, 0x18) (async) 10:58:09 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@updsa={0xf0, 0x1a, 0xf03, 0x0, 0x0, {{@in=@local, @in=@loopback}, {@in6=@empty}, @in=@dev={0xac, 0x14, 0x14, 0x16}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}}, 0xf0}}, 0x0) 10:58:09 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000180)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x8000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@default_permissions}]}}) (async, rerun: 32) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (rerun: 32) setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000040)=0xffffffffffffffff, 0x4) (async) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async, rerun: 64) read$FUSE(r1, &(0x7f0000000680)={0x2020, 0x0, 0x0}, 0x2020) (rerun: 64) write$FUSE_STATFS(r2, &(0x7f0000000080)={0x60, 0x0, r3, {{0x80000}}}, 0x60) write$FUSE_INIT(r0, &(0x7f0000000380)={0x50, 0xfffffffffffffffe, r3, {0x7, 0x24, 0x4, 0x200000, 0x3ff, 0x2, 0x4, 0x1}}, 0x50) (async, rerun: 32) r4 = bpf$ITER_CREATE(0x21, &(0x7f0000000080), 0x8) (rerun: 32) write$FUSE_NOTIFY_STORE(r4, &(0x7f0000000240)=ANY=[@ANYBLOB="2e000000040000000000000000000000010000000000000097f2ffffffffffff06000000000000000000000000003ed9020e08a926dcca135e93825856fd828144269f61015c844364f904d72463a209e8cfd3e76661316bea91475120f8bc3c8ae3400dc357bac2b0f1788ac1bd669bb0e5cc139e3b974dd2092b0004bde908674e69969fd783753d02dba587e0e7d33e04aa392212c599364168f737b12598452d92bc7c1369d4c0b13115d42b4f1d9538ccd5edfbffaec5c728b4686e6b206acfa1673495453309e83c29cb7a2e99911ba3f2b84353bd38a3c82184a514500016540f3268a4378525f6c88b18da60f4a0c6fc78e78a6948175893d84f6d4dde23acb2df4d155b3a825ab5498d73145017ad974e4e45fad5ce5c216e34cd34a3c8e55dc9f5a7dc223800"/309], 0x2e) (async, rerun: 32) sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(r4, &(0x7f00000004c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x40, 0x140c, 0x300, 0x70bd2b, 0x25dfdbff, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_RES_CQN={0x8, 0x3d, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_RES_CQN={0x8}]}, 0x40}, 0x1, 0x0, 0x0, 0x40}, 0x0) (rerun: 32) 10:58:09 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 22) 10:58:09 executing program 3: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) getresgid(&(0x7f0000000140), &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r4}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r5}}]}}) setresgid(0xffffffffffffffff, r4, r1) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r0}, 0x2c, {'group_id', 0x3d, r2}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r6}}]}}) mount$fuseblk(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x2000010, &(0x7f0000000240)={{}, 0x2c, {'rootmode', 0x3d, 0xa000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x200}}, {@blksize}, {}, {@default_permissions}, {@blksize={'blksize', 0x3d, 0x1000}}, {@max_read={'max_read', 0x3d, 0x1f}}, {@allow_other}], [{@uid_gt={'uid>', r0}}]}}) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) (async) getresuid(&(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100)) (async) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)) (async) getresuid(&(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100)) (async) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)) (async) getresuid(&(0x7f0000000200), &(0x7f0000000240), &(0x7f0000000280)) (async) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r4}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r5}}]}}) (async) setresgid(0xffffffffffffffff, r4, r1) (async) getresuid(&(0x7f0000000200), &(0x7f0000000240), &(0x7f0000000280)) (async) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r0}, 0x2c, {'group_id', 0x3d, r2}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r6}}]}}) (async) mount$fuseblk(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x2000010, &(0x7f0000000240)={{}, 0x2c, {'rootmode', 0x3d, 0xa000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x200}}, {@blksize}, {}, {@default_permissions}, {@blksize={'blksize', 0x3d, 0x1000}}, {@max_read={'max_read', 0x3d, 0x1f}}, {@allow_other}], [{@uid_gt={'uid>', r0}}]}}) (async) 10:58:09 executing program 5: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) (async) r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000300), 0x8) (async) getresgid(&(0x7f0000000340)=0x0, &(0x7f0000000380)=0x0, &(0x7f00000003c0)) mount$fuseblk(&(0x7f0000000240), &(0x7f0000000280)='./file0\x00', &(0x7f00000002c0), 0x2880002, &(0x7f0000000540)=ANY=[@ANYBLOB="6664bd", @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=r2, @ANYBLOB=',max_read=0x7fffffffffffffff,blksize=0x0000000000000400,max_read=0x0000000000000009,allow_other,default_permissions,allow_other,blksize=0x0000000000001000,max_read=0x8000000000000001,audit,pcr=00000000000000000043,smackfsroot=./cgroup.net/syz0\x00,\x00']) (async) r3 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r4, 0x6, 0x23, 0x0, 0x0) (async) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.net/syz0\x00', 0x200002, 0x0) r6 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000001c0)={r3, r5, 0xc}, 0x10) (async) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000140)={r4, &(0x7f0000000080)="ab855aef33c616280ca2d5f46b83fd0592ca05efd801e5151867651a901273d5deb6549aefa2ef712e97982bdda6821af1415048d935e3130269d9d2f6a8174612a96a1ad478d60178e27d27b1b153beb76a6266e4a2f9b777927942e72fe1edfee95c07f85b0e14d1a6", &(0x7f0000000100)=""/52}, 0x20) (async) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) (async) r8 = openat$cuse(0xffffffffffffff9c, &(0x7f0000001c00), 0x2, 0x0) getresuid(&(0x7f0000001c40)=0x0, &(0x7f0000001ac0), &(0x7f0000000540)) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f00000019c0)={&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, &(0x7f0000001880)=""/138, 0x8a, 0x1, &(0x7f0000001940)=""/66, 0x42}, &(0x7f0000001a00)=0x40) (async) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f00000017c0)=ANY=[@ANYRESOCT=r8, @ANYRESHEX=r8, @ANYRES16=r5, @ANYRESDEC, @ANYBLOB=',group_id=', @ANYRESDEC=r7, @ANYRES8=r6]) (async) write$FUSE_ATTR(r8, &(0x7f00000016c0)={0x78, 0x0, 0x0, {0x8, 0x2dc000, 0x0, {0x6, 0x0, 0xe05, 0x7, 0x9, 0xc2c, 0xffff, 0x8, 0xfffffffa, 0xc000, 0x7, 0xffffffffffffffff, r1, 0x2, 0x6}}}, 0x78) (async) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt}]}}) (async) mount$fuse(0x0, &(0x7f0000001a40)='./file0\x00', &(0x7f0000001a80), 0x10008, &(0x7f0000001c80)={{}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id', 0x3d, r9}, 0x2c, {}, 0x2c, {[{@allow_other}], [{@mask={'mask', 0x3d, '^MAY_WRITE'}}, {@seclabel}, {@context={'context', 0x3d, 'staff_u'}}, {@subj_user={'subj_user', 0x3d, '\x8aWc\xe3b9\xd7t'}}, {@subj_user={'subj_user', 0x3d, '\xb5!:(@-#'}}, {@seclabel}, {@func={'func', 0x3d, 'KEXEC_KERNEL_CHECK'}}, {@uid_gt}]}}) (async, rerun: 32) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000480)={r4, &(0x7f0000000400)="277335024e0c8c652a42844527cfa1f45483219e988dac884bb933831e2a49880c1c6023e68b64e3ebf97d02c92550a2735c2eca35b20e7dc546a2be3785f744a7628529825ee4303a65e0a6", &(0x7f00000006c0)=""/4096}, 0x20) (async, rerun: 32) write$FUSE_NOTIFY_POLL(r3, &(0x7f0000000040)={0x18, 0x1, 0x0, {0x8}}, 0x18) 10:58:09 executing program 3: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) (async) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) getresgid(&(0x7f0000000140), &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) (async) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) (async) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) (async) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r4}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r5}}]}}) (async) setresgid(0xffffffffffffffff, r4, r1) (async) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r0}, 0x2c, {'group_id', 0x3d, r2}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r6}}]}}) (async) mount$fuseblk(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x2000010, &(0x7f0000000240)={{}, 0x2c, {'rootmode', 0x3d, 0xa000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x200}}, {@blksize}, {}, {@default_permissions}, {@blksize={'blksize', 0x3d, 0x1000}}, {@max_read={'max_read', 0x3d, 0x1f}}, {@allow_other}], [{@uid_gt={'uid>', r0}}]}}) 10:58:09 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@updsa={0xf0, 0x1a, 0xf03, 0x0, 0x0, {{@in=@local, @in=@loopback}, {@in6=@empty}, @in=@dev={0xac, 0x14, 0x14, 0x16}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}}, 0xf0}}, 0x0) 10:58:09 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0xe900, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x116508e, 0x0) 10:58:09 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@updsa={0xf0, 0x1a, 0xf03, 0x0, 0x0, {{@in=@local, @in=@loopback}, {@in6=@empty}, @in=@dev={0xac, 0x14, 0x14, 0x16}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}}, 0xf0}}, 0x0) [ 2040.469015] FAULT_INJECTION: forcing a failure. [ 2040.469015] name failslab, interval 1, probability 0, space 0, times 0 [ 2040.485318] CPU: 0 PID: 23471 Comm: syz-executor.1 Not tainted 4.14.286-syzkaller #0 [ 2040.493223] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2040.502577] Call Trace: [ 2040.505169] dump_stack+0x1b2/0x281 [ 2040.508815] should_fail.cold+0x10a/0x149 [ 2040.512966] should_failslab+0xd6/0x130 [ 2040.516947] __kmalloc_track_caller+0x2bc/0x400 [ 2040.521616] ? kstrdup_const+0x35/0x60 [ 2040.525501] kstrdup+0x36/0x70 [ 2040.528694] kstrdup_const+0x35/0x60 [ 2040.532406] __kernfs_new_node+0x2e/0x470 [ 2040.536552] kernfs_create_dir_ns+0x8c/0x200 [ 2040.540952] sysfs_create_dir_ns+0xb7/0x1d0 [ 2040.545270] kobject_add_internal+0x28b/0x930 [ 2040.549759] kobject_add+0x11f/0x180 [ 2040.553474] ? kset_create_and_add+0x190/0x190 [ 2040.558051] device_add+0x33f/0x15c0 [ 2040.561769] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 2040.567197] ? kfree_const+0x33/0x40 [ 2040.570887] ? device_is_dependent+0x2a0/0x2a0 [ 2040.575530] ? kfree+0x1f0/0x250 [ 2040.578878] device_create_groups_vargs+0x1dc/0x250 [ 2040.583871] device_create_vargs+0x3a/0x50 [ 2040.588184] bdi_register_va.part.0+0x35/0x650 [ 2040.592748] bdi_register_va+0x63/0x80 [ 2040.596613] super_setup_bdi_name+0x123/0x220 [ 2040.601086] ? kill_block_super+0xe0/0xe0 [ 2040.605270] ? do_raw_spin_unlock+0x164/0x220 [ 2040.609747] fuse_fill_super+0x937/0x15c0 [ 2040.613888] ? fuse_get_root_inode+0xc0/0xc0 [ 2040.618274] ? up_write+0x17/0x60 [ 2040.621704] ? register_shrinker+0x15f/0x220 [ 2040.626089] ? sget_userns+0x768/0xc10 [ 2040.629967] ? get_anon_bdev+0x1c0/0x1c0 [ 2040.634000] ? sget+0xd9/0x110 [ 2040.637170] ? fuse_get_root_inode+0xc0/0xc0 [ 2040.641554] mount_nodev+0x4c/0xf0 [ 2040.645071] mount_fs+0x92/0x2a0 [ 2040.648415] vfs_kern_mount.part.0+0x5b/0x470 [ 2040.652889] do_mount+0xe65/0x2a30 [ 2040.656409] ? copy_mount_string+0x40/0x40 [ 2040.660622] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 2040.665623] ? copy_mnt_ns+0xa30/0xa30 [ 2040.669498] ? copy_mount_options+0x1fa/0x2f0 [ 2040.673970] ? copy_mnt_ns+0xa30/0xa30 [ 2040.677841] SyS_mount+0xa8/0x120 [ 2040.681275] ? copy_mnt_ns+0xa30/0xa30 [ 2040.685142] do_syscall_64+0x1d5/0x640 [ 2040.689016] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2040.694182] RIP: 0033:0x7fc09e230109 [ 2040.697879] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2040.705565] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 [ 2040.712810] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 [ 2040.720056] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 [ 2040.727316] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2040.734560] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 [ 2040.743303] kobject_add_internal failed for 0:59 (error: -12 parent: bdi) 10:58:10 executing program 2: rt_sigreturn() mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) rt_sigreturn() ioctl$PPPIOCSMAXCID(0xffffffffffffffff, 0x40047451, &(0x7f0000000000)=0x9d48) 10:58:10 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0xe900, 0x0) (async, rerun: 32) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x116508e, 0x0) (rerun: 32) 10:58:10 executing program 5: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) ioctl$SNAPSHOT_SET_SWAP_AREA(r0, 0x400c330d, &(0x7f0000000040)={0x6557, 0x6}) ioctl$SNAPSHOT_UNFREEZE(r0, 0x3302) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x229cca7, 0x0) 10:58:10 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) bpf$MAP_DELETE_BATCH(0x1b, &(0x7f0000000480)={&(0x7f0000000200)="200c2a45306d9afcaa369c048bd402958499bf9ca0fc93aefb821ceadd8ae88dda5367f716f33c0103d2c93f56ae5bd68a2f8006630fd6dc1bd4b204c2ececf9865aa0ba55189ea8616aa4f2606292f651969693166ade21b7a7c81bcfbc8865957ce0c16154cc431dc9735d83e0046a13d441012577904568bac0bf38", &(0x7f0000000280)=""/240, &(0x7f0000000040)="33b8193ca7faa0d2", &(0x7f0000000380)="6f5b723ee717a7cd9d6d01a3bd84107439f90604c74ca5f83138eb5921f15689ff1852f0d396e23a3a84402197833a0341e6a94cb9728c2f609bd85453170c397f03f8a965a0f42d4d8b257834474906a940cc3cc8da1aad300f591b3a932b1f8e0db6d7b8bb5d65e909e6b66bb591652003dd6ba6849a7b1c77b35af85b25d7c7cebc3039d31d2bf4204eef20e9450e06b78a4246e5e787f8fdc7f959788119db6d1231d18fc5d414b20f5b863c33d904f665dad16a62f68daadeb56f6c42e1034d6af2bf76a37884e5314687aa52a2a8d84912b5704f1583111fd56f45f67e402624586c3869f4cff4f6", 0x1, 0xffffffffffffffff, 0x4}, 0x38) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="f0000000000000000000ac1414aa0000000000000000000000007f00000100"/64, @ANYRES32=0x0, @ANYRESOCT=r0, @ANYBLOB="000000000000000000000000000000000000000000000000ac1414bb00"/168], 0xf0}}, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) 10:58:10 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r5 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r5}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r6}, 0x2c, {'group_id', 0x3d, r4}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) write$FUSE_NOTIFY_POLL(r5, &(0x7f0000000000)={0x18, 0x1, 0x0, {0x200}}, 0x18) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000240)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {}, 0x2c, {[], [{@fsname={'fsname', 0x3d, '*\xcf-'}}, {@fsmagic={'fsmagic', 0x3d, 0x9}}, {@seclabel}, {@fowner_gt={'fowner>', r3}}, {@uid_lt}, {@seclabel}]}}) 10:58:10 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 23) 10:58:10 executing program 2: rt_sigreturn() (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) (async) rt_sigreturn() (async) ioctl$PPPIOCSMAXCID(0xffffffffffffffff, 0x40047451, &(0x7f0000000000)=0x9d48) 10:58:10 executing program 5: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) ioctl$SNAPSHOT_SET_SWAP_AREA(r0, 0x400c330d, &(0x7f0000000040)={0x6557, 0x6}) ioctl$SNAPSHOT_UNFREEZE(r0, 0x3302) (async) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x229cca7, 0x0) 10:58:10 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0xe900, 0x0) (async, rerun: 64) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x116508e, 0x0) (rerun: 64) 10:58:10 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) (async) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) (async) r5 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r5}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r6}, 0x2c, {'group_id', 0x3d, r4}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) write$FUSE_NOTIFY_POLL(r5, &(0x7f0000000000)={0x18, 0x1, 0x0, {0x200}}, 0x18) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000240)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {}, 0x2c, {[], [{@fsname={'fsname', 0x3d, '*\xcf-'}}, {@fsmagic={'fsmagic', 0x3d, 0x9}}, {@seclabel}, {@fowner_gt={'fowner>', r3}}, {@uid_lt}, {@seclabel}]}}) 10:58:10 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) bpf$MAP_DELETE_BATCH(0x1b, &(0x7f0000000480)={&(0x7f0000000200)="200c2a45306d9afcaa369c048bd402958499bf9ca0fc93aefb821ceadd8ae88dda5367f716f33c0103d2c93f56ae5bd68a2f8006630fd6dc1bd4b204c2ececf9865aa0ba55189ea8616aa4f2606292f651969693166ade21b7a7c81bcfbc8865957ce0c16154cc431dc9735d83e0046a13d441012577904568bac0bf38", &(0x7f0000000280)=""/240, &(0x7f0000000040)="33b8193ca7faa0d2", &(0x7f0000000380)="6f5b723ee717a7cd9d6d01a3bd84107439f90604c74ca5f83138eb5921f15689ff1852f0d396e23a3a84402197833a0341e6a94cb9728c2f609bd85453170c397f03f8a965a0f42d4d8b257834474906a940cc3cc8da1aad300f591b3a932b1f8e0db6d7b8bb5d65e909e6b66bb591652003dd6ba6849a7b1c77b35af85b25d7c7cebc3039d31d2bf4204eef20e9450e06b78a4246e5e787f8fdc7f959788119db6d1231d18fc5d414b20f5b863c33d904f665dad16a62f68daadeb56f6c42e1034d6af2bf76a37884e5314687aa52a2a8d84912b5704f1583111fd56f45f67e402624586c3869f4cff4f6", 0x1, 0xffffffffffffffff, 0x4}, 0x38) (async) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="f0000000000000000000ac1414aa0000000000000000000000007f00000100"/64, @ANYRES32=0x0, @ANYRESOCT=r0, @ANYBLOB="000000000000000000000000000000000000000000000000ac1414bb00"/168], 0xf0}}, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) [ 2041.320373] FAULT_INJECTION: forcing a failure. [ 2041.320373] name failslab, interval 1, probability 0, space 0, times 0 [ 2041.344067] CPU: 0 PID: 23498 Comm: syz-executor.1 Not tainted 4.14.286-syzkaller #0 [ 2041.351969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2041.361319] Call Trace: [ 2041.363913] dump_stack+0x1b2/0x281 [ 2041.367554] should_fail.cold+0x10a/0x149 [ 2041.371708] should_failslab+0xd6/0x130 [ 2041.375686] kmem_cache_alloc+0x28e/0x3c0 [ 2041.379835] __kernfs_new_node+0x6f/0x470 [ 2041.383978] kernfs_create_dir_ns+0x8c/0x200 [ 2041.388383] sysfs_create_dir_ns+0xb7/0x1d0 [ 2041.392708] kobject_add_internal+0x28b/0x930 [ 2041.397214] kobject_add+0x11f/0x180 [ 2041.400927] ? kset_create_and_add+0x190/0x190 [ 2041.405516] device_add+0x33f/0x15c0 [ 2041.409229] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 2041.414676] ? kfree_const+0x33/0x40 [ 2041.418382] ? device_is_dependent+0x2a0/0x2a0 [ 2041.422959] ? kfree+0x1f0/0x250 [ 2041.426326] device_create_groups_vargs+0x1dc/0x250 [ 2041.431337] device_create_vargs+0x3a/0x50 [ 2041.435572] bdi_register_va.part.0+0x35/0x650 [ 2041.440155] bdi_register_va+0x63/0x80 [ 2041.444047] super_setup_bdi_name+0x123/0x220 [ 2041.448533] ? kill_block_super+0xe0/0xe0 [ 2041.452677] ? do_raw_spin_unlock+0x164/0x220 [ 2041.457173] fuse_fill_super+0x937/0x15c0 [ 2041.461321] ? fuse_get_root_inode+0xc0/0xc0 [ 2041.465723] ? up_write+0x17/0x60 10:58:10 executing program 3: mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x10, 0x0) 10:58:10 executing program 5: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) (async, rerun: 32) ioctl$SNAPSHOT_SET_SWAP_AREA(r0, 0x400c330d, &(0x7f0000000040)={0x6557, 0x6}) (async, rerun: 32) ioctl$SNAPSHOT_UNFREEZE(r0, 0x3302) (async, rerun: 32) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x229cca7, 0x0) (rerun: 32) 10:58:10 executing program 3: mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x10, 0x0) 10:58:10 executing program 3: mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x10, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x10, 0x0) (async) 10:58:10 executing program 3: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) sched_yield() 10:58:10 executing program 3: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) sched_yield() [ 2041.469167] ? register_shrinker+0x15f/0x220 [ 2041.473574] ? sget_userns+0x768/0xc10 [ 2041.477479] ? get_anon_bdev+0x1c0/0x1c0 [ 2041.481529] ? sget+0xd9/0x110 [ 2041.484722] ? fuse_get_root_inode+0xc0/0xc0 [ 2041.489126] mount_nodev+0x4c/0xf0 [ 2041.492663] mount_fs+0x92/0x2a0 [ 2041.496026] vfs_kern_mount.part.0+0x5b/0x470 [ 2041.500519] do_mount+0xe65/0x2a30 [ 2041.504061] ? copy_mount_string+0x40/0x40 [ 2041.508289] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 2041.513293] ? copy_mnt_ns+0xa30/0xa30 [ 2041.517169] ? copy_mount_options+0x1fa/0x2f0 [ 2041.521642] ? copy_mnt_ns+0xa30/0xa30 [ 2041.525508] SyS_mount+0xa8/0x120 [ 2041.528969] ? copy_mnt_ns+0xa30/0xa30 [ 2041.532838] do_syscall_64+0x1d5/0x640 [ 2041.536704] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2041.541972] RIP: 0033:0x7fc09e230109 [ 2041.545662] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2041.553342] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 [ 2041.560585] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 10:58:10 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 24) [ 2041.567830] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 [ 2041.575076] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2041.582335] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 [ 2041.597889] kobject_add_internal failed for 0:59 (error: -12 parent: bdi) [ 2041.627428] FAULT_INJECTION: forcing a failure. [ 2041.627428] name failslab, interval 1, probability 0, space 0, times 0 [ 2041.638899] CPU: 0 PID: 23524 Comm: syz-executor.1 Not tainted 4.14.286-syzkaller #0 [ 2041.646775] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2041.656126] Call Trace: [ 2041.658788] dump_stack+0x1b2/0x281 [ 2041.662392] should_fail.cold+0x10a/0x149 [ 2041.666517] should_failslab+0xd6/0x130 [ 2041.670474] kmem_cache_alloc+0x40/0x3c0 [ 2041.674523] radix_tree_node_alloc.constprop.0+0x1b0/0x2f0 [ 2041.680145] idr_get_free_cmn+0x595/0x8d0 [ 2041.684276] idr_alloc_cmn+0xe8/0x1e0 [ 2041.688057] ? __fprop_inc_percpu_max+0x1d0/0x1d0 [ 2041.692876] ? fs_reclaim_release+0xd0/0x110 [ 2041.697274] ? fs_reclaim_release+0xd0/0x110 [ 2041.701678] idr_alloc_cyclic+0xc2/0x1d0 [ 2041.705727] ? idr_alloc_cmn+0x1e0/0x1e0 [ 2041.709768] ? __radix_tree_preload+0x1c3/0x250 [ 2041.714428] __kernfs_new_node+0xaf/0x470 [ 2041.718560] kernfs_create_dir_ns+0x8c/0x200 [ 2041.722948] sysfs_create_dir_ns+0xb7/0x1d0 [ 2041.727251] kobject_add_internal+0x28b/0x930 [ 2041.731724] kobject_add+0x11f/0x180 [ 2041.735427] ? kset_create_and_add+0x190/0x190 [ 2041.739999] device_add+0x33f/0x15c0 [ 2041.743692] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 2041.749132] ? kfree_const+0x33/0x40 [ 2041.752824] ? device_is_dependent+0x2a0/0x2a0 [ 2041.757406] ? kfree+0x1f0/0x250 [ 2041.760777] device_create_groups_vargs+0x1dc/0x250 [ 2041.765815] device_create_vargs+0x3a/0x50 [ 2041.770036] bdi_register_va.part.0+0x35/0x650 [ 2041.774609] bdi_register_va+0x63/0x80 [ 2041.778499] super_setup_bdi_name+0x123/0x220 [ 2041.782995] ? kill_block_super+0xe0/0xe0 [ 2041.787126] ? do_raw_spin_unlock+0x164/0x220 [ 2041.791618] fuse_fill_super+0x937/0x15c0 [ 2041.795765] ? fuse_get_root_inode+0xc0/0xc0 [ 2041.800168] ? up_write+0x17/0x60 [ 2041.803606] ? register_shrinker+0x15f/0x220 [ 2041.808009] ? sget_userns+0x768/0xc10 [ 2041.811902] ? get_anon_bdev+0x1c0/0x1c0 [ 2041.815963] ? sget+0xd9/0x110 [ 2041.819148] ? fuse_get_root_inode+0xc0/0xc0 [ 2041.823535] mount_nodev+0x4c/0xf0 [ 2041.827056] mount_fs+0x92/0x2a0 [ 2041.830411] vfs_kern_mount.part.0+0x5b/0x470 [ 2041.834899] do_mount+0xe65/0x2a30 [ 2041.838441] ? copy_mount_string+0x40/0x40 [ 2041.842655] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 2041.847661] ? copy_mnt_ns+0xa30/0xa30 [ 2041.851658] ? copy_mount_options+0x1fa/0x2f0 [ 2041.856143] ? copy_mnt_ns+0xa30/0xa30 [ 2041.860066] SyS_mount+0xa8/0x120 [ 2041.863497] ? copy_mnt_ns+0xa30/0xa30 [ 2041.867364] do_syscall_64+0x1d5/0x640 [ 2041.871240] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2041.876416] RIP: 0033:0x7fc09e230109 [ 2041.880118] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2041.887808] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 [ 2041.895075] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 [ 2041.902344] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 [ 2041.909622] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2041.916886] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 10:58:11 executing program 2: rt_sigreturn() mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) rt_sigreturn() ioctl$PPPIOCSMAXCID(0xffffffffffffffff, 0x40047451, &(0x7f0000000000)=0x9d48) rt_sigreturn() (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) (async) rt_sigreturn() (async) ioctl$PPPIOCSMAXCID(0xffffffffffffffff, 0x40047451, &(0x7f0000000000)=0x9d48) (async) 10:58:11 executing program 3: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) (async) sched_yield() 10:58:11 executing program 5: mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x22dc886, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r2, 0x6, 0x23, 0x0, 0x0) r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r3, 0x6, 0x23, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_ext={0x1c, 0xe, &(0x7f0000000300)=@raw=[@map_idx={0x18, 0x6, 0x5, 0x0, 0xe}, @generic={0xc1, 0xe, 0xd, 0x1}, @btf_id={0x18, 0x3, 0x3, 0x0, 0x4}, @btf_id={0x18, 0x4, 0x3, 0x0, 0x4}, @call={0x85, 0x0, 0x0, 0xaa}, @map_val={0x18, 0xa, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0x5}, @cb_func={0x18, 0xa, 0x4, 0x0, 0xfffffffffffffffe}, @map_fd={0x18, 0x6, 0x1, 0x0, r0}], &(0x7f0000000180)='GPL\x00', 0x8001, 0x94, &(0x7f0000000380)=""/148, 0x41000, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x3, 0x1}, 0x8, 0x10, &(0x7f0000000440)={0x1, 0x3, 0x80000000, 0x101}, 0x10, 0x185e3, r3, 0x0, &(0x7f0000000480)=[r1]}, 0x80) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) 10:58:11 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) bpf$MAP_DELETE_BATCH(0x1b, &(0x7f0000000480)={&(0x7f0000000200)="200c2a45306d9afcaa369c048bd402958499bf9ca0fc93aefb821ceadd8ae88dda5367f716f33c0103d2c93f56ae5bd68a2f8006630fd6dc1bd4b204c2ececf9865aa0ba55189ea8616aa4f2606292f651969693166ade21b7a7c81bcfbc8865957ce0c16154cc431dc9735d83e0046a13d441012577904568bac0bf38", &(0x7f0000000280)=""/240, &(0x7f0000000040)="33b8193ca7faa0d2", &(0x7f0000000380)="6f5b723ee717a7cd9d6d01a3bd84107439f90604c74ca5f83138eb5921f15689ff1852f0d396e23a3a84402197833a0341e6a94cb9728c2f609bd85453170c397f03f8a965a0f42d4d8b257834474906a940cc3cc8da1aad300f591b3a932b1f8e0db6d7b8bb5d65e909e6b66bb591652003dd6ba6849a7b1c77b35af85b25d7c7cebc3039d31d2bf4204eef20e9450e06b78a4246e5e787f8fdc7f959788119db6d1231d18fc5d414b20f5b863c33d904f665dad16a62f68daadeb56f6c42e1034d6af2bf76a37884e5314687aa52a2a8d84912b5704f1583111fd56f45f67e402624586c3869f4cff4f6", 0x1, 0xffffffffffffffff, 0x4}, 0x38) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="f0000000000000000000ac1414aa0000000000000000000000007f00000100"/64, @ANYRES32=0x0, @ANYRESOCT=r0, @ANYBLOB="000000000000000000000000000000000000000000000000ac1414bb00"/168], 0xf0}}, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) socket$nl_xfrm(0x10, 0x3, 0x6) (async) bpf$MAP_DELETE_BATCH(0x1b, &(0x7f0000000480)={&(0x7f0000000200)="200c2a45306d9afcaa369c048bd402958499bf9ca0fc93aefb821ceadd8ae88dda5367f716f33c0103d2c93f56ae5bd68a2f8006630fd6dc1bd4b204c2ececf9865aa0ba55189ea8616aa4f2606292f651969693166ade21b7a7c81bcfbc8865957ce0c16154cc431dc9735d83e0046a13d441012577904568bac0bf38", &(0x7f0000000280)=""/240, &(0x7f0000000040)="33b8193ca7faa0d2", &(0x7f0000000380)="6f5b723ee717a7cd9d6d01a3bd84107439f90604c74ca5f83138eb5921f15689ff1852f0d396e23a3a84402197833a0341e6a94cb9728c2f609bd85453170c397f03f8a965a0f42d4d8b257834474906a940cc3cc8da1aad300f591b3a932b1f8e0db6d7b8bb5d65e909e6b66bb591652003dd6ba6849a7b1c77b35af85b25d7c7cebc3039d31d2bf4204eef20e9450e06b78a4246e5e787f8fdc7f959788119db6d1231d18fc5d414b20f5b863c33d904f665dad16a62f68daadeb56f6c42e1034d6af2bf76a37884e5314687aa52a2a8d84912b5704f1583111fd56f45f67e402624586c3869f4cff4f6", 0x1, 0xffffffffffffffff, 0x4}, 0x38) (async) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="f0000000000000000000ac1414aa0000000000000000000000007f00000100"/64, @ANYRES32=0x0, @ANYRESOCT=r0, @ANYBLOB="000000000000000000000000000000000000000000000000ac1414bb00"/168], 0xf0}}, 0x0) (async) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) (async) 10:58:11 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) (async) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) (async, rerun: 64) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async, rerun: 64) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) (async) r5 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r5}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r6}, 0x2c, {'group_id', 0x3d, r4}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async) write$FUSE_NOTIFY_POLL(r5, &(0x7f0000000000)={0x18, 0x1, 0x0, {0x200}}, 0x18) (async, rerun: 32) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000240)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {}, 0x2c, {[], [{@fsname={'fsname', 0x3d, '*\xcf-'}}, {@fsmagic={'fsmagic', 0x3d, 0x9}}, {@seclabel}, {@fowner_gt={'fowner>', r3}}, {@uid_lt}, {@seclabel}]}}) (rerun: 32) 10:58:11 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 25) 10:58:11 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24cc8, 0x0) 10:58:11 executing program 3: mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x81048a, 0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, &(0x7f0000000040)=0x3, 0x4) 10:58:11 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24cc8, 0x0) 10:58:11 executing program 5: mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x22dc886, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) (async) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r2, 0x6, 0x23, 0x0, 0x0) r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r3, 0x6, 0x23, 0x0, 0x0) (async, rerun: 64) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_ext={0x1c, 0xe, &(0x7f0000000300)=@raw=[@map_idx={0x18, 0x6, 0x5, 0x0, 0xe}, @generic={0xc1, 0xe, 0xd, 0x1}, @btf_id={0x18, 0x3, 0x3, 0x0, 0x4}, @btf_id={0x18, 0x4, 0x3, 0x0, 0x4}, @call={0x85, 0x0, 0x0, 0xaa}, @map_val={0x18, 0xa, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0x5}, @cb_func={0x18, 0xa, 0x4, 0x0, 0xfffffffffffffffe}, @map_fd={0x18, 0x6, 0x1, 0x0, r0}], &(0x7f0000000180)='GPL\x00', 0x8001, 0x94, &(0x7f0000000380)=""/148, 0x41000, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x3, 0x1}, 0x8, 0x10, &(0x7f0000000440)={0x1, 0x3, 0x80000000, 0x101}, 0x10, 0x185e3, r3, 0x0, &(0x7f0000000480)=[r1]}, 0x80) (async, rerun: 64) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) 10:58:11 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000100), 0x40, 0x0) mount$fuse(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000240)={{'fd', 0x3d, r0}, 0x2c, {}, 0x2c, {}, 0x2c, {'group_id', 0x3d, 0xffffffffffffffff}, 0x2c, {[], [{@mask={'mask', 0x3d, 'MAY_READ'}}, {@audit}, {@fowner_eq={'fowner', 0x3d, 0xffffffffffffffff}}]}}) write$FUSE_NOTIFY_DELETE(r0, &(0x7f0000000180)={0x29, 0x6, 0x0, {0x4, 0x6}}, 0x29) ioctl$PPPIOCGFLAGS1(r1, 0x8004745a, 0x0) 10:58:11 executing program 3: mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x81048a, 0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, &(0x7f0000000040)=0x3, 0x4) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x81048a, 0x0) (async) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, &(0x7f0000000040)=0x3, 0x4) (async) 10:58:11 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24cc8, 0x0) 10:58:11 executing program 2: mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x2c888, 0x0) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r4}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r5}}]}}) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r7 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r7}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r8}, 0x2c, {'group_id', 0x3d, r6}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r10 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r10}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r11}, 0x2c, {'group_id', 0x3d, r9}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) r12 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000680), 0x2, 0x0) read$FUSE(r12, &(0x7f00000026c0)={0x2020}, 0x2020) mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0xffffffffffffffff, 0x800000, &(0x7f0000000080)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {'user_id', 0x3d, r5}, 0x2c, {'group_id', 0x3d, 0xee00}, 0x2c, {[{@allow_other}], [{@measure}, {@context={'context', 0x3d, 'unconfined_u'}}, {@dont_hash}, {@mask={'mask', 0x3d, '^MAY_READ'}}, {@rootcontext={'rootcontext', 0x3d, 'unconfined_u'}}]}}) 10:58:11 executing program 3: mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x81048a, 0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, &(0x7f0000000040)=0x3, 0x4) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x81048a, 0x0) (async) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, &(0x7f0000000040)=0x3, 0x4) (async) 10:58:11 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup/syz0\x00', 0x200002, 0x0) getrusage(0xffffffffffffffff, &(0x7f0000000180)) ioctl$PPPIOCSNPMODE(r1, 0x4008744b, &(0x7f0000000280)={0x80f3, 0x1}) sendmsg$nl_xfrm(r1, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="340000001c0000022abd7000fedbdf253c14000d00000000000000000000000000000000000c001c00", @ANYRES32=0x0, @ANYBLOB="e8ffffff000000"], 0x34}, 0x1, 0x0, 0x0, 0xc00}, 0x8c1) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=ANY=[@ANYBLOB="f00000001a00030f0000000000000000ac1414aa0000000000000000000000007f00000100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000ac1414bb0000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000cf1d64dacaf2b8400d124fa3aa6b2d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b8ea8841cc055b0fa3de12f3bac53c4b8cf41b03dec5d1a39caba90fb962a9194cbdb37d517c7aeb910bab6c337eba84e1d231f6cd7bdcd83f575a3ca393612b49ff001ea8"], 0xf0}}, 0x0) 10:58:11 executing program 5: mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x22dc886, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r2, 0x6, 0x23, 0x0, 0x0) r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r3, 0x6, 0x23, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_ext={0x1c, 0xe, &(0x7f0000000300)=@raw=[@map_idx={0x18, 0x6, 0x5, 0x0, 0xe}, @generic={0xc1, 0xe, 0xd, 0x1}, @btf_id={0x18, 0x3, 0x3, 0x0, 0x4}, @btf_id={0x18, 0x4, 0x3, 0x0, 0x4}, @call={0x85, 0x0, 0x0, 0xaa}, @map_val={0x18, 0xa, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0x5}, @cb_func={0x18, 0xa, 0x4, 0x0, 0xfffffffffffffffe}, @map_fd={0x18, 0x6, 0x1, 0x0, r0}], &(0x7f0000000180)='GPL\x00', 0x8001, 0x94, &(0x7f0000000380)=""/148, 0x41000, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x3, 0x1}, 0x8, 0x10, &(0x7f0000000440)={0x1, 0x3, 0x80000000, 0x101}, 0x10, 0x185e3, r3, 0x0, &(0x7f0000000480)=[r1]}, 0x80) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x22dc886, 0x0) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (async) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (async) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (async) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r2, 0x6, 0x23, 0x0, 0x0) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (async) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r3, 0x6, 0x23, 0x0, 0x0) (async) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_ext={0x1c, 0xe, &(0x7f0000000300)=@raw=[@map_idx={0x18, 0x6, 0x5, 0x0, 0xe}, @generic={0xc1, 0xe, 0xd, 0x1}, @btf_id={0x18, 0x3, 0x3, 0x0, 0x4}, @btf_id={0x18, 0x4, 0x3, 0x0, 0x4}, @call={0x85, 0x0, 0x0, 0xaa}, @map_val={0x18, 0xa, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0x5}, @cb_func={0x18, 0xa, 0x4, 0x0, 0xfffffffffffffffe}, @map_fd={0x18, 0x6, 0x1, 0x0, r0}], &(0x7f0000000180)='GPL\x00', 0x8001, 0x94, &(0x7f0000000380)=""/148, 0x41000, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x3, 0x1}, 0x8, 0x10, &(0x7f0000000440)={0x1, 0x3, 0x80000000, 0x101}, 0x10, 0x185e3, r3, 0x0, &(0x7f0000000480)=[r1]}, 0x80) (async) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) (async) [ 2042.306496] FAULT_INJECTION: forcing a failure. [ 2042.306496] name failslab, interval 1, probability 0, space 0, times 0 [ 2042.341726] CPU: 1 PID: 23562 Comm: syz-executor.1 Not tainted 4.14.286-syzkaller #0 [ 2042.349649] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2042.349656] Call Trace: [ 2042.361593] dump_stack+0x1b2/0x281 [ 2042.361607] should_fail.cold+0x10a/0x149 [ 2042.361620] should_failslab+0xd6/0x130 [ 2042.361631] kmem_cache_alloc+0x28e/0x3c0 [ 2042.361643] __kernfs_new_node+0x6f/0x470 [ 2042.361656] kernfs_new_node+0x7b/0xe0 [ 2042.361667] __kernfs_create_file+0x3d/0x320 [ 2042.361679] sysfs_add_file_mode_ns+0x1e1/0x450 [ 2042.361694] device_create_file+0xc8/0x100 [ 2042.361706] ? acpi_platform_notify_remove+0x1f0/0x1f0 [ 2042.404025] device_add+0x37a/0x15c0 [ 2042.404046] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 2042.413177] ? kfree_const+0x33/0x40 [ 2042.413191] ? device_is_dependent+0x2a0/0x2a0 [ 2042.413200] ? kfree+0x1f0/0x250 [ 2042.413211] device_create_groups_vargs+0x1dc/0x250 [ 2042.413220] device_create_vargs+0x3a/0x50 [ 2042.413231] bdi_register_va.part.0+0x35/0x650 [ 2042.413241] bdi_register_va+0x63/0x80 [ 2042.413252] super_setup_bdi_name+0x123/0x220 [ 2042.413260] ? kill_block_super+0xe0/0xe0 [ 2042.413271] ? do_raw_spin_unlock+0x164/0x220 [ 2042.413285] fuse_fill_super+0x937/0x15c0 [ 2042.413297] ? fuse_get_root_inode+0xc0/0xc0 [ 2042.413306] ? up_write+0x17/0x60 [ 2042.413313] ? register_shrinker+0x15f/0x220 [ 2042.413320] ? sget_userns+0x768/0xc10 [ 2042.413335] ? get_anon_bdev+0x1c0/0x1c0 [ 2042.413341] ? sget+0xd9/0x110 [ 2042.413350] ? fuse_get_root_inode+0xc0/0xc0 [ 2042.413358] mount_nodev+0x4c/0xf0 [ 2042.413368] mount_fs+0x92/0x2a0 [ 2042.413381] vfs_kern_mount.part.0+0x5b/0x470 [ 2042.413392] do_mount+0xe65/0x2a30 [ 2042.413402] ? assoc_array_gc+0x10a1/0x1160 [ 2042.413411] ? retint_kernel+0x2d/0x2d [ 2042.413423] ? copy_mount_string+0x40/0x40 [ 2042.514830] ? audit_kill_trees+0x230/0x230 [ 2042.514843] ? copy_mount_options+0x1fa/0x2f0 [ 2042.523628] ? copy_mnt_ns+0xa30/0xa30 [ 2042.527511] SyS_mount+0xa8/0x120 [ 2042.530948] ? copy_mnt_ns+0xa30/0xa30 [ 2042.534814] do_syscall_64+0x1d5/0x640 [ 2042.538686] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2042.543865] RIP: 0033:0x7fc09e230109 [ 2042.547551] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 10:58:11 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 26) 10:58:11 executing program 2: mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x2c888, 0x0) (async) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r4}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r5}}]}}) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r7 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r7}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r8}, 0x2c, {'group_id', 0x3d, r6}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) (async) r10 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r10}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r11}, 0x2c, {'group_id', 0x3d, r9}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async) r12 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000680), 0x2, 0x0) read$FUSE(r12, &(0x7f00000026c0)={0x2020}, 0x2020) (async) mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0xffffffffffffffff, 0x800000, &(0x7f0000000080)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {'user_id', 0x3d, r5}, 0x2c, {'group_id', 0x3d, 0xee00}, 0x2c, {[{@allow_other}], [{@measure}, {@context={'context', 0x3d, 'unconfined_u'}}, {@dont_hash}, {@mask={'mask', 0x3d, '^MAY_READ'}}, {@rootcontext={'rootcontext', 0x3d, 'unconfined_u'}}]}}) 10:58:11 executing program 3: mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x8304ca, 0x0) r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000100), 0x8) openat$vcs(0xffffffffffffff9c, &(0x7f00000004c0), 0x16400, 0x0) write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000140)={0x29, 0x4, 0x0, {0x2, 0x3, 0x1, 0x0, [0x0]}}, 0x29) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_GET_PIT2(0xffffffffffffffff, 0x8070ae9f, &(0x7f00000026c0)) read$FUSE(r0, &(0x7f0000000680)={0x2020, 0x0, 0x0}, 0x2052) write$FUSE_STATFS(r2, &(0x7f0000000080)={0x60, 0x0, r3}, 0x60) write$FUSE_STATFS(0xffffffffffffffff, &(0x7f0000000040)={0x60, 0x0, r3, {{0xff, 0x8, 0x4, 0x401, 0x4, 0x200, 0xa0, 0x3}}}, 0x60) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000200), 0x80000, 0x0) r5 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000022c0), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r6, 0x40bc5311, &(0x7f0000002380)={0x0, 0x0, 'client1\x00', 0x0, "c78796d72ad751c6", "a0b4350da82b81638c09d2ad04de0abc3d757975a05850485a06762d0a35a2ca"}) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r6, 0x40bc5311, &(0x7f0000000540)={0x35, 0x1, 'client1\x00', 0xffffffff80000000, "e3acd8843140adb4", "fec9037f4759a6cb51ac39994fa7327ad907e1676259c44ff9019d72d371c5cd", 0x0, 0xffffffff}) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r5, 0x6, 0x23, 0x0, 0x0) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0xd, 0x938, 0x2, 0x7f, 0x210, r1, 0xa27, '\x00', 0x0, r1, 0x1, 0x2, 0x5}, 0x48) r8 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000340)='./file0\x00', 0x0, 0x18}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000002000085000000111000"/40], &(0x7f00000001c0)='syzkaller\x00', 0x800, 0x0, 0x0, 0x41000, 0x3, '\x00', 0x0, 0x0, r4, 0x8, &(0x7f0000000240)={0xa, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x2, 0xb, 0xf93b, 0x3f}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[r5, r7, r8]}, 0x80) 10:58:11 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) (async) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup/syz0\x00', 0x200002, 0x0) (async) getrusage(0xffffffffffffffff, &(0x7f0000000180)) (async) ioctl$PPPIOCSNPMODE(r1, 0x4008744b, &(0x7f0000000280)={0x80f3, 0x1}) sendmsg$nl_xfrm(r1, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="340000001c0000022abd7000fedbdf253c14000d00000000000000000000000000000000000c001c00", @ANYRES32=0x0, @ANYBLOB="e8ffffff000000"], 0x34}, 0x1, 0x0, 0x0, 0xc00}, 0x8c1) (async) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=ANY=[@ANYBLOB="f00000001a00030f0000000000000000ac1414aa0000000000000000000000007f00000100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000ac1414bb0000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000cf1d64dacaf2b8400d124fa3aa6b2d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b8ea8841cc055b0fa3de12f3bac53c4b8cf41b03dec5d1a39caba90fb962a9194cbdb37d517c7aeb910bab6c337eba84e1d231f6cd7bdcd83f575a3ca393612b49ff001ea8"], 0xf0}}, 0x0) 10:58:11 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000100), 0x40, 0x0) (async) mount$fuse(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000240)={{'fd', 0x3d, r0}, 0x2c, {}, 0x2c, {}, 0x2c, {'group_id', 0x3d, 0xffffffffffffffff}, 0x2c, {[], [{@mask={'mask', 0x3d, 'MAY_READ'}}, {@audit}, {@fowner_eq={'fowner', 0x3d, 0xffffffffffffffff}}]}}) (async) write$FUSE_NOTIFY_DELETE(r0, &(0x7f0000000180)={0x29, 0x6, 0x0, {0x4, 0x6}}, 0x29) ioctl$PPPIOCGFLAGS1(r1, 0x8004745a, 0x0) 10:58:11 executing program 5: r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) r4 = bpf$ITER_CREATE(0x21, &(0x7f0000000680)={r0}, 0x8) write$FUSE_NOTIFY_STORE(r4, &(0x7f00000006c0)={0x2b, 0x4, 0x0, {0x0, 0x800, 0x3, 0x0, [0x0, 0x0, 0x0]}}, 0x2b) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)=0x0) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r6}, 0x2c, {'group_id', 0x3d, r7}, 0x2c, {[{@allow_other}, {@allow_other}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r8}}]}}) mount$fuse(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x20040, &(0x7f0000000100)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {}, {@max_read={'max_read', 0x3d, 0x79}}, {@default_permissions}], [{@fowner_gt={'fowner>', r5}}]}}) setsockopt$inet_dccp_int(r0, 0x21, 0x6, &(0x7f0000000040)=0x20, 0x4) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) getpgid(0x0) [ 2042.555250] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 [ 2042.562503] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 [ 2042.569759] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 [ 2042.577009] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2042.584257] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 10:58:11 executing program 2: mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x2c888, 0x0) (async) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) (async) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) (async) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) (async) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r4}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r5}}]}}) (async) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) (async) r7 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r7}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r8}, 0x2c, {'group_id', 0x3d, r6}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) (async) r10 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r10}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r11}, 0x2c, {'group_id', 0x3d, r9}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async) r12 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000680), 0x2, 0x0) read$FUSE(r12, &(0x7f00000026c0)={0x2020}, 0x2020) (async) mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0xffffffffffffffff, 0x800000, &(0x7f0000000080)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {'user_id', 0x3d, r5}, 0x2c, {'group_id', 0x3d, 0xee00}, 0x2c, {[{@allow_other}], [{@measure}, {@context={'context', 0x3d, 'unconfined_u'}}, {@dont_hash}, {@mask={'mask', 0x3d, '^MAY_READ'}}, {@rootcontext={'rootcontext', 0x3d, 'unconfined_u'}}]}}) 10:58:11 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup/syz0\x00', 0x200002, 0x0) getrusage(0xffffffffffffffff, &(0x7f0000000180)) ioctl$PPPIOCSNPMODE(r1, 0x4008744b, &(0x7f0000000280)={0x80f3, 0x1}) sendmsg$nl_xfrm(r1, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="340000001c0000022abd7000fedbdf253c14000d00000000000000000000000000000000000c001c00", @ANYRES32=0x0, @ANYBLOB="e8ffffff000000"], 0x34}, 0x1, 0x0, 0x0, 0xc00}, 0x8c1) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=ANY=[@ANYBLOB="f00000001a00030f0000000000000000ac1414aa0000000000000000000000007f00000100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000ac1414bb0000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000cf1d64dacaf2b8400d124fa3aa6b2d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b8ea8841cc055b0fa3de12f3bac53c4b8cf41b03dec5d1a39caba90fb962a9194cbdb37d517c7aeb910bab6c337eba84e1d231f6cd7bdcd83f575a3ca393612b49ff001ea8"], 0xf0}}, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (async) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup/syz0\x00', 0x200002, 0x0) (async) getrusage(0xffffffffffffffff, &(0x7f0000000180)) (async) ioctl$PPPIOCSNPMODE(r1, 0x4008744b, &(0x7f0000000280)={0x80f3, 0x1}) (async) sendmsg$nl_xfrm(r1, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="340000001c0000022abd7000fedbdf253c14000d00000000000000000000000000000000000c001c00", @ANYRES32=0x0, @ANYBLOB="e8ffffff000000"], 0x34}, 0x1, 0x0, 0x0, 0xc00}, 0x8c1) (async) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=ANY=[@ANYBLOB="f00000001a00030f0000000000000000ac1414aa0000000000000000000000007f00000100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000ac1414bb0000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000cf1d64dacaf2b8400d124fa3aa6b2d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b8ea8841cc055b0fa3de12f3bac53c4b8cf41b03dec5d1a39caba90fb962a9194cbdb37d517c7aeb910bab6c337eba84e1d231f6cd7bdcd83f575a3ca393612b49ff001ea8"], 0xf0}}, 0x0) (async) 10:58:11 executing program 3: mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x8304ca, 0x0) r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000100), 0x8) openat$vcs(0xffffffffffffff9c, &(0x7f00000004c0), 0x16400, 0x0) write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000140)={0x29, 0x4, 0x0, {0x2, 0x3, 0x1, 0x0, [0x0]}}, 0x29) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_GET_PIT2(0xffffffffffffffff, 0x8070ae9f, &(0x7f00000026c0)) read$FUSE(r0, &(0x7f0000000680)={0x2020, 0x0, 0x0}, 0x2052) write$FUSE_STATFS(r2, &(0x7f0000000080)={0x60, 0x0, r3}, 0x60) write$FUSE_STATFS(0xffffffffffffffff, &(0x7f0000000040)={0x60, 0x0, r3, {{0xff, 0x8, 0x4, 0x401, 0x4, 0x200, 0xa0, 0x3}}}, 0x60) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000200), 0x80000, 0x0) r5 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000022c0), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r6, 0x40bc5311, &(0x7f0000002380)={0x0, 0x0, 'client1\x00', 0x0, "c78796d72ad751c6", "a0b4350da82b81638c09d2ad04de0abc3d757975a05850485a06762d0a35a2ca"}) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r6, 0x40bc5311, &(0x7f0000000540)={0x35, 0x1, 'client1\x00', 0xffffffff80000000, "e3acd8843140adb4", "fec9037f4759a6cb51ac39994fa7327ad907e1676259c44ff9019d72d371c5cd", 0x0, 0xffffffff}) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r5, 0x6, 0x23, 0x0, 0x0) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0xd, 0x938, 0x2, 0x7f, 0x210, r1, 0xa27, '\x00', 0x0, r1, 0x1, 0x2, 0x5}, 0x48) r8 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000340)='./file0\x00', 0x0, 0x18}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000002000085000000111000"/40], &(0x7f00000001c0)='syzkaller\x00', 0x800, 0x0, 0x0, 0x41000, 0x3, '\x00', 0x0, 0x0, r4, 0x8, &(0x7f0000000240)={0xa, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x2, 0xb, 0xf93b, 0x3f}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[r5, r7, r8]}, 0x80) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x8304ca, 0x0) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) bpf$ITER_CREATE(0x21, &(0x7f0000000100), 0x8) (async) openat$vcs(0xffffffffffffff9c, &(0x7f00000004c0), 0x16400, 0x0) (async) write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000140)={0x29, 0x4, 0x0, {0x2, 0x3, 0x1, 0x0, [0x0]}}, 0x29) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async) ioctl$KVM_GET_PIT2(0xffffffffffffffff, 0x8070ae9f, &(0x7f00000026c0)) (async) read$FUSE(r0, &(0x7f0000000680)={0x2020}, 0x2052) (async) write$FUSE_STATFS(r2, &(0x7f0000000080)={0x60, 0x0, r3}, 0x60) (async) write$FUSE_STATFS(0xffffffffffffffff, &(0x7f0000000040)={0x60, 0x0, r3, {{0xff, 0x8, 0x4, 0x401, 0x4, 0x200, 0xa0, 0x3}}}, 0x60) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000200), 0x80000, 0x0) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (async) openat$sndseq(0xffffffffffffff9c, &(0x7f00000022c0), 0x0) (async) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r6, 0x40bc5311, &(0x7f0000002380)={0x0, 0x0, 'client1\x00', 0x0, "c78796d72ad751c6", "a0b4350da82b81638c09d2ad04de0abc3d757975a05850485a06762d0a35a2ca"}) (async) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r6, 0x40bc5311, &(0x7f0000000540)={0x35, 0x1, 'client1\x00', 0xffffffff80000000, "e3acd8843140adb4", "fec9037f4759a6cb51ac39994fa7327ad907e1676259c44ff9019d72d371c5cd", 0x0, 0xffffffff}) (async) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r5, 0x6, 0x23, 0x0, 0x0) (async) bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0xd, 0x938, 0x2, 0x7f, 0x210, r1, 0xa27, '\x00', 0x0, r1, 0x1, 0x2, 0x5}, 0x48) (async) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000340)='./file0\x00', 0x0, 0x18}, 0x10) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000002000085000000111000"/40], &(0x7f00000001c0)='syzkaller\x00', 0x800, 0x0, 0x0, 0x41000, 0x3, '\x00', 0x0, 0x0, r4, 0x8, &(0x7f0000000240)={0xa, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x2, 0xb, 0xf93b, 0x3f}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[r5, r7, r8]}, 0x80) (async) 10:58:11 executing program 5: r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) r4 = bpf$ITER_CREATE(0x21, &(0x7f0000000680)={r0}, 0x8) write$FUSE_NOTIFY_STORE(r4, &(0x7f00000006c0)={0x2b, 0x4, 0x0, {0x0, 0x800, 0x3, 0x0, [0x0, 0x0, 0x0]}}, 0x2b) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)=0x0) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r6}, 0x2c, {'group_id', 0x3d, r7}, 0x2c, {[{@allow_other}, {@allow_other}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r8}}]}}) mount$fuse(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x20040, &(0x7f0000000100)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {}, {@max_read={'max_read', 0x3d, 0x79}}, {@default_permissions}], [{@fowner_gt={'fowner>', r5}}]}}) setsockopt$inet_dccp_int(r0, 0x21, 0x6, &(0x7f0000000040)=0x20, 0x4) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) getpgid(0x0) bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8) (async) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)) (async) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async) bpf$ITER_CREATE(0x21, &(0x7f0000000680)={r0}, 0x8) (async) write$FUSE_NOTIFY_STORE(r4, &(0x7f00000006c0)={0x2b, 0x4, 0x0, {0x0, 0x800, 0x3, 0x0, [0x0, 0x0, 0x0]}}, 0x2b) (async) getresuid(&(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100)) (async) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)) (async) getresuid(&(0x7f0000000200), &(0x7f0000000240), &(0x7f0000000280)) (async) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r6}, 0x2c, {'group_id', 0x3d, r7}, 0x2c, {[{@allow_other}, {@allow_other}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r8}}]}}) (async) mount$fuse(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x20040, &(0x7f0000000100)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {}, {@max_read={'max_read', 0x3d, 0x79}}, {@default_permissions}], [{@fowner_gt={'fowner>', r5}}]}}) (async) setsockopt$inet_dccp_int(r0, 0x21, 0x6, &(0x7f0000000040)=0x20, 0x4) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) (async) getpgid(0x0) (async) 10:58:11 executing program 2: mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x24888, 0x0) ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000240)=0x1) write$FUSE_NOTIFY_STORE(0xffffffffffffffff, &(0x7f0000000140)={0x2d, 0x4, 0x0, {0x4, 0x8000000000000000, 0x5, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0]}}, 0x2d) mount$fuse(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x940080, &(0x7f0000000280)={{}, 0x2c, {}, 0x2c, {}, 0x2c, {'group_id', 0x3d, 0xffffffffffffffff}, 0x2c, {[{@blksize={'blksize', 0x3d, 0x3800}}, {@blksize={'blksize', 0x3d, 0x1800}}], [{@dont_measure}, {@rootcontext={'rootcontext', 0x3d, 'root'}}, {@dont_appraise}, {@measure}, {@smackfsroot={'smackfsroot', 0x3d, '/'}}]}}) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$FUSE_NOTIFY_POLL(r0, &(0x7f0000000080)={0x18, 0x1, 0x0, {0x3}}, 0x18) 10:58:11 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000100), 0x40, 0x0) (async) mount$fuse(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000240)={{'fd', 0x3d, r0}, 0x2c, {}, 0x2c, {}, 0x2c, {'group_id', 0x3d, 0xffffffffffffffff}, 0x2c, {[], [{@mask={'mask', 0x3d, 'MAY_READ'}}, {@audit}, {@fowner_eq={'fowner', 0x3d, 0xffffffffffffffff}}]}}) write$FUSE_NOTIFY_DELETE(r0, &(0x7f0000000180)={0x29, 0x6, 0x0, {0x4, 0x6}}, 0x29) ioctl$PPPIOCGFLAGS1(r1, 0x8004745a, 0x0) [ 2042.792155] FAULT_INJECTION: forcing a failure. [ 2042.792155] name failslab, interval 1, probability 0, space 0, times 0 [ 2042.808376] CPU: 0 PID: 23664 Comm: syz-executor.1 Not tainted 4.14.286-syzkaller #0 [ 2042.816260] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2042.825613] Call Trace: [ 2042.828197] dump_stack+0x1b2/0x281 [ 2042.831847] should_fail.cold+0x10a/0x149 [ 2042.835981] should_failslab+0xd6/0x130 [ 2042.839963] kmem_cache_alloc+0x28e/0x3c0 [ 2042.844099] __kernfs_new_node+0x6f/0x470 [ 2042.848229] kernfs_new_node+0x7b/0xe0 [ 2042.852094] __kernfs_create_file+0x3d/0x320 [ 2042.856488] sysfs_add_file_mode_ns+0x1e1/0x450 [ 2042.861162] device_create_file+0xc8/0x100 [ 2042.865375] ? acpi_platform_notify_remove+0x1f0/0x1f0 [ 2042.870668] device_add+0x37a/0x15c0 [ 2042.874364] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 2042.879800] ? kfree_const+0x33/0x40 [ 2042.883488] ? device_is_dependent+0x2a0/0x2a0 [ 2042.888042] ? kfree+0x1f0/0x250 [ 2042.891383] device_create_groups_vargs+0x1dc/0x250 [ 2042.896386] device_create_vargs+0x3a/0x50 [ 2042.900606] bdi_register_va.part.0+0x35/0x650 [ 2042.905168] bdi_register_va+0x63/0x80 [ 2042.909033] super_setup_bdi_name+0x123/0x220 [ 2042.913506] ? kill_block_super+0xe0/0xe0 [ 2042.917634] ? do_raw_spin_unlock+0x164/0x220 [ 2042.922110] fuse_fill_super+0x937/0x15c0 [ 2042.926237] ? fuse_get_root_inode+0xc0/0xc0 [ 2042.930624] ? up_write+0x17/0x60 [ 2042.934062] ? register_shrinker+0x15f/0x220 [ 2042.938454] ? sget_userns+0x768/0xc10 [ 2042.942319] ? get_anon_bdev+0x1c0/0x1c0 [ 2042.946353] ? sget+0xd9/0x110 [ 2042.949542] ? fuse_get_root_inode+0xc0/0xc0 [ 2042.953934] mount_nodev+0x4c/0xf0 [ 2042.957457] mount_fs+0x92/0x2a0 [ 2042.960803] vfs_kern_mount.part.0+0x5b/0x470 [ 2042.965273] do_mount+0xe65/0x2a30 [ 2042.968790] ? assoc_array_gc+0x10a1/0x1160 [ 2042.973094] ? retint_kernel+0x2d/0x2d [ 2042.976959] ? copy_mount_string+0x40/0x40 [ 2042.981174] ? __sanitizer_cov_trace_pc+0x4a/0x50 [ 2042.985993] ? copy_mount_options+0x1fa/0x2f0 [ 2042.990463] ? copy_mnt_ns+0xa30/0xa30 [ 2042.994336] SyS_mount+0xa8/0x120 [ 2042.997777] ? copy_mnt_ns+0xa30/0xa30 [ 2043.001659] do_syscall_64+0x1d5/0x640 [ 2043.005545] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2043.010716] RIP: 0033:0x7fc09e230109 [ 2043.014454] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2043.022139] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 [ 2043.029395] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 10:58:12 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 27) 10:58:12 executing program 3: mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x8304ca, 0x0) r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000100), 0x8) openat$vcs(0xffffffffffffff9c, &(0x7f00000004c0), 0x16400, 0x0) (async) write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000140)={0x29, 0x4, 0x0, {0x2, 0x3, 0x1, 0x0, [0x0]}}, 0x29) (async) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async) ioctl$KVM_GET_PIT2(0xffffffffffffffff, 0x8070ae9f, &(0x7f00000026c0)) read$FUSE(r0, &(0x7f0000000680)={0x2020, 0x0, 0x0}, 0x2052) write$FUSE_STATFS(r2, &(0x7f0000000080)={0x60, 0x0, r3}, 0x60) (async) write$FUSE_STATFS(0xffffffffffffffff, &(0x7f0000000040)={0x60, 0x0, r3, {{0xff, 0x8, 0x4, 0x401, 0x4, 0x200, 0xa0, 0x3}}}, 0x60) (async) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000200), 0x80000, 0x0) (async) r5 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000022c0), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r6, 0x40bc5311, &(0x7f0000002380)={0x0, 0x0, 'client1\x00', 0x0, "c78796d72ad751c6", "a0b4350da82b81638c09d2ad04de0abc3d757975a05850485a06762d0a35a2ca"}) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r6, 0x40bc5311, &(0x7f0000000540)={0x35, 0x1, 'client1\x00', 0xffffffff80000000, "e3acd8843140adb4", "fec9037f4759a6cb51ac39994fa7327ad907e1676259c44ff9019d72d371c5cd", 0x0, 0xffffffff}) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r5, 0x6, 0x23, 0x0, 0x0) (async) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0xd, 0x938, 0x2, 0x7f, 0x210, r1, 0xa27, '\x00', 0x0, r1, 0x1, 0x2, 0x5}, 0x48) (async) r8 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000340)='./file0\x00', 0x0, 0x18}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000002000085000000111000"/40], &(0x7f00000001c0)='syzkaller\x00', 0x800, 0x0, 0x0, 0x41000, 0x3, '\x00', 0x0, 0x0, r4, 0x8, &(0x7f0000000240)={0xa, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x2, 0xb, 0xf93b, 0x3f}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[r5, r7, r8]}, 0x80) 10:58:12 executing program 5: r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8) (async) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) (async) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async) r4 = bpf$ITER_CREATE(0x21, &(0x7f0000000680)={r0}, 0x8) write$FUSE_NOTIFY_STORE(r4, &(0x7f00000006c0)={0x2b, 0x4, 0x0, {0x0, 0x800, 0x3, 0x0, [0x0, 0x0, 0x0]}}, 0x2b) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)=0x0) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) (async) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r6}, 0x2c, {'group_id', 0x3d, r7}, 0x2c, {[{@allow_other}, {@allow_other}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r8}}]}}) mount$fuse(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x20040, &(0x7f0000000100)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {}, {@max_read={'max_read', 0x3d, 0x79}}, {@default_permissions}], [{@fowner_gt={'fowner>', r5}}]}}) (async) setsockopt$inet_dccp_int(r0, 0x21, 0x6, &(0x7f0000000040)=0x20, 0x4) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) (async) getpgid(0x0) 10:58:12 executing program 2: mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x24888, 0x0) ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000240)=0x1) write$FUSE_NOTIFY_STORE(0xffffffffffffffff, &(0x7f0000000140)={0x2d, 0x4, 0x0, {0x4, 0x8000000000000000, 0x5, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0]}}, 0x2d) mount$fuse(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x940080, &(0x7f0000000280)={{}, 0x2c, {}, 0x2c, {}, 0x2c, {'group_id', 0x3d, 0xffffffffffffffff}, 0x2c, {[{@blksize={'blksize', 0x3d, 0x3800}}, {@blksize={'blksize', 0x3d, 0x1800}}], [{@dont_measure}, {@rootcontext={'rootcontext', 0x3d, 'root'}}, {@dont_appraise}, {@measure}, {@smackfsroot={'smackfsroot', 0x3d, '/'}}]}}) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$FUSE_NOTIFY_POLL(r0, &(0x7f0000000080)={0x18, 0x1, 0x0, {0x3}}, 0x18) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x24888, 0x0) (async) ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000240)=0x1) (async) write$FUSE_NOTIFY_STORE(0xffffffffffffffff, &(0x7f0000000140)={0x2d, 0x4, 0x0, {0x4, 0x8000000000000000, 0x5, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0]}}, 0x2d) (async) mount$fuse(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x940080, &(0x7f0000000280)={{}, 0x2c, {}, 0x2c, {}, 0x2c, {'group_id', 0x3d, 0xffffffffffffffff}, 0x2c, {[{@blksize={'blksize', 0x3d, 0x3800}}, {@blksize={'blksize', 0x3d, 0x1800}}], [{@dont_measure}, {@rootcontext={'rootcontext', 0x3d, 'root'}}, {@dont_appraise}, {@measure}, {@smackfsroot={'smackfsroot', 0x3d, '/'}}]}}) (async) openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async) write$FUSE_NOTIFY_POLL(r0, &(0x7f0000000080)={0x18, 0x1, 0x0, {0x3}}, 0x18) (async) [ 2043.036650] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 [ 2043.043906] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2043.051186] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 10:58:12 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180)=0x0, &(0x7f00000001c0)) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r4}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) getresuid(&(0x7f0000000180), &(0x7f00000001c0), &(0x7f0000000240)=0x0) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r7 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {}, 0x2c, {'group_id', 0x3d, r9}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r10}}]}}) write$FUSE_ENTRY(0xffffffffffffffff, &(0x7f00000006c0)={0x90, 0x0, 0x0, {0x0, 0x1, 0x0, 0x10000, 0x7f, 0x3945, {0x1, 0x1, 0x9, 0x81, 0x1, 0x357, 0x891, 0x20, 0x3, 0x8000, 0x7, 0x0, r2, 0x6, 0x1}}}, 0x90) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000780)={{'fd', 0x3d, r7}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r8}, 0x2c, {'group_id', 0x3d, r6}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}, {@smackfsroot={'smackfsroot', 0x3d, '--\')%{-##'}}, {@fsname}, {@fsmagic={'fsmagic', 0x3d, 0x7fff}}]}}) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) getresuid(&(0x7f0000000680)=0x0, &(0x7f0000000240), &(0x7f0000000280)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r11}, 0x2c, {'group_id', 0x3d, r12}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r13}}]}}) mount$fuse(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000100), 0x80, &(0x7f0000000280)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {'user_id', 0x3d, r5}, 0x2c, {'group_id', 0x3d, r6}, 0x2c, {[{}, {@default_permissions}, {@default_permissions}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}, {@default_permissions}, {@default_permissions}, {@default_permissions}], [{@subj_type={'subj_type', 0x3d, '/dev/fuse\x00'}}, {@rootcontext={'rootcontext', 0x3d, 'unconfined_u'}}, {@pcr={'pcr', 0x3d, 0x38}}, {@measure}, {@pcr={'pcr', 0x3d, 0x18}}, {@obj_role}, {@uid_eq={'uid', 0x3d, r11}}, {@subj_user={'subj_user', 0x3d, '*\x8d'}}, {@smackfshat}]}}) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) 10:58:12 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@updsa={0xf0, 0x1a, 0xf03, 0x0, 0x0, {{@in=@local, @in=@loopback}, {@in6=@empty}, @in=@remote}}, 0xf0}}, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x402200, 0x0) sendmsg$nl_xfrm(r1, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="6c0000001d000100bdbd7000fcdbdf255b000100626c616b6532732d3235362d67656e00000000000000000000000000000000000000000000000000c09a3c48092767dc80ce087000000000000000000000000000000000000000980000002868dfd051fa31ce"], 0x6c}, 0x1, 0x0, 0x0, 0x8840}, 0x40) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000440)=@bpf_ext={0x1c, 0x6, &(0x7f0000000200)=@raw=[@alu={0x7, 0x0, 0x10311dd24cde921c, 0xa, 0x7, 0x4}, @call={0x85, 0x0, 0x0, 0x36}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x1}, @jmp={0x5, 0x0, 0x8, 0x2, 0x7, 0x18, 0xfffffffffffffff8}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x4}, @alu={0x4, 0x0, 0x9, 0x8, 0x5, 0x10}], &(0x7f0000000240)='GPL\x00', 0x5, 0x0, 0x0, 0x41100, 0x19, '\x00', 0x0, 0x0, r1, 0x8, &(0x7f0000000280)={0x5, 0x3}, 0x8, 0x10, &(0x7f00000003c0)={0x4, 0xd, 0x10001, 0x80000001}, 0x10, 0x20ba7, r1, 0x0, &(0x7f0000000400)=[r1]}, 0x80) 10:58:12 executing program 5: ioctl$PPPIOCSFLAGS1(0xffffffffffffffff, 0x40047459, &(0x7f0000000000)=0x1100721) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000240)={0x2020, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000040)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x4, 0x2, 0x8e5, 0x5, 0x0, 0x0, 0x0, 0x7f, 0x36, 0x2000, 0x1f, r0, 0x0, 0x800, 0x4}}}, 0x78) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) prctl$PR_MCE_KILL(0x21, 0x0, 0x1) read$FUSE(r1, &(0x7f0000000680)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_STATFS(r2, &(0x7f0000000080)={0x60, 0x0, r3}, 0x60) write$FUSE_LSEEK(0xffffffffffffffff, &(0x7f00000000c0)={0x18, 0xfffffffffffffffe, r3, {0xff}}, 0x18) write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000100)={0x2e, 0x4, 0x0, {0x1, 0x2, 0x6, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, 0x2e) 10:58:12 executing program 2: mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x24888, 0x0) (async) ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000240)=0x1) write$FUSE_NOTIFY_STORE(0xffffffffffffffff, &(0x7f0000000140)={0x2d, 0x4, 0x0, {0x4, 0x8000000000000000, 0x5, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0]}}, 0x2d) mount$fuse(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x940080, &(0x7f0000000280)={{}, 0x2c, {}, 0x2c, {}, 0x2c, {'group_id', 0x3d, 0xffffffffffffffff}, 0x2c, {[{@blksize={'blksize', 0x3d, 0x3800}}, {@blksize={'blksize', 0x3d, 0x1800}}], [{@dont_measure}, {@rootcontext={'rootcontext', 0x3d, 'root'}}, {@dont_appraise}, {@measure}, {@smackfsroot={'smackfsroot', 0x3d, '/'}}]}}) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$FUSE_NOTIFY_POLL(r0, &(0x7f0000000080)={0x18, 0x1, 0x0, {0x3}}, 0x18) 10:58:12 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@updsa={0xf0, 0x1a, 0xf03, 0x0, 0x0, {{@in=@local, @in=@loopback}, {@in6=@empty}, @in=@remote}}, 0xf0}}, 0x0) (async) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x402200, 0x0) sendmsg$nl_xfrm(r1, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="6c0000001d000100bdbd7000fcdbdf255b000100626c616b6532732d3235362d67656e00000000000000000000000000000000000000000000000000c09a3c48092767dc80ce087000000000000000000000000000000000000000980000002868dfd051fa31ce"], 0x6c}, 0x1, 0x0, 0x0, 0x8840}, 0x40) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000440)=@bpf_ext={0x1c, 0x6, &(0x7f0000000200)=@raw=[@alu={0x7, 0x0, 0x10311dd24cde921c, 0xa, 0x7, 0x4}, @call={0x85, 0x0, 0x0, 0x36}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x1}, @jmp={0x5, 0x0, 0x8, 0x2, 0x7, 0x18, 0xfffffffffffffff8}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x4}, @alu={0x4, 0x0, 0x9, 0x8, 0x5, 0x10}], &(0x7f0000000240)='GPL\x00', 0x5, 0x0, 0x0, 0x41100, 0x19, '\x00', 0x0, 0x0, r1, 0x8, &(0x7f0000000280)={0x5, 0x3}, 0x8, 0x10, &(0x7f00000003c0)={0x4, 0xd, 0x10001, 0x80000001}, 0x10, 0x20ba7, r1, 0x0, &(0x7f0000000400)=[r1]}, 0x80) 10:58:12 executing program 3: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) write$FUSE_NOTIFY_INVAL_INODE(0xffffffffffffffff, &(0x7f0000000000)={0x28, 0x2, 0x0, {0x6, 0xbdb, 0x7}}, 0x28) 10:58:12 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180)=0x0, &(0x7f00000001c0)) (async) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r4}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async) getresuid(&(0x7f0000000180), &(0x7f00000001c0), &(0x7f0000000240)=0x0) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) (async) r7 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) (async) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {}, 0x2c, {'group_id', 0x3d, r9}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r10}}]}}) (async) write$FUSE_ENTRY(0xffffffffffffffff, &(0x7f00000006c0)={0x90, 0x0, 0x0, {0x0, 0x1, 0x0, 0x10000, 0x7f, 0x3945, {0x1, 0x1, 0x9, 0x81, 0x1, 0x357, 0x891, 0x20, 0x3, 0x8000, 0x7, 0x0, r2, 0x6, 0x1}}}, 0x90) (async) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000780)={{'fd', 0x3d, r7}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r8}, 0x2c, {'group_id', 0x3d, r6}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}, {@smackfsroot={'smackfsroot', 0x3d, '--\')%{-##'}}, {@fsname}, {@fsmagic={'fsmagic', 0x3d, 0x7fff}}]}}) (async) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) (async) getresuid(&(0x7f0000000680)=0x0, &(0x7f0000000240), &(0x7f0000000280)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r11}, 0x2c, {'group_id', 0x3d, r12}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r13}}]}}) (async) mount$fuse(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000100), 0x80, &(0x7f0000000280)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {'user_id', 0x3d, r5}, 0x2c, {'group_id', 0x3d, r6}, 0x2c, {[{}, {@default_permissions}, {@default_permissions}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}, {@default_permissions}, {@default_permissions}, {@default_permissions}], [{@subj_type={'subj_type', 0x3d, '/dev/fuse\x00'}}, {@rootcontext={'rootcontext', 0x3d, 'unconfined_u'}}, {@pcr={'pcr', 0x3d, 0x38}}, {@measure}, {@pcr={'pcr', 0x3d, 0x18}}, {@obj_role}, {@uid_eq={'uid', 0x3d, r11}}, {@subj_user={'subj_user', 0x3d, '*\x8d'}}, {@smackfshat}]}}) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) 10:58:12 executing program 2: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000022c0), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r0, 0x40bc5311, &(0x7f0000002380)={0x0, 0x0, 'client1\x00', 0xffffffff80000001, "c78796d72ad771c6", "a0b4638c09d2ad04de0abc3d020000000000000006762d0a35a2ca00"}) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc02c5341, &(0x7f0000000000)) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) [ 2043.280358] FAULT_INJECTION: forcing a failure. [ 2043.280358] name failslab, interval 1, probability 0, space 0, times 0 [ 2043.292099] CPU: 1 PID: 23717 Comm: syz-executor.1 Not tainted 4.14.286-syzkaller #0 [ 2043.299981] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2043.309421] Call Trace: [ 2043.312015] dump_stack+0x1b2/0x281 [ 2043.315652] should_fail.cold+0x10a/0x149 [ 2043.319784] should_failslab+0xd6/0x130 [ 2043.323736] kmem_cache_alloc+0x28e/0x3c0 [ 2043.327866] __kernfs_new_node+0x6f/0x470 [ 2043.332005] kernfs_new_node+0x7b/0xe0 [ 2043.335873] kernfs_create_link+0x27/0x160 [ 2043.340086] sysfs_do_create_link_sd+0x90/0x120 [ 2043.344735] sysfs_create_link+0x5f/0xc0 [ 2043.348870] device_add+0x749/0x15c0 [ 2043.352566] ? kfree_const+0x33/0x40 [ 2043.356260] ? device_is_dependent+0x2a0/0x2a0 [ 2043.360833] ? kfree+0x1f0/0x250 [ 2043.364176] device_create_groups_vargs+0x1dc/0x250 [ 2043.369180] device_create_vargs+0x3a/0x50 [ 2043.373405] bdi_register_va.part.0+0x35/0x650 [ 2043.377967] bdi_register_va+0x63/0x80 [ 2043.381831] super_setup_bdi_name+0x123/0x220 [ 2043.386305] ? kill_block_super+0xe0/0xe0 [ 2043.390430] ? do_raw_spin_unlock+0x164/0x220 [ 2043.394906] fuse_fill_super+0x937/0x15c0 [ 2043.399034] ? fuse_get_root_inode+0xc0/0xc0 [ 2043.403416] ? up_write+0x17/0x60 [ 2043.406843] ? register_shrinker+0x15f/0x220 [ 2043.411225] ? sget_userns+0x768/0xc10 [ 2043.415092] ? get_anon_bdev+0x1c0/0x1c0 [ 2043.419133] ? sget+0xd9/0x110 [ 2043.422305] ? fuse_get_root_inode+0xc0/0xc0 [ 2043.426692] mount_nodev+0x4c/0xf0 [ 2043.430210] mount_fs+0x92/0x2a0 [ 2043.433555] vfs_kern_mount.part.0+0x5b/0x470 [ 2043.438041] do_mount+0xe65/0x2a30 [ 2043.441559] ? copy_mount_string+0x40/0x40 [ 2043.445774] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 2043.450784] ? copy_mnt_ns+0xa30/0xa30 [ 2043.454649] ? copy_mount_options+0x1fa/0x2f0 [ 2043.459119] ? copy_mnt_ns+0xa30/0xa30 [ 2043.462981] SyS_mount+0xa8/0x120 [ 2043.466412] ? copy_mnt_ns+0xa30/0xa30 [ 2043.470277] do_syscall_64+0x1d5/0x640 [ 2043.474157] entry_SYSCALL_64_after_hwframe+0x46/0xbb 10:58:12 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 28) 10:58:12 executing program 5: ioctl$PPPIOCSFLAGS1(0xffffffffffffffff, 0x40047459, &(0x7f0000000000)=0x1100721) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) (async) read$FUSE(0xffffffffffffffff, &(0x7f0000000240)={0x2020, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000040)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x4, 0x2, 0x8e5, 0x5, 0x0, 0x0, 0x0, 0x7f, 0x36, 0x2000, 0x1f, r0, 0x0, 0x800, 0x4}}}, 0x78) (async) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) prctl$PR_MCE_KILL(0x21, 0x0, 0x1) read$FUSE(r1, &(0x7f0000000680)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_STATFS(r2, &(0x7f0000000080)={0x60, 0x0, r3}, 0x60) (async) write$FUSE_LSEEK(0xffffffffffffffff, &(0x7f00000000c0)={0x18, 0xfffffffffffffffe, r3, {0xff}}, 0x18) (async) write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000100)={0x2e, 0x4, 0x0, {0x1, 0x2, 0x6, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, 0x2e) 10:58:12 executing program 2: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000022c0), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r0, 0x40bc5311, &(0x7f0000002380)={0x0, 0x0, 'client1\x00', 0xffffffff80000001, "c78796d72ad771c6", "a0b4638c09d2ad04de0abc3d020000000000000006762d0a35a2ca00"}) (async) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc02c5341, &(0x7f0000000000)) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) 10:58:12 executing program 3: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) write$FUSE_NOTIFY_INVAL_INODE(0xffffffffffffffff, &(0x7f0000000000)={0x28, 0x2, 0x0, {0x6, 0xbdb, 0x7}}, 0x28) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) (async) write$FUSE_NOTIFY_INVAL_INODE(0xffffffffffffffff, &(0x7f0000000000)={0x28, 0x2, 0x0, {0x6, 0xbdb, 0x7}}, 0x28) (async) 10:58:12 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@updsa={0xf0, 0x1a, 0xf03, 0x0, 0x0, {{@in=@local, @in=@loopback}, {@in6=@empty}, @in=@remote}}, 0xf0}}, 0x0) (async) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x402200, 0x0) sendmsg$nl_xfrm(r1, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="6c0000001d000100bdbd7000fcdbdf255b000100626c616b6532732d3235362d67656e00000000000000000000000000000000000000000000000000c09a3c48092767dc80ce087000000000000000000000000000000000000000980000002868dfd051fa31ce"], 0x6c}, 0x1, 0x0, 0x0, 0x8840}, 0x40) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000440)=@bpf_ext={0x1c, 0x6, &(0x7f0000000200)=@raw=[@alu={0x7, 0x0, 0x10311dd24cde921c, 0xa, 0x7, 0x4}, @call={0x85, 0x0, 0x0, 0x36}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x1}, @jmp={0x5, 0x0, 0x8, 0x2, 0x7, 0x18, 0xfffffffffffffff8}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x4}, @alu={0x4, 0x0, 0x9, 0x8, 0x5, 0x10}], &(0x7f0000000240)='GPL\x00', 0x5, 0x0, 0x0, 0x41100, 0x19, '\x00', 0x0, 0x0, r1, 0x8, &(0x7f0000000280)={0x5, 0x3}, 0x8, 0x10, &(0x7f00000003c0)={0x4, 0xd, 0x10001, 0x80000001}, 0x10, 0x20ba7, r1, 0x0, &(0x7f0000000400)=[r1]}, 0x80) 10:58:12 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180)=0x0, &(0x7f00000001c0)) (async) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r4}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async) getresuid(&(0x7f0000000180), &(0x7f00000001c0), &(0x7f0000000240)=0x0) (async) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r7 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) (async) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {}, 0x2c, {'group_id', 0x3d, r9}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r10}}]}}) (async, rerun: 32) write$FUSE_ENTRY(0xffffffffffffffff, &(0x7f00000006c0)={0x90, 0x0, 0x0, {0x0, 0x1, 0x0, 0x10000, 0x7f, 0x3945, {0x1, 0x1, 0x9, 0x81, 0x1, 0x357, 0x891, 0x20, 0x3, 0x8000, 0x7, 0x0, r2, 0x6, 0x1}}}, 0x90) (async, rerun: 32) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000780)={{'fd', 0x3d, r7}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r8}, 0x2c, {'group_id', 0x3d, r6}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}, {@smackfsroot={'smackfsroot', 0x3d, '--\')%{-##'}}, {@fsname}, {@fsmagic={'fsmagic', 0x3d, 0x7fff}}]}}) (async) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) (async) getresuid(&(0x7f0000000680)=0x0, &(0x7f0000000240), &(0x7f0000000280)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r11}, 0x2c, {'group_id', 0x3d, r12}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r13}}]}}) (async, rerun: 64) mount$fuse(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000100), 0x80, &(0x7f0000000280)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {'user_id', 0x3d, r5}, 0x2c, {'group_id', 0x3d, r6}, 0x2c, {[{}, {@default_permissions}, {@default_permissions}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}, {@default_permissions}, {@default_permissions}, {@default_permissions}], [{@subj_type={'subj_type', 0x3d, '/dev/fuse\x00'}}, {@rootcontext={'rootcontext', 0x3d, 'unconfined_u'}}, {@pcr={'pcr', 0x3d, 0x38}}, {@measure}, {@pcr={'pcr', 0x3d, 0x18}}, {@obj_role}, {@uid_eq={'uid', 0x3d, r11}}, {@subj_user={'subj_user', 0x3d, '*\x8d'}}, {@smackfshat}]}}) (rerun: 64) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) [ 2043.479323] RIP: 0033:0x7fc09e230109 [ 2043.483012] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2043.490696] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 [ 2043.497943] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 [ 2043.505185] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 [ 2043.512428] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2043.519675] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 10:58:12 executing program 2: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000022c0), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r0, 0x40bc5311, &(0x7f0000002380)={0x0, 0x0, 'client1\x00', 0xffffffff80000001, "c78796d72ad771c6", "a0b4638c09d2ad04de0abc3d020000000000000006762d0a35a2ca00"}) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc02c5341, &(0x7f0000000000)) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) 10:58:12 executing program 3: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) (async) write$FUSE_NOTIFY_INVAL_INODE(0xffffffffffffffff, &(0x7f0000000000)={0x28, 0x2, 0x0, {0x6, 0xbdb, 0x7}}, 0x28) 10:58:12 executing program 5: ioctl$PPPIOCSFLAGS1(0xffffffffffffffff, 0x40047459, &(0x7f0000000000)=0x1100721) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000240)={0x2020, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000040)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x4, 0x2, 0x8e5, 0x5, 0x0, 0x0, 0x0, 0x7f, 0x36, 0x2000, 0x1f, r0, 0x0, 0x800, 0x4}}}, 0x78) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) prctl$PR_MCE_KILL(0x21, 0x0, 0x1) read$FUSE(r1, &(0x7f0000000680)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_STATFS(r2, &(0x7f0000000080)={0x60, 0x0, r3}, 0x60) write$FUSE_LSEEK(0xffffffffffffffff, &(0x7f00000000c0)={0x18, 0xfffffffffffffffe, r3, {0xff}}, 0x18) write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000100)={0x2e, 0x4, 0x0, {0x1, 0x2, 0x6, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, 0x2e) ioctl$PPPIOCSFLAGS1(0xffffffffffffffff, 0x40047459, &(0x7f0000000000)=0x1100721) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) (async) read$FUSE(0xffffffffffffffff, &(0x7f0000000240)={0x2020}, 0x2020) (async) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000040)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x4, 0x2, 0x8e5, 0x5, 0x0, 0x0, 0x0, 0x7f, 0x36, 0x2000, 0x1f, r0, 0x0, 0x800, 0x4}}}, 0x78) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) prctl$PR_MCE_KILL(0x21, 0x0, 0x1) (async) read$FUSE(r1, &(0x7f0000000680)={0x2020}, 0x2020) (async) write$FUSE_STATFS(r2, &(0x7f0000000080)={0x60, 0x0, r3}, 0x60) (async) write$FUSE_LSEEK(0xffffffffffffffff, &(0x7f00000000c0)={0x18, 0xfffffffffffffffe, r3, {0xff}}, 0x18) (async) write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000100)={0x2e, 0x4, 0x0, {0x1, 0x2, 0x6, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, 0x2e) (async) 10:58:12 executing program 2: ioperm(0x6, 0x0, 0x9) ioperm(0x8, 0xb2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) ioperm(0x4, 0xff, 0x4) r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) read$FUSE(r0, &(0x7f0000000680)={0x2020, 0x0, 0x0}, 0x2020) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r4 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) ioctl$SNAPSHOT_SET_SWAP_AREA(0xffffffffffffffff, 0x400c330d, &(0x7f0000000240)={0x3, 0x4}) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x24801, &(0x7f0000000580)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r5}, 0x2c, {'group_id', 0x3d, r3}, 0x2c, {[{@blksize={'blksize', 0x3d, 0x1000}}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) write$FUSE_NOTIFY_DELETE(r4, &(0x7f0000000100)={0x2b, 0x6, 0x0, {0x5, 0x5, 0x2, 0x0, ']-'}}, 0x2b) write$FUSE_STATFS(r1, &(0x7f0000000080)={0x60, 0x0, r2}, 0x60) write$FUSE_STATFS(0xffffffffffffffff, &(0x7f0000000000)={0x60, 0xffffffffffffffda, r2, {{0x3, 0x80000000, 0x3, 0x8000000000000001, 0xc56, 0x2, 0xffff, 0x7}}}, 0x60) 10:58:12 executing program 2: ioperm(0x6, 0x0, 0x9) ioperm(0x8, 0xb2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) ioperm(0x4, 0xff, 0x4) (async) r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) read$FUSE(r0, &(0x7f0000000680)={0x2020, 0x0, 0x0}, 0x2020) (async) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r4 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) ioctl$SNAPSHOT_SET_SWAP_AREA(0xffffffffffffffff, 0x400c330d, &(0x7f0000000240)={0x3, 0x4}) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x24801, &(0x7f0000000580)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r5}, 0x2c, {'group_id', 0x3d, r3}, 0x2c, {[{@blksize={'blksize', 0x3d, 0x1000}}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async) write$FUSE_NOTIFY_DELETE(r4, &(0x7f0000000100)={0x2b, 0x6, 0x0, {0x5, 0x5, 0x2, 0x0, ']-'}}, 0x2b) (async) write$FUSE_STATFS(r1, &(0x7f0000000080)={0x60, 0x0, r2}, 0x60) (async) write$FUSE_STATFS(0xffffffffffffffff, &(0x7f0000000000)={0x60, 0xffffffffffffffda, r2, {{0x3, 0x80000000, 0x3, 0x8000000000000001, 0xc56, 0x2, 0xffff, 0x7}}}, 0x60) 10:58:12 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=@newae={0x2108, 0x1e, 0x100, 0x70bd2d, 0x25dfdbfb, {{@in=@private=0xa010100, 0x4d3, 0x2, 0x33}, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x40, 0x3507}, [@algo_crypt={0x1048, 0x2, {{'kw(aes-ce)\x00'}, 0x8000, "9d78ec26a5ef6a153b259a0b025fd54f1ca5df8521ccac039dff6485a2a74bd2ce70eed56757791343845c9df6497f80cc3bd9c823ae0f9947465c49420a8191770ff771544cd07d10b9a12d7df85d30ca48f85c4efa0bbff338299afeb716593167f99e6a2bb1a28045191b1833ff54b52593797ea7d1bc20fdab40c7231f08983e4ed7a1502b65a72fe9781f99e0c09051433a0db481a55d51d13b975cf239ea498b0dae851d99a57e45edb1fcd1b074c0c160a890af1237ff2e232ea18f399c4cc090691d64cbbbffa733c9609d5f92e3626432ed878e0e37284726c6dae3d3ee6bc9112f08fbadac40b53924ccb9d4652fba68750367e985df7fdc43f9810b0288b8b580302fc87c576db8f7cc703d91843e8f9a42b7f1c4d1dbeb1965275232c49fd27c1fd77e25f46ef7997d8cdfaea5acc308d358ba5481b0f1badd4bec9cf1f423b448eb89be7070152c454f6451f8325e170a7b2c89b056969995488b6e969313851c2e4b388376a92df2251bbdcf50f8d56dd8e7d0baac9ce732e9bc2c4e353a9d396ddf04756dede5e24b066f12722530e06b1c3930bc0d2f58112a9f617d872edfbb9fab3ce9da84c276f47f9e5ba08f9a19ba66198135d1d4388df48fc9d1c34366673a3bbf8146473a26fd01e1a9b7b2faaf27d986ca6132f804e3c270d2afe2f98ff8d4526bdcdd14738653f83fd62d5767045878bcebc9545617890e7368e7a32f8315237718eebbfc84102f09578177a3985c147dc217c0c01f28f9ce095eb269a9186fd30c3e7dc9faf24f8df1353b2c362030206a5be5b28747c4f3f275539371095c1539383653a3fa9c2b8224a8991cd3452ef0cfe3c851779d22c82d45a1c795b3b56ce8b2ed6af3b760bf88b92eb0be251ef400c195099236a872e9b15d446eb1f61b67fe2495f572e44a3781b43b4eb7776f76595bfde166bef5adf124be66aeb46b60235a23fcb07892eed2f3c9463aa0f1ddf3dded1d088752311a5ed38131b43426895d216d0e71a37f6464137b02e2a04edf7974d5a331d41d5a2a989ff81faa21c349471dcf2454553f4b60346bae5e15c85eff93027d5c6fd3d6acf109758d9b3e151878329f227a1fa25ea743c506528a07bd157a4c6e223d764bcc26751a21aaa423835ae756986dea91f03e35aeef116c34c3037e96ece2e76cec5955ed24304be241b03af7595fd973f1e6a00fbb4438dc5caf1c5bb1ed24f1898c3dfa610d744c8f063864801e0a72a281cd1a943be4b20ac634809707df221eb6be9b81e0703bb6563f7bcaa306def4606bd466539b168a18272d35c04024ac63e4bdbedbab5330407ec971da7ad514fd4749b3eb91f0b70f3594c0390b773fef689316f8b1ad3e16def42b19eb19801e18e71ee2b5ac56a7abab115f68d98169e7c5eb554f8be7fad3123f3a935b54ad2878bc4b62abc5a4fe040ff5eb87490fef71d50947fc5a349218752a39ef2d27db49c52933a5e149f5e289e25add1d28890c407888099ebe32ff68d2644fd19787a712258d66945609c94f2765bee45c1b12c26298bf2c02d9acee54e740e5a8441f417a47d4f0b418229a89e3ee9768fe8fcab8c8490b65079ed355858005064e54bb212d9d465e109717eac723e1768d0b985d35d70297b869bbc33dff533f201a813367b8ffa948b5cf5e150f3b0a9aa30abaf795b2b59b4bd5cfdd136ada54b3a0872c22f05309ab0f13a21089ca6a30fca15584a817cfbe4eefe9ca9c5de46955ac0244e4e688c7a5885d59ca773980e64278aa1e3bf1e32cc59bb791f9d85e1e475231f1a5f0810364f8fa090818889b166f5f5b3e37ecd703be31c1ea00cc65b2f76505e186c432d4fdba20e25b01d3234aa0b353ed7547edf5d5df00c8d8ecb9ed5eaccf934f59936a0448f041a86a5c6daa36b8ab5e099a87992a93bb30da20622cc2aa5e497fc400d84a5b35e05d5693c0078fd693413ce88a315c6f5119d275ddc357d42adb49a052a67a2170fe6044b1f72db4a804017cb86217247d1d0491f8db812ea54ca3302a58a82c444acc15a8683aa0a214a8d107f5db1955e843965345ce104c38f9c066a0a7d5b5c115d3bc2929b78aca1a85449156e5fe6be0545f4adc9766c52d1108805bf96549c5e7b89a2362536bab6751b9364ba0d4825802c3456827a46cea471a75b6973ac99a8371706e625c7e3a0df85152cc732d07266e90d2f825e37afd202a7d16c51660357ce4d6b2dd1ded7ed838ca7ae488cfa1485ffeffd4b0c7773fc7c5b42d3c45d45980e1d389edeebfb27069fef4cd07324f34bdbb53f421d0a81904903a221dbc6054c2d473b9b32dff25a5fb0990fb740afc725f759c1a06b3ba69afcaa2db149cf6573dfc409972e92d2233968cc6d80800f604cf6abf60157d2ae7dfb5c4bdfab52d1cf933e316d39cc76dbf92a1065c805d3b2cf8966970f46ae40db08ca2b94d6de3a2be79c56deefc91d7efb2191a39c0ce74923d67bb1f627d5ba0b856f70246532a032c6447a1767a98b07de762e3d831b181bba35b53da555bcb180bb85e903ef7818054226f29571e66ec8bd67b1b7d75fe8ec4d762814f6ec9b2b03e3d4e21e70fae175b0493d3c2c85a441c05ab7b3a3b76b8f512b9b1bc5c33eedc3a422ac46f6758701726e4fb806d367a4901e43882e8f8c8cbf90515632c6270862095be1125e3baa8e66a433187229ee718f4a87173d3105b27781e5431afc7f771ba4c6b72fa067c935569b80088e32f45b0d06745e2632bd68d900336fd91b35fff9f5603e9f4d0ae050841e2866859feade0f90b2d71087d25c45252a89633139e771482c7c5df4684b6838d50fa8d77492d431020408e5ffaf11ca0aa46cfe1c5cff14ba07edf9c8082ed9893d726a892f75a2d850d73e6c047ae59e5210385edda8388b07f75a9c299f21e5ed9c9abc837b7e720fcf824eb6df12215b48e05e697fb43201bbd61ec30c329fd8cd6a4134ef8182f73546add98a980f4677e581727a28c30ee41b38d33155ff7334562e697afb781ce26af60ae9603dfa6e8ac5d62738fe04a1b986c321c8a9bf3437e4679390f460e38bfac80a3660406759af61196f04c0cdbd60c01eef67a0ec6f6466a13e2b1c2cb31c091ae8c5908c503cf9ebf26f753cc2aca5a973686314f6eb3f4c027ac03f961e82725fe43db2a2e726694270b53160487b6c0c75da50993893b921a36822f8e10269297294651ca7489c7b5fa4d62c2f586b8f5a9aa3dd4b12f8f52601ea9c67c3546ab93480542a1c5db700022d5e1a653e8b4b5667e3eb2e570ecf8a5ea59b6722594d8ab46ad4e87b17d550ff88afcda200b3d4e755c7978d562fe3f7d3bbc8de8192100d329cf167b5d5fd1e9ce028d1690e3d740b00a98e245e884c8970f584c201756c48359671703d9f0f87ecdc79a21da5ac266215bf1376743cb6a0636e5ccc8d94164655627516a4ba10b8174dbe78209b2f1d531884ee65fc58c926935dcd2b451f1bbb6d16c53c9e9af2d41ffe507a309aa3b5186b7efc24cd13f2e87faa70c52e52dc51aa4e255e963a41aaf489d2af31fd6e4da6737677b8f22dbe86f8f5417c3dff5ad8c20b21585f8c8271a7a598c029bdccfaa182623ef52f9bdb6875c0a3c730733794631cdaecebe17cd13ec47b2239ad109e2099ffaa5f9a6914be97a1db5c66838b2d7eb6e0f3900768e652390da9198d2bde36ef27c187bca510d303a2c6ac375e1dedcfdbdaa257bf147a865212944016ad3b7aa15b1e6fcb2e65d2d8a8e2193c45d2d8a300177aafae1018dbb114f37ffd215e3ebbfe9afd6685fa8fe1c9f115224a5b89aca5fe2599f7e55b35e6e56c4bfb57ea42bf5cf4f0162ca1877bdb83d271353c0a8c82c10181738886a6d533b7978495dc344de8cf04f670daee067010a5ab9045bb823edea8b985e67d561b21b1496e44780b34f12c5ea306dd42774133d889011d1627e564b5d2df3d75e4eece3d616a6558123405c5ba05a02c6fde450ee49e92f43e7d6cbbd31342fdf7c3f92b5d6f4bd5aa83d1ab918b7c1dd5df80d26b166c10337547c035847e19ebbe266fc95a1d029bde0309719a246921f1fa56379340e24758fe1e16abbbc24948aa458330455b9c4f68a492afc9a45233fb55efdfe669c6231240f13fb7b1a39aeb6e4fd56964f56418e50146d8ea446f75c11be0bca27fe4bc5d921d37f9d51d060624682e380e22cc94d6c2ebcce27ad8eb80cbabcd8a790b16d63fbbda63d05be22ac0cc9e082d49c70a09f6e474433f84611f7e51f394e5671c3fee648abcd7461efe92881fd2f4ff1ee85b83fac5427960abf2f03bd02049a1bb9bcba863a9fd0f1c5eea417d0470713ff602a28379b1117168c5c242dea98ad2611f2894ab6901cd1e4d65039bcf9834bd8123566a336cf853d5b859b5cf19ef31ff944d887300299d550584e175cf906d40251d1675ec4bdbc4b8249e2cb73e84c5eb9430ff75c37eb95817fcb54e99d340355613973174bd168a60ba8aee3fc057c4ec33a5b58a490b186dd4fdad67b342ef2241dc61dfdcc25b579d169e1ac3f4c88b5ead82a39d61c342e86f144e449617b2ece1e0c6cfed4c88a91ea77b02f26a2df57a369f3b76fbf05be3cfb848f82036a90ee2324b7c4c184615782f0d76e195917e405faa7bb8798f7548e6210386d50860f2b4ecc81217b8402505ddc7dff62d3cbc2008f7e0520cc1c11d972f9e1998d6079b9f2febc2e09cf7181529ba4a081f9d45cf4184d7494f7468e8e13fce403bbecd5f4d1c1dcd21a6058ac8b2d4afc877e50398c6e4a858d5f721a930c82601842d4fb54a6a3ac4550d06422ee35a77d051a3edf8bdfa5832576af49430a3259e18c7bd26c4c3dfc88197db142e7170f68d4a679a6c0c5c166a5d962755ceaebc119a7c70502e1a722b81aef105821b368ee268905e511eb0b273f5f6b2d18640d385e4bab1510f0ad0109ddeb208701226125c3ca52d4bce611f55366573e55a2cf9019a0e315d137779ec831b94e8d44b9730d0550d475c410941e65766bd5f0d021a5074d7218280dff6208cdb2cc920fcfaeaeeac9f1310c2b042b8d1bdf867fd8370eb78d2f18cf7fafff9fbb396c429a75d2599fa96fe0c897cf9de792f0b97b2d67a3e557f62cd639e07145f2a51457f20110cdc19f199859df54e00646ad54f78f72e4a1461b2ca1ceac5351de30781224eeaabf44b0fb8d5a8a46bf949277630d767752aa37693894f99a4e2ac562cb0c2845c148612bb217e61ee795a5302b1502b263b5859e1e3bfd8ded85966aff161d5edaaef6ba6bc077b7e570243aa9d3e7b085d45786f8a27b25759cf8cedfca776af98ee2045e3f25949e4cf3c9cbce7300b7b9ec8e4417a0b296f9338116f7efbeec4c6ba591ed4e7f6c8b11de2986d7b9b621045c1cd3504e960fc6ed56d48d3fb6fd716e7b90d7ebbe3891e4973940d440a26133cde4833185d23dee973cccf389b4a7518219908edf5d23075cfa33b02199474ee2f1e681ed8d987503c65ef873b907654389668171417196786d86121d1e7c9797bbb220a307d62c59175b8ef67ab8150e3b5b0ccc0bd02e35412ebe1c40974ca02ddb831b1b88aac4d7a16ebee0384a651c97b586241f9723a7df42a619f4ec59fc136d9c37cf329e769b9012d5cf19aba09c15cfc180eb10a3c262afab1219a9a068f5bd00af04c689786bd6fc83a1c903d5d4060117cb3a2c0874f2120b9347465634fc73f36c6f8c9435675c924f04a1028c73afa1fa"}}, @replay_val={0x10, 0xa, {0x70bd26, 0x70bd28, 0x5}}, @proto={0x5, 0x19, 0xff}, @algo_auth_trunc={0x10aa, 0x14, {{'crc32c-intel\x00'}, 0x8000, 0x80, "4f5a9b17d80d1f5d54afea0dfdbb5297b4992422d9d45563578e7b529e2b005370823c681ed299d1310caccfa875322e66b4585cbc71beaf3e7c5038762181b9696e103b331381102044623677442a4980c225d792a622e00d3b10a58ba7c5f96815aef795790fa646018ee0d72efc092e1b3d156e74d597b61268bdf964ebb6712bd7628a5a9b7b11983375a0e2bfb14dccaddd1ab4498cc6c2105b3cd62d0271e757f3eef4003a9310ff4e82a75fa69f7434e727894f7713113c00cb150d65bc35c39d23fecc63e3d76271c9bc533ebdab2d643dcaa2a31e81723ef7eaecfbb08a012eef110a19a111a378b245d75fd21b2da1f4730c965b6eccbf1d961c635906436f6151549d4ddc11d6de0ccfbc658f7f30b62500e9282322ebc5b6a8e1dccc3ad6b8d207d6794e7e393eea96a6e45dd1bcd5a9e378fab7e36685ca798e4b3904a6f3cb37ab05120a90ef7493ef34f945fcf96ba565a85985377719a55d176445565c65e310774a08042e404e167c81a53cd7f29c160340343f0171754aeb1f01bf02fb0c4a9b7c706131b26b50fafa9258d4cccc32f47f1e4693be5f5649097fce81218a76e6de1e9f52b68f4311ac4363c0fac52e70d43ebd6ac23fab47cd4fb7024312fa3beab3aabfab4d58cbd9cd7824481e63878bb6a518e2b14097babe9b017599d541951c0251cdba06a6512617feb192f52a44d306275e58f1097384225ef422115ce5e73796191abe2d5cdb1776636920d77ae486c8f1176304abe5b42d29186d59b4b758522248f7e57ecec64a6774025c9227161ae251f25cce6bd3a4315b7f5c094fa62a632bdd579626ba03c23a494571f7897ca67ae24ad0111e0919c8f914926782f3c9b15af63b871f2ab1c83b9ff39ca62f2f93be99b9eac40f70c4cd23b010ddb533a0dcfe437cbd30c0aa4bc6ecb5e782b26cd4bf0b36c56c55dcec7757b5958abd08df196ee01174a30198b1f783a94617b0f758bfa4d8dccfa00b2fffb416eb67cc6dc685e2bd2cd7dac80da4a8ac0faa62bf84a23b57d2c0c42ffbbb005788d794ff0d4598d94f4b02609751f059d97ed02beefe44150cfeeb2506299355ad8605f8653d5aababae6b352398e5b24ca47ed6f3f0faff1642c74cf73aebad431c2fd50e3110237ecfcd37efcbf3ae423e1df982e7acbed854811513000bda5bf242240e896f6046b0c7b7ed29c96d3c47c785e39b06870b585f87255747d6954c63e072c901c7430a02f11c377d2c389bab8e2631123ff1318742891e2ddb91c6d6781c6a75bf6df3e9bf85061696a82fc2ec1503ea6f89686caf5dd17ca45b15a2a0ce05072f3012ba8546fc8f2dae301b1f445fc53d7758b479e2b9fbb2ea942e2d79fefc7bcb79e6a44c643fb68761b2b78dc844e5b9392275457d05da5e7afb5cb916fb0f239ff2b8af19019416e72ede088c1319fadac1e83eb5f1421068c2e1d73161040fd12c5cfa44e7fe18ec324cc6b5f55defbea9a720d643a45e9afc4aafc0681f4734a54ed7aedf0490f45dc690cdcd129917a50ecc0bce447bfc45c44aa8ffaa6f6a4aab5ae7073238b4e44b9792abce5468c2239cd4605f865605f4e2bfb37ceb747836010add10c7adaf678c577d2ef05c785ba6d38fcf4e8192900cf5f75ca76633e4d5b13448bee2b83246873d1af0c97246c9d5ac41f9d40c1a823bbded32c3b2b220555af84bd6f8ec71df231149f90bcf18ad7e82f6608a115bcb7eefee3f93546d7f5f2ae17d53c7e764c30beb8f4709545c41f4e9283db1fa0a8675a56384e861fb65888ccb4fba67f0dc6865008b691065af8c521ec7484de99e87bdfc7272dfc15f375ac1601ba17c0a3ed4afdc5c5baf5ad265e45af9d1a8732135c987b64bc982524fc05981eceb183bdf0b64a009d80568dc25f46a0b28a61c5d9b773c60bd65a7c34c2733c28ebd0ba85b9050d5ed3db5b83dac4a88f23e577dc09ee5bc8287ac03052df9e4ddbecabfb2c16f71edb7212cf683bd999c7bfcfebd9467279a82d20e6c7a1478b8b4d0b1287b47e5e08b903b0007c6bbb5e783cab880606f9242e988c059f0b588c3c945914bd709682bf045aeb76ab572a7671b4bea280795d9b71ea1eeb1436d0b702176821d729a5af0f1b7f56f315c2430ffd54fcd0f6af2e924ac1453b4e47a10de1212e2bade9fc19d2f6b1ec06e200d7a2086d166a0925dbc6d3e0ba7122615e07276542bda7449cc89eeda1a9df7d5b8ba5429c09a66e234189ce8c1168e2c5b573fcd3451a3e1cd4a1d1398e8fb3cdad1c414ba0b6d1b4f0a04fcf71e42a0f61e84b6f151007510862dff652493cddcd5b78b95bcec55a2eb8a72ff7d502d152767bebbff27e546004fddba4dfc06ff6401981e51f148168abc138a66af1513a3cc6173f5dffece5430c4bd7763233afcd4d62eec12c3441f4b9f5966843cec8ddb1d35cff2c9408eb53cb06904af3ebdc84de1e778f39df41643c233a098c393a791fc97652839b032faa63bcab2d6555a57cea7e219d3aaea3cf76f7615fa711b18a2bcacecbd30c6968f72d2acd390c4333814d7eb98961bddfee380690686f09e7ee52289bd467f9ad72602155574c6e3d48a0555c61f50d53edda9e36500c3a886028f4f0a72c996f2478c348fe040a1c89ad930ac1d0585037451603c663bd5796997bf3a165351e696a6009d6891637751895b3670a1ce7b6f63677db932133af08f523afce45c1b739f86f79cdeb2883e5276a69f813cc8d289db1264050a7123b9ce6e0af4c83c31830cb18be02d1ed89ca34af687f3537b820c7fcb4da9c36ba1cb01f169d49198be02fc8b72979fbc7cf5ce6d87991a6e33c361ff2d3a3b9909a5e921b2afe03e2f9f5657fbcf2b7f697495b3c5aab35a0b7cdb529d3f385a371e19da71a5f2dff241cd7bd18aabe5a634ad17217c1e533c183e1f68ce9c63041c9a4f00d14fa54a9bb5f1aff733589c402aacf8c208e396248bd892397d2e7bf60dbc8f8232620ea8b8b4cdd31379ebb3fc1ec57e7b6c586a46a2c2fa7f685b765f183cc5f42381cb81c237a1750bc7542c7922fa640dac877213bdbc3eeb9a55e4254bbc6c73441c22d1e3f2aea0d3c36ad6e5a572a99ffbdd376912032b2020c1c3b31925c40e63add678c015de3f08d87207ece77fd1792b3541d27e1f4dac2978f6ed18e7485fe23756e265b0c143b78b636952e2c5d42963492e97c6a2c3f61e4a41e71674322862984b8b2de21f2fa6353d168f53434222b86ec40b7d38c8c6788322167e4678b028cb2c4b1d7c3d6579ca0c761bdfcea898065a9daee6c36254d1e523027ad5076d4ab61456a210b093c305f03e0e2f5d82ab8e9981d5f15da69efdd3966d7ae53061e060474ea0f8f886f1a9780819d3cd7090bf65a9e4c2b455f04e192cfb0bd6fb0f5653f30d7bf53aa9748c87527160b6869894859bab14fa20672202fb39f691474341617535fb89991556a91ce57969f53df0dd36336dd7edfedd2fdb1ed832acdd5bcc3dc748b68e76254bc9e8acf129ad9d7a1e2bc4ed828d7f6fe2bc99b923077b841dcb47725c7b4ec519144b91d3f502fc409be77fdcf268bd700716d26ce93d4863775b131470f286962e6d0a6f44fb5029236f716e999c05cf2250d74661aec82f50b9cbffa523fe11c559ec37ce171f6da7390b62ca78186a413f37c3d6937c534afc6e4019e7647a0341a8e4bfb940c3c3607301358f94662a2cae2af80e1689b70859f9084f71bf172568bb187e6129119deb66e4eb4583eb5e785536f412c0063fd3a92c66584b64d9725f1372ed430e4c45e0f31042790168940f23d8bf31936d1cddb78cadda8e7274c0c23a4f1d04b82eeca8bd0e5eeab98ce3e0f1edfcfcb1e844456924d19e19589a0853bbe5798c3cd90f42a60e018921fcf101caf4412628fb2e15f1829f78d7a5bd5d60a96988b3e5a0977197fc07f932a6b86cd325405a287ced46f4da1a1afd8c09fe0c169180d723d49f5d0eee83e9ae4dd4c3311056f04013c73a11f4cef7940ed840253dd1b24704053568a8bf9cf912ceaad0108cee289fa27cb46fd6fe6599899b9e8be384b54c10c7134eccd5c7dee8e7f80176035578d2b71e99f0baa830d6dc023a2a70784ec721e7e352b3d994bcc6a3dcaa6181c4baed1cf1b815031cb77514d724f7aba73b5fb8af8f86b6b5839ed6d152361f013f9ffcadf72e90f9ca1cd7316bef732406930aef53d50811db47168baad764b0d6e22b5a494c488ad5afb151a2375e72652fa79928afeefc6136dbb435b1669794176fb70fb990769c75083b47901d30112b7931bf1be71ed295a4f321c83b4ab4571065fc372383efa040fd2e5906abc865cd0dc7f7595947c555cc1ff7fc6e9d8709ff183086296c00871f93e470aff583d3ca17d672182ba487979a4d010d1d1a81fa7bb49ef55269924fed7e57e610aa9286dbc03caefc01f6b2a053773ce23e351dbd11d118080c56696f109f5a48f407f6e05268705f2796cd39cf9376608c7bd31b20caf8026300af3f74da9a2ffb2d54b58fa88070017183183ede10213fa061934f40f67847fe4ad387c6b3676acbabd7ef3ca7828125312b733ee4e31eb972aa6c54693aede501f18fc3aa34c141a3af7f405b4bdcee84facf9db6bdc9091af93b21db3f6f83219529c1a810958003c732924fa830e32418ff1cca0b9f9eedf18255363cd74ed2dfc9854aa99e109d48dd281080eb52294274c22b7c677e25a7cf4b153ec15292a62f39a37c9e112bfc0932511dad27b01ac1f9623295fbab6fd534d2c2952c3b7c3ae573a41a217a2c216d0ac878aaec78696b9ddbeac4ad8468c93aba13937789c3271699f12cb8066c5ea5db3a1cac5aaf23669559e9d6ee746041b18565688081d498acc8353b6f143299a3d2738c9d68147d16e36a04521a29321b0f8d5408cd8aeed7348d6d375b2e28dd7048754e2800986b8604bc658020138484bc4fa1a3c20606cb010b2684011030ddc98f6373537d9750b3fab9b39cf8d060b4137ba676d915767899a0aff1a57a1640d557b42b01480d427831582b5c6c80624e148b24235e158ef1c3f993317e5362f8aa447a5c2dd5f959e99167fec0313cf460a0e6285b2401a6d495ccac4b1a7588430dc6cdbaeb5621e58c80cfc625e86e4037f20a8dabc7bbc657f3066867884e03b8859acab57f1eb150a55cab0976d8457f143403a8f78ca5dec211000fdfb26e8631c59ea3f145e98d95caa56359b090cb5f18e9682300ad608d8ce5381cffb5828ff2b32dc2b0ef0d0a85023522600af54e2427a96a46c48ec8263412c12da87f096d2d0d524b7e0873363534dab785ee82488d737de40ecdf07f3a1a52f61f34192293819e1c2cf17d0373308d09043e0d8278c5a4688962330cf941e3cc515ab69718b6d80ce8e1a66aed7861135c1e68936b14b81a676effaede91b18dc2527007411788395e1763ce1e635553876deeaf1e6e78a8d92aedb2daaeb537c3fd57a4f1643efae2f6710c1bcf3b0ab204b5d7633bef1e5377dc28ffaa49016e5d02fea92b99b83d1b8e30deb639671889022f38da53c8fbda602547fd32b84d08aa919b81ce9f5cf1f300d253a286e1a729ae64afceed4f1bdeb278cc137471892d91aee51393d5e1334f211274993a9bf5340cd4a7efd15d18d3feac219bca7692290feb56efaf8ec98339c78a4af0d095a35e5ac558b7ddae4f7152e03567a95418a1764a6b586e0fa1049f82d377f4cdc6ebc8bd0d315e8a20d6e7bd2b71"}}, @srcaddr={0x14, 0xd, @in6=@empty}, @proto={0x5, 0x19, 0x32}]}, 0x2108}}, 0x0) [ 2043.752449] FAULT_INJECTION: forcing a failure. [ 2043.752449] name failslab, interval 1, probability 0, space 0, times 0 [ 2043.764459] CPU: 1 PID: 23774 Comm: syz-executor.1 Not tainted 4.14.286-syzkaller #0 [ 2043.772331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2043.781665] Call Trace: [ 2043.784236] dump_stack+0x1b2/0x281 [ 2043.787844] should_fail.cold+0x10a/0x149 [ 2043.791971] should_failslab+0xd6/0x130 [ 2043.795931] kmem_cache_alloc+0x28e/0x3c0 [ 2043.800062] __kernfs_new_node+0x6f/0x470 [ 2043.804329] kernfs_new_node+0x7b/0xe0 [ 2043.808205] __kernfs_create_file+0x3d/0x320 [ 2043.812610] sysfs_add_file_mode_ns+0x1e1/0x450 [ 2043.817262] internal_create_group+0x22b/0x710 [ 2043.821829] sysfs_create_groups+0x92/0x130 [ 2043.826187] device_add+0x7e5/0x15c0 [ 2043.829881] ? kfree_const+0x33/0x40 [ 2043.833570] ? device_is_dependent+0x2a0/0x2a0 [ 2043.838128] ? kfree+0x1f0/0x250 [ 2043.841474] device_create_groups_vargs+0x1dc/0x250 [ 2043.846479] device_create_vargs+0x3a/0x50 [ 2043.850698] bdi_register_va.part.0+0x35/0x650 [ 2043.855262] bdi_register_va+0x63/0x80 [ 2043.859136] super_setup_bdi_name+0x123/0x220 [ 2043.863606] ? kill_block_super+0xe0/0xe0 [ 2043.867730] ? do_raw_spin_unlock+0x164/0x220 [ 2043.872206] fuse_fill_super+0x937/0x15c0 [ 2043.876332] ? fuse_get_root_inode+0xc0/0xc0 [ 2043.880719] ? up_write+0x17/0x60 [ 2043.884146] ? register_shrinker+0x15f/0x220 [ 2043.888529] ? sget_userns+0x768/0xc10 [ 2043.892396] ? get_anon_bdev+0x1c0/0x1c0 [ 2043.896431] ? sget+0xd9/0x110 [ 2043.899617] ? fuse_get_root_inode+0xc0/0xc0 [ 2043.904000] mount_nodev+0x4c/0xf0 [ 2043.907523] mount_fs+0x92/0x2a0 [ 2043.910876] vfs_kern_mount.part.0+0x5b/0x470 [ 2043.915364] do_mount+0xe65/0x2a30 [ 2043.918886] ? copy_mount_string+0x40/0x40 [ 2043.923102] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 2043.928101] ? copy_mnt_ns+0xa30/0xa30 [ 2043.932040] ? copy_mount_options+0x1fa/0x2f0 [ 2043.936510] ? copy_mnt_ns+0xa30/0xa30 [ 2043.940395] SyS_mount+0xa8/0x120 [ 2043.943825] ? copy_mnt_ns+0xa30/0xa30 [ 2043.947689] do_syscall_64+0x1d5/0x640 [ 2043.951828] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2043.957000] RIP: 0033:0x7fc09e230109 [ 2043.960686] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2043.968371] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 [ 2043.975618] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 [ 2043.982871] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 [ 2043.990120] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 10:58:13 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 29) 10:58:13 executing program 2: ioperm(0x6, 0x0, 0x9) ioperm(0x8, 0xb2, 0x0) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) (async) ioperm(0x4, 0xff, 0x4) (async) r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async, rerun: 32) read$FUSE(r0, &(0x7f0000000680)={0x2020, 0x0, 0x0}, 0x2020) (async, rerun: 32) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r4 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) ioctl$SNAPSHOT_SET_SWAP_AREA(0xffffffffffffffff, 0x400c330d, &(0x7f0000000240)={0x3, 0x4}) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x24801, &(0x7f0000000580)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r5}, 0x2c, {'group_id', 0x3d, r3}, 0x2c, {[{@blksize={'blksize', 0x3d, 0x1000}}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async) write$FUSE_NOTIFY_DELETE(r4, &(0x7f0000000100)={0x2b, 0x6, 0x0, {0x5, 0x5, 0x2, 0x0, ']-'}}, 0x2b) (async) write$FUSE_STATFS(r1, &(0x7f0000000080)={0x60, 0x0, r2}, 0x60) (async, rerun: 32) write$FUSE_STATFS(0xffffffffffffffff, &(0x7f0000000000)={0x60, 0xffffffffffffffda, r2, {{0x3, 0x80000000, 0x3, 0x8000000000000001, 0xc56, 0x2, 0xffff, 0x7}}}, 0x60) (rerun: 32) 10:58:13 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r1}, 0x2c, {'group_id', 0x3d, r2}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r3}}]}}) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f00000003c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {'user_id', 0x3d, r1}, 0x2c, {}, 0x2c, {[], [{@subj_type={'subj_type', 0x3d, 'fuse\x00'}}]}}) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r5 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r5}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r6}, 0x2c, {'group_id', 0x3d, r4}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) read$FUSE(r5, &(0x7f0000000480)={0x2020}, 0x2020) r7 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x600000, 0x0) ioctl$PPPIOCCONNECT(r7, 0x4004743a, &(0x7f0000000100)=0x4) getresuid(&(0x7f00000024c0), &(0x7f0000002500), &(0x7f0000002540)) 10:58:13 executing program 5: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) ioctl$KVM_SET_PIT2(r0, 0x4070aea0, &(0x7f0000000100)={[{0x101, 0x1ff, 0x3, 0x8, 0x69, 0x7, 0x8, 0x7f, 0x80, 0x7, 0x18, 0x1f, 0x7}, {0x6, 0x6, 0x4, 0x3, 0x8, 0xbb, 0x9f, 0x2, 0x2, 0xfc, 0x18, 0x5d, 0x3f}, {0x203, 0x400, 0x1, 0xdc, 0x9, 0x3, 0x7, 0x58, 0x5, 0x2, 0x9, 0x2, 0xb8f5}], 0xfa}) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000000)=0x2, 0x4) 10:58:13 executing program 3: sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x38, 0x140b, 0x20, 0x70bd2c, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x4}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_RES_CM_IDN={0x8, 0x3f, 0x2}]}, 0x38}, 0x1, 0x0, 0x0, 0x40890}, 0x800) 10:58:13 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=@newae={0x2108, 0x1e, 0x100, 0x70bd2d, 0x25dfdbfb, {{@in=@private=0xa010100, 0x4d3, 0x2, 0x33}, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x40, 0x3507}, [@algo_crypt={0x1048, 0x2, {{'kw(aes-ce)\x00'}, 0x8000, "9d78ec26a5ef6a153b259a0b025fd54f1ca5df8521ccac039dff6485a2a74bd2ce70eed56757791343845c9df6497f80cc3bd9c823ae0f9947465c49420a8191770ff771544cd07d10b9a12d7df85d30ca48f85c4efa0bbff338299afeb716593167f99e6a2bb1a28045191b1833ff54b52593797ea7d1bc20fdab40c7231f08983e4ed7a1502b65a72fe9781f99e0c09051433a0db481a55d51d13b975cf239ea498b0dae851d99a57e45edb1fcd1b074c0c160a890af1237ff2e232ea18f399c4cc090691d64cbbbffa733c9609d5f92e3626432ed878e0e37284726c6dae3d3ee6bc9112f08fbadac40b53924ccb9d4652fba68750367e985df7fdc43f9810b0288b8b580302fc87c576db8f7cc703d91843e8f9a42b7f1c4d1dbeb1965275232c49fd27c1fd77e25f46ef7997d8cdfaea5acc308d358ba5481b0f1badd4bec9cf1f423b448eb89be7070152c454f6451f8325e170a7b2c89b056969995488b6e969313851c2e4b388376a92df2251bbdcf50f8d56dd8e7d0baac9ce732e9bc2c4e353a9d396ddf04756dede5e24b066f12722530e06b1c3930bc0d2f58112a9f617d872edfbb9fab3ce9da84c276f47f9e5ba08f9a19ba66198135d1d4388df48fc9d1c34366673a3bbf8146473a26fd01e1a9b7b2faaf27d986ca6132f804e3c270d2afe2f98ff8d4526bdcdd14738653f83fd62d5767045878bcebc9545617890e7368e7a32f8315237718eebbfc84102f09578177a3985c147dc217c0c01f28f9ce095eb269a9186fd30c3e7dc9faf24f8df1353b2c362030206a5be5b28747c4f3f275539371095c1539383653a3fa9c2b8224a8991cd3452ef0cfe3c851779d22c82d45a1c795b3b56ce8b2ed6af3b760bf88b92eb0be251ef400c195099236a872e9b15d446eb1f61b67fe2495f572e44a3781b43b4eb7776f76595bfde166bef5adf124be66aeb46b60235a23fcb07892eed2f3c9463aa0f1ddf3dded1d088752311a5ed38131b43426895d216d0e71a37f6464137b02e2a04edf7974d5a331d41d5a2a989ff81faa21c349471dcf2454553f4b60346bae5e15c85eff93027d5c6fd3d6acf109758d9b3e151878329f227a1fa25ea743c506528a07bd157a4c6e223d764bcc26751a21aaa423835ae756986dea91f03e35aeef116c34c3037e96ece2e76cec5955ed24304be241b03af7595fd973f1e6a00fbb4438dc5caf1c5bb1ed24f1898c3dfa610d744c8f063864801e0a72a281cd1a943be4b20ac634809707df221eb6be9b81e0703bb6563f7bcaa306def4606bd466539b168a18272d35c04024ac63e4bdbedbab5330407ec971da7ad514fd4749b3eb91f0b70f3594c0390b773fef689316f8b1ad3e16def42b19eb19801e18e71ee2b5ac56a7abab115f68d98169e7c5eb554f8be7fad3123f3a935b54ad2878bc4b62abc5a4fe040ff5eb87490fef71d50947fc5a349218752a39ef2d27db49c52933a5e149f5e289e25add1d28890c407888099ebe32ff68d2644fd19787a712258d66945609c94f2765bee45c1b12c26298bf2c02d9acee54e740e5a8441f417a47d4f0b418229a89e3ee9768fe8fcab8c8490b65079ed355858005064e54bb212d9d465e109717eac723e1768d0b985d35d70297b869bbc33dff533f201a813367b8ffa948b5cf5e150f3b0a9aa30abaf795b2b59b4bd5cfdd136ada54b3a0872c22f05309ab0f13a21089ca6a30fca15584a817cfbe4eefe9ca9c5de46955ac0244e4e688c7a5885d59ca773980e64278aa1e3bf1e32cc59bb791f9d85e1e475231f1a5f0810364f8fa090818889b166f5f5b3e37ecd703be31c1ea00cc65b2f76505e186c432d4fdba20e25b01d3234aa0b353ed7547edf5d5df00c8d8ecb9ed5eaccf934f59936a0448f041a86a5c6daa36b8ab5e099a87992a93bb30da20622cc2aa5e497fc400d84a5b35e05d5693c0078fd693413ce88a315c6f5119d275ddc357d42adb49a052a67a2170fe6044b1f72db4a804017cb86217247d1d0491f8db812ea54ca3302a58a82c444acc15a8683aa0a214a8d107f5db1955e843965345ce104c38f9c066a0a7d5b5c115d3bc2929b78aca1a85449156e5fe6be0545f4adc9766c52d1108805bf96549c5e7b89a2362536bab6751b9364ba0d4825802c3456827a46cea471a75b6973ac99a8371706e625c7e3a0df85152cc732d07266e90d2f825e37afd202a7d16c51660357ce4d6b2dd1ded7ed838ca7ae488cfa1485ffeffd4b0c7773fc7c5b42d3c45d45980e1d389edeebfb27069fef4cd07324f34bdbb53f421d0a81904903a221dbc6054c2d473b9b32dff25a5fb0990fb740afc725f759c1a06b3ba69afcaa2db149cf6573dfc409972e92d2233968cc6d80800f604cf6abf60157d2ae7dfb5c4bdfab52d1cf933e316d39cc76dbf92a1065c805d3b2cf8966970f46ae40db08ca2b94d6de3a2be79c56deefc91d7efb2191a39c0ce74923d67bb1f627d5ba0b856f70246532a032c6447a1767a98b07de762e3d831b181bba35b53da555bcb180bb85e903ef7818054226f29571e66ec8bd67b1b7d75fe8ec4d762814f6ec9b2b03e3d4e21e70fae175b0493d3c2c85a441c05ab7b3a3b76b8f512b9b1bc5c33eedc3a422ac46f6758701726e4fb806d367a4901e43882e8f8c8cbf90515632c6270862095be1125e3baa8e66a433187229ee718f4a87173d3105b27781e5431afc7f771ba4c6b72fa067c935569b80088e32f45b0d06745e2632bd68d900336fd91b35fff9f5603e9f4d0ae050841e2866859feade0f90b2d71087d25c45252a89633139e771482c7c5df4684b6838d50fa8d77492d431020408e5ffaf11ca0aa46cfe1c5cff14ba07edf9c8082ed9893d726a892f75a2d850d73e6c047ae59e5210385edda8388b07f75a9c299f21e5ed9c9abc837b7e720fcf824eb6df12215b48e05e697fb43201bbd61ec30c329fd8cd6a4134ef8182f73546add98a980f4677e581727a28c30ee41b38d33155ff7334562e697afb781ce26af60ae9603dfa6e8ac5d62738fe04a1b986c321c8a9bf3437e4679390f460e38bfac80a3660406759af61196f04c0cdbd60c01eef67a0ec6f6466a13e2b1c2cb31c091ae8c5908c503cf9ebf26f753cc2aca5a973686314f6eb3f4c027ac03f961e82725fe43db2a2e726694270b53160487b6c0c75da50993893b921a36822f8e10269297294651ca7489c7b5fa4d62c2f586b8f5a9aa3dd4b12f8f52601ea9c67c3546ab93480542a1c5db700022d5e1a653e8b4b5667e3eb2e570ecf8a5ea59b6722594d8ab46ad4e87b17d550ff88afcda200b3d4e755c7978d562fe3f7d3bbc8de8192100d329cf167b5d5fd1e9ce028d1690e3d740b00a98e245e884c8970f584c201756c48359671703d9f0f87ecdc79a21da5ac266215bf1376743cb6a0636e5ccc8d94164655627516a4ba10b8174dbe78209b2f1d531884ee65fc58c926935dcd2b451f1bbb6d16c53c9e9af2d41ffe507a309aa3b5186b7efc24cd13f2e87faa70c52e52dc51aa4e255e963a41aaf489d2af31fd6e4da6737677b8f22dbe86f8f5417c3dff5ad8c20b21585f8c8271a7a598c029bdccfaa182623ef52f9bdb6875c0a3c730733794631cdaecebe17cd13ec47b2239ad109e2099ffaa5f9a6914be97a1db5c66838b2d7eb6e0f3900768e652390da9198d2bde36ef27c187bca510d303a2c6ac375e1dedcfdbdaa257bf147a865212944016ad3b7aa15b1e6fcb2e65d2d8a8e2193c45d2d8a300177aafae1018dbb114f37ffd215e3ebbfe9afd6685fa8fe1c9f115224a5b89aca5fe2599f7e55b35e6e56c4bfb57ea42bf5cf4f0162ca1877bdb83d271353c0a8c82c10181738886a6d533b7978495dc344de8cf04f670daee067010a5ab9045bb823edea8b985e67d561b21b1496e44780b34f12c5ea306dd42774133d889011d1627e564b5d2df3d75e4eece3d616a6558123405c5ba05a02c6fde450ee49e92f43e7d6cbbd31342fdf7c3f92b5d6f4bd5aa83d1ab918b7c1dd5df80d26b166c10337547c035847e19ebbe266fc95a1d029bde0309719a246921f1fa56379340e24758fe1e16abbbc24948aa458330455b9c4f68a492afc9a45233fb55efdfe669c6231240f13fb7b1a39aeb6e4fd56964f56418e50146d8ea446f75c11be0bca27fe4bc5d921d37f9d51d060624682e380e22cc94d6c2ebcce27ad8eb80cbabcd8a790b16d63fbbda63d05be22ac0cc9e082d49c70a09f6e474433f84611f7e51f394e5671c3fee648abcd7461efe92881fd2f4ff1ee85b83fac5427960abf2f03bd02049a1bb9bcba863a9fd0f1c5eea417d0470713ff602a28379b1117168c5c242dea98ad2611f2894ab6901cd1e4d65039bcf9834bd8123566a336cf853d5b859b5cf19ef31ff944d887300299d550584e175cf906d40251d1675ec4bdbc4b8249e2cb73e84c5eb9430ff75c37eb95817fcb54e99d340355613973174bd168a60ba8aee3fc057c4ec33a5b58a490b186dd4fdad67b342ef2241dc61dfdcc25b579d169e1ac3f4c88b5ead82a39d61c342e86f144e449617b2ece1e0c6cfed4c88a91ea77b02f26a2df57a369f3b76fbf05be3cfb848f82036a90ee2324b7c4c184615782f0d76e195917e405faa7bb8798f7548e6210386d50860f2b4ecc81217b8402505ddc7dff62d3cbc2008f7e0520cc1c11d972f9e1998d6079b9f2febc2e09cf7181529ba4a081f9d45cf4184d7494f7468e8e13fce403bbecd5f4d1c1dcd21a6058ac8b2d4afc877e50398c6e4a858d5f721a930c82601842d4fb54a6a3ac4550d06422ee35a77d051a3edf8bdfa5832576af49430a3259e18c7bd26c4c3dfc88197db142e7170f68d4a679a6c0c5c166a5d962755ceaebc119a7c70502e1a722b81aef105821b368ee268905e511eb0b273f5f6b2d18640d385e4bab1510f0ad0109ddeb208701226125c3ca52d4bce611f55366573e55a2cf9019a0e315d137779ec831b94e8d44b9730d0550d475c410941e65766bd5f0d021a5074d7218280dff6208cdb2cc920fcfaeaeeac9f1310c2b042b8d1bdf867fd8370eb78d2f18cf7fafff9fbb396c429a75d2599fa96fe0c897cf9de792f0b97b2d67a3e557f62cd639e07145f2a51457f20110cdc19f199859df54e00646ad54f78f72e4a1461b2ca1ceac5351de30781224eeaabf44b0fb8d5a8a46bf949277630d767752aa37693894f99a4e2ac562cb0c2845c148612bb217e61ee795a5302b1502b263b5859e1e3bfd8ded85966aff161d5edaaef6ba6bc077b7e570243aa9d3e7b085d45786f8a27b25759cf8cedfca776af98ee2045e3f25949e4cf3c9cbce7300b7b9ec8e4417a0b296f9338116f7efbeec4c6ba591ed4e7f6c8b11de2986d7b9b621045c1cd3504e960fc6ed56d48d3fb6fd716e7b90d7ebbe3891e4973940d440a26133cde4833185d23dee973cccf389b4a7518219908edf5d23075cfa33b02199474ee2f1e681ed8d987503c65ef873b907654389668171417196786d86121d1e7c9797bbb220a307d62c59175b8ef67ab8150e3b5b0ccc0bd02e35412ebe1c40974ca02ddb831b1b88aac4d7a16ebee0384a651c97b586241f9723a7df42a619f4ec59fc136d9c37cf329e769b9012d5cf19aba09c15cfc180eb10a3c262afab1219a9a068f5bd00af04c689786bd6fc83a1c903d5d4060117cb3a2c0874f2120b9347465634fc73f36c6f8c9435675c924f04a1028c73afa1fa"}}, @replay_val={0x10, 0xa, {0x70bd26, 0x70bd28, 0x5}}, @proto={0x5, 0x19, 0xff}, @algo_auth_trunc={0x10aa, 0x14, {{'crc32c-intel\x00'}, 0x8000, 0x80, "4f5a9b17d80d1f5d54afea0dfdbb5297b4992422d9d45563578e7b529e2b005370823c681ed299d1310caccfa875322e66b4585cbc71beaf3e7c5038762181b9696e103b331381102044623677442a4980c225d792a622e00d3b10a58ba7c5f96815aef795790fa646018ee0d72efc092e1b3d156e74d597b61268bdf964ebb6712bd7628a5a9b7b11983375a0e2bfb14dccaddd1ab4498cc6c2105b3cd62d0271e757f3eef4003a9310ff4e82a75fa69f7434e727894f7713113c00cb150d65bc35c39d23fecc63e3d76271c9bc533ebdab2d643dcaa2a31e81723ef7eaecfbb08a012eef110a19a111a378b245d75fd21b2da1f4730c965b6eccbf1d961c635906436f6151549d4ddc11d6de0ccfbc658f7f30b62500e9282322ebc5b6a8e1dccc3ad6b8d207d6794e7e393eea96a6e45dd1bcd5a9e378fab7e36685ca798e4b3904a6f3cb37ab05120a90ef7493ef34f945fcf96ba565a85985377719a55d176445565c65e310774a08042e404e167c81a53cd7f29c160340343f0171754aeb1f01bf02fb0c4a9b7c706131b26b50fafa9258d4cccc32f47f1e4693be5f5649097fce81218a76e6de1e9f52b68f4311ac4363c0fac52e70d43ebd6ac23fab47cd4fb7024312fa3beab3aabfab4d58cbd9cd7824481e63878bb6a518e2b14097babe9b017599d541951c0251cdba06a6512617feb192f52a44d306275e58f1097384225ef422115ce5e73796191abe2d5cdb1776636920d77ae486c8f1176304abe5b42d29186d59b4b758522248f7e57ecec64a6774025c9227161ae251f25cce6bd3a4315b7f5c094fa62a632bdd579626ba03c23a494571f7897ca67ae24ad0111e0919c8f914926782f3c9b15af63b871f2ab1c83b9ff39ca62f2f93be99b9eac40f70c4cd23b010ddb533a0dcfe437cbd30c0aa4bc6ecb5e782b26cd4bf0b36c56c55dcec7757b5958abd08df196ee01174a30198b1f783a94617b0f758bfa4d8dccfa00b2fffb416eb67cc6dc685e2bd2cd7dac80da4a8ac0faa62bf84a23b57d2c0c42ffbbb005788d794ff0d4598d94f4b02609751f059d97ed02beefe44150cfeeb2506299355ad8605f8653d5aababae6b352398e5b24ca47ed6f3f0faff1642c74cf73aebad431c2fd50e3110237ecfcd37efcbf3ae423e1df982e7acbed854811513000bda5bf242240e896f6046b0c7b7ed29c96d3c47c785e39b06870b585f87255747d6954c63e072c901c7430a02f11c377d2c389bab8e2631123ff1318742891e2ddb91c6d6781c6a75bf6df3e9bf85061696a82fc2ec1503ea6f89686caf5dd17ca45b15a2a0ce05072f3012ba8546fc8f2dae301b1f445fc53d7758b479e2b9fbb2ea942e2d79fefc7bcb79e6a44c643fb68761b2b78dc844e5b9392275457d05da5e7afb5cb916fb0f239ff2b8af19019416e72ede088c1319fadac1e83eb5f1421068c2e1d73161040fd12c5cfa44e7fe18ec324cc6b5f55defbea9a720d643a45e9afc4aafc0681f4734a54ed7aedf0490f45dc690cdcd129917a50ecc0bce447bfc45c44aa8ffaa6f6a4aab5ae7073238b4e44b9792abce5468c2239cd4605f865605f4e2bfb37ceb747836010add10c7adaf678c577d2ef05c785ba6d38fcf4e8192900cf5f75ca76633e4d5b13448bee2b83246873d1af0c97246c9d5ac41f9d40c1a823bbded32c3b2b220555af84bd6f8ec71df231149f90bcf18ad7e82f6608a115bcb7eefee3f93546d7f5f2ae17d53c7e764c30beb8f4709545c41f4e9283db1fa0a8675a56384e861fb65888ccb4fba67f0dc6865008b691065af8c521ec7484de99e87bdfc7272dfc15f375ac1601ba17c0a3ed4afdc5c5baf5ad265e45af9d1a8732135c987b64bc982524fc05981eceb183bdf0b64a009d80568dc25f46a0b28a61c5d9b773c60bd65a7c34c2733c28ebd0ba85b9050d5ed3db5b83dac4a88f23e577dc09ee5bc8287ac03052df9e4ddbecabfb2c16f71edb7212cf683bd999c7bfcfebd9467279a82d20e6c7a1478b8b4d0b1287b47e5e08b903b0007c6bbb5e783cab880606f9242e988c059f0b588c3c945914bd709682bf045aeb76ab572a7671b4bea280795d9b71ea1eeb1436d0b702176821d729a5af0f1b7f56f315c2430ffd54fcd0f6af2e924ac1453b4e47a10de1212e2bade9fc19d2f6b1ec06e200d7a2086d166a0925dbc6d3e0ba7122615e07276542bda7449cc89eeda1a9df7d5b8ba5429c09a66e234189ce8c1168e2c5b573fcd3451a3e1cd4a1d1398e8fb3cdad1c414ba0b6d1b4f0a04fcf71e42a0f61e84b6f151007510862dff652493cddcd5b78b95bcec55a2eb8a72ff7d502d152767bebbff27e546004fddba4dfc06ff6401981e51f148168abc138a66af1513a3cc6173f5dffece5430c4bd7763233afcd4d62eec12c3441f4b9f5966843cec8ddb1d35cff2c9408eb53cb06904af3ebdc84de1e778f39df41643c233a098c393a791fc97652839b032faa63bcab2d6555a57cea7e219d3aaea3cf76f7615fa711b18a2bcacecbd30c6968f72d2acd390c4333814d7eb98961bddfee380690686f09e7ee52289bd467f9ad72602155574c6e3d48a0555c61f50d53edda9e36500c3a886028f4f0a72c996f2478c348fe040a1c89ad930ac1d0585037451603c663bd5796997bf3a165351e696a6009d6891637751895b3670a1ce7b6f63677db932133af08f523afce45c1b739f86f79cdeb2883e5276a69f813cc8d289db1264050a7123b9ce6e0af4c83c31830cb18be02d1ed89ca34af687f3537b820c7fcb4da9c36ba1cb01f169d49198be02fc8b72979fbc7cf5ce6d87991a6e33c361ff2d3a3b9909a5e921b2afe03e2f9f5657fbcf2b7f697495b3c5aab35a0b7cdb529d3f385a371e19da71a5f2dff241cd7bd18aabe5a634ad17217c1e533c183e1f68ce9c63041c9a4f00d14fa54a9bb5f1aff733589c402aacf8c208e396248bd892397d2e7bf60dbc8f8232620ea8b8b4cdd31379ebb3fc1ec57e7b6c586a46a2c2fa7f685b765f183cc5f42381cb81c237a1750bc7542c7922fa640dac877213bdbc3eeb9a55e4254bbc6c73441c22d1e3f2aea0d3c36ad6e5a572a99ffbdd376912032b2020c1c3b31925c40e63add678c015de3f08d87207ece77fd1792b3541d27e1f4dac2978f6ed18e7485fe23756e265b0c143b78b636952e2c5d42963492e97c6a2c3f61e4a41e71674322862984b8b2de21f2fa6353d168f53434222b86ec40b7d38c8c6788322167e4678b028cb2c4b1d7c3d6579ca0c761bdfcea898065a9daee6c36254d1e523027ad5076d4ab61456a210b093c305f03e0e2f5d82ab8e9981d5f15da69efdd3966d7ae53061e060474ea0f8f886f1a9780819d3cd7090bf65a9e4c2b455f04e192cfb0bd6fb0f5653f30d7bf53aa9748c87527160b6869894859bab14fa20672202fb39f691474341617535fb89991556a91ce57969f53df0dd36336dd7edfedd2fdb1ed832acdd5bcc3dc748b68e76254bc9e8acf129ad9d7a1e2bc4ed828d7f6fe2bc99b923077b841dcb47725c7b4ec519144b91d3f502fc409be77fdcf268bd700716d26ce93d4863775b131470f286962e6d0a6f44fb5029236f716e999c05cf2250d74661aec82f50b9cbffa523fe11c559ec37ce171f6da7390b62ca78186a413f37c3d6937c534afc6e4019e7647a0341a8e4bfb940c3c3607301358f94662a2cae2af80e1689b70859f9084f71bf172568bb187e6129119deb66e4eb4583eb5e785536f412c0063fd3a92c66584b64d9725f1372ed430e4c45e0f31042790168940f23d8bf31936d1cddb78cadda8e7274c0c23a4f1d04b82eeca8bd0e5eeab98ce3e0f1edfcfcb1e844456924d19e19589a0853bbe5798c3cd90f42a60e018921fcf101caf4412628fb2e15f1829f78d7a5bd5d60a96988b3e5a0977197fc07f932a6b86cd325405a287ced46f4da1a1afd8c09fe0c169180d723d49f5d0eee83e9ae4dd4c3311056f04013c73a11f4cef7940ed840253dd1b24704053568a8bf9cf912ceaad0108cee289fa27cb46fd6fe6599899b9e8be384b54c10c7134eccd5c7dee8e7f80176035578d2b71e99f0baa830d6dc023a2a70784ec721e7e352b3d994bcc6a3dcaa6181c4baed1cf1b815031cb77514d724f7aba73b5fb8af8f86b6b5839ed6d152361f013f9ffcadf72e90f9ca1cd7316bef732406930aef53d50811db47168baad764b0d6e22b5a494c488ad5afb151a2375e72652fa79928afeefc6136dbb435b1669794176fb70fb990769c75083b47901d30112b7931bf1be71ed295a4f321c83b4ab4571065fc372383efa040fd2e5906abc865cd0dc7f7595947c555cc1ff7fc6e9d8709ff183086296c00871f93e470aff583d3ca17d672182ba487979a4d010d1d1a81fa7bb49ef55269924fed7e57e610aa9286dbc03caefc01f6b2a053773ce23e351dbd11d118080c56696f109f5a48f407f6e05268705f2796cd39cf9376608c7bd31b20caf8026300af3f74da9a2ffb2d54b58fa88070017183183ede10213fa061934f40f67847fe4ad387c6b3676acbabd7ef3ca7828125312b733ee4e31eb972aa6c54693aede501f18fc3aa34c141a3af7f405b4bdcee84facf9db6bdc9091af93b21db3f6f83219529c1a810958003c732924fa830e32418ff1cca0b9f9eedf18255363cd74ed2dfc9854aa99e109d48dd281080eb52294274c22b7c677e25a7cf4b153ec15292a62f39a37c9e112bfc0932511dad27b01ac1f9623295fbab6fd534d2c2952c3b7c3ae573a41a217a2c216d0ac878aaec78696b9ddbeac4ad8468c93aba13937789c3271699f12cb8066c5ea5db3a1cac5aaf23669559e9d6ee746041b18565688081d498acc8353b6f143299a3d2738c9d68147d16e36a04521a29321b0f8d5408cd8aeed7348d6d375b2e28dd7048754e2800986b8604bc658020138484bc4fa1a3c20606cb010b2684011030ddc98f6373537d9750b3fab9b39cf8d060b4137ba676d915767899a0aff1a57a1640d557b42b01480d427831582b5c6c80624e148b24235e158ef1c3f993317e5362f8aa447a5c2dd5f959e99167fec0313cf460a0e6285b2401a6d495ccac4b1a7588430dc6cdbaeb5621e58c80cfc625e86e4037f20a8dabc7bbc657f3066867884e03b8859acab57f1eb150a55cab0976d8457f143403a8f78ca5dec211000fdfb26e8631c59ea3f145e98d95caa56359b090cb5f18e9682300ad608d8ce5381cffb5828ff2b32dc2b0ef0d0a85023522600af54e2427a96a46c48ec8263412c12da87f096d2d0d524b7e0873363534dab785ee82488d737de40ecdf07f3a1a52f61f34192293819e1c2cf17d0373308d09043e0d8278c5a4688962330cf941e3cc515ab69718b6d80ce8e1a66aed7861135c1e68936b14b81a676effaede91b18dc2527007411788395e1763ce1e635553876deeaf1e6e78a8d92aedb2daaeb537c3fd57a4f1643efae2f6710c1bcf3b0ab204b5d7633bef1e5377dc28ffaa49016e5d02fea92b99b83d1b8e30deb639671889022f38da53c8fbda602547fd32b84d08aa919b81ce9f5cf1f300d253a286e1a729ae64afceed4f1bdeb278cc137471892d91aee51393d5e1334f211274993a9bf5340cd4a7efd15d18d3feac219bca7692290feb56efaf8ec98339c78a4af0d095a35e5ac558b7ddae4f7152e03567a95418a1764a6b586e0fa1049f82d377f4cdc6ebc8bd0d315e8a20d6e7bd2b71"}}, @srcaddr={0x14, 0xd, @in6=@empty}, @proto={0x5, 0x19, 0x32}]}, 0x2108}}, 0x0) [ 2043.997429] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 [ 2044.076366] FAULT_INJECTION: forcing a failure. [ 2044.076366] name failslab, interval 1, probability 0, space 0, times 0 [ 2044.093317] CPU: 1 PID: 23787 Comm: syz-executor.1 Not tainted 4.14.286-syzkaller #0 [ 2044.101209] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2044.110571] Call Trace: [ 2044.110585] dump_stack+0x1b2/0x281 [ 2044.110598] should_fail.cold+0x10a/0x149 [ 2044.110609] should_failslab+0xd6/0x130 10:58:13 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r1}, 0x2c, {'group_id', 0x3d, r2}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r3}}]}}) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f00000003c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {'user_id', 0x3d, r1}, 0x2c, {}, 0x2c, {[], [{@subj_type={'subj_type', 0x3d, 'fuse\x00'}}]}}) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r5 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r5}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r6}, 0x2c, {'group_id', 0x3d, r4}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) read$FUSE(r5, &(0x7f0000000480)={0x2020}, 0x2020) r7 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x600000, 0x0) ioctl$PPPIOCCONNECT(r7, 0x4004743a, &(0x7f0000000100)=0x4) getresuid(&(0x7f00000024c0), &(0x7f0000002500), &(0x7f0000002540)) openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) (async) getresuid(&(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100)) (async) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)) (async) getresuid(&(0x7f0000000200), &(0x7f0000000240), &(0x7f0000000280)) (async) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r1}, 0x2c, {'group_id', 0x3d, r2}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r3}}]}}) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f00000003c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {'user_id', 0x3d, r1}, 0x2c, {}, 0x2c, {[], [{@subj_type={'subj_type', 0x3d, 'fuse\x00'}}]}}) (async) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)) (async) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r5}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r6}, 0x2c, {'group_id', 0x3d, r4}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async) read$FUSE(r5, &(0x7f0000000480)={0x2020}, 0x2020) (async) openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x600000, 0x0) (async) ioctl$PPPIOCCONNECT(r7, 0x4004743a, &(0x7f0000000100)=0x4) (async) getresuid(&(0x7f00000024c0), &(0x7f0000002500), &(0x7f0000002540)) (async) 10:58:13 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) (async) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) (async) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) (async, rerun: 32) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) (rerun: 32) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r1}, 0x2c, {'group_id', 0x3d, r2}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r3}}]}}) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f00000003c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {'user_id', 0x3d, r1}, 0x2c, {}, 0x2c, {[], [{@subj_type={'subj_type', 0x3d, 'fuse\x00'}}]}}) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r5 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r5}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r6}, 0x2c, {'group_id', 0x3d, r4}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) read$FUSE(r5, &(0x7f0000000480)={0x2020}, 0x2020) r7 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x600000, 0x0) ioctl$PPPIOCCONNECT(r7, 0x4004743a, &(0x7f0000000100)=0x4) getresuid(&(0x7f00000024c0), &(0x7f0000002500), &(0x7f0000002540)) [ 2044.110619] kmem_cache_alloc+0x28e/0x3c0 [ 2044.110632] __kernfs_new_node+0x6f/0x470 [ 2044.110646] kernfs_new_node+0x7b/0xe0 [ 2044.110657] __kernfs_create_file+0x3d/0x320 [ 2044.110667] sysfs_add_file_mode_ns+0x1e1/0x450 [ 2044.110681] internal_create_group+0x22b/0x710 [ 2044.110693] sysfs_create_groups+0x92/0x130 [ 2044.110703] device_add+0x7e5/0x15c0 [ 2044.110715] ? kfree_const+0x33/0x40 [ 2044.162416] ? device_is_dependent+0x2a0/0x2a0 [ 2044.166997] ? kfree+0x1f0/0x250 [ 2044.170365] device_create_groups_vargs+0x1dc/0x250 10:58:13 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x1101802, &(0x7f0000000240)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@blksize={'blksize', 0x3d, 0x1a00}}]}}) 10:58:13 executing program 3: sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x38, 0x140b, 0x20, 0x70bd2c, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x4}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_RES_CM_IDN={0x8, 0x3f, 0x2}]}, 0x38}, 0x1, 0x0, 0x0, 0x40890}, 0x800) sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x38, 0x140b, 0x20, 0x70bd2c, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x4}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_RES_CM_IDN={0x8, 0x3f, 0x2}]}, 0x38}, 0x1, 0x0, 0x0, 0x40890}, 0x800) (async) [ 2044.175388] device_create_vargs+0x3a/0x50 [ 2044.179626] bdi_register_va.part.0+0x35/0x650 [ 2044.184207] bdi_register_va+0x63/0x80 [ 2044.188100] super_setup_bdi_name+0x123/0x220 [ 2044.192589] ? kill_block_super+0xe0/0xe0 [ 2044.196731] ? do_raw_spin_unlock+0x164/0x220 [ 2044.201235] fuse_fill_super+0x937/0x15c0 [ 2044.205390] ? fuse_get_root_inode+0xc0/0xc0 [ 2044.209795] ? up_write+0x17/0x60 [ 2044.213238] ? register_shrinker+0x15f/0x220 [ 2044.217643] ? sget_userns+0x768/0xc10 [ 2044.221543] ? get_anon_bdev+0x1c0/0x1c0 [ 2044.225618] ? sget+0xd9/0x110 [ 2044.228804] ? fuse_get_root_inode+0xc0/0xc0 [ 2044.233208] mount_nodev+0x4c/0xf0 [ 2044.236742] mount_fs+0x92/0x2a0 [ 2044.240109] vfs_kern_mount.part.0+0x5b/0x470 [ 2044.244617] do_mount+0xe65/0x2a30 [ 2044.248158] ? copy_mount_string+0x40/0x40 [ 2044.252395] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 2044.257404] ? copy_mnt_ns+0xa30/0xa30 [ 2044.261284] ? copy_mount_options+0x1fa/0x2f0 [ 2044.265770] ? copy_mnt_ns+0xa30/0xa30 [ 2044.269653] SyS_mount+0xa8/0x120 [ 2044.273101] ? copy_mnt_ns+0xa30/0xa30 [ 2044.276988] do_syscall_64+0x1d5/0x640 [ 2044.280882] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2044.286060] RIP: 0033:0x7fc09e230109 [ 2044.289757] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2044.297442] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 [ 2044.304690] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 [ 2044.311967] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 [ 2044.319216] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 10:58:13 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=@newae={0x2108, 0x1e, 0x100, 0x70bd2d, 0x25dfdbfb, {{@in=@private=0xa010100, 0x4d3, 0x2, 0x33}, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x40, 0x3507}, [@algo_crypt={0x1048, 0x2, {{'kw(aes-ce)\x00'}, 0x8000, "9d78ec26a5ef6a153b259a0b025fd54f1ca5df8521ccac039dff6485a2a74bd2ce70eed56757791343845c9df6497f80cc3bd9c823ae0f9947465c49420a8191770ff771544cd07d10b9a12d7df85d30ca48f85c4efa0bbff338299afeb716593167f99e6a2bb1a28045191b1833ff54b52593797ea7d1bc20fdab40c7231f08983e4ed7a1502b65a72fe9781f99e0c09051433a0db481a55d51d13b975cf239ea498b0dae851d99a57e45edb1fcd1b074c0c160a890af1237ff2e232ea18f399c4cc090691d64cbbbffa733c9609d5f92e3626432ed878e0e37284726c6dae3d3ee6bc9112f08fbadac40b53924ccb9d4652fba68750367e985df7fdc43f9810b0288b8b580302fc87c576db8f7cc703d91843e8f9a42b7f1c4d1dbeb1965275232c49fd27c1fd77e25f46ef7997d8cdfaea5acc308d358ba5481b0f1badd4bec9cf1f423b448eb89be7070152c454f6451f8325e170a7b2c89b056969995488b6e969313851c2e4b388376a92df2251bbdcf50f8d56dd8e7d0baac9ce732e9bc2c4e353a9d396ddf04756dede5e24b066f12722530e06b1c3930bc0d2f58112a9f617d872edfbb9fab3ce9da84c276f47f9e5ba08f9a19ba66198135d1d4388df48fc9d1c34366673a3bbf8146473a26fd01e1a9b7b2faaf27d986ca6132f804e3c270d2afe2f98ff8d4526bdcdd14738653f83fd62d5767045878bcebc9545617890e7368e7a32f8315237718eebbfc84102f09578177a3985c147dc217c0c01f28f9ce095eb269a9186fd30c3e7dc9faf24f8df1353b2c362030206a5be5b28747c4f3f275539371095c1539383653a3fa9c2b8224a8991cd3452ef0cfe3c851779d22c82d45a1c795b3b56ce8b2ed6af3b760bf88b92eb0be251ef400c195099236a872e9b15d446eb1f61b67fe2495f572e44a3781b43b4eb7776f76595bfde166bef5adf124be66aeb46b60235a23fcb07892eed2f3c9463aa0f1ddf3dded1d088752311a5ed38131b43426895d216d0e71a37f6464137b02e2a04edf7974d5a331d41d5a2a989ff81faa21c349471dcf2454553f4b60346bae5e15c85eff93027d5c6fd3d6acf109758d9b3e151878329f227a1fa25ea743c506528a07bd157a4c6e223d764bcc26751a21aaa423835ae756986dea91f03e35aeef116c34c3037e96ece2e76cec5955ed24304be241b03af7595fd973f1e6a00fbb4438dc5caf1c5bb1ed24f1898c3dfa610d744c8f063864801e0a72a281cd1a943be4b20ac634809707df221eb6be9b81e0703bb6563f7bcaa306def4606bd466539b168a18272d35c04024ac63e4bdbedbab5330407ec971da7ad514fd4749b3eb91f0b70f3594c0390b773fef689316f8b1ad3e16def42b19eb19801e18e71ee2b5ac56a7abab115f68d98169e7c5eb554f8be7fad3123f3a935b54ad2878bc4b62abc5a4fe040ff5eb87490fef71d50947fc5a349218752a39ef2d27db49c52933a5e149f5e289e25add1d28890c407888099ebe32ff68d2644fd19787a712258d66945609c94f2765bee45c1b12c26298bf2c02d9acee54e740e5a8441f417a47d4f0b418229a89e3ee9768fe8fcab8c8490b65079ed355858005064e54bb212d9d465e109717eac723e1768d0b985d35d70297b869bbc33dff533f201a813367b8ffa948b5cf5e150f3b0a9aa30abaf795b2b59b4bd5cfdd136ada54b3a0872c22f05309ab0f13a21089ca6a30fca15584a817cfbe4eefe9ca9c5de46955ac0244e4e688c7a5885d59ca773980e64278aa1e3bf1e32cc59bb791f9d85e1e475231f1a5f0810364f8fa090818889b166f5f5b3e37ecd703be31c1ea00cc65b2f76505e186c432d4fdba20e25b01d3234aa0b353ed7547edf5d5df00c8d8ecb9ed5eaccf934f59936a0448f041a86a5c6daa36b8ab5e099a87992a93bb30da20622cc2aa5e497fc400d84a5b35e05d5693c0078fd693413ce88a315c6f5119d275ddc357d42adb49a052a67a2170fe6044b1f72db4a804017cb86217247d1d0491f8db812ea54ca3302a58a82c444acc15a8683aa0a214a8d107f5db1955e843965345ce104c38f9c066a0a7d5b5c115d3bc2929b78aca1a85449156e5fe6be0545f4adc9766c52d1108805bf96549c5e7b89a2362536bab6751b9364ba0d4825802c3456827a46cea471a75b6973ac99a8371706e625c7e3a0df85152cc732d07266e90d2f825e37afd202a7d16c51660357ce4d6b2dd1ded7ed838ca7ae488cfa1485ffeffd4b0c7773fc7c5b42d3c45d45980e1d389edeebfb27069fef4cd07324f34bdbb53f421d0a81904903a221dbc6054c2d473b9b32dff25a5fb0990fb740afc725f759c1a06b3ba69afcaa2db149cf6573dfc409972e92d2233968cc6d80800f604cf6abf60157d2ae7dfb5c4bdfab52d1cf933e316d39cc76dbf92a1065c805d3b2cf8966970f46ae40db08ca2b94d6de3a2be79c56deefc91d7efb2191a39c0ce74923d67bb1f627d5ba0b856f70246532a032c6447a1767a98b07de762e3d831b181bba35b53da555bcb180bb85e903ef7818054226f29571e66ec8bd67b1b7d75fe8ec4d762814f6ec9b2b03e3d4e21e70fae175b0493d3c2c85a441c05ab7b3a3b76b8f512b9b1bc5c33eedc3a422ac46f6758701726e4fb806d367a4901e43882e8f8c8cbf90515632c6270862095be1125e3baa8e66a433187229ee718f4a87173d3105b27781e5431afc7f771ba4c6b72fa067c935569b80088e32f45b0d06745e2632bd68d900336fd91b35fff9f5603e9f4d0ae050841e2866859feade0f90b2d71087d25c45252a89633139e771482c7c5df4684b6838d50fa8d77492d431020408e5ffaf11ca0aa46cfe1c5cff14ba07edf9c8082ed9893d726a892f75a2d850d73e6c047ae59e5210385edda8388b07f75a9c299f21e5ed9c9abc837b7e720fcf824eb6df12215b48e05e697fb43201bbd61ec30c329fd8cd6a4134ef8182f73546add98a980f4677e581727a28c30ee41b38d33155ff7334562e697afb781ce26af60ae9603dfa6e8ac5d62738fe04a1b986c321c8a9bf3437e4679390f460e38bfac80a3660406759af61196f04c0cdbd60c01eef67a0ec6f6466a13e2b1c2cb31c091ae8c5908c503cf9ebf26f753cc2aca5a973686314f6eb3f4c027ac03f961e82725fe43db2a2e726694270b53160487b6c0c75da50993893b921a36822f8e10269297294651ca7489c7b5fa4d62c2f586b8f5a9aa3dd4b12f8f52601ea9c67c3546ab93480542a1c5db700022d5e1a653e8b4b5667e3eb2e570ecf8a5ea59b6722594d8ab46ad4e87b17d550ff88afcda200b3d4e755c7978d562fe3f7d3bbc8de8192100d329cf167b5d5fd1e9ce028d1690e3d740b00a98e245e884c8970f584c201756c48359671703d9f0f87ecdc79a21da5ac266215bf1376743cb6a0636e5ccc8d94164655627516a4ba10b8174dbe78209b2f1d531884ee65fc58c926935dcd2b451f1bbb6d16c53c9e9af2d41ffe507a309aa3b5186b7efc24cd13f2e87faa70c52e52dc51aa4e255e963a41aaf489d2af31fd6e4da6737677b8f22dbe86f8f5417c3dff5ad8c20b21585f8c8271a7a598c029bdccfaa182623ef52f9bdb6875c0a3c730733794631cdaecebe17cd13ec47b2239ad109e2099ffaa5f9a6914be97a1db5c66838b2d7eb6e0f3900768e652390da9198d2bde36ef27c187bca510d303a2c6ac375e1dedcfdbdaa257bf147a865212944016ad3b7aa15b1e6fcb2e65d2d8a8e2193c45d2d8a300177aafae1018dbb114f37ffd215e3ebbfe9afd6685fa8fe1c9f115224a5b89aca5fe2599f7e55b35e6e56c4bfb57ea42bf5cf4f0162ca1877bdb83d271353c0a8c82c10181738886a6d533b7978495dc344de8cf04f670daee067010a5ab9045bb823edea8b985e67d561b21b1496e44780b34f12c5ea306dd42774133d889011d1627e564b5d2df3d75e4eece3d616a6558123405c5ba05a02c6fde450ee49e92f43e7d6cbbd31342fdf7c3f92b5d6f4bd5aa83d1ab918b7c1dd5df80d26b166c10337547c035847e19ebbe266fc95a1d029bde0309719a246921f1fa56379340e24758fe1e16abbbc24948aa458330455b9c4f68a492afc9a45233fb55efdfe669c6231240f13fb7b1a39aeb6e4fd56964f56418e50146d8ea446f75c11be0bca27fe4bc5d921d37f9d51d060624682e380e22cc94d6c2ebcce27ad8eb80cbabcd8a790b16d63fbbda63d05be22ac0cc9e082d49c70a09f6e474433f84611f7e51f394e5671c3fee648abcd7461efe92881fd2f4ff1ee85b83fac5427960abf2f03bd02049a1bb9bcba863a9fd0f1c5eea417d0470713ff602a28379b1117168c5c242dea98ad2611f2894ab6901cd1e4d65039bcf9834bd8123566a336cf853d5b859b5cf19ef31ff944d887300299d550584e175cf906d40251d1675ec4bdbc4b8249e2cb73e84c5eb9430ff75c37eb95817fcb54e99d340355613973174bd168a60ba8aee3fc057c4ec33a5b58a490b186dd4fdad67b342ef2241dc61dfdcc25b579d169e1ac3f4c88b5ead82a39d61c342e86f144e449617b2ece1e0c6cfed4c88a91ea77b02f26a2df57a369f3b76fbf05be3cfb848f82036a90ee2324b7c4c184615782f0d76e195917e405faa7bb8798f7548e6210386d50860f2b4ecc81217b8402505ddc7dff62d3cbc2008f7e0520cc1c11d972f9e1998d6079b9f2febc2e09cf7181529ba4a081f9d45cf4184d7494f7468e8e13fce403bbecd5f4d1c1dcd21a6058ac8b2d4afc877e50398c6e4a858d5f721a930c82601842d4fb54a6a3ac4550d06422ee35a77d051a3edf8bdfa5832576af49430a3259e18c7bd26c4c3dfc88197db142e7170f68d4a679a6c0c5c166a5d962755ceaebc119a7c70502e1a722b81aef105821b368ee268905e511eb0b273f5f6b2d18640d385e4bab1510f0ad0109ddeb208701226125c3ca52d4bce611f55366573e55a2cf9019a0e315d137779ec831b94e8d44b9730d0550d475c410941e65766bd5f0d021a5074d7218280dff6208cdb2cc920fcfaeaeeac9f1310c2b042b8d1bdf867fd8370eb78d2f18cf7fafff9fbb396c429a75d2599fa96fe0c897cf9de792f0b97b2d67a3e557f62cd639e07145f2a51457f20110cdc19f199859df54e00646ad54f78f72e4a1461b2ca1ceac5351de30781224eeaabf44b0fb8d5a8a46bf949277630d767752aa37693894f99a4e2ac562cb0c2845c148612bb217e61ee795a5302b1502b263b5859e1e3bfd8ded85966aff161d5edaaef6ba6bc077b7e570243aa9d3e7b085d45786f8a27b25759cf8cedfca776af98ee2045e3f25949e4cf3c9cbce7300b7b9ec8e4417a0b296f9338116f7efbeec4c6ba591ed4e7f6c8b11de2986d7b9b621045c1cd3504e960fc6ed56d48d3fb6fd716e7b90d7ebbe3891e4973940d440a26133cde4833185d23dee973cccf389b4a7518219908edf5d23075cfa33b02199474ee2f1e681ed8d987503c65ef873b907654389668171417196786d86121d1e7c9797bbb220a307d62c59175b8ef67ab8150e3b5b0ccc0bd02e35412ebe1c40974ca02ddb831b1b88aac4d7a16ebee0384a651c97b586241f9723a7df42a619f4ec59fc136d9c37cf329e769b9012d5cf19aba09c15cfc180eb10a3c262afab1219a9a068f5bd00af04c689786bd6fc83a1c903d5d4060117cb3a2c0874f2120b9347465634fc73f36c6f8c9435675c924f04a1028c73afa1fa"}}, @replay_val={0x10, 0xa, {0x70bd26, 0x70bd28, 0x5}}, @proto={0x5, 0x19, 0xff}, @algo_auth_trunc={0x10aa, 0x14, {{'crc32c-intel\x00'}, 0x8000, 0x80, "4f5a9b17d80d1f5d54afea0dfdbb5297b4992422d9d45563578e7b529e2b005370823c681ed299d1310caccfa875322e66b4585cbc71beaf3e7c5038762181b9696e103b331381102044623677442a4980c225d792a622e00d3b10a58ba7c5f96815aef795790fa646018ee0d72efc092e1b3d156e74d597b61268bdf964ebb6712bd7628a5a9b7b11983375a0e2bfb14dccaddd1ab4498cc6c2105b3cd62d0271e757f3eef4003a9310ff4e82a75fa69f7434e727894f7713113c00cb150d65bc35c39d23fecc63e3d76271c9bc533ebdab2d643dcaa2a31e81723ef7eaecfbb08a012eef110a19a111a378b245d75fd21b2da1f4730c965b6eccbf1d961c635906436f6151549d4ddc11d6de0ccfbc658f7f30b62500e9282322ebc5b6a8e1dccc3ad6b8d207d6794e7e393eea96a6e45dd1bcd5a9e378fab7e36685ca798e4b3904a6f3cb37ab05120a90ef7493ef34f945fcf96ba565a85985377719a55d176445565c65e310774a08042e404e167c81a53cd7f29c160340343f0171754aeb1f01bf02fb0c4a9b7c706131b26b50fafa9258d4cccc32f47f1e4693be5f5649097fce81218a76e6de1e9f52b68f4311ac4363c0fac52e70d43ebd6ac23fab47cd4fb7024312fa3beab3aabfab4d58cbd9cd7824481e63878bb6a518e2b14097babe9b017599d541951c0251cdba06a6512617feb192f52a44d306275e58f1097384225ef422115ce5e73796191abe2d5cdb1776636920d77ae486c8f1176304abe5b42d29186d59b4b758522248f7e57ecec64a6774025c9227161ae251f25cce6bd3a4315b7f5c094fa62a632bdd579626ba03c23a494571f7897ca67ae24ad0111e0919c8f914926782f3c9b15af63b871f2ab1c83b9ff39ca62f2f93be99b9eac40f70c4cd23b010ddb533a0dcfe437cbd30c0aa4bc6ecb5e782b26cd4bf0b36c56c55dcec7757b5958abd08df196ee01174a30198b1f783a94617b0f758bfa4d8dccfa00b2fffb416eb67cc6dc685e2bd2cd7dac80da4a8ac0faa62bf84a23b57d2c0c42ffbbb005788d794ff0d4598d94f4b02609751f059d97ed02beefe44150cfeeb2506299355ad8605f8653d5aababae6b352398e5b24ca47ed6f3f0faff1642c74cf73aebad431c2fd50e3110237ecfcd37efcbf3ae423e1df982e7acbed854811513000bda5bf242240e896f6046b0c7b7ed29c96d3c47c785e39b06870b585f87255747d6954c63e072c901c7430a02f11c377d2c389bab8e2631123ff1318742891e2ddb91c6d6781c6a75bf6df3e9bf85061696a82fc2ec1503ea6f89686caf5dd17ca45b15a2a0ce05072f3012ba8546fc8f2dae301b1f445fc53d7758b479e2b9fbb2ea942e2d79fefc7bcb79e6a44c643fb68761b2b78dc844e5b9392275457d05da5e7afb5cb916fb0f239ff2b8af19019416e72ede088c1319fadac1e83eb5f1421068c2e1d73161040fd12c5cfa44e7fe18ec324cc6b5f55defbea9a720d643a45e9afc4aafc0681f4734a54ed7aedf0490f45dc690cdcd129917a50ecc0bce447bfc45c44aa8ffaa6f6a4aab5ae7073238b4e44b9792abce5468c2239cd4605f865605f4e2bfb37ceb747836010add10c7adaf678c577d2ef05c785ba6d38fcf4e8192900cf5f75ca76633e4d5b13448bee2b83246873d1af0c97246c9d5ac41f9d40c1a823bbded32c3b2b220555af84bd6f8ec71df231149f90bcf18ad7e82f6608a115bcb7eefee3f93546d7f5f2ae17d53c7e764c30beb8f4709545c41f4e9283db1fa0a8675a56384e861fb65888ccb4fba67f0dc6865008b691065af8c521ec7484de99e87bdfc7272dfc15f375ac1601ba17c0a3ed4afdc5c5baf5ad265e45af9d1a8732135c987b64bc982524fc05981eceb183bdf0b64a009d80568dc25f46a0b28a61c5d9b773c60bd65a7c34c2733c28ebd0ba85b9050d5ed3db5b83dac4a88f23e577dc09ee5bc8287ac03052df9e4ddbecabfb2c16f71edb7212cf683bd999c7bfcfebd9467279a82d20e6c7a1478b8b4d0b1287b47e5e08b903b0007c6bbb5e783cab880606f9242e988c059f0b588c3c945914bd709682bf045aeb76ab572a7671b4bea280795d9b71ea1eeb1436d0b702176821d729a5af0f1b7f56f315c2430ffd54fcd0f6af2e924ac1453b4e47a10de1212e2bade9fc19d2f6b1ec06e200d7a2086d166a0925dbc6d3e0ba7122615e07276542bda7449cc89eeda1a9df7d5b8ba5429c09a66e234189ce8c1168e2c5b573fcd3451a3e1cd4a1d1398e8fb3cdad1c414ba0b6d1b4f0a04fcf71e42a0f61e84b6f151007510862dff652493cddcd5b78b95bcec55a2eb8a72ff7d502d152767bebbff27e546004fddba4dfc06ff6401981e51f148168abc138a66af1513a3cc6173f5dffece5430c4bd7763233afcd4d62eec12c3441f4b9f5966843cec8ddb1d35cff2c9408eb53cb06904af3ebdc84de1e778f39df41643c233a098c393a791fc97652839b032faa63bcab2d6555a57cea7e219d3aaea3cf76f7615fa711b18a2bcacecbd30c6968f72d2acd390c4333814d7eb98961bddfee380690686f09e7ee52289bd467f9ad72602155574c6e3d48a0555c61f50d53edda9e36500c3a886028f4f0a72c996f2478c348fe040a1c89ad930ac1d0585037451603c663bd5796997bf3a165351e696a6009d6891637751895b3670a1ce7b6f63677db932133af08f523afce45c1b739f86f79cdeb2883e5276a69f813cc8d289db1264050a7123b9ce6e0af4c83c31830cb18be02d1ed89ca34af687f3537b820c7fcb4da9c36ba1cb01f169d49198be02fc8b72979fbc7cf5ce6d87991a6e33c361ff2d3a3b9909a5e921b2afe03e2f9f5657fbcf2b7f697495b3c5aab35a0b7cdb529d3f385a371e19da71a5f2dff241cd7bd18aabe5a634ad17217c1e533c183e1f68ce9c63041c9a4f00d14fa54a9bb5f1aff733589c402aacf8c208e396248bd892397d2e7bf60dbc8f8232620ea8b8b4cdd31379ebb3fc1ec57e7b6c586a46a2c2fa7f685b765f183cc5f42381cb81c237a1750bc7542c7922fa640dac877213bdbc3eeb9a55e4254bbc6c73441c22d1e3f2aea0d3c36ad6e5a572a99ffbdd376912032b2020c1c3b31925c40e63add678c015de3f08d87207ece77fd1792b3541d27e1f4dac2978f6ed18e7485fe23756e265b0c143b78b636952e2c5d42963492e97c6a2c3f61e4a41e71674322862984b8b2de21f2fa6353d168f53434222b86ec40b7d38c8c6788322167e4678b028cb2c4b1d7c3d6579ca0c761bdfcea898065a9daee6c36254d1e523027ad5076d4ab61456a210b093c305f03e0e2f5d82ab8e9981d5f15da69efdd3966d7ae53061e060474ea0f8f886f1a9780819d3cd7090bf65a9e4c2b455f04e192cfb0bd6fb0f5653f30d7bf53aa9748c87527160b6869894859bab14fa20672202fb39f691474341617535fb89991556a91ce57969f53df0dd36336dd7edfedd2fdb1ed832acdd5bcc3dc748b68e76254bc9e8acf129ad9d7a1e2bc4ed828d7f6fe2bc99b923077b841dcb47725c7b4ec519144b91d3f502fc409be77fdcf268bd700716d26ce93d4863775b131470f286962e6d0a6f44fb5029236f716e999c05cf2250d74661aec82f50b9cbffa523fe11c559ec37ce171f6da7390b62ca78186a413f37c3d6937c534afc6e4019e7647a0341a8e4bfb940c3c3607301358f94662a2cae2af80e1689b70859f9084f71bf172568bb187e6129119deb66e4eb4583eb5e785536f412c0063fd3a92c66584b64d9725f1372ed430e4c45e0f31042790168940f23d8bf31936d1cddb78cadda8e7274c0c23a4f1d04b82eeca8bd0e5eeab98ce3e0f1edfcfcb1e844456924d19e19589a0853bbe5798c3cd90f42a60e018921fcf101caf4412628fb2e15f1829f78d7a5bd5d60a96988b3e5a0977197fc07f932a6b86cd325405a287ced46f4da1a1afd8c09fe0c169180d723d49f5d0eee83e9ae4dd4c3311056f04013c73a11f4cef7940ed840253dd1b24704053568a8bf9cf912ceaad0108cee289fa27cb46fd6fe6599899b9e8be384b54c10c7134eccd5c7dee8e7f80176035578d2b71e99f0baa830d6dc023a2a70784ec721e7e352b3d994bcc6a3dcaa6181c4baed1cf1b815031cb77514d724f7aba73b5fb8af8f86b6b5839ed6d152361f013f9ffcadf72e90f9ca1cd7316bef732406930aef53d50811db47168baad764b0d6e22b5a494c488ad5afb151a2375e72652fa79928afeefc6136dbb435b1669794176fb70fb990769c75083b47901d30112b7931bf1be71ed295a4f321c83b4ab4571065fc372383efa040fd2e5906abc865cd0dc7f7595947c555cc1ff7fc6e9d8709ff183086296c00871f93e470aff583d3ca17d672182ba487979a4d010d1d1a81fa7bb49ef55269924fed7e57e610aa9286dbc03caefc01f6b2a053773ce23e351dbd11d118080c56696f109f5a48f407f6e05268705f2796cd39cf9376608c7bd31b20caf8026300af3f74da9a2ffb2d54b58fa88070017183183ede10213fa061934f40f67847fe4ad387c6b3676acbabd7ef3ca7828125312b733ee4e31eb972aa6c54693aede501f18fc3aa34c141a3af7f405b4bdcee84facf9db6bdc9091af93b21db3f6f83219529c1a810958003c732924fa830e32418ff1cca0b9f9eedf18255363cd74ed2dfc9854aa99e109d48dd281080eb52294274c22b7c677e25a7cf4b153ec15292a62f39a37c9e112bfc0932511dad27b01ac1f9623295fbab6fd534d2c2952c3b7c3ae573a41a217a2c216d0ac878aaec78696b9ddbeac4ad8468c93aba13937789c3271699f12cb8066c5ea5db3a1cac5aaf23669559e9d6ee746041b18565688081d498acc8353b6f143299a3d2738c9d68147d16e36a04521a29321b0f8d5408cd8aeed7348d6d375b2e28dd7048754e2800986b8604bc658020138484bc4fa1a3c20606cb010b2684011030ddc98f6373537d9750b3fab9b39cf8d060b4137ba676d915767899a0aff1a57a1640d557b42b01480d427831582b5c6c80624e148b24235e158ef1c3f993317e5362f8aa447a5c2dd5f959e99167fec0313cf460a0e6285b2401a6d495ccac4b1a7588430dc6cdbaeb5621e58c80cfc625e86e4037f20a8dabc7bbc657f3066867884e03b8859acab57f1eb150a55cab0976d8457f143403a8f78ca5dec211000fdfb26e8631c59ea3f145e98d95caa56359b090cb5f18e9682300ad608d8ce5381cffb5828ff2b32dc2b0ef0d0a85023522600af54e2427a96a46c48ec8263412c12da87f096d2d0d524b7e0873363534dab785ee82488d737de40ecdf07f3a1a52f61f34192293819e1c2cf17d0373308d09043e0d8278c5a4688962330cf941e3cc515ab69718b6d80ce8e1a66aed7861135c1e68936b14b81a676effaede91b18dc2527007411788395e1763ce1e635553876deeaf1e6e78a8d92aedb2daaeb537c3fd57a4f1643efae2f6710c1bcf3b0ab204b5d7633bef1e5377dc28ffaa49016e5d02fea92b99b83d1b8e30deb639671889022f38da53c8fbda602547fd32b84d08aa919b81ce9f5cf1f300d253a286e1a729ae64afceed4f1bdeb278cc137471892d91aee51393d5e1334f211274993a9bf5340cd4a7efd15d18d3feac219bca7692290feb56efaf8ec98339c78a4af0d095a35e5ac558b7ddae4f7152e03567a95418a1764a6b586e0fa1049f82d377f4cdc6ebc8bd0d315e8a20d6e7bd2b71"}}, @srcaddr={0x14, 0xd, @in6=@empty}, @proto={0x5, 0x19, 0x32}]}, 0x2108}}, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) (async) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=@newae={0x2108, 0x1e, 0x100, 0x70bd2d, 0x25dfdbfb, {{@in=@private=0xa010100, 0x4d3, 0x2, 0x33}, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x40, 0x3507}, [@algo_crypt={0x1048, 0x2, {{'kw(aes-ce)\x00'}, 0x8000, "9d78ec26a5ef6a153b259a0b025fd54f1ca5df8521ccac039dff6485a2a74bd2ce70eed56757791343845c9df6497f80cc3bd9c823ae0f9947465c49420a8191770ff771544cd07d10b9a12d7df85d30ca48f85c4efa0bbff338299afeb716593167f99e6a2bb1a28045191b1833ff54b52593797ea7d1bc20fdab40c7231f08983e4ed7a1502b65a72fe9781f99e0c09051433a0db481a55d51d13b975cf239ea498b0dae851d99a57e45edb1fcd1b074c0c160a890af1237ff2e232ea18f399c4cc090691d64cbbbffa733c9609d5f92e3626432ed878e0e37284726c6dae3d3ee6bc9112f08fbadac40b53924ccb9d4652fba68750367e985df7fdc43f9810b0288b8b580302fc87c576db8f7cc703d91843e8f9a42b7f1c4d1dbeb1965275232c49fd27c1fd77e25f46ef7997d8cdfaea5acc308d358ba5481b0f1badd4bec9cf1f423b448eb89be7070152c454f6451f8325e170a7b2c89b056969995488b6e969313851c2e4b388376a92df2251bbdcf50f8d56dd8e7d0baac9ce732e9bc2c4e353a9d396ddf04756dede5e24b066f12722530e06b1c3930bc0d2f58112a9f617d872edfbb9fab3ce9da84c276f47f9e5ba08f9a19ba66198135d1d4388df48fc9d1c34366673a3bbf8146473a26fd01e1a9b7b2faaf27d986ca6132f804e3c270d2afe2f98ff8d4526bdcdd14738653f83fd62d5767045878bcebc9545617890e7368e7a32f8315237718eebbfc84102f09578177a3985c147dc217c0c01f28f9ce095eb269a9186fd30c3e7dc9faf24f8df1353b2c362030206a5be5b28747c4f3f275539371095c1539383653a3fa9c2b8224a8991cd3452ef0cfe3c851779d22c82d45a1c795b3b56ce8b2ed6af3b760bf88b92eb0be251ef400c195099236a872e9b15d446eb1f61b67fe2495f572e44a3781b43b4eb7776f76595bfde166bef5adf124be66aeb46b60235a23fcb07892eed2f3c9463aa0f1ddf3dded1d088752311a5ed38131b43426895d216d0e71a37f6464137b02e2a04edf7974d5a331d41d5a2a989ff81faa21c349471dcf2454553f4b60346bae5e15c85eff93027d5c6fd3d6acf109758d9b3e151878329f227a1fa25ea743c506528a07bd157a4c6e223d764bcc26751a21aaa423835ae756986dea91f03e35aeef116c34c3037e96ece2e76cec5955ed24304be241b03af7595fd973f1e6a00fbb4438dc5caf1c5bb1ed24f1898c3dfa610d744c8f063864801e0a72a281cd1a943be4b20ac634809707df221eb6be9b81e0703bb6563f7bcaa306def4606bd466539b168a18272d35c04024ac63e4bdbedbab5330407ec971da7ad514fd4749b3eb91f0b70f3594c0390b773fef689316f8b1ad3e16def42b19eb19801e18e71ee2b5ac56a7abab115f68d98169e7c5eb554f8be7fad3123f3a935b54ad2878bc4b62abc5a4fe040ff5eb87490fef71d50947fc5a349218752a39ef2d27db49c52933a5e149f5e289e25add1d28890c407888099ebe32ff68d2644fd19787a712258d66945609c94f2765bee45c1b12c26298bf2c02d9acee54e740e5a8441f417a47d4f0b418229a89e3ee9768fe8fcab8c8490b65079ed355858005064e54bb212d9d465e109717eac723e1768d0b985d35d70297b869bbc33dff533f201a813367b8ffa948b5cf5e150f3b0a9aa30abaf795b2b59b4bd5cfdd136ada54b3a0872c22f05309ab0f13a21089ca6a30fca15584a817cfbe4eefe9ca9c5de46955ac0244e4e688c7a5885d59ca773980e64278aa1e3bf1e32cc59bb791f9d85e1e475231f1a5f0810364f8fa090818889b166f5f5b3e37ecd703be31c1ea00cc65b2f76505e186c432d4fdba20e25b01d3234aa0b353ed7547edf5d5df00c8d8ecb9ed5eaccf934f59936a0448f041a86a5c6daa36b8ab5e099a87992a93bb30da20622cc2aa5e497fc400d84a5b35e05d5693c0078fd693413ce88a315c6f5119d275ddc357d42adb49a052a67a2170fe6044b1f72db4a804017cb86217247d1d0491f8db812ea54ca3302a58a82c444acc15a8683aa0a214a8d107f5db1955e843965345ce104c38f9c066a0a7d5b5c115d3bc2929b78aca1a85449156e5fe6be0545f4adc9766c52d1108805bf96549c5e7b89a2362536bab6751b9364ba0d4825802c3456827a46cea471a75b6973ac99a8371706e625c7e3a0df85152cc732d07266e90d2f825e37afd202a7d16c51660357ce4d6b2dd1ded7ed838ca7ae488cfa1485ffeffd4b0c7773fc7c5b42d3c45d45980e1d389edeebfb27069fef4cd07324f34bdbb53f421d0a81904903a221dbc6054c2d473b9b32dff25a5fb0990fb740afc725f759c1a06b3ba69afcaa2db149cf6573dfc409972e92d2233968cc6d80800f604cf6abf60157d2ae7dfb5c4bdfab52d1cf933e316d39cc76dbf92a1065c805d3b2cf8966970f46ae40db08ca2b94d6de3a2be79c56deefc91d7efb2191a39c0ce74923d67bb1f627d5ba0b856f70246532a032c6447a1767a98b07de762e3d831b181bba35b53da555bcb180bb85e903ef7818054226f29571e66ec8bd67b1b7d75fe8ec4d762814f6ec9b2b03e3d4e21e70fae175b0493d3c2c85a441c05ab7b3a3b76b8f512b9b1bc5c33eedc3a422ac46f6758701726e4fb806d367a4901e43882e8f8c8cbf90515632c6270862095be1125e3baa8e66a433187229ee718f4a87173d3105b27781e5431afc7f771ba4c6b72fa067c935569b80088e32f45b0d06745e2632bd68d900336fd91b35fff9f5603e9f4d0ae050841e2866859feade0f90b2d71087d25c45252a89633139e771482c7c5df4684b6838d50fa8d77492d431020408e5ffaf11ca0aa46cfe1c5cff14ba07edf9c8082ed9893d726a892f75a2d850d73e6c047ae59e5210385edda8388b07f75a9c299f21e5ed9c9abc837b7e720fcf824eb6df12215b48e05e697fb43201bbd61ec30c329fd8cd6a4134ef8182f73546add98a980f4677e581727a28c30ee41b38d33155ff7334562e697afb781ce26af60ae9603dfa6e8ac5d62738fe04a1b986c321c8a9bf3437e4679390f460e38bfac80a3660406759af61196f04c0cdbd60c01eef67a0ec6f6466a13e2b1c2cb31c091ae8c5908c503cf9ebf26f753cc2aca5a973686314f6eb3f4c027ac03f961e82725fe43db2a2e726694270b53160487b6c0c75da50993893b921a36822f8e10269297294651ca7489c7b5fa4d62c2f586b8f5a9aa3dd4b12f8f52601ea9c67c3546ab93480542a1c5db700022d5e1a653e8b4b5667e3eb2e570ecf8a5ea59b6722594d8ab46ad4e87b17d550ff88afcda200b3d4e755c7978d562fe3f7d3bbc8de8192100d329cf167b5d5fd1e9ce028d1690e3d740b00a98e245e884c8970f584c201756c48359671703d9f0f87ecdc79a21da5ac266215bf1376743cb6a0636e5ccc8d94164655627516a4ba10b8174dbe78209b2f1d531884ee65fc58c926935dcd2b451f1bbb6d16c53c9e9af2d41ffe507a309aa3b5186b7efc24cd13f2e87faa70c52e52dc51aa4e255e963a41aaf489d2af31fd6e4da6737677b8f22dbe86f8f5417c3dff5ad8c20b21585f8c8271a7a598c029bdccfaa182623ef52f9bdb6875c0a3c730733794631cdaecebe17cd13ec47b2239ad109e2099ffaa5f9a6914be97a1db5c66838b2d7eb6e0f3900768e652390da9198d2bde36ef27c187bca510d303a2c6ac375e1dedcfdbdaa257bf147a865212944016ad3b7aa15b1e6fcb2e65d2d8a8e2193c45d2d8a300177aafae1018dbb114f37ffd215e3ebbfe9afd6685fa8fe1c9f115224a5b89aca5fe2599f7e55b35e6e56c4bfb57ea42bf5cf4f0162ca1877bdb83d271353c0a8c82c10181738886a6d533b7978495dc344de8cf04f670daee067010a5ab9045bb823edea8b985e67d561b21b1496e44780b34f12c5ea306dd42774133d889011d1627e564b5d2df3d75e4eece3d616a6558123405c5ba05a02c6fde450ee49e92f43e7d6cbbd31342fdf7c3f92b5d6f4bd5aa83d1ab918b7c1dd5df80d26b166c10337547c035847e19ebbe266fc95a1d029bde0309719a246921f1fa56379340e24758fe1e16abbbc24948aa458330455b9c4f68a492afc9a45233fb55efdfe669c6231240f13fb7b1a39aeb6e4fd56964f56418e50146d8ea446f75c11be0bca27fe4bc5d921d37f9d51d060624682e380e22cc94d6c2ebcce27ad8eb80cbabcd8a790b16d63fbbda63d05be22ac0cc9e082d49c70a09f6e474433f84611f7e51f394e5671c3fee648abcd7461efe92881fd2f4ff1ee85b83fac5427960abf2f03bd02049a1bb9bcba863a9fd0f1c5eea417d0470713ff602a28379b1117168c5c242dea98ad2611f2894ab6901cd1e4d65039bcf9834bd8123566a336cf853d5b859b5cf19ef31ff944d887300299d550584e175cf906d40251d1675ec4bdbc4b8249e2cb73e84c5eb9430ff75c37eb95817fcb54e99d340355613973174bd168a60ba8aee3fc057c4ec33a5b58a490b186dd4fdad67b342ef2241dc61dfdcc25b579d169e1ac3f4c88b5ead82a39d61c342e86f144e449617b2ece1e0c6cfed4c88a91ea77b02f26a2df57a369f3b76fbf05be3cfb848f82036a90ee2324b7c4c184615782f0d76e195917e405faa7bb8798f7548e6210386d50860f2b4ecc81217b8402505ddc7dff62d3cbc2008f7e0520cc1c11d972f9e1998d6079b9f2febc2e09cf7181529ba4a081f9d45cf4184d7494f7468e8e13fce403bbecd5f4d1c1dcd21a6058ac8b2d4afc877e50398c6e4a858d5f721a930c82601842d4fb54a6a3ac4550d06422ee35a77d051a3edf8bdfa5832576af49430a3259e18c7bd26c4c3dfc88197db142e7170f68d4a679a6c0c5c166a5d962755ceaebc119a7c70502e1a722b81aef105821b368ee268905e511eb0b273f5f6b2d18640d385e4bab1510f0ad0109ddeb208701226125c3ca52d4bce611f55366573e55a2cf9019a0e315d137779ec831b94e8d44b9730d0550d475c410941e65766bd5f0d021a5074d7218280dff6208cdb2cc920fcfaeaeeac9f1310c2b042b8d1bdf867fd8370eb78d2f18cf7fafff9fbb396c429a75d2599fa96fe0c897cf9de792f0b97b2d67a3e557f62cd639e07145f2a51457f20110cdc19f199859df54e00646ad54f78f72e4a1461b2ca1ceac5351de30781224eeaabf44b0fb8d5a8a46bf949277630d767752aa37693894f99a4e2ac562cb0c2845c148612bb217e61ee795a5302b1502b263b5859e1e3bfd8ded85966aff161d5edaaef6ba6bc077b7e570243aa9d3e7b085d45786f8a27b25759cf8cedfca776af98ee2045e3f25949e4cf3c9cbce7300b7b9ec8e4417a0b296f9338116f7efbeec4c6ba591ed4e7f6c8b11de2986d7b9b621045c1cd3504e960fc6ed56d48d3fb6fd716e7b90d7ebbe3891e4973940d440a26133cde4833185d23dee973cccf389b4a7518219908edf5d23075cfa33b02199474ee2f1e681ed8d987503c65ef873b907654389668171417196786d86121d1e7c9797bbb220a307d62c59175b8ef67ab8150e3b5b0ccc0bd02e35412ebe1c40974ca02ddb831b1b88aac4d7a16ebee0384a651c97b586241f9723a7df42a619f4ec59fc136d9c37cf329e769b9012d5cf19aba09c15cfc180eb10a3c262afab1219a9a068f5bd00af04c689786bd6fc83a1c903d5d4060117cb3a2c0874f2120b9347465634fc73f36c6f8c9435675c924f04a1028c73afa1fa"}}, @replay_val={0x10, 0xa, {0x70bd26, 0x70bd28, 0x5}}, @proto={0x5, 0x19, 0xff}, @algo_auth_trunc={0x10aa, 0x14, {{'crc32c-intel\x00'}, 0x8000, 0x80, "4f5a9b17d80d1f5d54afea0dfdbb5297b4992422d9d45563578e7b529e2b005370823c681ed299d1310caccfa875322e66b4585cbc71beaf3e7c5038762181b9696e103b331381102044623677442a4980c225d792a622e00d3b10a58ba7c5f96815aef795790fa646018ee0d72efc092e1b3d156e74d597b61268bdf964ebb6712bd7628a5a9b7b11983375a0e2bfb14dccaddd1ab4498cc6c2105b3cd62d0271e757f3eef4003a9310ff4e82a75fa69f7434e727894f7713113c00cb150d65bc35c39d23fecc63e3d76271c9bc533ebdab2d643dcaa2a31e81723ef7eaecfbb08a012eef110a19a111a378b245d75fd21b2da1f4730c965b6eccbf1d961c635906436f6151549d4ddc11d6de0ccfbc658f7f30b62500e9282322ebc5b6a8e1dccc3ad6b8d207d6794e7e393eea96a6e45dd1bcd5a9e378fab7e36685ca798e4b3904a6f3cb37ab05120a90ef7493ef34f945fcf96ba565a85985377719a55d176445565c65e310774a08042e404e167c81a53cd7f29c160340343f0171754aeb1f01bf02fb0c4a9b7c706131b26b50fafa9258d4cccc32f47f1e4693be5f5649097fce81218a76e6de1e9f52b68f4311ac4363c0fac52e70d43ebd6ac23fab47cd4fb7024312fa3beab3aabfab4d58cbd9cd7824481e63878bb6a518e2b14097babe9b017599d541951c0251cdba06a6512617feb192f52a44d306275e58f1097384225ef422115ce5e73796191abe2d5cdb1776636920d77ae486c8f1176304abe5b42d29186d59b4b758522248f7e57ecec64a6774025c9227161ae251f25cce6bd3a4315b7f5c094fa62a632bdd579626ba03c23a494571f7897ca67ae24ad0111e0919c8f914926782f3c9b15af63b871f2ab1c83b9ff39ca62f2f93be99b9eac40f70c4cd23b010ddb533a0dcfe437cbd30c0aa4bc6ecb5e782b26cd4bf0b36c56c55dcec7757b5958abd08df196ee01174a30198b1f783a94617b0f758bfa4d8dccfa00b2fffb416eb67cc6dc685e2bd2cd7dac80da4a8ac0faa62bf84a23b57d2c0c42ffbbb005788d794ff0d4598d94f4b02609751f059d97ed02beefe44150cfeeb2506299355ad8605f8653d5aababae6b352398e5b24ca47ed6f3f0faff1642c74cf73aebad431c2fd50e3110237ecfcd37efcbf3ae423e1df982e7acbed854811513000bda5bf242240e896f6046b0c7b7ed29c96d3c47c785e39b06870b585f87255747d6954c63e072c901c7430a02f11c377d2c389bab8e2631123ff1318742891e2ddb91c6d6781c6a75bf6df3e9bf85061696a82fc2ec1503ea6f89686caf5dd17ca45b15a2a0ce05072f3012ba8546fc8f2dae301b1f445fc53d7758b479e2b9fbb2ea942e2d79fefc7bcb79e6a44c643fb68761b2b78dc844e5b9392275457d05da5e7afb5cb916fb0f239ff2b8af19019416e72ede088c1319fadac1e83eb5f1421068c2e1d73161040fd12c5cfa44e7fe18ec324cc6b5f55defbea9a720d643a45e9afc4aafc0681f4734a54ed7aedf0490f45dc690cdcd129917a50ecc0bce447bfc45c44aa8ffaa6f6a4aab5ae7073238b4e44b9792abce5468c2239cd4605f865605f4e2bfb37ceb747836010add10c7adaf678c577d2ef05c785ba6d38fcf4e8192900cf5f75ca76633e4d5b13448bee2b83246873d1af0c97246c9d5ac41f9d40c1a823bbded32c3b2b220555af84bd6f8ec71df231149f90bcf18ad7e82f6608a115bcb7eefee3f93546d7f5f2ae17d53c7e764c30beb8f4709545c41f4e9283db1fa0a8675a56384e861fb65888ccb4fba67f0dc6865008b691065af8c521ec7484de99e87bdfc7272dfc15f375ac1601ba17c0a3ed4afdc5c5baf5ad265e45af9d1a8732135c987b64bc982524fc05981eceb183bdf0b64a009d80568dc25f46a0b28a61c5d9b773c60bd65a7c34c2733c28ebd0ba85b9050d5ed3db5b83dac4a88f23e577dc09ee5bc8287ac03052df9e4ddbecabfb2c16f71edb7212cf683bd999c7bfcfebd9467279a82d20e6c7a1478b8b4d0b1287b47e5e08b903b0007c6bbb5e783cab880606f9242e988c059f0b588c3c945914bd709682bf045aeb76ab572a7671b4bea280795d9b71ea1eeb1436d0b702176821d729a5af0f1b7f56f315c2430ffd54fcd0f6af2e924ac1453b4e47a10de1212e2bade9fc19d2f6b1ec06e200d7a2086d166a0925dbc6d3e0ba7122615e07276542bda7449cc89eeda1a9df7d5b8ba5429c09a66e234189ce8c1168e2c5b573fcd3451a3e1cd4a1d1398e8fb3cdad1c414ba0b6d1b4f0a04fcf71e42a0f61e84b6f151007510862dff652493cddcd5b78b95bcec55a2eb8a72ff7d502d152767bebbff27e546004fddba4dfc06ff6401981e51f148168abc138a66af1513a3cc6173f5dffece5430c4bd7763233afcd4d62eec12c3441f4b9f5966843cec8ddb1d35cff2c9408eb53cb06904af3ebdc84de1e778f39df41643c233a098c393a791fc97652839b032faa63bcab2d6555a57cea7e219d3aaea3cf76f7615fa711b18a2bcacecbd30c6968f72d2acd390c4333814d7eb98961bddfee380690686f09e7ee52289bd467f9ad72602155574c6e3d48a0555c61f50d53edda9e36500c3a886028f4f0a72c996f2478c348fe040a1c89ad930ac1d0585037451603c663bd5796997bf3a165351e696a6009d6891637751895b3670a1ce7b6f63677db932133af08f523afce45c1b739f86f79cdeb2883e5276a69f813cc8d289db1264050a7123b9ce6e0af4c83c31830cb18be02d1ed89ca34af687f3537b820c7fcb4da9c36ba1cb01f169d49198be02fc8b72979fbc7cf5ce6d87991a6e33c361ff2d3a3b9909a5e921b2afe03e2f9f5657fbcf2b7f697495b3c5aab35a0b7cdb529d3f385a371e19da71a5f2dff241cd7bd18aabe5a634ad17217c1e533c183e1f68ce9c63041c9a4f00d14fa54a9bb5f1aff733589c402aacf8c208e396248bd892397d2e7bf60dbc8f8232620ea8b8b4cdd31379ebb3fc1ec57e7b6c586a46a2c2fa7f685b765f183cc5f42381cb81c237a1750bc7542c7922fa640dac877213bdbc3eeb9a55e4254bbc6c73441c22d1e3f2aea0d3c36ad6e5a572a99ffbdd376912032b2020c1c3b31925c40e63add678c015de3f08d87207ece77fd1792b3541d27e1f4dac2978f6ed18e7485fe23756e265b0c143b78b636952e2c5d42963492e97c6a2c3f61e4a41e71674322862984b8b2de21f2fa6353d168f53434222b86ec40b7d38c8c6788322167e4678b028cb2c4b1d7c3d6579ca0c761bdfcea898065a9daee6c36254d1e523027ad5076d4ab61456a210b093c305f03e0e2f5d82ab8e9981d5f15da69efdd3966d7ae53061e060474ea0f8f886f1a9780819d3cd7090bf65a9e4c2b455f04e192cfb0bd6fb0f5653f30d7bf53aa9748c87527160b6869894859bab14fa20672202fb39f691474341617535fb89991556a91ce57969f53df0dd36336dd7edfedd2fdb1ed832acdd5bcc3dc748b68e76254bc9e8acf129ad9d7a1e2bc4ed828d7f6fe2bc99b923077b841dcb47725c7b4ec519144b91d3f502fc409be77fdcf268bd700716d26ce93d4863775b131470f286962e6d0a6f44fb5029236f716e999c05cf2250d74661aec82f50b9cbffa523fe11c559ec37ce171f6da7390b62ca78186a413f37c3d6937c534afc6e4019e7647a0341a8e4bfb940c3c3607301358f94662a2cae2af80e1689b70859f9084f71bf172568bb187e6129119deb66e4eb4583eb5e785536f412c0063fd3a92c66584b64d9725f1372ed430e4c45e0f31042790168940f23d8bf31936d1cddb78cadda8e7274c0c23a4f1d04b82eeca8bd0e5eeab98ce3e0f1edfcfcb1e844456924d19e19589a0853bbe5798c3cd90f42a60e018921fcf101caf4412628fb2e15f1829f78d7a5bd5d60a96988b3e5a0977197fc07f932a6b86cd325405a287ced46f4da1a1afd8c09fe0c169180d723d49f5d0eee83e9ae4dd4c3311056f04013c73a11f4cef7940ed840253dd1b24704053568a8bf9cf912ceaad0108cee289fa27cb46fd6fe6599899b9e8be384b54c10c7134eccd5c7dee8e7f80176035578d2b71e99f0baa830d6dc023a2a70784ec721e7e352b3d994bcc6a3dcaa6181c4baed1cf1b815031cb77514d724f7aba73b5fb8af8f86b6b5839ed6d152361f013f9ffcadf72e90f9ca1cd7316bef732406930aef53d50811db47168baad764b0d6e22b5a494c488ad5afb151a2375e72652fa79928afeefc6136dbb435b1669794176fb70fb990769c75083b47901d30112b7931bf1be71ed295a4f321c83b4ab4571065fc372383efa040fd2e5906abc865cd0dc7f7595947c555cc1ff7fc6e9d8709ff183086296c00871f93e470aff583d3ca17d672182ba487979a4d010d1d1a81fa7bb49ef55269924fed7e57e610aa9286dbc03caefc01f6b2a053773ce23e351dbd11d118080c56696f109f5a48f407f6e05268705f2796cd39cf9376608c7bd31b20caf8026300af3f74da9a2ffb2d54b58fa88070017183183ede10213fa061934f40f67847fe4ad387c6b3676acbabd7ef3ca7828125312b733ee4e31eb972aa6c54693aede501f18fc3aa34c141a3af7f405b4bdcee84facf9db6bdc9091af93b21db3f6f83219529c1a810958003c732924fa830e32418ff1cca0b9f9eedf18255363cd74ed2dfc9854aa99e109d48dd281080eb52294274c22b7c677e25a7cf4b153ec15292a62f39a37c9e112bfc0932511dad27b01ac1f9623295fbab6fd534d2c2952c3b7c3ae573a41a217a2c216d0ac878aaec78696b9ddbeac4ad8468c93aba13937789c3271699f12cb8066c5ea5db3a1cac5aaf23669559e9d6ee746041b18565688081d498acc8353b6f143299a3d2738c9d68147d16e36a04521a29321b0f8d5408cd8aeed7348d6d375b2e28dd7048754e2800986b8604bc658020138484bc4fa1a3c20606cb010b2684011030ddc98f6373537d9750b3fab9b39cf8d060b4137ba676d915767899a0aff1a57a1640d557b42b01480d427831582b5c6c80624e148b24235e158ef1c3f993317e5362f8aa447a5c2dd5f959e99167fec0313cf460a0e6285b2401a6d495ccac4b1a7588430dc6cdbaeb5621e58c80cfc625e86e4037f20a8dabc7bbc657f3066867884e03b8859acab57f1eb150a55cab0976d8457f143403a8f78ca5dec211000fdfb26e8631c59ea3f145e98d95caa56359b090cb5f18e9682300ad608d8ce5381cffb5828ff2b32dc2b0ef0d0a85023522600af54e2427a96a46c48ec8263412c12da87f096d2d0d524b7e0873363534dab785ee82488d737de40ecdf07f3a1a52f61f34192293819e1c2cf17d0373308d09043e0d8278c5a4688962330cf941e3cc515ab69718b6d80ce8e1a66aed7861135c1e68936b14b81a676effaede91b18dc2527007411788395e1763ce1e635553876deeaf1e6e78a8d92aedb2daaeb537c3fd57a4f1643efae2f6710c1bcf3b0ab204b5d7633bef1e5377dc28ffaa49016e5d02fea92b99b83d1b8e30deb639671889022f38da53c8fbda602547fd32b84d08aa919b81ce9f5cf1f300d253a286e1a729ae64afceed4f1bdeb278cc137471892d91aee51393d5e1334f211274993a9bf5340cd4a7efd15d18d3feac219bca7692290feb56efaf8ec98339c78a4af0d095a35e5ac558b7ddae4f7152e03567a95418a1764a6b586e0fa1049f82d377f4cdc6ebc8bd0d315e8a20d6e7bd2b71"}}, @srcaddr={0x14, 0xd, @in6=@empty}, @proto={0x5, 0x19, 0x32}]}, 0x2108}}, 0x0) (async) 10:58:13 executing program 4: write$FUSE_NOTIFY_INVAL_INODE(0xffffffffffffffff, &(0x7f0000000040)={0x28, 0x2, 0x0, {0x4, 0x4}}, 0x28) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@updsa={0xf0, 0x1a, 0xf03, 0x0, 0x0, {{@in=@local, @in=@loopback}, {@in=@rand_addr=0x64010100}, @in=@rand_addr=0x64010100, {}, {}, {0x400}}}, 0xf0}}, 0x0) 10:58:13 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 30) [ 2044.326462] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 [ 2044.395525] FAULT_INJECTION: forcing a failure. [ 2044.395525] name failslab, interval 1, probability 0, space 0, times 0 [ 2044.407574] CPU: 0 PID: 23825 Comm: syz-executor.1 Not tainted 4.14.286-syzkaller #0 [ 2044.415451] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2044.424792] Call Trace: [ 2044.427377] dump_stack+0x1b2/0x281 [ 2044.430994] should_fail.cold+0x10a/0x149 [ 2044.435122] should_failslab+0xd6/0x130 [ 2044.439074] kmem_cache_alloc+0x28e/0x3c0 [ 2044.443201] __kernfs_new_node+0x6f/0x470 [ 2044.447347] kernfs_new_node+0x7b/0xe0 [ 2044.451221] __kernfs_create_file+0x3d/0x320 [ 2044.455607] sysfs_add_file_mode_ns+0x1e1/0x450 [ 2044.460258] internal_create_group+0x22b/0x710 [ 2044.464828] sysfs_create_groups+0x92/0x130 [ 2044.469135] device_add+0x7e5/0x15c0 [ 2044.472827] ? kfree_const+0x33/0x40 [ 2044.476519] ? device_is_dependent+0x2a0/0x2a0 [ 2044.481077] ? kfree+0x1f0/0x250 [ 2044.484441] device_create_groups_vargs+0x1dc/0x250 [ 2044.489444] device_create_vargs+0x3a/0x50 [ 2044.493664] bdi_register_va.part.0+0x35/0x650 [ 2044.498240] bdi_register_va+0x63/0x80 [ 2044.502113] super_setup_bdi_name+0x123/0x220 [ 2044.506593] ? kill_block_super+0xe0/0xe0 [ 2044.510741] ? do_raw_spin_unlock+0x164/0x220 [ 2044.515219] fuse_fill_super+0x937/0x15c0 [ 2044.519362] ? fuse_get_root_inode+0xc0/0xc0 [ 2044.523764] ? up_write+0x17/0x60 [ 2044.527209] ? register_shrinker+0x15f/0x220 [ 2044.531617] ? sget_userns+0x768/0xc10 [ 2044.535483] ? get_anon_bdev+0x1c0/0x1c0 [ 2044.539532] ? sget+0xd9/0x110 [ 2044.542710] ? fuse_get_root_inode+0xc0/0xc0 [ 2044.547103] mount_nodev+0x4c/0xf0 [ 2044.550648] mount_fs+0x92/0x2a0 [ 2044.554003] vfs_kern_mount.part.0+0x5b/0x470 [ 2044.558483] do_mount+0xe65/0x2a30 [ 2044.562001] ? copy_mount_string+0x40/0x40 [ 2044.566218] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 2044.571234] ? copy_mnt_ns+0xa30/0xa30 [ 2044.575108] ? copy_mount_options+0x1fa/0x2f0 [ 2044.579579] ? copy_mnt_ns+0xa30/0xa30 [ 2044.583442] SyS_mount+0xa8/0x120 [ 2044.586876] ? copy_mnt_ns+0xa30/0xa30 [ 2044.590753] do_syscall_64+0x1d5/0x640 [ 2044.594621] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2044.599790] RIP: 0033:0x7fc09e230109 [ 2044.603475] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2044.611160] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 [ 2044.618414] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 [ 2044.625664] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 [ 2044.632918] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2044.640163] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 10:58:13 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) getresuid(&(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0)) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) write$FUSE_NOTIFY_POLL(r1, &(0x7f0000000000)={0x18, 0x1, 0x0, {0x460}}, 0x18) 10:58:13 executing program 4: write$FUSE_NOTIFY_INVAL_INODE(0xffffffffffffffff, &(0x7f0000000040)={0x28, 0x2, 0x0, {0x4, 0x4}}, 0x28) (async) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@updsa={0xf0, 0x1a, 0xf03, 0x0, 0x0, {{@in=@local, @in=@loopback}, {@in=@rand_addr=0x64010100}, @in=@rand_addr=0x64010100, {}, {}, {0x400}}}, 0xf0}}, 0x0) 10:58:13 executing program 5: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) (async) ioctl$KVM_SET_PIT2(r0, 0x4070aea0, &(0x7f0000000100)={[{0x101, 0x1ff, 0x3, 0x8, 0x69, 0x7, 0x8, 0x7f, 0x80, 0x7, 0x18, 0x1f, 0x7}, {0x6, 0x6, 0x4, 0x3, 0x8, 0xbb, 0x9f, 0x2, 0x2, 0xfc, 0x18, 0x5d, 0x3f}, {0x203, 0x400, 0x1, 0xdc, 0x9, 0x3, 0x7, 0x58, 0x5, 0x2, 0x9, 0x2, 0xb8f5}], 0xfa}) (async) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000000)=0x2, 0x4) 10:58:13 executing program 3: sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x38, 0x140b, 0x20, 0x70bd2c, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x4}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_RES_CM_IDN={0x8, 0x3f, 0x2}]}, 0x38}, 0x1, 0x0, 0x0, 0x40890}, 0x800) sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x38, 0x140b, 0x20, 0x70bd2c, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x4}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_RES_CM_IDN={0x8, 0x3f, 0x2}]}, 0x38}, 0x1, 0x0, 0x0, 0x40890}, 0x800) (async) 10:58:13 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x1101802, &(0x7f0000000240)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@blksize={'blksize', 0x3d, 0x1a00}}]}}) 10:58:13 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 31) 10:58:13 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) (async) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) getresuid(&(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0)) (async) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async) write$FUSE_NOTIFY_POLL(r1, &(0x7f0000000000)={0x18, 0x1, 0x0, {0x460}}, 0x18) 10:58:13 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) (async) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) (async) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) (async) getresuid(&(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0)) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async) write$FUSE_NOTIFY_POLL(r1, &(0x7f0000000000)={0x18, 0x1, 0x0, {0x460}}, 0x18) 10:58:13 executing program 3: futex(&(0x7f0000000000)=0x1, 0x80, 0x1, &(0x7f0000000040), &(0x7f0000000080)=0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) getresgid(&(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000140)=0x0) setresgid(r0, 0xee01, 0xffffffffffffffff) 10:58:14 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)={0x2, 0x0, @c}, 0x29, 0xfffffffffffffffe) 10:58:14 executing program 5: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) (async) ioctl$KVM_SET_PIT2(r0, 0x4070aea0, &(0x7f0000000100)={[{0x101, 0x1ff, 0x3, 0x8, 0x69, 0x7, 0x8, 0x7f, 0x80, 0x7, 0x18, 0x1f, 0x7}, {0x6, 0x6, 0x4, 0x3, 0x8, 0xbb, 0x9f, 0x2, 0x2, 0xfc, 0x18, 0x5d, 0x3f}, {0x203, 0x400, 0x1, 0xdc, 0x9, 0x3, 0x7, 0x58, 0x5, 0x2, 0x9, 0x2, 0xb8f5}], 0xfa}) (async) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000000)=0x2, 0x4) 10:58:14 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x1101802, &(0x7f0000000240)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@blksize={'blksize', 0x3d, 0x1a00}}]}}) openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x1101802, &(0x7f0000000240)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@blksize={'blksize', 0x3d, 0x1a00}}]}}) (async) 10:58:14 executing program 3: futex(&(0x7f0000000000)=0x1, 0x80, 0x1, &(0x7f0000000040), &(0x7f0000000080)=0x2, 0x0) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) (async) getresgid(&(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000140)=0x0) setresgid(r0, 0xee01, 0xffffffffffffffff) 10:58:14 executing program 4: write$FUSE_NOTIFY_INVAL_INODE(0xffffffffffffffff, &(0x7f0000000040)={0x28, 0x2, 0x0, {0x4, 0x4}}, 0x28) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@updsa={0xf0, 0x1a, 0xf03, 0x0, 0x0, {{@in=@local, @in=@loopback}, {@in=@rand_addr=0x64010100}, @in=@rand_addr=0x64010100, {}, {}, {0x400}}}, 0xf0}}, 0x0) write$FUSE_NOTIFY_INVAL_INODE(0xffffffffffffffff, &(0x7f0000000040)={0x28, 0x2, 0x0, {0x4, 0x4}}, 0x28) (async) socket$nl_xfrm(0x10, 0x3, 0x6) (async) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@updsa={0xf0, 0x1a, 0xf03, 0x0, 0x0, {{@in=@local, @in=@loopback}, {@in=@rand_addr=0x64010100}, @in=@rand_addr=0x64010100, {}, {}, {0x400}}}, 0xf0}}, 0x0) (async) 10:58:14 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)={0x2, 0x0, @c}, 0x29, 0xfffffffffffffffe) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) (async) add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)={0x2, 0x0, @c}, 0x29, 0xfffffffffffffffe) (async) 10:58:14 executing program 3: futex(&(0x7f0000000000)=0x1, 0x80, 0x1, &(0x7f0000000040), &(0x7f0000000080)=0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) getresgid(&(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000140)=0x0) setresgid(r0, 0xee01, 0xffffffffffffffff) futex(&(0x7f0000000000)=0x1, 0x80, 0x1, &(0x7f0000000040), &(0x7f0000000080)=0x2, 0x0) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) (async) getresgid(&(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000140)) (async) setresgid(r0, 0xee01, 0xffffffffffffffff) (async) 10:58:14 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) (async) add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)={0x2, 0x0, @c}, 0x29, 0xfffffffffffffffe) [ 2045.127578] FAULT_INJECTION: forcing a failure. [ 2045.127578] name failslab, interval 1, probability 0, space 0, times 0 [ 2045.142314] CPU: 1 PID: 23879 Comm: syz-executor.1 Not tainted 4.14.286-syzkaller #0 [ 2045.150202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2045.159540] Call Trace: [ 2045.162111] dump_stack+0x1b2/0x281 [ 2045.165734] should_fail.cold+0x10a/0x149 [ 2045.169927] should_failslab+0xd6/0x130 [ 2045.173895] kmem_cache_alloc+0x28e/0x3c0 [ 2045.178034] __kernfs_new_node+0x6f/0x470 [ 2045.182165] kernfs_new_node+0x7b/0xe0 [ 2045.186036] __kernfs_create_file+0x3d/0x320 [ 2045.190429] sysfs_add_file_mode_ns+0x1e1/0x450 [ 2045.195077] internal_create_group+0x22b/0x710 [ 2045.199637] sysfs_create_groups+0x92/0x130 [ 2045.203945] device_add+0x7e5/0x15c0 [ 2045.207647] ? kfree_const+0x33/0x40 [ 2045.211420] ? device_is_dependent+0x2a0/0x2a0 [ 2045.215986] ? kfree+0x1f0/0x250 [ 2045.219336] device_create_groups_vargs+0x1dc/0x250 [ 2045.224347] device_create_vargs+0x3a/0x50 [ 2045.228581] bdi_register_va.part.0+0x35/0x650 [ 2045.233154] bdi_register_va+0x63/0x80 [ 2045.237033] super_setup_bdi_name+0x123/0x220 [ 2045.241504] ? kill_block_super+0xe0/0xe0 [ 2045.245639] ? do_raw_spin_unlock+0x164/0x220 [ 2045.250178] fuse_fill_super+0x937/0x15c0 [ 2045.254309] ? fuse_get_root_inode+0xc0/0xc0 [ 2045.258696] ? up_write+0x17/0x60 [ 2045.262125] ? register_shrinker+0x15f/0x220 [ 2045.266515] ? sget_userns+0x768/0xc10 [ 2045.270391] ? get_anon_bdev+0x1c0/0x1c0 [ 2045.274445] ? sget+0xd9/0x110 [ 2045.277639] ? fuse_get_root_inode+0xc0/0xc0 [ 2045.282029] mount_nodev+0x4c/0xf0 [ 2045.285560] mount_fs+0x92/0x2a0 [ 2045.288914] vfs_kern_mount.part.0+0x5b/0x470 [ 2045.293389] do_mount+0xe65/0x2a30 [ 2045.296910] ? copy_mount_string+0x40/0x40 [ 2045.301125] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 2045.306130] ? copy_mnt_ns+0xa30/0xa30 [ 2045.310021] ? copy_mount_options+0x1fa/0x2f0 [ 2045.314496] ? copy_mnt_ns+0xa30/0xa30 [ 2045.318360] SyS_mount+0xa8/0x120 [ 2045.321789] ? copy_mnt_ns+0xa30/0xa30 [ 2045.325659] do_syscall_64+0x1d5/0x640 [ 2045.329534] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2045.334718] RIP: 0033:0x7fc09e230109 [ 2045.338406] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2045.346102] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 [ 2045.353358] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 [ 2045.360603] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 [ 2045.367869] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 10:58:14 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 32) 10:58:14 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000580), 0x8) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r2, 0x6, 0x23, 0x0, 0x0) r3 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000680)={&(0x7f0000000640)='./file0\x00', 0x0, 0x8}, 0x10) r4 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000700)={&(0x7f00000006c0)='./file0\x00', 0x0, 0x18}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0x6, &(0x7f0000000300)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1}, [@btf_id={0x18, 0x5, 0x3, 0x0, 0x2}, @exit]}, &(0x7f0000000340)='GPL\x00', 0x3ff, 0x9b, &(0x7f00000004c0)=""/155, 0x40f00, 0x9, '\x00', 0x0, 0xb, r1, 0x8, &(0x7f00000005c0)={0x1, 0x5}, 0x8, 0x10, &(0x7f0000000600)={0x2, 0x10, 0x4, 0x87400000}, 0x10, 0x0, r2, 0x0, &(0x7f0000000740)=[r3, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, r4]}, 0x80) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) getresuid(&(0x7f0000000200), &(0x7f0000000240), &(0x7f0000000280)) r7 = openat$cuse(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f0000000380)={{'fd', 0x3d, r7}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r5}, 0x2c, {'group_id', 0x3d, r6}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}, {@max_read={'max_read', 0x3d, 0x2}}, {@max_read={'max_read', 0x3d, 0xfffffffffffeffff}}, {@blksize={'blksize', 0x3d, 0x800}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@appraise_type}]}}) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {'group_id', 0x3d, r6}}) 10:58:14 executing program 5: mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x22dc886, 0x0) 10:58:14 executing program 3: r0 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000400)={&(0x7f00000001c0)='./file0\x00'}, 0x10) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000440)={&(0x7f0000000000)="43becdfc3907d58e906e99d5e66f0a1c5f665ca14bdbe2c60b81845fc428a6fa83df5f57f0373c4c4b828caada0676c151cd02ca60044b5af003f202f8dc417378a5c11df2f24092fa884cc28ff1194cd6021125ec857a7deecc079bfdc5f585cbad890a9f22dc465c053e5a8279da5479a7ed1e79039a0633c8132ff1090dcd88e879a4f2c6a69f03201804f38d2397f17b811343625bb6426468a1f3", &(0x7f00000000c0)=""/234, &(0x7f0000000240)="f487280cfd3c64c34deadf3aec7a28d564b8e792b59253eb3decc4617677572cb203d91a425c5e5d715fed4bb231d2887b23c9ed81fc0aa0d0462378b573dd1e712a7613de5b2878ca824009dc1a642fa72ae1a1bc2acdf6f5b62210363f4fd1cebaadeaf96f205e1c0f47e8a084516a50c68c9bd93ba72efe5d12e7fc0036ec0c36efafaf04fe46b1856df59875b3b7907a872f60fb12da5f2b82", &(0x7f0000000300)="bcac09bc310a31e09c7dc53814b3312a908c2ebb93f0051534e1067290ab04b24da3b51cdaded38f26d7b07676810b302537f0890e86f11f7e70e4d8717df7110d1bc095c0e4fc171bbc795214aa512c4f903fad5b5641897e2fb048dcec95cd06059374da7852e83c8c4357a5e3322ed5a38e2bf6fd163a289a66fb34f42b90e12c6f4ca83517f435be5d7cc859cddf75d5349fcd60bd3b517f29d56d7e820afef94eda38ec023be9614071c65a5616612834451f057cf5a4527e6fd21846b209", 0x7fff, r0, 0x4}, 0x38) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) 10:58:14 executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x19, 0x800, 0x8000, 0x8, 0x204, 0x1, 0x5, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x4, 0x5}, 0x48) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000140)={r0, &(0x7f00000000c0)="f07493bd2452568d8243d58716fccb890864f845f1db6c7cc718af07fbcb85b5948a81967540b22b742925bafeff87bd7139740122e06fdef9e2018b965e", &(0x7f0000000100)=""/9}, 0x20) ioctl$PPPIOCATTCHAN(0xffffffffffffffff, 0x40047438, &(0x7f0000000000)=0x1) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r2, 0x6, 0x23, 0x0, 0x0) read$msr(r2, &(0x7f0000000240)=""/117, 0x75) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) ioctl$PPPIOCSMRU1(r1, 0x40047452, &(0x7f0000000180)=0x2) 10:58:14 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@updsa={0xf0, 0x1a, 0xf03, 0x0, 0x0, {{@in=@local, @in=@loopback}, {@in6=@empty}, @in=@remote}}, 0xf0}}, 0x0) [ 2045.375116] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 10:58:14 executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x19, 0x800, 0x8000, 0x8, 0x204, 0x1, 0x5, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x4, 0x5}, 0x48) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000140)={r0, &(0x7f00000000c0)="f07493bd2452568d8243d58716fccb890864f845f1db6c7cc718af07fbcb85b5948a81967540b22b742925bafeff87bd7139740122e06fdef9e2018b965e", &(0x7f0000000100)=""/9}, 0x20) ioctl$PPPIOCATTCHAN(0xffffffffffffffff, 0x40047438, &(0x7f0000000000)=0x1) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r2, 0x6, 0x23, 0x0, 0x0) read$msr(r2, &(0x7f0000000240)=""/117, 0x75) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) ioctl$PPPIOCSMRU1(r1, 0x40047452, &(0x7f0000000180)=0x2) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x19, 0x800, 0x8000, 0x8, 0x204, 0x1, 0x5, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x4, 0x5}, 0x48) (async) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000140)={r0, &(0x7f00000000c0)="f07493bd2452568d8243d58716fccb890864f845f1db6c7cc718af07fbcb85b5948a81967540b22b742925bafeff87bd7139740122e06fdef9e2018b965e", &(0x7f0000000100)=""/9}, 0x20) (async) ioctl$PPPIOCATTCHAN(0xffffffffffffffff, 0x40047438, &(0x7f0000000000)=0x1) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (async) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r2, 0x6, 0x23, 0x0, 0x0) (async) read$msr(r2, &(0x7f0000000240)=""/117, 0x75) (async) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) (async) ioctl$PPPIOCSMRU1(r1, 0x40047452, &(0x7f0000000180)=0x2) (async) 10:58:14 executing program 3: r0 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000400)={&(0x7f00000001c0)='./file0\x00'}, 0x10) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000440)={&(0x7f0000000000)="43becdfc3907d58e906e99d5e66f0a1c5f665ca14bdbe2c60b81845fc428a6fa83df5f57f0373c4c4b828caada0676c151cd02ca60044b5af003f202f8dc417378a5c11df2f24092fa884cc28ff1194cd6021125ec857a7deecc079bfdc5f585cbad890a9f22dc465c053e5a8279da5479a7ed1e79039a0633c8132ff1090dcd88e879a4f2c6a69f03201804f38d2397f17b811343625bb6426468a1f3", &(0x7f00000000c0)=""/234, &(0x7f0000000240)="f487280cfd3c64c34deadf3aec7a28d564b8e792b59253eb3decc4617677572cb203d91a425c5e5d715fed4bb231d2887b23c9ed81fc0aa0d0462378b573dd1e712a7613de5b2878ca824009dc1a642fa72ae1a1bc2acdf6f5b62210363f4fd1cebaadeaf96f205e1c0f47e8a084516a50c68c9bd93ba72efe5d12e7fc0036ec0c36efafaf04fe46b1856df59875b3b7907a872f60fb12da5f2b82", &(0x7f0000000300)="bcac09bc310a31e09c7dc53814b3312a908c2ebb93f0051534e1067290ab04b24da3b51cdaded38f26d7b07676810b302537f0890e86f11f7e70e4d8717df7110d1bc095c0e4fc171bbc795214aa512c4f903fad5b5641897e2fb048dcec95cd06059374da7852e83c8c4357a5e3322ed5a38e2bf6fd163a289a66fb34f42b90e12c6f4ca83517f435be5d7cc859cddf75d5349fcd60bd3b517f29d56d7e820afef94eda38ec023be9614071c65a5616612834451f057cf5a4527e6fd21846b209", 0x7fff, r0, 0x4}, 0x38) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000400)={&(0x7f00000001c0)='./file0\x00'}, 0x10) (async) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000440)={&(0x7f0000000000)="43becdfc3907d58e906e99d5e66f0a1c5f665ca14bdbe2c60b81845fc428a6fa83df5f57f0373c4c4b828caada0676c151cd02ca60044b5af003f202f8dc417378a5c11df2f24092fa884cc28ff1194cd6021125ec857a7deecc079bfdc5f585cbad890a9f22dc465c053e5a8279da5479a7ed1e79039a0633c8132ff1090dcd88e879a4f2c6a69f03201804f38d2397f17b811343625bb6426468a1f3", &(0x7f00000000c0)=""/234, &(0x7f0000000240)="f487280cfd3c64c34deadf3aec7a28d564b8e792b59253eb3decc4617677572cb203d91a425c5e5d715fed4bb231d2887b23c9ed81fc0aa0d0462378b573dd1e712a7613de5b2878ca824009dc1a642fa72ae1a1bc2acdf6f5b62210363f4fd1cebaadeaf96f205e1c0f47e8a084516a50c68c9bd93ba72efe5d12e7fc0036ec0c36efafaf04fe46b1856df59875b3b7907a872f60fb12da5f2b82", &(0x7f0000000300)="bcac09bc310a31e09c7dc53814b3312a908c2ebb93f0051534e1067290ab04b24da3b51cdaded38f26d7b07676810b302537f0890e86f11f7e70e4d8717df7110d1bc095c0e4fc171bbc795214aa512c4f903fad5b5641897e2fb048dcec95cd06059374da7852e83c8c4357a5e3322ed5a38e2bf6fd163a289a66fb34f42b90e12c6f4ca83517f435be5d7cc859cddf75d5349fcd60bd3b517f29d56d7e820afef94eda38ec023be9614071c65a5616612834451f057cf5a4527e6fd21846b209", 0x7fff, r0, 0x4}, 0x38) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) (async) 10:58:14 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000580), 0x8) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r2, 0x6, 0x23, 0x0, 0x0) r3 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000680)={&(0x7f0000000640)='./file0\x00', 0x0, 0x8}, 0x10) r4 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000700)={&(0x7f00000006c0)='./file0\x00', 0x0, 0x18}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0x6, &(0x7f0000000300)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1}, [@btf_id={0x18, 0x5, 0x3, 0x0, 0x2}, @exit]}, &(0x7f0000000340)='GPL\x00', 0x3ff, 0x9b, &(0x7f00000004c0)=""/155, 0x40f00, 0x9, '\x00', 0x0, 0xb, r1, 0x8, &(0x7f00000005c0)={0x1, 0x5}, 0x8, 0x10, &(0x7f0000000600)={0x2, 0x10, 0x4, 0x87400000}, 0x10, 0x0, r2, 0x0, &(0x7f0000000740)=[r3, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, r4]}, 0x80) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) getresuid(&(0x7f0000000200), &(0x7f0000000240), &(0x7f0000000280)) r7 = openat$cuse(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f0000000380)={{'fd', 0x3d, r7}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r5}, 0x2c, {'group_id', 0x3d, r6}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}, {@max_read={'max_read', 0x3d, 0x2}}, {@max_read={'max_read', 0x3d, 0xfffffffffffeffff}}, {@blksize={'blksize', 0x3d, 0x800}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@appraise_type}]}}) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {'group_id', 0x3d, r6}}) openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) (async) bpf$ITER_CREATE(0x21, &(0x7f0000000580), 0x8) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (async) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r2, 0x6, 0x23, 0x0, 0x0) (async) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000680)={&(0x7f0000000640)='./file0\x00', 0x0, 0x8}, 0x10) (async) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000700)={&(0x7f00000006c0)='./file0\x00', 0x0, 0x18}, 0x10) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0x6, &(0x7f0000000300)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1}, [@btf_id={0x18, 0x5, 0x3, 0x0, 0x2}, @exit]}, &(0x7f0000000340)='GPL\x00', 0x3ff, 0x9b, &(0x7f00000004c0)=""/155, 0x40f00, 0x9, '\x00', 0x0, 0xb, r1, 0x8, &(0x7f00000005c0)={0x1, 0x5}, 0x8, 0x10, &(0x7f0000000600)={0x2, 0x10, 0x4, 0x87400000}, 0x10, 0x0, r2, 0x0, &(0x7f0000000740)=[r3, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, r4]}, 0x80) (async) getresuid(&(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100)) (async) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)) (async) getresuid(&(0x7f0000000200), &(0x7f0000000240), &(0x7f0000000280)) (async) openat$cuse(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) (async) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f0000000380)={{'fd', 0x3d, r7}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r5}, 0x2c, {'group_id', 0x3d, r6}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}, {@max_read={'max_read', 0x3d, 0x2}}, {@max_read={'max_read', 0x3d, 0xfffffffffffeffff}}, {@blksize={'blksize', 0x3d, 0x800}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@appraise_type}]}}) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {'group_id', 0x3d, r6}}) (async) 10:58:14 executing program 3: r0 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000400)={&(0x7f00000001c0)='./file0\x00'}, 0x10) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000440)={&(0x7f0000000000)="43becdfc3907d58e906e99d5e66f0a1c5f665ca14bdbe2c60b81845fc428a6fa83df5f57f0373c4c4b828caada0676c151cd02ca60044b5af003f202f8dc417378a5c11df2f24092fa884cc28ff1194cd6021125ec857a7deecc079bfdc5f585cbad890a9f22dc465c053e5a8279da5479a7ed1e79039a0633c8132ff1090dcd88e879a4f2c6a69f03201804f38d2397f17b811343625bb6426468a1f3", &(0x7f00000000c0)=""/234, &(0x7f0000000240)="f487280cfd3c64c34deadf3aec7a28d564b8e792b59253eb3decc4617677572cb203d91a425c5e5d715fed4bb231d2887b23c9ed81fc0aa0d0462378b573dd1e712a7613de5b2878ca824009dc1a642fa72ae1a1bc2acdf6f5b62210363f4fd1cebaadeaf96f205e1c0f47e8a084516a50c68c9bd93ba72efe5d12e7fc0036ec0c36efafaf04fe46b1856df59875b3b7907a872f60fb12da5f2b82", &(0x7f0000000300)="bcac09bc310a31e09c7dc53814b3312a908c2ebb93f0051534e1067290ab04b24da3b51cdaded38f26d7b07676810b302537f0890e86f11f7e70e4d8717df7110d1bc095c0e4fc171bbc795214aa512c4f903fad5b5641897e2fb048dcec95cd06059374da7852e83c8c4357a5e3322ed5a38e2bf6fd163a289a66fb34f42b90e12c6f4ca83517f435be5d7cc859cddf75d5349fcd60bd3b517f29d56d7e820afef94eda38ec023be9614071c65a5616612834451f057cf5a4527e6fd21846b209", 0x7fff, r0, 0x4}, 0x38) (async, rerun: 64) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) (rerun: 64) 10:58:14 executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x19, 0x800, 0x8000, 0x8, 0x204, 0x1, 0x5, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x4, 0x5}, 0x48) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000140)={r0, &(0x7f00000000c0)="f07493bd2452568d8243d58716fccb890864f845f1db6c7cc718af07fbcb85b5948a81967540b22b742925bafeff87bd7139740122e06fdef9e2018b965e", &(0x7f0000000100)=""/9}, 0x20) ioctl$PPPIOCATTCHAN(0xffffffffffffffff, 0x40047438, &(0x7f0000000000)=0x1) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (async) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r2, 0x6, 0x23, 0x0, 0x0) read$msr(r2, &(0x7f0000000240)=""/117, 0x75) (async, rerun: 64) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) (async, rerun: 64) ioctl$PPPIOCSMRU1(r1, 0x40047452, &(0x7f0000000180)=0x2) 10:58:14 executing program 5: mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x22dc886, 0x0) [ 2045.615921] FAULT_INJECTION: forcing a failure. [ 2045.615921] name failslab, interval 1, probability 0, space 0, times 0 [ 2045.628537] CPU: 1 PID: 23943 Comm: syz-executor.1 Not tainted 4.14.286-syzkaller #0 [ 2045.636409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2045.645744] Call Trace: [ 2045.648319] dump_stack+0x1b2/0x281 [ 2045.651933] should_fail.cold+0x10a/0x149 [ 2045.656066] should_failslab+0xd6/0x130 [ 2045.660020] kmem_cache_alloc+0x28e/0x3c0 [ 2045.664243] __kernfs_new_node+0x6f/0x470 [ 2045.668384] kernfs_new_node+0x7b/0xe0 [ 2045.672256] __kernfs_create_file+0x3d/0x320 [ 2045.676644] sysfs_add_file_mode_ns+0x1e1/0x450 [ 2045.681294] sysfs_merge_group+0xdc/0x200 [ 2045.685431] dpm_sysfs_add+0x122/0x1c0 [ 2045.689303] device_add+0x977/0x15c0 [ 2045.692994] ? device_is_dependent+0x2a0/0x2a0 [ 2045.697554] ? kfree+0x1f0/0x250 [ 2045.700916] device_create_groups_vargs+0x1dc/0x250 [ 2045.705920] device_create_vargs+0x3a/0x50 [ 2045.710159] bdi_register_va.part.0+0x35/0x650 [ 2045.714721] bdi_register_va+0x63/0x80 [ 2045.718586] super_setup_bdi_name+0x123/0x220 [ 2045.723059] ? kill_block_super+0xe0/0xe0 [ 2045.727202] ? do_raw_spin_unlock+0x164/0x220 [ 2045.731689] fuse_fill_super+0x937/0x15c0 [ 2045.735876] ? fuse_get_root_inode+0xc0/0xc0 [ 2045.740266] ? up_write+0x17/0x60 [ 2045.743710] ? register_shrinker+0x15f/0x220 [ 2045.748107] ? sget_userns+0x768/0xc10 [ 2045.751975] ? get_anon_bdev+0x1c0/0x1c0 [ 2045.756019] ? sget+0xd9/0x110 [ 2045.759191] ? fuse_get_root_inode+0xc0/0xc0 [ 2045.763578] mount_nodev+0x4c/0xf0 [ 2045.767108] mount_fs+0x92/0x2a0 [ 2045.770467] vfs_kern_mount.part.0+0x5b/0x470 [ 2045.774940] do_mount+0xe65/0x2a30 [ 2045.778457] ? check_preemption_disabled+0x35/0x240 [ 2045.783449] ? retint_kernel+0x2d/0x2d [ 2045.787321] ? copy_mount_string+0x40/0x40 [ 2045.791543] ? copy_mount_options+0x185/0x2f0 [ 2045.796015] ? copy_mount_options+0x188/0x2f0 [ 2045.800493] ? copy_mount_options+0x1fa/0x2f0 [ 2045.804977] ? copy_mnt_ns+0xa30/0xa30 [ 2045.808867] SyS_mount+0xa8/0x120 [ 2045.812298] ? copy_mnt_ns+0xa30/0xa30 [ 2045.816163] do_syscall_64+0x1d5/0x640 [ 2045.820029] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2045.825205] RIP: 0033:0x7fc09e230109 [ 2045.828912] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2045.836601] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 [ 2045.843858] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 [ 2045.851119] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 [ 2045.858370] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 10:58:14 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 33) 10:58:14 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) ioctl$SNAPSHOT_SET_SWAP_AREA(r0, 0x400c330d, &(0x7f0000000000)={0x4000000}) 10:58:14 executing program 3: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) bpf$PROG_BIND_MAP(0x23, &(0x7f0000000000)={0xffffffffffffffff, r0}, 0xc) 10:58:14 executing program 5: mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x22dc886, 0x0) 10:58:14 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@updsa={0xf0, 0x1a, 0xf03, 0x0, 0x0, {{@in=@local, @in=@loopback}, {@in6=@empty}, @in=@remote}}, 0xf0}}, 0x0) 10:58:14 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) (async) r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000580), 0x8) (async) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r2, 0x6, 0x23, 0x0, 0x0) (async) r3 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000680)={&(0x7f0000000640)='./file0\x00', 0x0, 0x8}, 0x10) (async) r4 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000700)={&(0x7f00000006c0)='./file0\x00', 0x0, 0x18}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0x6, &(0x7f0000000300)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1}, [@btf_id={0x18, 0x5, 0x3, 0x0, 0x2}, @exit]}, &(0x7f0000000340)='GPL\x00', 0x3ff, 0x9b, &(0x7f00000004c0)=""/155, 0x40f00, 0x9, '\x00', 0x0, 0xb, r1, 0x8, &(0x7f00000005c0)={0x1, 0x5}, 0x8, 0x10, &(0x7f0000000600)={0x2, 0x10, 0x4, 0x87400000}, 0x10, 0x0, r2, 0x0, &(0x7f0000000740)=[r3, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, r4]}, 0x80) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) (async) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) (async) getresuid(&(0x7f0000000200), &(0x7f0000000240), &(0x7f0000000280)) (async) r7 = openat$cuse(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f0000000380)={{'fd', 0x3d, r7}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r5}, 0x2c, {'group_id', 0x3d, r6}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}, {@max_read={'max_read', 0x3d, 0x2}}, {@max_read={'max_read', 0x3d, 0xfffffffffffeffff}}, {@blksize={'blksize', 0x3d, 0x800}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@appraise_type}]}}) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {'group_id', 0x3d, r6}}) 10:58:14 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) ioctl$SNAPSHOT_SET_SWAP_AREA(r0, 0x400c330d, &(0x7f0000000000)={0x4000000}) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (async) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) (async) ioctl$SNAPSHOT_SET_SWAP_AREA(r0, 0x400c330d, &(0x7f0000000000)={0x4000000}) (async) [ 2045.865622] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 10:58:14 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) (async) ioctl$SNAPSHOT_SET_SWAP_AREA(r0, 0x400c330d, &(0x7f0000000000)={0x4000000}) 10:58:14 executing program 3: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) bpf$PROG_BIND_MAP(0x23, &(0x7f0000000000)={0xffffffffffffffff, r0}, 0xc) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (async) bpf$PROG_BIND_MAP(0x23, &(0x7f0000000000)={0xffffffffffffffff, r0}, 0xc) (async) 10:58:14 executing program 5: r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000040), 0x8) write$apparmor_current(r0, &(0x7f0000000000)=@profile={'permprofile ', '\xa7\x00'}, 0xe) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) 10:58:15 executing program 2: mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x24888, 0x0) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r4 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r5}, 0x2c, {'group_id', 0x3d, r3}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r7 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r7}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r8}, 0x2c, {'group_id', 0x3d, r6}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) getresuid(&(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000140)=0x0) mount$fuseblk(0xfffffffffffffffc, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x188094, &(0x7f0000000180)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, 0xee00}, 0x2c, {'group_id', 0x3d, r3}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x600}}, {@blksize={'blksize', 0x3d, 0x1a00}}, {@allow_other}, {@blksize={'blksize', 0x3d, 0x800}}], [{@euid_lt={'euid<', r8}}, {@pcr={'pcr', 0x3d, 0x1f}}, {@subj_role}, {@euid_gt={'euid>', r9}}, {@dont_measure}]}}) 10:58:15 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000100)={&(0x7f0000000080)='./file0\x00', 0x0, 0x18}, 0x10) [ 2046.093011] FAULT_INJECTION: forcing a failure. [ 2046.093011] name failslab, interval 1, probability 0, space 0, times 0 [ 2046.104804] CPU: 1 PID: 23986 Comm: syz-executor.1 Not tainted 4.14.286-syzkaller #0 [ 2046.112765] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2046.122110] Call Trace: [ 2046.124694] dump_stack+0x1b2/0x281 [ 2046.128310] should_fail.cold+0x10a/0x149 [ 2046.132436] should_failslab+0xd6/0x130 [ 2046.136388] kmem_cache_alloc+0x28e/0x3c0 [ 2046.140534] __kernfs_new_node+0x6f/0x470 [ 2046.144670] kernfs_new_node+0x7b/0xe0 [ 2046.148544] __kernfs_create_file+0x3d/0x320 [ 2046.152933] sysfs_add_file_mode_ns+0x1e1/0x450 [ 2046.157580] internal_create_group+0x22b/0x710 [ 2046.162139] sysfs_create_groups+0x92/0x130 [ 2046.166445] device_add+0x7e5/0x15c0 [ 2046.170145] ? kfree_const+0x33/0x40 [ 2046.173841] ? device_is_dependent+0x2a0/0x2a0 [ 2046.178404] ? kfree+0x1f0/0x250 [ 2046.181750] device_create_groups_vargs+0x1dc/0x250 [ 2046.186750] device_create_vargs+0x3a/0x50 [ 2046.190987] bdi_register_va.part.0+0x35/0x650 [ 2046.195549] bdi_register_va+0x63/0x80 [ 2046.199414] super_setup_bdi_name+0x123/0x220 [ 2046.203890] ? kill_block_super+0xe0/0xe0 [ 2046.208024] ? do_raw_spin_unlock+0x164/0x220 [ 2046.212499] fuse_fill_super+0x937/0x15c0 [ 2046.216626] ? fuse_get_root_inode+0xc0/0xc0 [ 2046.221014] ? up_write+0x17/0x60 [ 2046.224449] ? register_shrinker+0x15f/0x220 [ 2046.228843] ? sget_userns+0x768/0xc10 [ 2046.232709] ? get_anon_bdev+0x1c0/0x1c0 [ 2046.236744] ? sget+0xd9/0x110 [ 2046.239927] ? fuse_get_root_inode+0xc0/0xc0 [ 2046.244430] mount_nodev+0x4c/0xf0 [ 2046.248034] mount_fs+0x92/0x2a0 [ 2046.251381] vfs_kern_mount.part.0+0x5b/0x470 [ 2046.255855] do_mount+0xe65/0x2a30 [ 2046.259384] ? copy_mount_string+0x40/0x40 [ 2046.263598] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 2046.268592] ? copy_mnt_ns+0xa30/0xa30 [ 2046.272457] ? copy_mount_options+0x1fa/0x2f0 [ 2046.276929] ? copy_mnt_ns+0xa30/0xa30 [ 2046.280797] SyS_mount+0xa8/0x120 [ 2046.284232] ? copy_mnt_ns+0xa30/0xa30 [ 2046.288106] do_syscall_64+0x1d5/0x640 [ 2046.291974] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2046.297144] RIP: 0033:0x7fc09e230109 [ 2046.300843] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2046.308557] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 [ 2046.315814] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 [ 2046.323065] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 [ 2046.330316] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 10:58:15 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 34) 10:58:15 executing program 5: r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000040), 0x8) write$apparmor_current(r0, &(0x7f0000000000)=@profile={'permprofile ', '\xa7\x00'}, 0xe) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) bpf$ITER_CREATE(0x21, &(0x7f0000000040), 0x8) (async) write$apparmor_current(r0, &(0x7f0000000000)=@profile={'permprofile ', '\xa7\x00'}, 0xe) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) (async) 10:58:15 executing program 3: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) (async) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) bpf$PROG_BIND_MAP(0x23, &(0x7f0000000000)={0xffffffffffffffff, r0}, 0xc) 10:58:15 executing program 2: mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x24888, 0x0) (async, rerun: 64) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) (async, rerun: 64) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) (async, rerun: 32) r4 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (rerun: 32) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r5}, 0x2c, {'group_id', 0x3d, r3}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) (async) r7 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async, rerun: 64) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) (rerun: 64) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r7}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r8}, 0x2c, {'group_id', 0x3d, r6}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async, rerun: 32) getresuid(&(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000140)=0x0) (rerun: 32) mount$fuseblk(0xfffffffffffffffc, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x188094, &(0x7f0000000180)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, 0xee00}, 0x2c, {'group_id', 0x3d, r3}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x600}}, {@blksize={'blksize', 0x3d, 0x1a00}}, {@allow_other}, {@blksize={'blksize', 0x3d, 0x800}}], [{@euid_lt={'euid<', r8}}, {@pcr={'pcr', 0x3d, 0x1f}}, {@subj_role}, {@euid_gt={'euid>', r9}}, {@dont_measure}]}}) 10:58:15 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@updsa={0xf0, 0x1a, 0xf03, 0x0, 0x0, {{@in=@local, @in=@loopback}, {@in6=@empty}, @in=@remote}}, 0xf0}}, 0x0) 10:58:15 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000100)={&(0x7f0000000080)='./file0\x00', 0x0, 0x18}, 0x10) [ 2046.337580] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 10:58:15 executing program 3: r0 = syz_open_dev$MSR(&(0x7f0000000180), 0x8000000000000000, 0x0) read$msr(r0, &(0x7f00000001c0)=""/31, 0x1f) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81848a, 0x0) mount$fuseblk(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x2800008, &(0x7f00000000c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB="2c726f6f746d42384ef430303030303030303030328230303030303032303030302c757365725f69643d", @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC, @ANYBLOB=',blksize=0x0000000000001000,allow_other,context=system_u,seclabel,\x00']) 10:58:15 executing program 2: mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x24888, 0x0) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r4 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r5}, 0x2c, {'group_id', 0x3d, r3}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r7 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r7}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r8}, 0x2c, {'group_id', 0x3d, r6}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) getresuid(&(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000140)=0x0) mount$fuseblk(0xfffffffffffffffc, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x188094, &(0x7f0000000180)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, 0xee00}, 0x2c, {'group_id', 0x3d, r3}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x600}}, {@blksize={'blksize', 0x3d, 0x1a00}}, {@allow_other}, {@blksize={'blksize', 0x3d, 0x800}}], [{@euid_lt={'euid<', r8}}, {@pcr={'pcr', 0x3d, 0x1f}}, {@subj_role}, {@euid_gt={'euid>', r9}}, {@dont_measure}]}}) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x24888, 0x0) (async) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)) (async) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)) (async) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r5}, 0x2c, {'group_id', 0x3d, r3}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)) (async) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r7}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r8}, 0x2c, {'group_id', 0x3d, r6}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async) getresuid(&(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000140)) (async) mount$fuseblk(0xfffffffffffffffc, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x188094, &(0x7f0000000180)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, 0xee00}, 0x2c, {'group_id', 0x3d, r3}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x600}}, {@blksize={'blksize', 0x3d, 0x1a00}}, {@allow_other}, {@blksize={'blksize', 0x3d, 0x800}}], [{@euid_lt={'euid<', r8}}, {@pcr={'pcr', 0x3d, 0x1f}}, {@subj_role}, {@euid_gt={'euid>', r9}}, {@dont_measure}]}}) (async) 10:58:15 executing program 5: r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000040), 0x8) write$apparmor_current(r0, &(0x7f0000000000)=@profile={'permprofile ', '\xa7\x00'}, 0xe) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) 10:58:15 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000100)={&(0x7f0000000080)='./file0\x00', 0x0, 0x18}, 0x10) 10:58:15 executing program 3: r0 = syz_open_dev$MSR(&(0x7f0000000180), 0x8000000000000000, 0x0) read$msr(r0, &(0x7f00000001c0)=""/31, 0x1f) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81848a, 0x0) (async, rerun: 64) mount$fuseblk(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x2800008, &(0x7f00000000c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB="2c726f6f746d42384ef430303030303030303030328230303030303032303030302c757365725f69643d", @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC, @ANYBLOB=',blksize=0x0000000000001000,allow_other,context=system_u,seclabel,\x00']) (rerun: 64) 10:58:15 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) prctl$PR_GET_FPEXC(0xb, &(0x7f0000000000)) [ 2046.583436] FAULT_INJECTION: forcing a failure. [ 2046.583436] name failslab, interval 1, probability 0, space 0, times 0 [ 2046.595481] CPU: 0 PID: 24041 Comm: syz-executor.1 Not tainted 4.14.286-syzkaller #0 [ 2046.603358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2046.612695] Call Trace: [ 2046.615270] dump_stack+0x1b2/0x281 [ 2046.618874] should_fail.cold+0x10a/0x149 [ 2046.623003] should_failslab+0xd6/0x130 [ 2046.626956] kmem_cache_alloc+0x28e/0x3c0 [ 2046.631082] __kernfs_new_node+0x6f/0x470 [ 2046.635209] kernfs_new_node+0x7b/0xe0 [ 2046.639078] __kernfs_create_file+0x3d/0x320 [ 2046.643462] sysfs_add_file_mode_ns+0x1e1/0x450 [ 2046.648109] sysfs_merge_group+0xdc/0x200 [ 2046.652234] dpm_sysfs_add+0x122/0x1c0 [ 2046.656100] device_add+0x977/0x15c0 [ 2046.659791] ? device_is_dependent+0x2a0/0x2a0 [ 2046.664348] ? kfree+0x1f0/0x250 [ 2046.667692] device_create_groups_vargs+0x1dc/0x250 [ 2046.672686] device_create_vargs+0x3a/0x50 [ 2046.676898] bdi_register_va.part.0+0x35/0x650 [ 2046.681457] bdi_register_va+0x63/0x80 [ 2046.685335] super_setup_bdi_name+0x123/0x220 [ 2046.689817] ? kill_block_super+0xe0/0xe0 [ 2046.693944] ? do_raw_spin_unlock+0x164/0x220 [ 2046.698429] fuse_fill_super+0x937/0x15c0 [ 2046.702559] ? fuse_get_root_inode+0xc0/0xc0 [ 2046.706944] ? up_write+0x17/0x60 [ 2046.710383] ? register_shrinker+0x15f/0x220 [ 2046.714775] ? sget_userns+0x768/0xc10 [ 2046.718642] ? get_anon_bdev+0x1c0/0x1c0 [ 2046.722677] ? sget+0xd9/0x110 [ 2046.725846] ? fuse_get_root_inode+0xc0/0xc0 [ 2046.730229] mount_nodev+0x4c/0xf0 [ 2046.733754] mount_fs+0x92/0x2a0 [ 2046.737108] vfs_kern_mount.part.0+0x5b/0x470 [ 2046.741582] do_mount+0xe65/0x2a30 [ 2046.745102] ? copy_mount_string+0x40/0x40 [ 2046.749312] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 2046.754304] ? copy_mnt_ns+0xa30/0xa30 [ 2046.758168] ? copy_mount_options+0x1fa/0x2f0 [ 2046.762677] ? copy_mnt_ns+0xa30/0xa30 [ 2046.766555] SyS_mount+0xa8/0x120 [ 2046.769994] ? copy_mnt_ns+0xa30/0xa30 [ 2046.773856] do_syscall_64+0x1d5/0x640 [ 2046.777723] entry_SYSCALL_64_after_hwframe+0x46/0xbb 10:58:15 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 35) 10:58:15 executing program 5: r0 = bpf$OBJ_GET_MAP(0x7, &(0x7f00000001c0)={&(0x7f0000000180)='./file0\x00', 0x0, 0x8}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x3, &(0x7f0000000000)=@raw=[@ldst={0x3, 0x3, 0x0, 0x5, 0x2, 0xfffffffffffffff4, 0x10}, @alu={0x4, 0x1, 0x7, 0x7, 0x5, 0x2, 0xfffffffffffffff0}, @call={0x85, 0x0, 0x0, 0x96}], &(0x7f0000000040)='syzkaller\x00', 0x527e, 0x69, &(0x7f0000000080)=""/105, 0x41000, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x7, 0x5}, 0x8, 0x10, &(0x7f0000000140)={0x1, 0x9, 0x7, 0x7f}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000240)=[r0]}, 0x80) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x228001, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000580)={0x6, 0xb, &(0x7f0000000300)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0xb5}, [@exit, @btf_id={0x18, 0xa, 0x3, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0xb4}, @ldst={0x3, 0x2, 0x3, 0x9, 0x4, 0xfffffffffffffff8, 0x4}, @map_idx_val={0x18, 0x1, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2cd}, @func={0x85, 0x0, 0x1, 0x0, 0x2}]}, &(0x7f0000000380)='syzkaller\x00', 0x3, 0xb6, &(0x7f00000003c0)=""/182, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000480)={0x4, 0x2}, 0x8, 0x10, &(0x7f00000004c0)={0x1, 0xb, 0x7fffffff, 0x3f}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000540)=[r1, r2, r0, r0]}, 0x80) 10:58:15 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) prctl$PR_GET_FPEXC(0xb, &(0x7f0000000000)) 10:58:15 executing program 3: r0 = syz_open_dev$MSR(&(0x7f0000000180), 0x8000000000000000, 0x0) read$msr(r0, &(0x7f00000001c0)=""/31, 0x1f) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81848a, 0x0) mount$fuseblk(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x2800008, &(0x7f00000000c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB="2c726f6f746d42384ef430303030303030303030328230303030303032303030302c757365725f69643d", @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC, @ANYBLOB=',blksize=0x0000000000001000,allow_other,context=system_u,seclabel,\x00']) syz_open_dev$MSR(&(0x7f0000000180), 0x8000000000000000, 0x0) (async) read$msr(r0, &(0x7f00000001c0)=""/31, 0x1f) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81848a, 0x0) (async) mount$fuseblk(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x2800008, &(0x7f00000000c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB="2c726f6f746d42384ef430303030303030303030328230303030303032303030302c757365725f69643d", @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC, @ANYBLOB=',blksize=0x0000000000001000,allow_other,context=system_u,seclabel,\x00']) (async) 10:58:15 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) 10:58:15 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="f00000001a00030f0000000000000000ac1414aa0000000000000000000000007f00000100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000ac140700"/168], 0xf0}}, 0x0) [ 2046.782891] RIP: 0033:0x7fc09e230109 [ 2046.786580] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2046.794264] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 [ 2046.801522] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 [ 2046.808778] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 [ 2046.816025] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2046.823282] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 10:58:15 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) (async, rerun: 32) prctl$PR_GET_FPEXC(0xb, &(0x7f0000000000)) (rerun: 32) 10:58:15 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) ioctl$PPPIOCGFLAGS1(0xffffffffffffffff, 0x8004745a, &(0x7f0000000000)) [ 2046.936992] FAULT_INJECTION: forcing a failure. [ 2046.936992] name failslab, interval 1, probability 0, space 0, times 0 [ 2046.948331] CPU: 0 PID: 24061 Comm: syz-executor.1 Not tainted 4.14.286-syzkaller #0 [ 2046.956217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2046.965565] Call Trace: [ 2046.968155] dump_stack+0x1b2/0x281 [ 2046.971782] should_fail.cold+0x10a/0x149 [ 2046.975932] should_failslab+0xd6/0x130 [ 2046.979906] kmem_cache_alloc+0x28e/0x3c0 [ 2046.984053] __kernfs_new_node+0x6f/0x470 [ 2046.988190] kernfs_new_node+0x7b/0xe0 [ 2046.992081] __kernfs_create_file+0x3d/0x320 [ 2046.996486] sysfs_add_file_mode_ns+0x1e1/0x450 [ 2047.001149] sysfs_merge_group+0xdc/0x200 [ 2047.005304] dpm_sysfs_add+0x122/0x1c0 [ 2047.009190] device_add+0x977/0x15c0 [ 2047.012908] ? device_is_dependent+0x2a0/0x2a0 [ 2047.017484] ? kfree+0x1f0/0x250 [ 2047.020854] device_create_groups_vargs+0x1dc/0x250 [ 2047.025872] device_create_vargs+0x3a/0x50 [ 2047.030111] bdi_register_va.part.0+0x35/0x650 [ 2047.034697] bdi_register_va+0x63/0x80 [ 2047.038579] super_setup_bdi_name+0x123/0x220 [ 2047.043066] ? kill_block_super+0xe0/0xe0 [ 2047.047316] ? do_raw_spin_unlock+0x164/0x220 [ 2047.051837] fuse_fill_super+0x937/0x15c0 [ 2047.055991] ? fuse_get_root_inode+0xc0/0xc0 [ 2047.060399] ? up_write+0x17/0x60 [ 2047.063841] ? register_shrinker+0x15f/0x220 [ 2047.068240] ? sget_userns+0x768/0xc10 [ 2047.072136] ? get_anon_bdev+0x1c0/0x1c0 [ 2047.076293] ? sget+0xd9/0x110 [ 2047.079481] ? fuse_get_root_inode+0xc0/0xc0 [ 2047.083884] mount_nodev+0x4c/0xf0 [ 2047.087415] mount_fs+0x92/0x2a0 [ 2047.090776] vfs_kern_mount.part.0+0x5b/0x470 [ 2047.095261] do_mount+0xe65/0x2a30 [ 2047.098799] ? copy_mount_string+0x40/0x40 [ 2047.103021] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 2047.108023] ? copy_mnt_ns+0xa30/0xa30 [ 2047.111900] ? copy_mount_options+0x1fa/0x2f0 [ 2047.116382] ? copy_mnt_ns+0xa30/0xa30 [ 2047.120257] SyS_mount+0xa8/0x120 [ 2047.123698] ? copy_mnt_ns+0xa30/0xa30 [ 2047.127585] do_syscall_64+0x1d5/0x640 [ 2047.131476] entry_SYSCALL_64_after_hwframe+0x46/0xbb 10:58:15 executing program 5: r0 = bpf$OBJ_GET_MAP(0x7, &(0x7f00000001c0)={&(0x7f0000000180)='./file0\x00', 0x0, 0x8}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x3, &(0x7f0000000000)=@raw=[@ldst={0x3, 0x3, 0x0, 0x5, 0x2, 0xfffffffffffffff4, 0x10}, @alu={0x4, 0x1, 0x7, 0x7, 0x5, 0x2, 0xfffffffffffffff0}, @call={0x85, 0x0, 0x0, 0x96}], &(0x7f0000000040)='syzkaller\x00', 0x527e, 0x69, &(0x7f0000000080)=""/105, 0x41000, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x7, 0x5}, 0x8, 0x10, &(0x7f0000000140)={0x1, 0x9, 0x7, 0x7f}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000240)=[r0]}, 0x80) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) (async) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) (async) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x228001, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000580)={0x6, 0xb, &(0x7f0000000300)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0xb5}, [@exit, @btf_id={0x18, 0xa, 0x3, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0xb4}, @ldst={0x3, 0x2, 0x3, 0x9, 0x4, 0xfffffffffffffff8, 0x4}, @map_idx_val={0x18, 0x1, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2cd}, @func={0x85, 0x0, 0x1, 0x0, 0x2}]}, &(0x7f0000000380)='syzkaller\x00', 0x3, 0xb6, &(0x7f00000003c0)=""/182, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000480)={0x4, 0x2}, 0x8, 0x10, &(0x7f00000004c0)={0x1, 0xb, 0x7fffffff, 0x3f}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000540)=[r1, r2, r0, r0]}, 0x80) 10:58:15 executing program 3: r0 = getpgid(0x0) sched_getscheduler(r0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x8, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) r5 = bpf$ITER_CREATE(0x21, &(0x7f0000000680)={r1}, 0x8) ioctl$sock_inet6_tcp_SIOCATMARK(r5, 0x8905, &(0x7f00000006c0)) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=r4, @ANYBLOB=',group_idH', @ANYRESDEC=r2, @ANYBLOB=',blksize=0x00000000000000blksize=0x0000000000001400,default_permissions,dont_hash,\x00']) read$FUSE(r3, &(0x7f0000002580)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xfffffff9) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)=0x0) getpgid(r0) r10 = openat$cuse(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r10, @ANYBLOB="2c726f6f746d6f64653d3030303030303030307a15ba0400a8e9b6302c757365725f69643d", @ANYRESDEC=r11, @ANYBLOB=',group_id=', @ANYRESDEC=r8, @ANYBLOB=',blksize=0x0000000000000000,blksize=0x0000000000001400,default_permissions,dont_hash,\x00']) mount$fuseblk(&(0x7f00000001c0), &(0x7f0000000200)='./file0\x00', &(0x7f0000000240), 0x109020, &(0x7f0000000900)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB="2c726f6f74836f6465003022303030303030275babf6a8ca48ac392c3030303030303030302441cd08cf0a45303430", @ANYRESDEC=0xee01, @ANYRESHEX=r9, @ANYRESDEC=r6, @ANYRES64=r7, @ANYRESDEC=r11, @ANYBLOB="2c7063f23d303030303007000004617b3b65c381f7ad13b4b99976783c021bc236e9249c3869a3f2a15074b3b608a45415a4f2473a951f3e955c12fc23bb4215d7d2fd1dd33b06343a138f6d17fa50de0500a69d2bc9280baf6d13865a6a319bab210fbbe03671694be843181327ba20422a228221ede88978919adae9314ab66c8308f836c7d51fb432ca3afdff440d61d0282c35dc56567b32daa2b6a02d6ce27e527e1dda7faf28681208cb265178e04d8c2cdcbb2579dd9fb310ec0569e76ed9dac4e43354a95a56438c4cf45615547263cc2bc1377cc0"]) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={0xffffffffffffffff, &(0x7f0000000040)="4990e776f4e58b264491020e8027f0645479576be60d9fef042ce25cad18b156a563453db116b3c6fcfb1b4dad83d8926cd060542f5eb3800c2034b58e3c498334f351a4813bc8a7d151a5e9c23e98fa7258b6160d496654417bfec9846618f143d7e2620f9016f49cb2fb84e616abde674df928f0a208a677ace4c917b17f7046a1fdf0a25715034d30943663e3400d4e2e375023ece43ae83592581bee99119368e9def1d7f1bc16177c403a14384398cbf3793c897b37601f35eac037ba59e8f7fea172614a26b50f023cf35f8ee8eb31186d5eb2b4a0684a464b59e307215349eeb311334825d59abb3840a0b05e", &(0x7f0000000140)=@tcp6=r1, 0x4}, 0x20) [ 2047.136659] RIP: 0033:0x7fc09e230109 [ 2047.140360] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2047.148062] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 [ 2047.155321] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 [ 2047.162583] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 [ 2047.169856] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 10:58:16 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 36) 10:58:16 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) (async) ioctl$PPPIOCGFLAGS1(0xffffffffffffffff, 0x8004745a, &(0x7f0000000000)) 10:58:16 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="f00000001a00030f0000000000000000ac1414aa0000000000000000000000007f00000100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000ac140700"/168], 0xf0}}, 0x0) 10:58:16 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) 10:58:16 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) ioctl$PPPIOCGFLAGS1(0xffffffffffffffff, 0x8004745a, &(0x7f0000000000)) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) (async) ioctl$PPPIOCGFLAGS1(0xffffffffffffffff, 0x8004745a, &(0x7f0000000000)) (async) 10:58:16 executing program 3: r0 = getpgid(0x0) sched_getscheduler(r0) (async) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x8, 0x0) (async) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (async) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) (async) r5 = bpf$ITER_CREATE(0x21, &(0x7f0000000680)={r1}, 0x8) ioctl$sock_inet6_tcp_SIOCATMARK(r5, 0x8905, &(0x7f00000006c0)) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=r4, @ANYBLOB=',group_idH', @ANYRESDEC=r2, @ANYBLOB=',blksize=0x00000000000000blksize=0x0000000000001400,default_permissions,dont_hash,\x00']) (async) read$FUSE(r3, &(0x7f0000002580)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xfffffff9) (async) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)=0x0) getpgid(r0) (async) r10 = openat$cuse(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) (async) prctl$PR_SET_PTRACER(0x59616d61, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r10, @ANYBLOB="2c726f6f746d6f64653d3030303030303030307a15ba0400a8e9b6302c757365725f69643d", @ANYRESDEC=r11, @ANYBLOB=',group_id=', @ANYRESDEC=r8, @ANYBLOB=',blksize=0x0000000000000000,blksize=0x0000000000001400,default_permissions,dont_hash,\x00']) (async) mount$fuseblk(&(0x7f00000001c0), &(0x7f0000000200)='./file0\x00', &(0x7f0000000240), 0x109020, &(0x7f0000000900)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB="2c726f6f74836f6465003022303030303030275babf6a8ca48ac392c3030303030303030302441cd08cf0a45303430", @ANYRESDEC=0xee01, @ANYRESHEX=r9, @ANYRESDEC=r6, @ANYRES64=r7, @ANYRESDEC=r11, @ANYBLOB="2c7063f23d303030303007000004617b3b65c381f7ad13b4b99976783c021bc236e9249c3869a3f2a15074b3b608a45415a4f2473a951f3e955c12fc23bb4215d7d2fd1dd33b06343a138f6d17fa50de0500a69d2bc9280baf6d13865a6a319bab210fbbe03671694be843181327ba20422a228221ede88978919adae9314ab66c8308f836c7d51fb432ca3afdff440d61d0282c35dc56567b32daa2b6a02d6ce27e527e1dda7faf28681208cb265178e04d8c2cdcbb2579dd9fb310ec0569e76ed9dac4e43354a95a56438c4cf45615547263cc2bc1377cc0"]) (async) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) (async) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={0xffffffffffffffff, &(0x7f0000000040)="4990e776f4e58b264491020e8027f0645479576be60d9fef042ce25cad18b156a563453db116b3c6fcfb1b4dad83d8926cd060542f5eb3800c2034b58e3c498334f351a4813bc8a7d151a5e9c23e98fa7258b6160d496654417bfec9846618f143d7e2620f9016f49cb2fb84e616abde674df928f0a208a677ace4c917b17f7046a1fdf0a25715034d30943663e3400d4e2e375023ece43ae83592581bee99119368e9def1d7f1bc16177c403a14384398cbf3793c897b37601f35eac037ba59e8f7fea172614a26b50f023cf35f8ee8eb31186d5eb2b4a0684a464b59e307215349eeb311334825d59abb3840a0b05e", &(0x7f0000000140)=@tcp6=r1, 0x4}, 0x20) 10:58:16 executing program 5: r0 = bpf$OBJ_GET_MAP(0x7, &(0x7f00000001c0)={&(0x7f0000000180)='./file0\x00', 0x0, 0x8}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x3, &(0x7f0000000000)=@raw=[@ldst={0x3, 0x3, 0x0, 0x5, 0x2, 0xfffffffffffffff4, 0x10}, @alu={0x4, 0x1, 0x7, 0x7, 0x5, 0x2, 0xfffffffffffffff0}, @call={0x85, 0x0, 0x0, 0x96}], &(0x7f0000000040)='syzkaller\x00', 0x527e, 0x69, &(0x7f0000000080)=""/105, 0x41000, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x7, 0x5}, 0x8, 0x10, &(0x7f0000000140)={0x1, 0x9, 0x7, 0x7f}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000240)=[r0]}, 0x80) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) (async) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) (async) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x228001, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000580)={0x6, 0xb, &(0x7f0000000300)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0xb5}, [@exit, @btf_id={0x18, 0xa, 0x3, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0xb4}, @ldst={0x3, 0x2, 0x3, 0x9, 0x4, 0xfffffffffffffff8, 0x4}, @map_idx_val={0x18, 0x1, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2cd}, @func={0x85, 0x0, 0x1, 0x0, 0x2}]}, &(0x7f0000000380)='syzkaller\x00', 0x3, 0xb6, &(0x7f00000003c0)=""/182, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000480)={0x4, 0x2}, 0x8, 0x10, &(0x7f00000004c0)={0x1, 0xb, 0x7fffffff, 0x3f}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000540)=[r1, r2, r0, r0]}, 0x80) [ 2047.169863] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 10:58:16 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) 10:58:16 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x5, 0x8, 0x3, 0x0, [0x0, 0x0, 0x0]}}, 0x2b) 10:58:16 executing program 3: r0 = getpgid(0x0) sched_getscheduler(r0) (async) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x8, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (async, rerun: 64) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) (rerun: 64) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) r5 = bpf$ITER_CREATE(0x21, &(0x7f0000000680)={r1}, 0x8) ioctl$sock_inet6_tcp_SIOCATMARK(r5, 0x8905, &(0x7f00000006c0)) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=r4, @ANYBLOB=',group_idH', @ANYRESDEC=r2, @ANYBLOB=',blksize=0x00000000000000blksize=0x0000000000001400,default_permissions,dont_hash,\x00']) read$FUSE(r3, &(0x7f0000002580)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xfffffff9) (async, rerun: 64) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)=0x0) (async, rerun: 64) getpgid(r0) (async) r10 = openat$cuse(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) (async) prctl$PR_SET_PTRACER(0x59616d61, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r10, @ANYBLOB="2c726f6f746d6f64653d3030303030303030307a15ba0400a8e9b6302c757365725f69643d", @ANYRESDEC=r11, @ANYBLOB=',group_id=', @ANYRESDEC=r8, @ANYBLOB=',blksize=0x0000000000000000,blksize=0x0000000000001400,default_permissions,dont_hash,\x00']) (async) mount$fuseblk(&(0x7f00000001c0), &(0x7f0000000200)='./file0\x00', &(0x7f0000000240), 0x109020, &(0x7f0000000900)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB="2c726f6f74836f6465003022303030303030275babf6a8ca48ac392c3030303030303030302441cd08cf0a45303430", @ANYRESDEC=0xee01, @ANYRESHEX=r9, @ANYRESDEC=r6, @ANYRES64=r7, @ANYRESDEC=r11, @ANYBLOB="2c7063f23d303030303007000004617b3b65c381f7ad13b4b99976783c021bc236e9249c3869a3f2a15074b3b608a45415a4f2473a951f3e955c12fc23bb4215d7d2fd1dd33b06343a138f6d17fa50de0500a69d2bc9280baf6d13865a6a319bab210fbbe03671694be843181327ba20422a228221ede88978919adae9314ab66c8308f836c7d51fb432ca3afdff440d61d0282c35dc56567b32daa2b6a02d6ce27e527e1dda7faf28681208cb265178e04d8c2cdcbb2579dd9fb310ec0569e76ed9dac4e43354a95a56438c4cf45615547263cc2bc1377cc0"]) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) (async) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={0xffffffffffffffff, &(0x7f0000000040)="4990e776f4e58b264491020e8027f0645479576be60d9fef042ce25cad18b156a563453db116b3c6fcfb1b4dad83d8926cd060542f5eb3800c2034b58e3c498334f351a4813bc8a7d151a5e9c23e98fa7258b6160d496654417bfec9846618f143d7e2620f9016f49cb2fb84e616abde674df928f0a208a677ace4c917b17f7046a1fdf0a25715034d30943663e3400d4e2e375023ece43ae83592581bee99119368e9def1d7f1bc16177c403a14384398cbf3793c897b37601f35eac037ba59e8f7fea172614a26b50f023cf35f8ee8eb31186d5eb2b4a0684a464b59e307215349eeb311334825d59abb3840a0b05e", &(0x7f0000000140)=@tcp6=r1, 0x4}, 0x20) 10:58:16 executing program 5: getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000240)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}]}}) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000400)={0x1, 0x58, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=@base={0x6, 0x5, 0x7, 0x8, 0x201, 0x1, 0x81, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x3, 0x4}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x14, 0x1, &(0x7f0000000280)=@raw=[@jmp={0x5, 0x1, 0x9, 0x1, 0x5, 0x8, 0xfffffffffffffffc}], &(0x7f00000002c0)='GPL\x00', 0x3, 0x81, &(0x7f0000000300)=""/129, 0x40f00, 0xa, '\x00', r3, 0x6, 0xffffffffffffffff, 0x8, &(0x7f00000006c0)={0x9, 0x5}, 0x8, 0x10, &(0x7f0000000700)={0x0, 0xc, 0x8001, 0xfff}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)=[0x1, 0x1, r4]}, 0x80) write$FUSE_DIRENT(r1, &(0x7f0000000080)={0x50, 0x0, 0x0, [{0x5, 0x3, 0x3, 0x80, '#){'}, {0x0, 0xd5f, 0x2, 0x3ff, '@)'}]}, 0x50) write$FUSE_STATFS(0xffffffffffffffff, &(0x7f0000000000)={0x60, 0xfffffffffffffff5, 0x0, {{0x8000, 0x23500a0f, 0x2000000000000000, 0x4, 0xffffffff, 0x3f, 0xff, 0x4}}}, 0x60) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) write$FUSE_NOTIFY_DELETE(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB="b500000006000000000000000000000000000000800000000200000000000000090000000000000026252a253a310600000000201a680365e71fdc4d9ec6599676e0bc04397073b6bacddb19af87c7f5cae3624e76360c093e264117476c8af0b46965a427721586d9c7122d42088daa5d10cc000000000000000000000000003df4bf5c861556bb05c2f15aec3fb3a100c8884114ae932a8bda6350733624da011d4b682060ed14a6f141ace8e63f5913b50288158dd4212aac9acfb38ce728d60ccce8c28f5d97"], 0x35) 10:58:16 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x5, 0x8, 0x3, 0x0, [0x0, 0x0, 0x0]}}, 0x2b) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) (async) openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async) write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x5, 0x8, 0x3, 0x0, [0x0, 0x0, 0x0]}}, 0x2b) (async) [ 2047.438503] FAULT_INJECTION: forcing a failure. [ 2047.438503] name failslab, interval 1, probability 0, space 0, times 0 [ 2047.451946] CPU: 1 PID: 24117 Comm: syz-executor.1 Not tainted 4.14.286-syzkaller #0 [ 2047.459818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2047.469150] Call Trace: [ 2047.471719] dump_stack+0x1b2/0x281 [ 2047.475334] should_fail.cold+0x10a/0x149 [ 2047.479460] should_failslab+0xd6/0x130 [ 2047.483409] kmem_cache_alloc+0x28e/0x3c0 [ 2047.487542] __kernfs_new_node+0x6f/0x470 [ 2047.491679] kernfs_new_node+0x7b/0xe0 [ 2047.495546] __kernfs_create_file+0x3d/0x320 [ 2047.499944] sysfs_add_file_mode_ns+0x1e1/0x450 [ 2047.504612] sysfs_merge_group+0xdc/0x200 [ 2047.508752] dpm_sysfs_add+0x122/0x1c0 [ 2047.512615] device_add+0x977/0x15c0 [ 2047.516307] ? device_is_dependent+0x2a0/0x2a0 [ 2047.520866] ? kfree+0x1f0/0x250 [ 2047.524218] device_create_groups_vargs+0x1dc/0x250 [ 2047.529231] device_create_vargs+0x3a/0x50 [ 2047.533447] bdi_register_va.part.0+0x35/0x650 [ 2047.538007] bdi_register_va+0x63/0x80 [ 2047.541872] super_setup_bdi_name+0x123/0x220 [ 2047.546351] ? kill_block_super+0xe0/0xe0 [ 2047.550485] ? do_raw_spin_unlock+0x164/0x220 [ 2047.554965] fuse_fill_super+0x937/0x15c0 [ 2047.559103] ? fuse_get_root_inode+0xc0/0xc0 [ 2047.563488] ? up_write+0x17/0x60 [ 2047.566925] ? register_shrinker+0x15f/0x220 [ 2047.571318] ? sget_userns+0x768/0xc10 [ 2047.575184] ? get_anon_bdev+0x1c0/0x1c0 [ 2047.579220] ? sget+0xd9/0x110 [ 2047.582401] ? fuse_get_root_inode+0xc0/0xc0 [ 2047.586798] mount_nodev+0x4c/0xf0 [ 2047.590323] mount_fs+0x92/0x2a0 [ 2047.593668] vfs_kern_mount.part.0+0x5b/0x470 [ 2047.598142] do_mount+0xe65/0x2a30 [ 2047.601672] ? copy_mount_string+0x40/0x40 [ 2047.605890] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 2047.610887] ? copy_mnt_ns+0xa30/0xa30 [ 2047.614757] ? copy_mount_options+0x1fa/0x2f0 [ 2047.619226] ? copy_mnt_ns+0xa30/0xa30 [ 2047.623089] SyS_mount+0xa8/0x120 [ 2047.626526] ? copy_mnt_ns+0xa30/0xa30 [ 2047.630399] do_syscall_64+0x1d5/0x640 [ 2047.634273] entry_SYSCALL_64_after_hwframe+0x46/0xbb 10:58:16 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 37) 10:58:16 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="f00000001a00030f0000000000000000ac1414aa0000000000000000000000007f00000100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000ac140700"/168], 0xf0}}, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) (async) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="f00000001a00030f0000000000000000ac1414aa0000000000000000000000007f00000100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000ac140700"/168], 0xf0}}, 0x0) (async) 10:58:16 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x5, 0x8, 0x3, 0x0, [0x0, 0x0, 0x0]}}, 0x2b) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) (async) openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async) write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x5, 0x8, 0x3, 0x0, [0x0, 0x0, 0x0]}}, 0x2b) (async) 10:58:16 executing program 5: getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000240)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}]}}) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000400)={0x1, 0x58, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=@base={0x6, 0x5, 0x7, 0x8, 0x201, 0x1, 0x81, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x3, 0x4}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x14, 0x1, &(0x7f0000000280)=@raw=[@jmp={0x5, 0x1, 0x9, 0x1, 0x5, 0x8, 0xfffffffffffffffc}], &(0x7f00000002c0)='GPL\x00', 0x3, 0x81, &(0x7f0000000300)=""/129, 0x40f00, 0xa, '\x00', r3, 0x6, 0xffffffffffffffff, 0x8, &(0x7f00000006c0)={0x9, 0x5}, 0x8, 0x10, &(0x7f0000000700)={0x0, 0xc, 0x8001, 0xfff}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)=[0x1, 0x1, r4]}, 0x80) write$FUSE_DIRENT(r1, &(0x7f0000000080)={0x50, 0x0, 0x0, [{0x5, 0x3, 0x3, 0x80, '#){'}, {0x0, 0xd5f, 0x2, 0x3ff, '@)'}]}, 0x50) write$FUSE_STATFS(0xffffffffffffffff, &(0x7f0000000000)={0x60, 0xfffffffffffffff5, 0x0, {{0x8000, 0x23500a0f, 0x2000000000000000, 0x4, 0xffffffff, 0x3f, 0xff, 0x4}}}, 0x60) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) write$FUSE_NOTIFY_DELETE(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB="b500000006000000000000000000000000000000800000000200000000000000090000000000000026252a253a310600000000201a680365e71fdc4d9ec6599676e0bc04397073b6bacddb19af87c7f5cae3624e76360c093e264117476c8af0b46965a427721586d9c7122d42088daa5d10cc000000000000000000000000003df4bf5c861556bb05c2f15aec3fb3a100c8884114ae932a8bda6350733624da011d4b682060ed14a6f141ace8e63f5913b50288158dd4212aac9acfb38ce728d60ccce8c28f5d97"], 0x35) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)) (async) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000240)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}]}}) (async) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000400)={0x1, 0x58, &(0x7f0000000640)}, 0x10) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000740)=@base={0x6, 0x5, 0x7, 0x8, 0x201, 0x1, 0x81, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x3, 0x4}, 0x48) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x14, 0x1, &(0x7f0000000280)=@raw=[@jmp={0x5, 0x1, 0x9, 0x1, 0x5, 0x8, 0xfffffffffffffffc}], &(0x7f00000002c0)='GPL\x00', 0x3, 0x81, &(0x7f0000000300)=""/129, 0x40f00, 0xa, '\x00', r3, 0x6, 0xffffffffffffffff, 0x8, &(0x7f00000006c0)={0x9, 0x5}, 0x8, 0x10, &(0x7f0000000700)={0x0, 0xc, 0x8001, 0xfff}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)=[0x1, 0x1, r4]}, 0x80) (async) write$FUSE_DIRENT(r1, &(0x7f0000000080)={0x50, 0x0, 0x0, [{0x5, 0x3, 0x3, 0x80, '#){'}, {0x0, 0xd5f, 0x2, 0x3ff, '@)'}]}, 0x50) (async) write$FUSE_STATFS(0xffffffffffffffff, &(0x7f0000000000)={0x60, 0xfffffffffffffff5, 0x0, {{0x8000, 0x23500a0f, 0x2000000000000000, 0x4, 0xffffffff, 0x3f, 0xff, 0x4}}}, 0x60) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) (async) write$FUSE_NOTIFY_DELETE(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB="b500000006000000000000000000000000000000800000000200000000000000090000000000000026252a253a310600000000201a680365e71fdc4d9ec6599676e0bc04397073b6bacddb19af87c7f5cae3624e76360c093e264117476c8af0b46965a427721586d9c7122d42088daa5d10cc000000000000000000000000003df4bf5c861556bb05c2f15aec3fb3a100c8884114ae932a8bda6350733624da011d4b682060ed14a6f141ace8e63f5913b50288158dd4212aac9acfb38ce728d60ccce8c28f5d97"], 0x35) (async) 10:58:16 executing program 0: openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080), 0x105000, 0x0) r1 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(r1, 0x0, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="ef8f11dcabbc716e82834a832f2ba09034bf5b49c79a8cff77c85cd98762d2ae3f67317768d08417e95fafeda51ddecab760aa8bb1c1a62178d481ee8d4d7e9a9508b17cefb9255af70b8c530f49572557e003062f56525219814154ecdec579e12907b9ace5666893c017fccb90a198a42fa2e6ee088297f093a7ebd47329b586fcf532ac465e67b87afb2c9de1cb658c2963768063521ef050106bcde308310b63e028", @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000010000,user_id=', @ANYRESDEC=0x0, @ANYBLOB="2c67020000005f69643d", @ANYRESDEC=r1, @ANYBLOB=',\x00']) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0x58, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x5, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffa, 0x0, 0x0, 0x0, 0x3}, [@kfunc={0x85, 0x0, 0x2, 0x0, 0x5}, @ldst={0x1, 0x3, 0x0, 0x3, 0x6, 0x10, 0xfffffffffffffff0}]}, &(0x7f00000000c0)='syzkaller\x00', 0x5, 0x0, 0x0, 0x41000, 0x1, '\x00', r2, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000380)={0x5, 0x4}, 0x8, 0x10, &(0x7f00000003c0)={0x4, 0x6, 0x100}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000400)=[r0, r0, r0, r0]}, 0x80) 10:58:16 executing program 3: getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r4 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r5}, 0x2c, {'group_id', 0x3d, r3}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) read$FUSE(r4, &(0x7f0000004100)={0x2020}, 0x2020) r6 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r6, 0x6, 0x14, &(0x7f00000000c0)=0x2, 0x4) mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x81448a, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x740903, 0x0) [ 2047.639451] RIP: 0033:0x7fc09e230109 [ 2047.643143] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2047.650825] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 [ 2047.658070] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 [ 2047.665321] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 [ 2047.672573] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2047.679818] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 10:58:16 executing program 2: bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000080)={0xffffffffffffffff, 0x58, &(0x7f0000000000)={0x0, 0x0}}, 0x10) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={r0, 0x8e8, 0x10}, 0xc) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) bpf$BPF_MAP_FREEZE(0x16, &(0x7f0000000100)=r1, 0x4) 10:58:16 executing program 3: getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) (async) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) (async) r4 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r5}, 0x2c, {'group_id', 0x3d, r3}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async) read$FUSE(r4, &(0x7f0000004100)={0x2020}, 0x2020) (async) r6 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r6, 0x6, 0x14, &(0x7f00000000c0)=0x2, 0x4) (async) mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x81448a, 0x0) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x740903, 0x0) 10:58:16 executing program 2: bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000080)={0xffffffffffffffff, 0x58, &(0x7f0000000000)={0x0, 0x0}}, 0x10) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={r0, 0x8e8, 0x10}, 0xc) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) (async) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) bpf$BPF_MAP_FREEZE(0x16, &(0x7f0000000100)=r1, 0x4) 10:58:16 executing program 5: getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) (async) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000240)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}]}}) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000400)={0x1, 0x58, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=@base={0x6, 0x5, 0x7, 0x8, 0x201, 0x1, 0x81, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x3, 0x4}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x14, 0x1, &(0x7f0000000280)=@raw=[@jmp={0x5, 0x1, 0x9, 0x1, 0x5, 0x8, 0xfffffffffffffffc}], &(0x7f00000002c0)='GPL\x00', 0x3, 0x81, &(0x7f0000000300)=""/129, 0x40f00, 0xa, '\x00', r3, 0x6, 0xffffffffffffffff, 0x8, &(0x7f00000006c0)={0x9, 0x5}, 0x8, 0x10, &(0x7f0000000700)={0x0, 0xc, 0x8001, 0xfff}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)=[0x1, 0x1, r4]}, 0x80) (async) write$FUSE_DIRENT(r1, &(0x7f0000000080)={0x50, 0x0, 0x0, [{0x5, 0x3, 0x3, 0x80, '#){'}, {0x0, 0xd5f, 0x2, 0x3ff, '@)'}]}, 0x50) write$FUSE_STATFS(0xffffffffffffffff, &(0x7f0000000000)={0x60, 0xfffffffffffffff5, 0x0, {{0x8000, 0x23500a0f, 0x2000000000000000, 0x4, 0xffffffff, 0x3f, 0xff, 0x4}}}, 0x60) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) (async) write$FUSE_NOTIFY_DELETE(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB="b500000006000000000000000000000000000000800000000200000000000000090000000000000026252a253a310600000000201a680365e71fdc4d9ec6599676e0bc04397073b6bacddb19af87c7f5cae3624e76360c093e264117476c8af0b46965a427721586d9c7122d42088daa5d10cc000000000000000000000000003df4bf5c861556bb05c2f15aec3fb3a100c8884114ae932a8bda6350733624da011d4b682060ed14a6f141ace8e63f5913b50288158dd4212aac9acfb38ce728d60ccce8c28f5d97"], 0x35) 10:58:16 executing program 3: getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) (async) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) (async) r4 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r5}, 0x2c, {'group_id', 0x3d, r3}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async) read$FUSE(r4, &(0x7f0000004100)={0x2020}, 0x2020) r6 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r6, 0x6, 0x14, &(0x7f00000000c0)=0x2, 0x4) mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x81448a, 0x0) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x740903, 0x0) 10:58:16 executing program 0: openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async, rerun: 64) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080), 0x105000, 0x0) (rerun: 64) r1 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(r1, 0x0, 0x0) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="ef8f11dcabbc716e82834a832f2ba09034bf5b49c79a8cff77c85cd98762d2ae3f67317768d08417e95fafeda51ddecab760aa8bb1c1a62178d481ee8d4d7e9a9508b17cefb9255af70b8c530f49572557e003062f56525219814154ecdec579e12907b9ace5666893c017fccb90a198a42fa2e6ee088297f093a7ebd47329b586fcf532ac465e67b87afb2c9de1cb658c2963768063521ef050106bcde308310b63e028", @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000010000,user_id=', @ANYRESDEC=0x0, @ANYBLOB="2c67020000005f69643d", @ANYRESDEC=r1, @ANYBLOB=',\x00']) (async, rerun: 64) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0x58, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) (rerun: 64) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x5, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffa, 0x0, 0x0, 0x0, 0x3}, [@kfunc={0x85, 0x0, 0x2, 0x0, 0x5}, @ldst={0x1, 0x3, 0x0, 0x3, 0x6, 0x10, 0xfffffffffffffff0}]}, &(0x7f00000000c0)='syzkaller\x00', 0x5, 0x0, 0x0, 0x41000, 0x1, '\x00', r2, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000380)={0x5, 0x4}, 0x8, 0x10, &(0x7f00000003c0)={0x4, 0x6, 0x100}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000400)=[r0, r0, r0, r0]}, 0x80) 10:58:16 executing program 2: bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000080)={0xffffffffffffffff, 0x58, &(0x7f0000000000)={0x0, 0x0}}, 0x10) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={r0, 0x8e8, 0x10}, 0xc) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) (async) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) (async) bpf$BPF_MAP_FREEZE(0x16, &(0x7f0000000100)=r1, 0x4) [ 2047.885399] FAULT_INJECTION: forcing a failure. [ 2047.885399] name failslab, interval 1, probability 0, space 0, times 0 [ 2047.907414] CPU: 1 PID: 24166 Comm: syz-executor.1 Not tainted 4.14.286-syzkaller #0 [ 2047.915311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2047.924676] Call Trace: [ 2047.927263] dump_stack+0x1b2/0x281 [ 2047.930883] should_fail.cold+0x10a/0x149 [ 2047.935012] should_failslab+0xd6/0x130 [ 2047.938965] kmem_cache_alloc+0x28e/0x3c0 [ 2047.943094] __kernfs_new_node+0x6f/0x470 [ 2047.947340] kernfs_new_node+0x7b/0xe0 [ 2047.951301] __kernfs_create_file+0x3d/0x320 [ 2047.955702] sysfs_add_file_mode_ns+0x1e1/0x450 [ 2047.960354] sysfs_merge_group+0xdc/0x200 [ 2047.964502] dpm_sysfs_add+0x122/0x1c0 [ 2047.968391] device_add+0x977/0x15c0 [ 2047.972088] ? device_is_dependent+0x2a0/0x2a0 [ 2047.976648] ? kfree+0x1f0/0x250 [ 2047.980164] device_create_groups_vargs+0x1dc/0x250 [ 2047.985163] device_create_vargs+0x3a/0x50 [ 2047.989396] bdi_register_va.part.0+0x35/0x650 [ 2047.993969] bdi_register_va+0x63/0x80 [ 2047.997838] super_setup_bdi_name+0x123/0x220 [ 2048.002320] ? kill_block_super+0xe0/0xe0 [ 2048.006463] ? do_raw_spin_unlock+0x164/0x220 [ 2048.010949] fuse_fill_super+0x937/0x15c0 [ 2048.015083] ? fuse_get_root_inode+0xc0/0xc0 [ 2048.019474] ? up_write+0x17/0x60 [ 2048.022911] ? register_shrinker+0x15f/0x220 [ 2048.027311] ? sget_userns+0x768/0xc10 [ 2048.031194] ? get_anon_bdev+0x1c0/0x1c0 [ 2048.035239] ? sget+0xd9/0x110 [ 2048.038431] ? fuse_get_root_inode+0xc0/0xc0 [ 2048.042821] mount_nodev+0x4c/0xf0 [ 2048.046340] mount_fs+0x92/0x2a0 [ 2048.049706] vfs_kern_mount.part.0+0x5b/0x470 [ 2048.054190] do_mount+0xe65/0x2a30 [ 2048.057715] ? copy_mount_string+0x40/0x40 [ 2048.061930] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 2048.066946] ? copy_mnt_ns+0xa30/0xa30 [ 2048.070817] ? copy_mount_options+0x1fa/0x2f0 [ 2048.075294] ? copy_mnt_ns+0xa30/0xa30 [ 2048.079161] SyS_mount+0xa8/0x120 [ 2048.082937] ? copy_mnt_ns+0xa30/0xa30 [ 2048.086809] do_syscall_64+0x1d5/0x640 [ 2048.090683] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2048.095858] RIP: 0033:0x7fc09e230109 [ 2048.099544] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2048.107229] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 [ 2048.114477] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 [ 2048.121727] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 [ 2048.128976] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 10:58:17 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 38) 10:58:17 executing program 3: openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x2021000, 0x0) 10:58:17 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000240)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) getresuid(&(0x7f00000000c0)=0x0, &(0x7f0000000100), &(0x7f0000000140)) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r3}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r4}}]}}) mount$fuseblk(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x40000, &(0x7f0000002280)={{}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {'user_id', 0x3d, 0xffffffffffffffff}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@blksize={'blksize', 0x3d, 0x1a00}}], [{@subj_user={'subj_user', 0x3d, '\']/*}[!'}}, {@smackfsfloor={'smackfsfloor', 0x3d, '-\xf0$(.&\x13'}}, {@smackfsroot={'smackfsroot', 0x3d, '-@'}}, {@fsmagic={'fsmagic', 0x3d, 0x10001}}, {@uid_eq={'uid', 0x3d, r1}}, {@fowner_eq={'fowner', 0x3d, r4}}, {@smackfsdef={'smackfsdef', 0x3d, ',,'}}, {@audit}]}}) 10:58:17 executing program 0: openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080), 0x105000, 0x0) r1 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(r1, 0x0, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="ef8f11dcabbc716e82834a832f2ba09034bf5b49c79a8cff77c85cd98762d2ae3f67317768d08417e95fafeda51ddecab760aa8bb1c1a62178d481ee8d4d7e9a9508b17cefb9255af70b8c530f49572557e003062f56525219814154ecdec579e12907b9ace5666893c017fccb90a198a42fa2e6ee088297f093a7ebd47329b586fcf532ac465e67b87afb2c9de1cb658c2963768063521ef050106bcde308310b63e028", @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000010000,user_id=', @ANYRESDEC=0x0, @ANYBLOB="2c67020000005f69643d", @ANYRESDEC=r1, @ANYBLOB=',\x00']) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0x58, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x5, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffa, 0x0, 0x0, 0x0, 0x3}, [@kfunc={0x85, 0x0, 0x2, 0x0, 0x5}, @ldst={0x1, 0x3, 0x0, 0x3, 0x6, 0x10, 0xfffffffffffffff0}]}, &(0x7f00000000c0)='syzkaller\x00', 0x5, 0x0, 0x0, 0x41000, 0x1, '\x00', r2, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000380)={0x5, 0x4}, 0x8, 0x10, &(0x7f00000003c0)={0x4, 0x6, 0x100}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000400)=[r0, r0, r0, r0]}, 0x80) openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000080), 0x105000, 0x0) (async) socket$nl_rdma(0x10, 0x3, 0x14) (async) sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(r1, 0x0, 0x0) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="ef8f11dcabbc716e82834a832f2ba09034bf5b49c79a8cff77c85cd98762d2ae3f67317768d08417e95fafeda51ddecab760aa8bb1c1a62178d481ee8d4d7e9a9508b17cefb9255af70b8c530f49572557e003062f56525219814154ecdec579e12907b9ace5666893c017fccb90a198a42fa2e6ee088297f093a7ebd47329b586fcf532ac465e67b87afb2c9de1cb658c2963768063521ef050106bcde308310b63e028", @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000010000,user_id=', @ANYRESDEC=0x0, @ANYBLOB="2c67020000005f69643d", @ANYRESDEC=r1, @ANYBLOB=',\x00']) (async) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0x58, &(0x7f0000000180)}, 0x10) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x5, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffa, 0x0, 0x0, 0x0, 0x3}, [@kfunc={0x85, 0x0, 0x2, 0x0, 0x5}, @ldst={0x1, 0x3, 0x0, 0x3, 0x6, 0x10, 0xfffffffffffffff0}]}, &(0x7f00000000c0)='syzkaller\x00', 0x5, 0x0, 0x0, 0x41000, 0x1, '\x00', r2, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000380)={0x5, 0x4}, 0x8, 0x10, &(0x7f00000003c0)={0x4, 0x6, 0x100}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000400)=[r0, r0, r0, r0]}, 0x80) (async) 10:58:17 executing program 5: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0), 0x121000, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000340)=@bpf_ext={0x1c, 0x5, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0xfffffff9}, [@initr0={0x18, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x9}]}, &(0x7f0000000100)='syzkaller\x00', 0x3, 0xc5, &(0x7f0000000140)=""/197, 0x41000, 0x1, '\x00', 0x0, 0x0, r0, 0x8, &(0x7f0000000240)={0x5, 0x2}, 0x8, 0x10, &(0x7f0000000280)={0x1, 0x2, 0x9, 0x4}, 0x10, 0x8692, 0xffffffffffffffff, 0x0, &(0x7f0000000300)=[r1, 0x1, 0x1, 0x1, 0xffffffffffffffff]}, 0x80) bpf$BPF_PROG_GET_FD_BY_ID(0xd, 0x0, 0x0) write$FUSE_DIRENT(0xffffffffffffffff, &(0x7f0000000000)={0xc0, 0xb, 0x0, [{0x2, 0x7, 0x5, 0x8, '{--]/'}, {0x4, 0xa0, 0x7, 0x8001, '@&1#)-('}, {0x3, 0x9, 0x0, 0x5}, {0x5, 0x6, 0x1, 0x40, '\''}, {0x5, 0x3ff, 0x1, 0x6, '$'}, {0x2, 0x4, 0x0, 0xbfe}]}, 0xc0) 10:58:17 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="f00000001a00030f0000000000000000ac1414aa0000000000000000000000007f00ab0100000000000000000800000000000000000000f851de80280d3b040047dbe593a875e49abbd0b37acfeaa5d8613b54ab6493bb3c75a0daebc9e89cb6a9607751c036bfea8cf2594077bac4dc7485671adeaa95", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000ac1414bb00"/168], 0xf0}}, 0x0) [ 2048.136219] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 10:58:17 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000240)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) getresuid(&(0x7f00000000c0)=0x0, &(0x7f0000000100), &(0x7f0000000140)) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r3}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r4}}]}}) mount$fuseblk(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x40000, &(0x7f0000002280)={{}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {'user_id', 0x3d, 0xffffffffffffffff}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@blksize={'blksize', 0x3d, 0x1a00}}], [{@subj_user={'subj_user', 0x3d, '\']/*}[!'}}, {@smackfsfloor={'smackfsfloor', 0x3d, '-\xf0$(.&\x13'}}, {@smackfsroot={'smackfsroot', 0x3d, '-@'}}, {@fsmagic={'fsmagic', 0x3d, 0x10001}}, {@uid_eq={'uid', 0x3d, r1}}, {@fowner_eq={'fowner', 0x3d, r4}}, {@smackfsdef={'smackfsdef', 0x3d, ',,'}}, {@audit}]}}) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) (async) read$FUSE(0xffffffffffffffff, &(0x7f0000000240)={0x2020}, 0x2020) (async) getresuid(&(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000140)) (async) getresuid(&(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100)) (async) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)) (async) getresuid(&(0x7f0000000200), &(0x7f0000000240), &(0x7f0000000280)) (async) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r3}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r4}}]}}) (async) mount$fuseblk(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x40000, &(0x7f0000002280)={{}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {'user_id', 0x3d, 0xffffffffffffffff}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@blksize={'blksize', 0x3d, 0x1a00}}], [{@subj_user={'subj_user', 0x3d, '\']/*}[!'}}, {@smackfsfloor={'smackfsfloor', 0x3d, '-\xf0$(.&\x13'}}, {@smackfsroot={'smackfsroot', 0x3d, '-@'}}, {@fsmagic={'fsmagic', 0x3d, 0x10001}}, {@uid_eq={'uid', 0x3d, r1}}, {@fowner_eq={'fowner', 0x3d, r4}}, {@smackfsdef={'smackfsdef', 0x3d, ',,'}}, {@audit}]}}) (async) 10:58:17 executing program 3: openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x2021000, 0x0) 10:58:17 executing program 5: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) (async) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0), 0x121000, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000340)=@bpf_ext={0x1c, 0x5, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0xfffffff9}, [@initr0={0x18, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x9}]}, &(0x7f0000000100)='syzkaller\x00', 0x3, 0xc5, &(0x7f0000000140)=""/197, 0x41000, 0x1, '\x00', 0x0, 0x0, r0, 0x8, &(0x7f0000000240)={0x5, 0x2}, 0x8, 0x10, &(0x7f0000000280)={0x1, 0x2, 0x9, 0x4}, 0x10, 0x8692, 0xffffffffffffffff, 0x0, &(0x7f0000000300)=[r1, 0x1, 0x1, 0x1, 0xffffffffffffffff]}, 0x80) (async) bpf$BPF_PROG_GET_FD_BY_ID(0xd, 0x0, 0x0) write$FUSE_DIRENT(0xffffffffffffffff, &(0x7f0000000000)={0xc0, 0xb, 0x0, [{0x2, 0x7, 0x5, 0x8, '{--]/'}, {0x4, 0xa0, 0x7, 0x8001, '@&1#)-('}, {0x3, 0x9, 0x0, 0x5}, {0x5, 0x6, 0x1, 0x40, '\''}, {0x5, 0x3ff, 0x1, 0x6, '$'}, {0x2, 0x4, 0x0, 0xbfe}]}, 0xc0) 10:58:17 executing program 3: openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x2021000, 0x0) 10:58:17 executing program 0: write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000180)={0x50, 0xffffffffffffffda, 0x0, {0x7, 0x24, 0x4, 0x120040, 0xffff, 0x2, 0xae, 0xffffffff}}, 0x50) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) 10:58:17 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000240)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) (async) getresuid(&(0x7f00000000c0)=0x0, &(0x7f0000000100), &(0x7f0000000140)) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r3}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r4}}]}}) mount$fuseblk(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x40000, &(0x7f0000002280)={{}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {'user_id', 0x3d, 0xffffffffffffffff}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@blksize={'blksize', 0x3d, 0x1a00}}], [{@subj_user={'subj_user', 0x3d, '\']/*}[!'}}, {@smackfsfloor={'smackfsfloor', 0x3d, '-\xf0$(.&\x13'}}, {@smackfsroot={'smackfsroot', 0x3d, '-@'}}, {@fsmagic={'fsmagic', 0x3d, 0x10001}}, {@uid_eq={'uid', 0x3d, r1}}, {@fowner_eq={'fowner', 0x3d, r4}}, {@smackfsdef={'smackfsdef', 0x3d, ',,'}}, {@audit}]}}) [ 2048.364237] FAULT_INJECTION: forcing a failure. [ 2048.364237] name failslab, interval 1, probability 0, space 0, times 0 [ 2048.376479] CPU: 0 PID: 24213 Comm: syz-executor.1 Not tainted 4.14.286-syzkaller #0 [ 2048.384378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2048.393724] Call Trace: [ 2048.396295] dump_stack+0x1b2/0x281 [ 2048.399904] should_fail.cold+0x10a/0x149 [ 2048.404031] should_failslab+0xd6/0x130 [ 2048.407984] kmem_cache_alloc+0x28e/0x3c0 [ 2048.412110] __kernfs_new_node+0x6f/0x470 [ 2048.416239] kernfs_new_node+0x7b/0xe0 [ 2048.420103] __kernfs_create_file+0x3d/0x320 [ 2048.424608] sysfs_add_file_mode_ns+0x1e1/0x450 [ 2048.429269] sysfs_merge_group+0xdc/0x200 [ 2048.433394] ? __sanitizer_cov_trace_pc+0x2d/0x50 [ 2048.438220] dpm_sysfs_add+0x122/0x1c0 [ 2048.442086] device_add+0x977/0x15c0 [ 2048.445777] ? device_is_dependent+0x2a0/0x2a0 [ 2048.450390] ? kfree+0x1f0/0x250 [ 2048.453735] device_create_groups_vargs+0x1dc/0x250 [ 2048.458743] device_create_vargs+0x3a/0x50 [ 2048.462958] bdi_register_va.part.0+0x35/0x650 [ 2048.467519] bdi_register_va+0x63/0x80 [ 2048.471388] super_setup_bdi_name+0x123/0x220 [ 2048.475868] ? kill_block_super+0xe0/0xe0 [ 2048.480008] ? do_raw_spin_unlock+0x164/0x220 [ 2048.484489] fuse_fill_super+0x937/0x15c0 [ 2048.488616] ? fuse_get_root_inode+0xc0/0xc0 [ 2048.493004] ? up_write+0x17/0x60 [ 2048.496438] ? register_shrinker+0x15f/0x220 [ 2048.500827] ? sget_userns+0x768/0xc10 [ 2048.504703] ? get_anon_bdev+0x1c0/0x1c0 [ 2048.508752] ? sget+0xd9/0x110 [ 2048.511922] ? fuse_get_root_inode+0xc0/0xc0 [ 2048.516308] mount_nodev+0x4c/0xf0 [ 2048.519846] mount_fs+0x92/0x2a0 [ 2048.523191] vfs_kern_mount.part.0+0x5b/0x470 [ 2048.527666] do_mount+0xe65/0x2a30 [ 2048.531185] ? check_preemption_disabled+0x35/0x240 [ 2048.536204] ? retint_kernel+0x2d/0x2d [ 2048.540068] ? copy_mount_string+0x40/0x40 [ 2048.544284] ? copy_mount_options+0x185/0x2f0 [ 2048.548770] ? copy_mount_options+0x19a/0x2f0 [ 2048.553241] ? copy_mount_options+0x1fa/0x2f0 [ 2048.557715] ? copy_mnt_ns+0xa30/0xa30 [ 2048.561579] SyS_mount+0xa8/0x120 [ 2048.565010] ? copy_mnt_ns+0xa30/0xa30 [ 2048.568883] do_syscall_64+0x1d5/0x640 [ 2048.572749] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2048.577919] RIP: 0033:0x7fc09e230109 [ 2048.581615] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2048.589297] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 [ 2048.596982] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 [ 2048.604229] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 10:58:17 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 39) 10:58:17 executing program 3: ioctl$PPPIOCGIDLE(0xffffffffffffffff, 0x8010743f, &(0x7f0000000040)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x81048a, 0x0) 10:58:17 executing program 2: ioctl$SNAPSHOT_SET_SWAP_AREA(0xffffffffffffffff, 0x400c330d, &(0x7f0000000000)={0x80, 0x2}) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) 10:58:17 executing program 0: write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000180)={0x50, 0xffffffffffffffda, 0x0, {0x7, 0x24, 0x4, 0x120040, 0xffff, 0x2, 0xae, 0xffffffff}}, 0x50) (async) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) 10:58:17 executing program 5: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0), 0x121000, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000340)=@bpf_ext={0x1c, 0x5, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0xfffffff9}, [@initr0={0x18, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x9}]}, &(0x7f0000000100)='syzkaller\x00', 0x3, 0xc5, &(0x7f0000000140)=""/197, 0x41000, 0x1, '\x00', 0x0, 0x0, r0, 0x8, &(0x7f0000000240)={0x5, 0x2}, 0x8, 0x10, &(0x7f0000000280)={0x1, 0x2, 0x9, 0x4}, 0x10, 0x8692, 0xffffffffffffffff, 0x0, &(0x7f0000000300)=[r1, 0x1, 0x1, 0x1, 0xffffffffffffffff]}, 0x80) bpf$BPF_PROG_GET_FD_BY_ID(0xd, 0x0, 0x0) write$FUSE_DIRENT(0xffffffffffffffff, &(0x7f0000000000)={0xc0, 0xb, 0x0, [{0x2, 0x7, 0x5, 0x8, '{--]/'}, {0x4, 0xa0, 0x7, 0x8001, '@&1#)-('}, {0x3, 0x9, 0x0, 0x5}, {0x5, 0x6, 0x1, 0x40, '\''}, {0x5, 0x3ff, 0x1, 0x6, '$'}, {0x2, 0x4, 0x0, 0xbfe}]}, 0xc0) openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (async) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) (async) openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0), 0x121000, 0x0) (async) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000340)=@bpf_ext={0x1c, 0x5, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0xfffffff9}, [@initr0={0x18, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x9}]}, &(0x7f0000000100)='syzkaller\x00', 0x3, 0xc5, &(0x7f0000000140)=""/197, 0x41000, 0x1, '\x00', 0x0, 0x0, r0, 0x8, &(0x7f0000000240)={0x5, 0x2}, 0x8, 0x10, &(0x7f0000000280)={0x1, 0x2, 0x9, 0x4}, 0x10, 0x8692, 0xffffffffffffffff, 0x0, &(0x7f0000000300)=[r1, 0x1, 0x1, 0x1, 0xffffffffffffffff]}, 0x80) (async) bpf$BPF_PROG_GET_FD_BY_ID(0xd, 0x0, 0x0) (async) write$FUSE_DIRENT(0xffffffffffffffff, &(0x7f0000000000)={0xc0, 0xb, 0x0, [{0x2, 0x7, 0x5, 0x8, '{--]/'}, {0x4, 0xa0, 0x7, 0x8001, '@&1#)-('}, {0x3, 0x9, 0x0, 0x5}, {0x5, 0x6, 0x1, 0x40, '\''}, {0x5, 0x3ff, 0x1, 0x6, '$'}, {0x2, 0x4, 0x0, 0xbfe}]}, 0xc0) (async) 10:58:17 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="f00000001a00030f0000000000000000ac1414aa0000000000000000000000007f00ab0100000000000000000800000000000000000000f851de80280d3b040047dbe593a875e49abbd0b37acfeaa5d8613b54ab6493bb3c75a0daebc9e89cb6a9607751c036bfea8cf2594077bac4dc7485671adeaa95", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000ac1414bb00"/168], 0xf0}}, 0x0) 10:58:17 executing program 2: ioctl$SNAPSHOT_SET_SWAP_AREA(0xffffffffffffffff, 0x400c330d, &(0x7f0000000000)={0x80, 0x2}) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) [ 2048.611486] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2048.618732] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 10:58:17 executing program 2: ioctl$SNAPSHOT_SET_SWAP_AREA(0xffffffffffffffff, 0x400c330d, &(0x7f0000000000)={0x80, 0x2}) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) 10:58:17 executing program 3: ioctl$PPPIOCGIDLE(0xffffffffffffffff, 0x8010743f, &(0x7f0000000040)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x81048a, 0x0) 10:58:17 executing program 5: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) write$FUSE_WRITE(0xffffffffffffffff, &(0x7f0000000000)={0x18, 0x0, 0x0, {0x9731}}, 0x18) 10:58:17 executing program 2: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) bpf$MAP_DELETE_BATCH(0x1b, &(0x7f0000000340)={&(0x7f0000000000)="a125d3fa3de56dd0ad7ee6b45019b76fa3931dde51830808d861adfaf6c3b09d972ae017d7827a1a8b50e7f524c8c6d3350313b60a401cdbc2b02ed6815a7febf12be97849290a9ce1a9", &(0x7f0000000080)=""/83, &(0x7f0000000100)="6eb601c7320cca7cfd91f1731da53c3a6895d5a9c6e4b10ddac2e32cb2296fb8ffec85e03cdcbba884616bdbdf6eadc8e0840e08c757dbba775e747bf66096235762d4cbe1bdfd160023b70577f5abd6b0504f216f0602888bf3ff81429d4b8c057ebee12df09739203bb48e10e27d20893890fe13a5fa64a62c5738ec2bd578e1bb91bb02de57de7ce6927cca753356c22bb207bbc7a848e43a7346956cb724e97ccc2b1c658c7ce88eb80ea9c24573b5570f17abadbe7dcb2decf3f0f116412eb8f66590c4d2004b3d2f74e4ea", &(0x7f0000000240)="f3eef7e4719f391b29dcf54c9017631b195dd3493e1436d52fc16350096f87cbcd26c45d75f69b2b393afa0437ab83e1582f6e3c941d952b960896397edb876f5ffbf4ed305f59b04d600b4c7312eb442e3a2111b0b5c2f786fdc3ad97ba4cf83dcbd7b2006362c7f6bfb1273c587d54eba20f96ff50de7ff7fd4c04da791938014c7de8b3873396098b1126c247a5d225bfb484e89612a8045fc9554abdee1fdd1cbf25b6e895bbe60878477faaab5e95537ebadd7dd5a4611cd52f46e1f2cc71575e9e4406b606e70b18", 0x800, r0}, 0x38) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) write$FUSE_NOTIFY_DELETE(r0, &(0x7f0000000380)={0x32, 0x6, 0x0, {0x1, 0x5, 0x9, 0x0, '/dev/vcs\x00'}}, 0x32) 10:58:17 executing program 0: write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000180)={0x50, 0xffffffffffffffda, 0x0, {0x7, 0x24, 0x4, 0x120040, 0xffff, 0x2, 0xae, 0xffffffff}}, 0x50) (async, rerun: 64) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) (rerun: 64) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) [ 2048.843446] FAULT_INJECTION: forcing a failure. [ 2048.843446] name failslab, interval 1, probability 0, space 0, times 0 [ 2048.855143] CPU: 1 PID: 24255 Comm: syz-executor.1 Not tainted 4.14.286-syzkaller #0 [ 2048.863015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2048.872349] Call Trace: [ 2048.874926] dump_stack+0x1b2/0x281 [ 2048.878608] should_fail.cold+0x10a/0x149 [ 2048.882740] should_failslab+0xd6/0x130 [ 2048.886696] kmem_cache_alloc_trace+0x29a/0x3d0 [ 2048.891342] ? dev_uevent_filter+0xd0/0xd0 [ 2048.895563] kobject_uevent_env+0x20c/0xf30 [ 2048.899871] ? wait_for_completion_io+0x10/0x10 [ 2048.904518] device_add+0xa47/0x15c0 [ 2048.908208] ? device_is_dependent+0x2a0/0x2a0 [ 2048.912766] ? kfree+0x1f0/0x250 [ 2048.916121] device_create_groups_vargs+0x1dc/0x250 [ 2048.921125] device_create_vargs+0x3a/0x50 [ 2048.925356] bdi_register_va.part.0+0x35/0x650 [ 2048.929921] bdi_register_va+0x63/0x80 [ 2048.933791] super_setup_bdi_name+0x123/0x220 [ 2048.938272] ? kill_block_super+0xe0/0xe0 [ 2048.942410] ? do_raw_spin_unlock+0x164/0x220 [ 2048.946889] fuse_fill_super+0x937/0x15c0 [ 2048.951015] ? fuse_get_root_inode+0xc0/0xc0 [ 2048.955410] ? up_write+0x17/0x60 [ 2048.958849] ? register_shrinker+0x15f/0x220 [ 2048.963238] ? sget_userns+0x768/0xc10 [ 2048.967104] ? get_anon_bdev+0x1c0/0x1c0 [ 2048.971140] ? sget+0xd9/0x110 [ 2048.974317] ? fuse_get_root_inode+0xc0/0xc0 [ 2048.978707] mount_nodev+0x4c/0xf0 [ 2048.982231] mount_fs+0x92/0x2a0 [ 2048.985579] vfs_kern_mount.part.0+0x5b/0x470 [ 2048.990055] do_mount+0xe65/0x2a30 [ 2048.993573] ? do_raw_spin_unlock+0x164/0x220 [ 2048.998052] ? copy_mount_string+0x40/0x40 [ 2049.002269] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 2049.007263] ? copy_mnt_ns+0xa30/0xa30 [ 2049.011226] ? copy_mount_options+0x1fa/0x2f0 [ 2049.015705] ? copy_mnt_ns+0xa30/0xa30 [ 2049.019579] SyS_mount+0xa8/0x120 [ 2049.023012] ? copy_mnt_ns+0xa30/0xa30 [ 2049.026876] do_syscall_64+0x1d5/0x640 [ 2049.030743] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2049.035916] RIP: 0033:0x7fc09e230109 10:58:18 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 40) 10:58:18 executing program 3: ioctl$PPPIOCGIDLE(0xffffffffffffffff, 0x8010743f, &(0x7f0000000040)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x81048a, 0x0) 10:58:18 executing program 2: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) (async) bpf$MAP_DELETE_BATCH(0x1b, &(0x7f0000000340)={&(0x7f0000000000)="a125d3fa3de56dd0ad7ee6b45019b76fa3931dde51830808d861adfaf6c3b09d972ae017d7827a1a8b50e7f524c8c6d3350313b60a401cdbc2b02ed6815a7febf12be97849290a9ce1a9", &(0x7f0000000080)=""/83, &(0x7f0000000100)="6eb601c7320cca7cfd91f1731da53c3a6895d5a9c6e4b10ddac2e32cb2296fb8ffec85e03cdcbba884616bdbdf6eadc8e0840e08c757dbba775e747bf66096235762d4cbe1bdfd160023b70577f5abd6b0504f216f0602888bf3ff81429d4b8c057ebee12df09739203bb48e10e27d20893890fe13a5fa64a62c5738ec2bd578e1bb91bb02de57de7ce6927cca753356c22bb207bbc7a848e43a7346956cb724e97ccc2b1c658c7ce88eb80ea9c24573b5570f17abadbe7dcb2decf3f0f116412eb8f66590c4d2004b3d2f74e4ea", &(0x7f0000000240)="f3eef7e4719f391b29dcf54c9017631b195dd3493e1436d52fc16350096f87cbcd26c45d75f69b2b393afa0437ab83e1582f6e3c941d952b960896397edb876f5ffbf4ed305f59b04d600b4c7312eb442e3a2111b0b5c2f786fdc3ad97ba4cf83dcbd7b2006362c7f6bfb1273c587d54eba20f96ff50de7ff7fd4c04da791938014c7de8b3873396098b1126c247a5d225bfb484e89612a8045fc9554abdee1fdd1cbf25b6e895bbe60878477faaab5e95537ebadd7dd5a4611cd52f46e1f2cc71575e9e4406b606e70b18", 0x800, r0}, 0x38) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) (async) write$FUSE_NOTIFY_DELETE(r0, &(0x7f0000000380)={0x32, 0x6, 0x0, {0x1, 0x5, 0x9, 0x0, '/dev/vcs\x00'}}, 0x32) 10:58:18 executing program 5: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) write$FUSE_WRITE(0xffffffffffffffff, &(0x7f0000000000)={0x18, 0x0, 0x0, {0x9731}}, 0x18) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) (async) write$FUSE_WRITE(0xffffffffffffffff, &(0x7f0000000000)={0x18, 0x0, 0x0, {0x9731}}, 0x18) (async) 10:58:18 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="f00000001a00030f0000000000000000ac1414aa0000000000000000000000007f00ab0100000000000000000800000000000000000000f851de80280d3b040047dbe593a875e49abbd0b37acfeaa5d8613b54ab6493bb3c75a0daebc9e89cb6a9607751c036bfea8cf2594077bac4dc7485671adeaa95", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000ac1414bb00"/168], 0xf0}}, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) (async) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="f00000001a00030f0000000000000000ac1414aa0000000000000000000000007f00ab0100000000000000000800000000000000000000f851de80280d3b040047dbe593a875e49abbd0b37acfeaa5d8613b54ab6493bb3c75a0daebc9e89cb6a9607751c036bfea8cf2594077bac4dc7485671adeaa95", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000ac1414bb00"/168], 0xf0}}, 0x0) (async) 10:58:18 executing program 0: openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) [ 2049.039609] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2049.047295] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 [ 2049.054548] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 [ 2049.061802] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 [ 2049.069049] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2049.076303] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 10:58:18 executing program 2: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) bpf$MAP_DELETE_BATCH(0x1b, &(0x7f0000000340)={&(0x7f0000000000)="a125d3fa3de56dd0ad7ee6b45019b76fa3931dde51830808d861adfaf6c3b09d972ae017d7827a1a8b50e7f524c8c6d3350313b60a401cdbc2b02ed6815a7febf12be97849290a9ce1a9", &(0x7f0000000080)=""/83, &(0x7f0000000100)="6eb601c7320cca7cfd91f1731da53c3a6895d5a9c6e4b10ddac2e32cb2296fb8ffec85e03cdcbba884616bdbdf6eadc8e0840e08c757dbba775e747bf66096235762d4cbe1bdfd160023b70577f5abd6b0504f216f0602888bf3ff81429d4b8c057ebee12df09739203bb48e10e27d20893890fe13a5fa64a62c5738ec2bd578e1bb91bb02de57de7ce6927cca753356c22bb207bbc7a848e43a7346956cb724e97ccc2b1c658c7ce88eb80ea9c24573b5570f17abadbe7dcb2decf3f0f116412eb8f66590c4d2004b3d2f74e4ea", &(0x7f0000000240)="f3eef7e4719f391b29dcf54c9017631b195dd3493e1436d52fc16350096f87cbcd26c45d75f69b2b393afa0437ab83e1582f6e3c941d952b960896397edb876f5ffbf4ed305f59b04d600b4c7312eb442e3a2111b0b5c2f786fdc3ad97ba4cf83dcbd7b2006362c7f6bfb1273c587d54eba20f96ff50de7ff7fd4c04da791938014c7de8b3873396098b1126c247a5d225bfb484e89612a8045fc9554abdee1fdd1cbf25b6e895bbe60878477faaab5e95537ebadd7dd5a4611cd52f46e1f2cc71575e9e4406b606e70b18", 0x800, r0}, 0x38) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) write$FUSE_NOTIFY_DELETE(r0, &(0x7f0000000380)={0x32, 0x6, 0x0, {0x1, 0x5, 0x9, 0x0, '/dev/vcs\x00'}}, 0x32) openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (async) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) (async) bpf$MAP_DELETE_BATCH(0x1b, &(0x7f0000000340)={&(0x7f0000000000)="a125d3fa3de56dd0ad7ee6b45019b76fa3931dde51830808d861adfaf6c3b09d972ae017d7827a1a8b50e7f524c8c6d3350313b60a401cdbc2b02ed6815a7febf12be97849290a9ce1a9", &(0x7f0000000080)=""/83, &(0x7f0000000100)="6eb601c7320cca7cfd91f1731da53c3a6895d5a9c6e4b10ddac2e32cb2296fb8ffec85e03cdcbba884616bdbdf6eadc8e0840e08c757dbba775e747bf66096235762d4cbe1bdfd160023b70577f5abd6b0504f216f0602888bf3ff81429d4b8c057ebee12df09739203bb48e10e27d20893890fe13a5fa64a62c5738ec2bd578e1bb91bb02de57de7ce6927cca753356c22bb207bbc7a848e43a7346956cb724e97ccc2b1c658c7ce88eb80ea9c24573b5570f17abadbe7dcb2decf3f0f116412eb8f66590c4d2004b3d2f74e4ea", &(0x7f0000000240)="f3eef7e4719f391b29dcf54c9017631b195dd3493e1436d52fc16350096f87cbcd26c45d75f69b2b393afa0437ab83e1582f6e3c941d952b960896397edb876f5ffbf4ed305f59b04d600b4c7312eb442e3a2111b0b5c2f786fdc3ad97ba4cf83dcbd7b2006362c7f6bfb1273c587d54eba20f96ff50de7ff7fd4c04da791938014c7de8b3873396098b1126c247a5d225bfb484e89612a8045fc9554abdee1fdd1cbf25b6e895bbe60878477faaab5e95537ebadd7dd5a4611cd52f46e1f2cc71575e9e4406b606e70b18", 0x800, r0}, 0x38) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) (async) write$FUSE_NOTIFY_DELETE(r0, &(0x7f0000000380)={0x32, 0x6, 0x0, {0x1, 0x5, 0x9, 0x0, '/dev/vcs\x00'}}, 0x32) (async) 10:58:18 executing program 3: bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8) ioctl$SNDRV_SEQ_IOCTL_PVERSION(0xffffffffffffffff, 0x80045300, &(0x7f0000000080)) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) 10:58:18 executing program 5: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) write$FUSE_WRITE(0xffffffffffffffff, &(0x7f0000000000)={0x18, 0x0, 0x0, {0x9731}}, 0x18) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) (async) write$FUSE_WRITE(0xffffffffffffffff, &(0x7f0000000000)={0x18, 0x0, 0x0, {0x9731}}, 0x18) (async) 10:58:18 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000000)={0x28, 0x4, 0x0, {0x4, 0x6dee}}, 0x28) 10:58:18 executing program 0: openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async) 10:58:18 executing program 3: bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8) ioctl$SNDRV_SEQ_IOCTL_PVERSION(0xffffffffffffffff, 0x80045300, &(0x7f0000000080)) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8) (async) ioctl$SNDRV_SEQ_IOCTL_PVERSION(0xffffffffffffffff, 0x80045300, &(0x7f0000000080)) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) (async) [ 2049.284871] FAULT_INJECTION: forcing a failure. [ 2049.284871] name failslab, interval 1, probability 0, space 0, times 0 [ 2049.296171] CPU: 1 PID: 24293 Comm: syz-executor.1 Not tainted 4.14.286-syzkaller #0 [ 2049.304050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2049.313394] Call Trace: [ 2049.315973] dump_stack+0x1b2/0x281 [ 2049.319597] should_fail.cold+0x10a/0x149 [ 2049.323733] should_failslab+0xd6/0x130 [ 2049.327684] __kmalloc+0x2c1/0x400 [ 2049.331218] ? kobject_get_path+0xb5/0x230 [ 2049.335525] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 2049.340962] kobject_get_path+0xb5/0x230 [ 2049.345016] kobject_uevent_env+0x230/0xf30 [ 2049.349335] ? wait_for_completion_io+0x10/0x10 [ 2049.353996] device_add+0xa47/0x15c0 [ 2049.357701] ? device_is_dependent+0x2a0/0x2a0 [ 2049.362272] ? kfree+0x1f0/0x250 [ 2049.365614] device_create_groups_vargs+0x1dc/0x250 [ 2049.370607] device_create_vargs+0x3a/0x50 [ 2049.374828] bdi_register_va.part.0+0x35/0x650 [ 2049.379396] bdi_register_va+0x63/0x80 [ 2049.383263] super_setup_bdi_name+0x123/0x220 [ 2049.387739] ? kill_block_super+0xe0/0xe0 [ 2049.391872] ? do_raw_spin_unlock+0x164/0x220 [ 2049.396446] fuse_fill_super+0x937/0x15c0 [ 2049.400591] ? fuse_get_root_inode+0xc0/0xc0 [ 2049.404983] ? up_write+0x17/0x60 [ 2049.408416] ? register_shrinker+0x15f/0x220 [ 2049.412801] ? sget_userns+0x768/0xc10 [ 2049.416679] ? get_anon_bdev+0x1c0/0x1c0 [ 2049.420721] ? sget+0xd9/0x110 [ 2049.423896] ? fuse_get_root_inode+0xc0/0xc0 [ 2049.428296] mount_nodev+0x4c/0xf0 [ 2049.431812] mount_fs+0x92/0x2a0 [ 2049.435172] vfs_kern_mount.part.0+0x5b/0x470 [ 2049.439662] do_mount+0xe65/0x2a30 [ 2049.443181] ? check_preemption_disabled+0x35/0x240 [ 2049.448173] ? retint_kernel+0x2d/0x2d [ 2049.452038] ? copy_mount_string+0x40/0x40 [ 2049.456260] ? copy_mount_options+0x185/0x2f0 [ 2049.460739] ? copy_mount_options+0x188/0x2f0 [ 2049.465227] ? copy_mount_options+0x1fa/0x2f0 [ 2049.469696] ? copy_mnt_ns+0xa30/0xa30 [ 2049.473561] SyS_mount+0xa8/0x120 [ 2049.477002] ? copy_mnt_ns+0xa30/0xa30 [ 2049.480892] do_syscall_64+0x1d5/0x640 [ 2049.484763] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2049.490016] RIP: 0033:0x7fc09e230109 [ 2049.493706] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2049.501401] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 [ 2049.508647] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 [ 2049.515900] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 [ 2049.523167] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 10:58:18 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 41) 10:58:18 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) (async) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) (async) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async) write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000000)={0x28, 0x4, 0x0, {0x4, 0x6dee}}, 0x28) 10:58:18 executing program 5: sched_getattr(0x0, &(0x7f0000000000)={0x38}, 0x38, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) 10:58:18 executing program 0: openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) 10:58:18 executing program 4: socket$nl_xfrm(0x10, 0x3, 0x6) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x3, 0x5, 0x4, 0x9, 0x4, 0x1, 0x400, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x2}, 0x48) bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000001c0)={r0, &(0x7f0000000100)="94d2ef22f377e6c04f3e8965856f01b2267071129cc11b8f762eb3da5aefbcb1fd99c1779c717b73169f6b70d89436529b42049e7dda0d674716b3cf0cbcb691b0d8216af4960b9aa734b90e57528dea497fd91f89d9242b56f8ea502262a9b2ae623de6d52edef679f9c752f011780154ef6e9a3d55ee34a19c01c10f2cd26fc56f4617a0a6d4edc172711d"}, 0x20) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)={0x28, 0x4, 0x0, {0x5, 0x70}}, 0x28) 10:58:18 executing program 3: bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8) ioctl$SNDRV_SEQ_IOCTL_PVERSION(0xffffffffffffffff, 0x80045300, &(0x7f0000000080)) (async, rerun: 64) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) (rerun: 64) [ 2049.530451] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 10:58:18 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) (async) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) (async) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async) write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000000)={0x28, 0x4, 0x0, {0x4, 0x6dee}}, 0x28) 10:58:18 executing program 0: write$FUSE_NOTIFY_INVAL_INODE(0xffffffffffffffff, &(0x7f0000000080)={0x28, 0x2, 0x0, {0x6, 0x0, 0x1}}, 0x28) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) 10:58:18 executing program 3: mount$fuse(0x0, &(0x7f0000000040)='.\x00', 0x0, 0x800004, 0x0) 10:58:18 executing program 2: getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)=ANY=[@ANYBLOB='f ', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=r2, @ANYBLOB=',group_id=', @ANYRESDEC=r0, @ANYBLOB=',blksize=0x0000000000000000,blksize=0x0000000000001400,default_permissions,dont_hash,\x00']) write$FUSE_NOTIFY_DELETE(r1, &(0x7f0000000000)={0x2a, 0x6, 0x0, {0x4, 0x5, 0x1, 0x0, '{'}}, 0x2a) r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x101000, 0x0) ioctl$KVM_SET_CLOCK(r3, 0x4030ae7b, &(0x7f00000000c0)={0x1ff, 0x94f3, 0x5, 0x1, 0x1000}) write$FUSE_NOTIFY_DELETE(r3, &(0x7f0000000080)={0x31, 0x6, 0x0, {0x0, 0x0, 0x8, 0x0, 'fuseblk\x00'}}, 0x31) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x124888, 0x0) 10:58:18 executing program 5: sched_getattr(0x0, &(0x7f0000000000)={0x38}, 0x38, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) sched_getattr(0x0, &(0x7f0000000000)={0x38}, 0x38, 0x0) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) (async) 10:58:18 executing program 2: getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)=ANY=[@ANYBLOB='f ', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=r2, @ANYBLOB=',group_id=', @ANYRESDEC=r0, @ANYBLOB=',blksize=0x0000000000000000,blksize=0x0000000000001400,default_permissions,dont_hash,\x00']) (async) write$FUSE_NOTIFY_DELETE(r1, &(0x7f0000000000)={0x2a, 0x6, 0x0, {0x4, 0x5, 0x1, 0x0, '{'}}, 0x2a) r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x101000, 0x0) ioctl$KVM_SET_CLOCK(r3, 0x4030ae7b, &(0x7f00000000c0)={0x1ff, 0x94f3, 0x5, 0x1, 0x1000}) write$FUSE_NOTIFY_DELETE(r3, &(0x7f0000000080)={0x31, 0x6, 0x0, {0x0, 0x0, 0x8, 0x0, 'fuseblk\x00'}}, 0x31) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x124888, 0x0) [ 2049.741531] FAULT_INJECTION: forcing a failure. [ 2049.741531] name failslab, interval 1, probability 0, space 0, times 0 [ 2049.761213] CPU: 0 PID: 24328 Comm: syz-executor.1 Not tainted 4.14.286-syzkaller #0 [ 2049.769139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2049.778497] Call Trace: [ 2049.781078] dump_stack+0x1b2/0x281 [ 2049.784703] should_fail.cold+0x10a/0x149 [ 2049.788849] should_failslab+0xd6/0x130 [ 2049.793332] kmem_cache_alloc_node+0x263/0x410 [ 2049.797905] __alloc_skb+0x5c/0x510 [ 2049.801515] kobject_uevent_env+0x882/0xf30 [ 2049.805843] device_add+0xa47/0x15c0 [ 2049.809545] ? device_is_dependent+0x2a0/0x2a0 [ 2049.814105] ? kfree+0x1f0/0x250 [ 2049.817453] device_create_groups_vargs+0x1dc/0x250 [ 2049.822453] device_create_vargs+0x3a/0x50 [ 2049.826721] bdi_register_va.part.0+0x35/0x650 [ 2049.831285] bdi_register_va+0x63/0x80 [ 2049.835153] super_setup_bdi_name+0x123/0x220 [ 2049.839624] ? kill_block_super+0xe0/0xe0 [ 2049.843763] ? do_raw_spin_unlock+0x164/0x220 [ 2049.848316] fuse_fill_super+0x937/0x15c0 [ 2049.852465] ? fuse_get_root_inode+0xc0/0xc0 [ 2049.856852] ? up_write+0x17/0x60 [ 2049.860287] ? register_shrinker+0x15f/0x220 [ 2049.864675] ? sget_userns+0x768/0xc10 [ 2049.868547] ? get_anon_bdev+0x1c0/0x1c0 [ 2049.872584] ? sget+0xd9/0x110 [ 2049.875758] ? fuse_get_root_inode+0xc0/0xc0 [ 2049.880152] mount_nodev+0x4c/0xf0 [ 2049.883684] mount_fs+0x92/0x2a0 [ 2049.887041] vfs_kern_mount.part.0+0x5b/0x470 [ 2049.891992] do_mount+0xe65/0x2a30 [ 2049.895513] ? copy_mount_string+0x40/0x40 [ 2049.899736] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 2049.904737] ? copy_mnt_ns+0xa30/0xa30 [ 2049.908606] ? copy_mount_options+0x1fa/0x2f0 [ 2049.913091] ? copy_mnt_ns+0xa30/0xa30 [ 2049.916962] SyS_mount+0xa8/0x120 [ 2049.920398] ? copy_mnt_ns+0xa30/0xa30 [ 2049.924285] do_syscall_64+0x1d5/0x640 [ 2049.928153] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2049.933324] RIP: 0033:0x7fc09e230109 10:58:19 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 42) 10:58:19 executing program 0: write$FUSE_NOTIFY_INVAL_INODE(0xffffffffffffffff, &(0x7f0000000080)={0x28, 0x2, 0x0, {0x6, 0x0, 0x1}}, 0x28) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) write$FUSE_NOTIFY_INVAL_INODE(0xffffffffffffffff, &(0x7f0000000080)={0x28, 0x2, 0x0, {0x6, 0x0, 0x1}}, 0x28) (async) openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (async) 10:58:19 executing program 3: mount$fuse(0x0, &(0x7f0000000040)='.\x00', 0x0, 0x800004, 0x0) 10:58:19 executing program 2: getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) (async, rerun: 32) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async, rerun: 32) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)=ANY=[@ANYBLOB='f ', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=r2, @ANYBLOB=',group_id=', @ANYRESDEC=r0, @ANYBLOB=',blksize=0x0000000000000000,blksize=0x0000000000001400,default_permissions,dont_hash,\x00']) (async) write$FUSE_NOTIFY_DELETE(r1, &(0x7f0000000000)={0x2a, 0x6, 0x0, {0x4, 0x5, 0x1, 0x0, '{'}}, 0x2a) r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x101000, 0x0) ioctl$KVM_SET_CLOCK(r3, 0x4030ae7b, &(0x7f00000000c0)={0x1ff, 0x94f3, 0x5, 0x1, 0x1000}) (async, rerun: 64) write$FUSE_NOTIFY_DELETE(r3, &(0x7f0000000080)={0x31, 0x6, 0x0, {0x0, 0x0, 0x8, 0x0, 'fuseblk\x00'}}, 0x31) (rerun: 64) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x124888, 0x0) 10:58:19 executing program 5: sched_getattr(0x0, &(0x7f0000000000)={0x38}, 0x38, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) sched_getattr(0x0, &(0x7f0000000000)={0x38}, 0x38, 0x0) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) (async) 10:58:19 executing program 4: socket$nl_xfrm(0x10, 0x3, 0x6) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x3, 0x5, 0x4, 0x9, 0x4, 0x1, 0x400, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x2}, 0x48) bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000001c0)={r0, &(0x7f0000000100)="94d2ef22f377e6c04f3e8965856f01b2267071129cc11b8f762eb3da5aefbcb1fd99c1779c717b73169f6b70d89436529b42049e7dda0d674716b3cf0cbcb691b0d8216af4960b9aa734b90e57528dea497fd91f89d9242b56f8ea502262a9b2ae623de6d52edef679f9c752f011780154ef6e9a3d55ee34a19c01c10f2cd26fc56f4617a0a6d4edc172711d"}, 0x20) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)={0x28, 0x4, 0x0, {0x5, 0x70}}, 0x28) socket$nl_xfrm(0x10, 0x3, 0x6) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x3, 0x5, 0x4, 0x9, 0x4, 0x1, 0x400, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x2}, 0x48) (async) bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000001c0)={r0, &(0x7f0000000100)="94d2ef22f377e6c04f3e8965856f01b2267071129cc11b8f762eb3da5aefbcb1fd99c1779c717b73169f6b70d89436529b42049e7dda0d674716b3cf0cbcb691b0d8216af4960b9aa734b90e57528dea497fd91f89d9242b56f8ea502262a9b2ae623de6d52edef679f9c752f011780154ef6e9a3d55ee34a19c01c10f2cd26fc56f4617a0a6d4edc172711d"}, 0x20) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async) write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)={0x28, 0x4, 0x0, {0x5, 0x70}}, 0x28) (async) [ 2049.937018] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2049.944702] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 [ 2049.951954] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 [ 2049.959206] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 [ 2049.966458] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2049.973707] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 10:58:19 executing program 3: mount$fuse(0x0, &(0x7f0000000040)='.\x00', 0x0, 0x800004, 0x0) 10:58:19 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) ioctl$PPPIOCGNPMODE(0xffffffffffffffff, 0xc008744c, &(0x7f0000000000)={0x8057, 0x1}) 10:58:19 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) (async) ioctl$PPPIOCGNPMODE(0xffffffffffffffff, 0xc008744c, &(0x7f0000000000)={0x8057, 0x1}) 10:58:19 executing program 5: mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x910050, 0x0) 10:58:19 executing program 3: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000000c0), 0x2000, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) ioctl$PPPIOCGUNIT(r1, 0x80047456, &(0x7f0000000240)) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000180)={0x6, 0xa, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2e, 0x0, 0x0, 0x0, 0x7}, [@cb_func={0x18, 0x2, 0x4, 0x0, 0x7}, @map_idx={0x18, 0x2, 0x5, 0x0, 0xf}, @generic={0x80, 0x7, 0x7, 0x5, 0x1}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffd}, @generic={0x7, 0x1, 0x7, 0x0, 0x3}]}, &(0x7f0000000080)='GPL\x00', 0x401, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, 0x25, r0, 0x8, &(0x7f0000000100)={0x0, 0x5}, 0x8, 0x10, &(0x7f0000000140)={0x2, 0xa, 0x3, 0xffffffff}, 0x10}, 0x80) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) 10:58:19 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) (async, rerun: 64) ioctl$PPPIOCGNPMODE(0xffffffffffffffff, 0xc008744c, &(0x7f0000000000)={0x8057, 0x1}) (rerun: 64) [ 2050.210946] FAULT_INJECTION: forcing a failure. [ 2050.210946] name failslab, interval 1, probability 0, space 0, times 0 [ 2050.226623] CPU: 0 PID: 24373 Comm: syz-executor.1 Not tainted 4.14.286-syzkaller #0 [ 2050.234675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2050.244131] Call Trace: [ 2050.246707] dump_stack+0x1b2/0x281 [ 2050.250316] should_fail.cold+0x10a/0x149 [ 2050.254494] should_failslab+0xd6/0x130 [ 2050.258465] kmem_cache_alloc_node_trace+0x25a/0x400 [ 2050.263552] __kmalloc_node_track_caller+0x38/0x70 [ 2050.268468] __alloc_skb+0x96/0x510 [ 2050.272077] kobject_uevent_env+0x882/0xf30 [ 2050.276379] device_add+0xa47/0x15c0 [ 2050.280087] ? device_is_dependent+0x2a0/0x2a0 [ 2050.284646] ? kfree+0x1f0/0x250 [ 2050.288004] device_create_groups_vargs+0x1dc/0x250 [ 2050.293004] device_create_vargs+0x3a/0x50 [ 2050.297222] bdi_register_va.part.0+0x35/0x650 [ 2050.301784] bdi_register_va+0x63/0x80 [ 2050.305649] super_setup_bdi_name+0x123/0x220 [ 2050.310124] ? kill_block_super+0xe0/0xe0 [ 2050.314253] ? do_raw_spin_unlock+0x164/0x220 [ 2050.318728] fuse_fill_super+0x937/0x15c0 [ 2050.322858] ? fuse_get_root_inode+0xc0/0xc0 [ 2050.327255] ? up_write+0x17/0x60 [ 2050.330878] ? register_shrinker+0x15f/0x220 [ 2050.335263] ? sget_userns+0x768/0xc10 [ 2050.339142] ? get_anon_bdev+0x1c0/0x1c0 [ 2050.343177] ? sget+0xd9/0x110 [ 2050.346343] ? fuse_get_root_inode+0xc0/0xc0 [ 2050.350728] mount_nodev+0x4c/0xf0 [ 2050.354244] mount_fs+0x92/0x2a0 [ 2050.357587] vfs_kern_mount.part.0+0x5b/0x470 [ 2050.362060] do_mount+0xe65/0x2a30 [ 2050.365585] ? copy_mount_string+0x40/0x40 [ 2050.369797] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 2050.374789] ? copy_mnt_ns+0xa30/0xa30 [ 2050.378651] ? copy_mount_options+0x1fa/0x2f0 [ 2050.383147] ? copy_mnt_ns+0xa30/0xa30 [ 2050.387028] SyS_mount+0xa8/0x120 [ 2050.390463] ? copy_mnt_ns+0xa30/0xa30 [ 2050.394678] do_syscall_64+0x1d5/0x640 [ 2050.398548] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2050.403715] RIP: 0033:0x7fc09e230109 10:58:19 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 43) 10:58:19 executing program 0: write$FUSE_NOTIFY_INVAL_INODE(0xffffffffffffffff, &(0x7f0000000080)={0x28, 0x2, 0x0, {0x6, 0x0, 0x1}}, 0x28) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) write$FUSE_NOTIFY_INVAL_INODE(0xffffffffffffffff, &(0x7f0000000080)={0x28, 0x2, 0x0, {0x6, 0x0, 0x1}}, 0x28) (async) openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (async) 10:58:19 executing program 3: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000000c0), 0x2000, 0x0) (async, rerun: 64) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (rerun: 64) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) (async, rerun: 64) ioctl$PPPIOCGUNIT(r1, 0x80047456, &(0x7f0000000240)) (rerun: 64) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000180)={0x6, 0xa, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2e, 0x0, 0x0, 0x0, 0x7}, [@cb_func={0x18, 0x2, 0x4, 0x0, 0x7}, @map_idx={0x18, 0x2, 0x5, 0x0, 0xf}, @generic={0x80, 0x7, 0x7, 0x5, 0x1}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffd}, @generic={0x7, 0x1, 0x7, 0x0, 0x3}]}, &(0x7f0000000080)='GPL\x00', 0x401, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, 0x25, r0, 0x8, &(0x7f0000000100)={0x0, 0x5}, 0x8, 0x10, &(0x7f0000000140)={0x2, 0xa, 0x3, 0xffffffff}, 0x10}, 0x80) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) 10:58:19 executing program 2: mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x834c21, 0x0) 10:58:19 executing program 5: mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x910050, 0x0) 10:58:19 executing program 4: socket$nl_xfrm(0x10, 0x3, 0x6) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x3, 0x5, 0x4, 0x9, 0x4, 0x1, 0x400, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x2}, 0x48) bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000001c0)={r0, &(0x7f0000000100)="94d2ef22f377e6c04f3e8965856f01b2267071129cc11b8f762eb3da5aefbcb1fd99c1779c717b73169f6b70d89436529b42049e7dda0d674716b3cf0cbcb691b0d8216af4960b9aa734b90e57528dea497fd91f89d9242b56f8ea502262a9b2ae623de6d52edef679f9c752f011780154ef6e9a3d55ee34a19c01c10f2cd26fc56f4617a0a6d4edc172711d"}, 0x20) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)={0x28, 0x4, 0x0, {0x5, 0x70}}, 0x28) socket$nl_xfrm(0x10, 0x3, 0x6) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x3, 0x5, 0x4, 0x9, 0x4, 0x1, 0x400, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x2}, 0x48) (async) bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000001c0)={r0, &(0x7f0000000100)="94d2ef22f377e6c04f3e8965856f01b2267071129cc11b8f762eb3da5aefbcb1fd99c1779c717b73169f6b70d89436529b42049e7dda0d674716b3cf0cbcb691b0d8216af4960b9aa734b90e57528dea497fd91f89d9242b56f8ea502262a9b2ae623de6d52edef679f9c752f011780154ef6e9a3d55ee34a19c01c10f2cd26fc56f4617a0a6d4edc172711d"}, 0x20) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async) write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)={0x28, 0x4, 0x0, {0x5, 0x70}}, 0x28) (async) [ 2050.407413] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2050.415110] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 [ 2050.422369] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 [ 2050.429646] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 [ 2050.436893] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2050.444141] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 10:58:19 executing program 2: mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x834c21, 0x0) 10:58:19 executing program 2: mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x834c21, 0x0) 10:58:19 executing program 5: mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x910050, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x910050, 0x0) (async) 10:58:19 executing program 3: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000000c0), 0x2000, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) ioctl$PPPIOCGUNIT(r1, 0x80047456, &(0x7f0000000240)) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000180)={0x6, 0xa, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2e, 0x0, 0x0, 0x0, 0x7}, [@cb_func={0x18, 0x2, 0x4, 0x0, 0x7}, @map_idx={0x18, 0x2, 0x5, 0x0, 0xf}, @generic={0x80, 0x7, 0x7, 0x5, 0x1}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffd}, @generic={0x7, 0x1, 0x7, 0x0, 0x3}]}, &(0x7f0000000080)='GPL\x00', 0x401, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, 0x25, r0, 0x8, &(0x7f0000000100)={0x0, 0x5}, 0x8, 0x10, &(0x7f0000000140)={0x2, 0xa, 0x3, 0xffffffff}, 0x10}, 0x80) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000000c0), 0x2000, 0x0) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (async) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) (async) ioctl$PPPIOCGUNIT(r1, 0x80047456, &(0x7f0000000240)) (async) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000180)={0x6, 0xa, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2e, 0x0, 0x0, 0x0, 0x7}, [@cb_func={0x18, 0x2, 0x4, 0x0, 0x7}, @map_idx={0x18, 0x2, 0x5, 0x0, 0xf}, @generic={0x80, 0x7, 0x7, 0x5, 0x1}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffd}, @generic={0x7, 0x1, 0x7, 0x0, 0x3}]}, &(0x7f0000000080)='GPL\x00', 0x401, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, 0x25, r0, 0x8, &(0x7f0000000100)={0x0, 0x5}, 0x8, 0x10, &(0x7f0000000140)={0x2, 0xa, 0x3, 0xffffffff}, 0x10}, 0x80) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) (async) 10:58:19 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) r4 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) r5 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) read$FUSE(r4, &(0x7f0000000680)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_STATFS(r5, &(0x7f00000026c0)={0xfffffffffffffe89, 0xffffffffffffffda, r6, {{0x3fe, 0x1ffc, 0x80000000, 0x90000000000003, 0x102003, 0x4, 0x40000000, 0xffff8001}}}, 0x60) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r7}, 0x2c, {'group_id', 0x3d, r8}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r9}}]}}) read$FUSE(r0, &(0x7f0000000240)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_ATTR(r2, &(0x7f0000000180)={0x78, 0x0, r6, {0xbc, 0x40, 0x0, {0x4, 0x7fffffff, 0xaa, 0x9, 0x0, 0x400000008, 0x9, 0x2, 0x3, 0x6000, 0x9c, r9, r10, 0xac, 0x100}}}, 0x78) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{}, 0x2c, {'rootmode', 0x3d, 0x1000}}) 10:58:19 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) arch_prctl$ARCH_SET_CPUID(0x1012, 0x0) socket$inet_udp(0x2, 0x2, 0x0) arch_prctl$ARCH_SET_CPUID(0x1012, 0x0) getrusage(0xffffffffffffffff, &(0x7f0000000000)) getrusage(0xffffffffffffffff, &(0x7f00000000c0)) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) [ 2050.609140] FAULT_INJECTION: forcing a failure. [ 2050.609140] name failslab, interval 1, probability 0, space 0, times 0 [ 2050.703751] CPU: 0 PID: 24404 Comm: syz-executor.1 Not tainted 4.14.286-syzkaller #0 [ 2050.711655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2050.721020] Call Trace: [ 2050.723610] dump_stack+0x1b2/0x281 [ 2050.727242] should_fail.cold+0x10a/0x149 [ 2050.731391] should_failslab+0xd6/0x130 [ 2050.735373] __kmalloc+0x2c1/0x400 [ 2050.738917] ? kobject_get_path+0xb5/0x230 [ 2050.743167] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 2050.748636] kobject_get_path+0xb5/0x230 [ 2050.752705] kobject_uevent_env+0x230/0xf30 [ 2050.757210] ? wait_for_completion_io+0x10/0x10 [ 2050.761894] device_add+0xa47/0x15c0 [ 2050.765620] ? device_is_dependent+0x2a0/0x2a0 [ 2050.770201] ? kfree+0x1f0/0x250 [ 2050.773568] device_create_groups_vargs+0x1dc/0x250 [ 2050.778586] device_create_vargs+0x3a/0x50 [ 2050.782827] bdi_register_va.part.0+0x35/0x650 [ 2050.787415] bdi_register_va+0x63/0x80 [ 2050.791647] super_setup_bdi_name+0x123/0x220 [ 2050.796138] ? kill_block_super+0xe0/0xe0 [ 2050.800280] ? do_raw_spin_unlock+0x164/0x220 [ 2050.804777] fuse_fill_super+0x937/0x15c0 [ 2050.808915] ? fuse_get_root_inode+0xc0/0xc0 [ 2050.813300] ? up_write+0x17/0x60 [ 2050.816734] ? register_shrinker+0x15f/0x220 [ 2050.821118] ? sget_userns+0x768/0xc10 [ 2050.824988] ? get_anon_bdev+0x1c0/0x1c0 [ 2050.829039] ? sget+0xd9/0x110 [ 2050.832218] ? fuse_get_root_inode+0xc0/0xc0 [ 2050.836610] mount_nodev+0x4c/0xf0 [ 2050.840136] mount_fs+0x92/0x2a0 [ 2050.843481] vfs_kern_mount.part.0+0x5b/0x470 [ 2050.847954] do_mount+0xe65/0x2a30 [ 2050.851471] ? do_raw_spin_unlock+0x164/0x220 [ 2050.855944] ? copy_mount_string+0x40/0x40 [ 2050.860158] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 2050.865148] ? copy_mnt_ns+0xa30/0xa30 [ 2050.869012] ? copy_mount_options+0x1fa/0x2f0 [ 2050.873481] ? copy_mnt_ns+0xa30/0xa30 [ 2050.877353] SyS_mount+0xa8/0x120 [ 2050.880787] ? copy_mnt_ns+0xa30/0xa30 [ 2050.884651] do_syscall_64+0x1d5/0x640 [ 2050.888518] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2050.893684] RIP: 0033:0x7fc09e230109 10:58:19 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 44) 10:58:19 executing program 5: mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x22dc886, 0x0) 10:58:19 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) arch_prctl$ARCH_SET_CPUID(0x1012, 0x0) (async) socket$inet_udp(0x2, 0x2, 0x0) (async) arch_prctl$ARCH_SET_CPUID(0x1012, 0x0) (async) getrusage(0xffffffffffffffff, &(0x7f0000000000)) (async) getrusage(0xffffffffffffffff, &(0x7f00000000c0)) (async) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) 10:58:19 executing program 3: mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x81048a, 0x0) 10:58:19 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) r4 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) r5 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) read$FUSE(r4, &(0x7f0000000680)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_STATFS(r5, &(0x7f00000026c0)={0xfffffffffffffe89, 0xffffffffffffffda, r6, {{0x3fe, 0x1ffc, 0x80000000, 0x90000000000003, 0x102003, 0x4, 0x40000000, 0xffff8001}}}, 0x60) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r7}, 0x2c, {'group_id', 0x3d, r8}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r9}}]}}) read$FUSE(r0, &(0x7f0000000240)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_ATTR(r2, &(0x7f0000000180)={0x78, 0x0, r6, {0xbc, 0x40, 0x0, {0x4, 0x7fffffff, 0xaa, 0x9, 0x0, 0x400000008, 0x9, 0x2, 0x3, 0x6000, 0x9c, r9, r10, 0xac, 0x100}}}, 0x78) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{}, 0x2c, {'rootmode', 0x3d, 0x1000}}) openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) (async) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)) (async) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) read$FUSE(r4, &(0x7f0000000680)={0x2020}, 0x2020) (async) write$FUSE_STATFS(r5, &(0x7f00000026c0)={0xfffffffffffffe89, 0xffffffffffffffda, r6, {{0x3fe, 0x1ffc, 0x80000000, 0x90000000000003, 0x102003, 0x4, 0x40000000, 0xffff8001}}}, 0x60) (async) getresuid(&(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100)) (async) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)) (async) getresuid(&(0x7f0000000200), &(0x7f0000000240), &(0x7f0000000280)) (async) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r7}, 0x2c, {'group_id', 0x3d, r8}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r9}}]}}) (async) read$FUSE(r0, &(0x7f0000000240)={0x2020}, 0x2020) (async) write$FUSE_ATTR(r2, &(0x7f0000000180)={0x78, 0x0, r6, {0xbc, 0x40, 0x0, {0x4, 0x7fffffff, 0xaa, 0x9, 0x0, 0x400000008, 0x9, 0x2, 0x3, 0x6000, 0x9c, r9, r10, 0xac, 0x100}}}, 0x78) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (async) 10:58:19 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@updsa={0xf0, 0x1a, 0xf03, 0x0, 0x0, {{@in=@local, @in=@loopback}, {@in6=@empty}, @in=@remote}}, 0xf0}}, 0x0) ioctl$PPPIOCGNPMODE(0xffffffffffffffff, 0xc008744c, &(0x7f0000000040)={0x8057, 0x3}) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)=@getsa={0x30, 0x12, 0x300, 0x70bd29, 0x25dfdbfd, {@in=@multicast2, 0x4d6, 0xa, 0x6c}, [@etimer_thresh={0x8, 0xc, 0xb393}]}, 0x30}, 0x1, 0x0, 0x0, 0x40000c0}, 0x60) [ 2050.897368] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2050.905060] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 [ 2050.912399] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 [ 2050.919648] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 [ 2050.926901] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2050.934258] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 10:58:20 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) arch_prctl$ARCH_SET_CPUID(0x1012, 0x0) socket$inet_udp(0x2, 0x2, 0x0) arch_prctl$ARCH_SET_CPUID(0x1012, 0x0) getrusage(0xffffffffffffffff, &(0x7f0000000000)) getrusage(0xffffffffffffffff, &(0x7f00000000c0)) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) (async) arch_prctl$ARCH_SET_CPUID(0x1012, 0x0) (async) socket$inet_udp(0x2, 0x2, 0x0) (async) arch_prctl$ARCH_SET_CPUID(0x1012, 0x0) (async) getrusage(0xffffffffffffffff, &(0x7f0000000000)) (async) getrusage(0xffffffffffffffff, &(0x7f00000000c0)) (async) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) (async) 10:58:20 executing program 5: mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x22dc886, 0x0) 10:58:20 executing program 3: mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x81048a, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x81048a, 0x0) (async) 10:58:20 executing program 2: ptrace$setregset(0x4205, 0x0, 0x201, &(0x7f0000000000)={&(0x7f0000000080)="ca223e8f49d562e84ca92f346670706b99a284b43e6c7087fb1d5ff3d95b031c9197932b625eaa5f30bdeaaf57076e2890c8f5e1be7be4fe76aacb23a742986b2a7429e46495bdf693397bd0f1b3e19dd9875fa663be8c0194fab173dbb2e8c597829e3a4c6316e0ec7f50dc8457f33b06e9e38ce17b021d5a2716be603f4b554daa0f717566e7b862e4c8324fe263c6cd16ce24c1265b1be2a54225ec6dd0550aba7dd759972d09da67e3ba188c69e9e5db22b27a69979b27a6ab69918b92057bca3776136e531a9635f7345f699e", 0xcf}) mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x1109004, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) read$FUSE(r1, &(0x7f0000000780)={0x2020, 0x0, 0x0, 0x0}, 0x2020) mount$fuseblk(&(0x7f00000001c0), &(0x7f0000000200)='./file0\x00', &(0x7f00000004c0), 0x1023011, &(0x7f00000027c0)=ANY=[@ANYBLOB="84609e", @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=r3, @ANYBLOB=',group_id=', @ANYRESDEC, @ANYBLOB=',allow_other,max_read=0x0000000000000009,blksize=0x0000000000001200,subj_type=/dev/vcs\x00,smackfsfloor=/dev/vcs\x00,\x00']) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000480)={&(0x7f0000000180)="66792c95293d3216fbe7afdba16725bbe6c09883501f96e07abc5004c935a3", &(0x7f0000000700)=""/92, &(0x7f0000000600)="4a7eb71e2c8f9bc2ff39a89597a8ef6d0600935c6ecb67c8e2b1b27402c11d70a820aeb9810768a4550cb09f195963c5399014e6096dcdf33959e4898526379472bb853d5bc2923e84e2345a06fcdf00060b71c6c3f2faf8495e2b1f5a510d8a985c9fa61ba4ab2811188e82ddbac32df28cb703557b6be1680b50ac73b8036392a4f22c514f7a58ca6b88383573dd64832ce90637f49b75d798ceb4ba583ace992e4082d7945d6383d69c33c1cf2c9e8fa70cec6ff6ad4bffc6e46dcbd52dd89024128172a0c2d09277a99fb3e48284e7416eb6d29a046f05496873d9e3d57a823b5849463a144cb1", &(0x7f0000000240)="4574c96b711934148d1b41e77cc61a610a0837a7e585a061760a8e991b72703a40f0bcbfdee2d9ed7010a959a3bec0494e5c02b85169e389d1d047ef257d8186305b6657d0bd69fd37568a9e12df36c1561ed0256820f669375755432521877ab814c54f6dac9882c3bb64d37fff757529e61f9664be132584e3ccaedfa760a7", 0x7a1080, r1, 0x4}, 0x38) ptrace$setregset(0x4205, 0x0, 0x201, &(0x7f00000002c0)={&(0x7f0000000300)="b56e001ec719caad94a708a567cf00fb20e2bdba495bcef77b8940f0c52e5793870b6eea29fb77a781b5a55b113e632967f852a5e7ff9f7768ac5746d27643a7d6116dacf4dcfc6aa94a0680b1b10eabc030816726c2e2fa5c78896f0b0ce6f4b3a725931e967dd3894d7ac95155b0c9b2bc13ef3113bc25bea38f9247a8426a196c085cf3e63d7f348dff4c4e5af25a6a04e58a260ae9069fbab5c23d6d13b6c4898edc72ef665702dc8b69780a35a9d24f781777fc4111989934316d824be0cb5e3ea770aed33d71fdefc52d505b33fb56fd60dbbd92412f2050fec3c92bc005e8ae590e0b845cba22717d6288ce1fa909f37fa709378ccec19ea7f382d6f04bcb5d076317d0f161d884f87114b8108d0e4a058950da9811b08c28aae943dfd9fdee439ed629e82f1483c97954eb24065c667945c3237dd40030046824767d4e", 0x141}) 10:58:20 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) (async) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async, rerun: 32) r4 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (rerun: 32) r5 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) read$FUSE(r4, &(0x7f0000000680)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_STATFS(r5, &(0x7f00000026c0)={0xfffffffffffffe89, 0xffffffffffffffda, r6, {{0x3fe, 0x1ffc, 0x80000000, 0x90000000000003, 0x102003, 0x4, 0x40000000, 0xffff8001}}}, 0x60) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) (async) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r7}, 0x2c, {'group_id', 0x3d, r8}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r9}}]}}) read$FUSE(r0, &(0x7f0000000240)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_ATTR(r2, &(0x7f0000000180)={0x78, 0x0, r6, {0xbc, 0x40, 0x0, {0x4, 0x7fffffff, 0xaa, 0x9, 0x0, 0x400000008, 0x9, 0x2, 0x3, 0x6000, 0x9c, r9, r10, 0xac, 0x100}}}, 0x78) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{}, 0x2c, {'rootmode', 0x3d, 0x1000}}) 10:58:20 executing program 2: ptrace$setregset(0x4205, 0x0, 0x201, &(0x7f0000000000)={&(0x7f0000000080)="ca223e8f49d562e84ca92f346670706b99a284b43e6c7087fb1d5ff3d95b031c9197932b625eaa5f30bdeaaf57076e2890c8f5e1be7be4fe76aacb23a742986b2a7429e46495bdf693397bd0f1b3e19dd9875fa663be8c0194fab173dbb2e8c597829e3a4c6316e0ec7f50dc8457f33b06e9e38ce17b021d5a2716be603f4b554daa0f717566e7b862e4c8324fe263c6cd16ce24c1265b1be2a54225ec6dd0550aba7dd759972d09da67e3ba188c69e9e5db22b27a69979b27a6ab69918b92057bca3776136e531a9635f7345f699e", 0xcf}) (async) mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x1109004, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) (async) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) (async) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) (async) read$FUSE(r1, &(0x7f0000000780)={0x2020, 0x0, 0x0, 0x0}, 0x2020) mount$fuseblk(&(0x7f00000001c0), &(0x7f0000000200)='./file0\x00', &(0x7f00000004c0), 0x1023011, &(0x7f00000027c0)=ANY=[@ANYBLOB="84609e", @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=r3, @ANYBLOB=',group_id=', @ANYRESDEC, @ANYBLOB=',allow_other,max_read=0x0000000000000009,blksize=0x0000000000001200,subj_type=/dev/vcs\x00,smackfsfloor=/dev/vcs\x00,\x00']) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000480)={&(0x7f0000000180)="66792c95293d3216fbe7afdba16725bbe6c09883501f96e07abc5004c935a3", &(0x7f0000000700)=""/92, &(0x7f0000000600)="4a7eb71e2c8f9bc2ff39a89597a8ef6d0600935c6ecb67c8e2b1b27402c11d70a820aeb9810768a4550cb09f195963c5399014e6096dcdf33959e4898526379472bb853d5bc2923e84e2345a06fcdf00060b71c6c3f2faf8495e2b1f5a510d8a985c9fa61ba4ab2811188e82ddbac32df28cb703557b6be1680b50ac73b8036392a4f22c514f7a58ca6b88383573dd64832ce90637f49b75d798ceb4ba583ace992e4082d7945d6383d69c33c1cf2c9e8fa70cec6ff6ad4bffc6e46dcbd52dd89024128172a0c2d09277a99fb3e48284e7416eb6d29a046f05496873d9e3d57a823b5849463a144cb1", &(0x7f0000000240)="4574c96b711934148d1b41e77cc61a610a0837a7e585a061760a8e991b72703a40f0bcbfdee2d9ed7010a959a3bec0494e5c02b85169e389d1d047ef257d8186305b6657d0bd69fd37568a9e12df36c1561ed0256820f669375755432521877ab814c54f6dac9882c3bb64d37fff757529e61f9664be132584e3ccaedfa760a7", 0x7a1080, r1, 0x4}, 0x38) (async) ptrace$setregset(0x4205, 0x0, 0x201, &(0x7f00000002c0)={&(0x7f0000000300)="b56e001ec719caad94a708a567cf00fb20e2bdba495bcef77b8940f0c52e5793870b6eea29fb77a781b5a55b113e632967f852a5e7ff9f7768ac5746d27643a7d6116dacf4dcfc6aa94a0680b1b10eabc030816726c2e2fa5c78896f0b0ce6f4b3a725931e967dd3894d7ac95155b0c9b2bc13ef3113bc25bea38f9247a8426a196c085cf3e63d7f348dff4c4e5af25a6a04e58a260ae9069fbab5c23d6d13b6c4898edc72ef665702dc8b69780a35a9d24f781777fc4111989934316d824be0cb5e3ea770aed33d71fdefc52d505b33fb56fd60dbbd92412f2050fec3c92bc005e8ae590e0b845cba22717d6288ce1fa909f37fa709378ccec19ea7f382d6f04bcb5d076317d0f161d884f87114b8108d0e4a058950da9811b08c28aae943dfd9fdee439ed629e82f1483c97954eb24065c667945c3237dd40030046824767d4e", 0x141}) [ 2051.193722] FAULT_INJECTION: forcing a failure. [ 2051.193722] name failslab, interval 1, probability 0, space 0, times 0 [ 2051.215608] CPU: 1 PID: 24474 Comm: syz-executor.1 Not tainted 4.14.286-syzkaller #0 [ 2051.223500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2051.232839] Call Trace: [ 2051.235410] dump_stack+0x1b2/0x281 [ 2051.239016] should_fail.cold+0x10a/0x149 [ 2051.243143] should_failslab+0xd6/0x130 [ 2051.247105] kmem_cache_alloc_node+0x263/0x410 [ 2051.251939] __alloc_skb+0x5c/0x510 [ 2051.255547] kobject_uevent_env+0x882/0xf30 [ 2051.259848] device_add+0xa47/0x15c0 [ 2051.263539] ? device_is_dependent+0x2a0/0x2a0 [ 2051.268099] ? kfree+0x1f0/0x250 [ 2051.271446] device_create_groups_vargs+0x1dc/0x250 [ 2051.276528] device_create_vargs+0x3a/0x50 [ 2051.280742] bdi_register_va.part.0+0x35/0x650 [ 2051.285318] bdi_register_va+0x63/0x80 [ 2051.289193] super_setup_bdi_name+0x123/0x220 [ 2051.293666] ? kill_block_super+0xe0/0xe0 [ 2051.297793] ? do_raw_spin_unlock+0x164/0x220 [ 2051.302358] fuse_fill_super+0x937/0x15c0 [ 2051.306498] ? fuse_get_root_inode+0xc0/0xc0 [ 2051.310894] ? up_write+0x17/0x60 [ 2051.314325] ? register_shrinker+0x15f/0x220 [ 2051.318707] ? sget_userns+0x768/0xc10 [ 2051.322572] ? get_anon_bdev+0x1c0/0x1c0 [ 2051.326614] ? sget+0xd9/0x110 [ 2051.329910] ? fuse_get_root_inode+0xc0/0xc0 [ 2051.334389] mount_nodev+0x4c/0xf0 [ 2051.337915] mount_fs+0x92/0x2a0 [ 2051.341277] vfs_kern_mount.part.0+0x5b/0x470 [ 2051.345759] do_mount+0xe65/0x2a30 [ 2051.349293] ? copy_mount_string+0x40/0x40 [ 2051.353511] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 2051.358509] ? copy_mnt_ns+0xa30/0xa30 [ 2051.362386] ? copy_mount_options+0x1fa/0x2f0 [ 2051.366873] ? copy_mnt_ns+0xa30/0xa30 [ 2051.370755] SyS_mount+0xa8/0x120 [ 2051.374193] ? copy_mnt_ns+0xa30/0xa30 [ 2051.378065] do_syscall_64+0x1d5/0x640 [ 2051.381973] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2051.387153] RIP: 0033:0x7fc09e230109 10:58:20 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 45) 10:58:20 executing program 5: mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x22dc886, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x22dc886, 0x0) (async) 10:58:20 executing program 2: ptrace$setregset(0x4205, 0x0, 0x201, &(0x7f0000000000)={&(0x7f0000000080)="ca223e8f49d562e84ca92f346670706b99a284b43e6c7087fb1d5ff3d95b031c9197932b625eaa5f30bdeaaf57076e2890c8f5e1be7be4fe76aacb23a742986b2a7429e46495bdf693397bd0f1b3e19dd9875fa663be8c0194fab173dbb2e8c597829e3a4c6316e0ec7f50dc8457f33b06e9e38ce17b021d5a2716be603f4b554daa0f717566e7b862e4c8324fe263c6cd16ce24c1265b1be2a54225ec6dd0550aba7dd759972d09da67e3ba188c69e9e5db22b27a69979b27a6ab69918b92057bca3776136e531a9635f7345f699e", 0xcf}) mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x1109004, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) read$FUSE(r1, &(0x7f0000000780)={0x2020, 0x0, 0x0, 0x0}, 0x2020) mount$fuseblk(&(0x7f00000001c0), &(0x7f0000000200)='./file0\x00', &(0x7f00000004c0), 0x1023011, &(0x7f00000027c0)=ANY=[@ANYBLOB="84609e", @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=r3, @ANYBLOB=',group_id=', @ANYRESDEC, @ANYBLOB=',allow_other,max_read=0x0000000000000009,blksize=0x0000000000001200,subj_type=/dev/vcs\x00,smackfsfloor=/dev/vcs\x00,\x00']) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000480)={&(0x7f0000000180)="66792c95293d3216fbe7afdba16725bbe6c09883501f96e07abc5004c935a3", &(0x7f0000000700)=""/92, &(0x7f0000000600)="4a7eb71e2c8f9bc2ff39a89597a8ef6d0600935c6ecb67c8e2b1b27402c11d70a820aeb9810768a4550cb09f195963c5399014e6096dcdf33959e4898526379472bb853d5bc2923e84e2345a06fcdf00060b71c6c3f2faf8495e2b1f5a510d8a985c9fa61ba4ab2811188e82ddbac32df28cb703557b6be1680b50ac73b8036392a4f22c514f7a58ca6b88383573dd64832ce90637f49b75d798ceb4ba583ace992e4082d7945d6383d69c33c1cf2c9e8fa70cec6ff6ad4bffc6e46dcbd52dd89024128172a0c2d09277a99fb3e48284e7416eb6d29a046f05496873d9e3d57a823b5849463a144cb1", &(0x7f0000000240)="4574c96b711934148d1b41e77cc61a610a0837a7e585a061760a8e991b72703a40f0bcbfdee2d9ed7010a959a3bec0494e5c02b85169e389d1d047ef257d8186305b6657d0bd69fd37568a9e12df36c1561ed0256820f669375755432521877ab814c54f6dac9882c3bb64d37fff757529e61f9664be132584e3ccaedfa760a7", 0x7a1080, r1, 0x4}, 0x38) ptrace$setregset(0x4205, 0x0, 0x201, &(0x7f00000002c0)={&(0x7f0000000300)="b56e001ec719caad94a708a567cf00fb20e2bdba495bcef77b8940f0c52e5793870b6eea29fb77a781b5a55b113e632967f852a5e7ff9f7768ac5746d27643a7d6116dacf4dcfc6aa94a0680b1b10eabc030816726c2e2fa5c78896f0b0ce6f4b3a725931e967dd3894d7ac95155b0c9b2bc13ef3113bc25bea38f9247a8426a196c085cf3e63d7f348dff4c4e5af25a6a04e58a260ae9069fbab5c23d6d13b6c4898edc72ef665702dc8b69780a35a9d24f781777fc4111989934316d824be0cb5e3ea770aed33d71fdefc52d505b33fb56fd60dbbd92412f2050fec3c92bc005e8ae590e0b845cba22717d6288ce1fa909f37fa709378ccec19ea7f382d6f04bcb5d076317d0f161d884f87114b8108d0e4a058950da9811b08c28aae943dfd9fdee439ed629e82f1483c97954eb24065c667945c3237dd40030046824767d4e", 0x141}) ptrace$setregset(0x4205, 0x0, 0x201, &(0x7f0000000000)={&(0x7f0000000080)="ca223e8f49d562e84ca92f346670706b99a284b43e6c7087fb1d5ff3d95b031c9197932b625eaa5f30bdeaaf57076e2890c8f5e1be7be4fe76aacb23a742986b2a7429e46495bdf693397bd0f1b3e19dd9875fa663be8c0194fab173dbb2e8c597829e3a4c6316e0ec7f50dc8457f33b06e9e38ce17b021d5a2716be603f4b554daa0f717566e7b862e4c8324fe263c6cd16ce24c1265b1be2a54225ec6dd0550aba7dd759972d09da67e3ba188c69e9e5db22b27a69979b27a6ab69918b92057bca3776136e531a9635f7345f699e", 0xcf}) (async) mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x1109004, 0x0) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (async) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (async) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) (async) read$FUSE(r1, &(0x7f0000000780)={0x2020}, 0x2020) (async) mount$fuseblk(&(0x7f00000001c0), &(0x7f0000000200)='./file0\x00', &(0x7f00000004c0), 0x1023011, &(0x7f00000027c0)=ANY=[@ANYBLOB="84609e", @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=r3, @ANYBLOB=',group_id=', @ANYRESDEC, @ANYBLOB=',allow_other,max_read=0x0000000000000009,blksize=0x0000000000001200,subj_type=/dev/vcs\x00,smackfsfloor=/dev/vcs\x00,\x00']) (async) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000480)={&(0x7f0000000180)="66792c95293d3216fbe7afdba16725bbe6c09883501f96e07abc5004c935a3", &(0x7f0000000700)=""/92, &(0x7f0000000600)="4a7eb71e2c8f9bc2ff39a89597a8ef6d0600935c6ecb67c8e2b1b27402c11d70a820aeb9810768a4550cb09f195963c5399014e6096dcdf33959e4898526379472bb853d5bc2923e84e2345a06fcdf00060b71c6c3f2faf8495e2b1f5a510d8a985c9fa61ba4ab2811188e82ddbac32df28cb703557b6be1680b50ac73b8036392a4f22c514f7a58ca6b88383573dd64832ce90637f49b75d798ceb4ba583ace992e4082d7945d6383d69c33c1cf2c9e8fa70cec6ff6ad4bffc6e46dcbd52dd89024128172a0c2d09277a99fb3e48284e7416eb6d29a046f05496873d9e3d57a823b5849463a144cb1", &(0x7f0000000240)="4574c96b711934148d1b41e77cc61a610a0837a7e585a061760a8e991b72703a40f0bcbfdee2d9ed7010a959a3bec0494e5c02b85169e389d1d047ef257d8186305b6657d0bd69fd37568a9e12df36c1561ed0256820f669375755432521877ab814c54f6dac9882c3bb64d37fff757529e61f9664be132584e3ccaedfa760a7", 0x7a1080, r1, 0x4}, 0x38) (async) ptrace$setregset(0x4205, 0x0, 0x201, &(0x7f00000002c0)={&(0x7f0000000300)="b56e001ec719caad94a708a567cf00fb20e2bdba495bcef77b8940f0c52e5793870b6eea29fb77a781b5a55b113e632967f852a5e7ff9f7768ac5746d27643a7d6116dacf4dcfc6aa94a0680b1b10eabc030816726c2e2fa5c78896f0b0ce6f4b3a725931e967dd3894d7ac95155b0c9b2bc13ef3113bc25bea38f9247a8426a196c085cf3e63d7f348dff4c4e5af25a6a04e58a260ae9069fbab5c23d6d13b6c4898edc72ef665702dc8b69780a35a9d24f781777fc4111989934316d824be0cb5e3ea770aed33d71fdefc52d505b33fb56fd60dbbd92412f2050fec3c92bc005e8ae590e0b845cba22717d6288ce1fa909f37fa709378ccec19ea7f382d6f04bcb5d076317d0f161d884f87114b8108d0e4a058950da9811b08c28aae943dfd9fdee439ed629e82f1483c97954eb24065c667945c3237dd40030046824767d4e", 0x141}) (async) 10:58:20 executing program 3: mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x81048a, 0x0) 10:58:20 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000080)={0x31, 0x4, 0x0, {0x0, 0x5, 0x9, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, 0x31) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) 10:58:20 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@updsa={0xf0, 0x1a, 0xf03, 0x0, 0x0, {{@in=@local, @in=@loopback}, {@in6=@empty}, @in=@remote}}, 0xf0}}, 0x0) (async) ioctl$PPPIOCGNPMODE(0xffffffffffffffff, 0xc008744c, &(0x7f0000000040)={0x8057, 0x3}) (async) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)=@getsa={0x30, 0x12, 0x300, 0x70bd29, 0x25dfdbfd, {@in=@multicast2, 0x4d6, 0xa, 0x6c}, [@etimer_thresh={0x8, 0xc, 0xb393}]}, 0x30}, 0x1, 0x0, 0x0, 0x40000c0}, 0x60) [ 2051.390854] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2051.398548] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 [ 2051.405801] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 [ 2051.413072] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 [ 2051.420319] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2051.427565] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 10:58:20 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x200000, 0x0) write$FUSE_ENTRY(r0, &(0x7f0000000040)={0x90, 0x0, 0x0, {0x2, 0x100000000, 0x4, 0x1, 0x8, 0x2, {0x4, 0x8, 0x401, 0x200, 0x6, 0x1, 0xff, 0x9, 0x0, 0x8000, 0x2, 0xee01, 0xffffffffffffffff, 0x3, 0x3}}}, 0x90) 10:58:20 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@updsa={0xf0, 0x1a, 0xf03, 0x0, 0x0, {{@in=@local, @in=@loopback}, {@in6=@empty}, @in=@remote}}, 0xf0}}, 0x0) (async) ioctl$PPPIOCGNPMODE(0xffffffffffffffff, 0xc008744c, &(0x7f0000000040)={0x8057, 0x3}) (async) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)=@getsa={0x30, 0x12, 0x300, 0x70bd29, 0x25dfdbfd, {@in=@multicast2, 0x4d6, 0xa, 0x6c}, [@etimer_thresh={0x8, 0xc, 0xb393}]}, 0x30}, 0x1, 0x0, 0x0, 0x40000c0}, 0x60) 10:58:20 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x200000, 0x0) write$FUSE_ENTRY(r0, &(0x7f0000000040)={0x90, 0x0, 0x0, {0x2, 0x100000000, 0x4, 0x1, 0x8, 0x2, {0x4, 0x8, 0x401, 0x200, 0x6, 0x1, 0xff, 0x9, 0x0, 0x8000, 0x2, 0xee01, 0xffffffffffffffff, 0x3, 0x3}}}, 0x90) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x200000, 0x0) (async) write$FUSE_ENTRY(r0, &(0x7f0000000040)={0x90, 0x0, 0x0, {0x2, 0x100000000, 0x4, 0x1, 0x8, 0x2, {0x4, 0x8, 0x401, 0x200, 0x6, 0x1, 0xff, 0x9, 0x0, 0x8000, 0x2, 0xee01, 0xffffffffffffffff, 0x3, 0x3}}}, 0x90) (async) 10:58:20 executing program 3: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) ioctl$sock_inet6_tcp_SIOCOUTQNSD(r0, 0x894b, &(0x7f0000000000)) 10:58:20 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000080)={0x31, 0x4, 0x0, {0x0, 0x5, 0x9, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, 0x31) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) 10:58:20 executing program 5: mount$fuse(0x0, &(0x7f0000000000)='.\x00', 0x0, 0x0, 0x0) [ 2051.687152] FAULT_INJECTION: forcing a failure. [ 2051.687152] name failslab, interval 1, probability 0, space 0, times 0 [ 2051.698602] CPU: 1 PID: 24527 Comm: syz-executor.1 Not tainted 4.14.286-syzkaller #0 [ 2051.706471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2051.715811] Call Trace: [ 2051.718395] dump_stack+0x1b2/0x281 [ 2051.722009] should_fail.cold+0x10a/0x149 [ 2051.726142] should_failslab+0xd6/0x130 [ 2051.730097] kmem_cache_alloc_node_trace+0x25a/0x400 [ 2051.735213] __kmalloc_node_track_caller+0x38/0x70 [ 2051.740152] __alloc_skb+0x96/0x510 [ 2051.743767] kobject_uevent_env+0x882/0xf30 [ 2051.748078] device_add+0xa47/0x15c0 [ 2051.751783] ? device_is_dependent+0x2a0/0x2a0 [ 2051.756365] ? kfree+0x1f0/0x250 [ 2051.759773] device_create_groups_vargs+0x1dc/0x250 [ 2051.764786] device_create_vargs+0x3a/0x50 [ 2051.769017] bdi_register_va.part.0+0x35/0x650 [ 2051.773621] bdi_register_va+0x63/0x80 [ 2051.777510] super_setup_bdi_name+0x123/0x220 [ 2051.782000] ? kill_block_super+0xe0/0xe0 [ 2051.786134] ? do_raw_spin_unlock+0x164/0x220 [ 2051.790610] fuse_fill_super+0x937/0x15c0 [ 2051.794762] ? fuse_get_root_inode+0xc0/0xc0 [ 2051.799159] ? up_write+0x17/0x60 [ 2051.802635] ? register_shrinker+0x15f/0x220 [ 2051.807020] ? sget_userns+0x768/0xc10 [ 2051.810887] ? get_anon_bdev+0x1c0/0x1c0 [ 2051.814944] ? sget+0xd9/0x110 [ 2051.818120] ? fuse_get_root_inode+0xc0/0xc0 [ 2051.822507] mount_nodev+0x4c/0xf0 [ 2051.826046] mount_fs+0x92/0x2a0 [ 2051.829419] vfs_kern_mount.part.0+0x5b/0x470 [ 2051.833901] do_mount+0xe65/0x2a30 [ 2051.837438] ? copy_mount_string+0x40/0x40 [ 2051.841651] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 2051.846643] ? copy_mnt_ns+0xa30/0xa30 [ 2051.850524] ? copy_mount_options+0x1fa/0x2f0 [ 2051.855004] ? copy_mnt_ns+0xa30/0xa30 [ 2051.858873] SyS_mount+0xa8/0x120 [ 2051.862307] ? copy_mnt_ns+0xa30/0xa30 [ 2051.866211] do_syscall_64+0x1d5/0x640 [ 2051.870096] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2051.875276] RIP: 0033:0x7fc09e230109 [ 2051.878973] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 10:58:20 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 46) 10:58:20 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x200000, 0x0) write$FUSE_ENTRY(r0, &(0x7f0000000040)={0x90, 0x0, 0x0, {0x2, 0x100000000, 0x4, 0x1, 0x8, 0x2, {0x4, 0x8, 0x401, 0x200, 0x6, 0x1, 0xff, 0x9, 0x0, 0x8000, 0x2, 0xee01, 0xffffffffffffffff, 0x3, 0x3}}}, 0x90) 10:58:20 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000080)={0x31, 0x4, 0x0, {0x0, 0x5, 0x9, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, 0x31) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) (async) write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000080)={0x31, 0x4, 0x0, {0x0, 0x5, 0x9, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, 0x31) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (async) 10:58:20 executing program 3: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) (async) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) ioctl$sock_inet6_tcp_SIOCOUTQNSD(r0, 0x894b, &(0x7f0000000000)) 10:58:20 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = bpf$ITER_CREATE(0x21, &(0x7f00000025c0), 0x8) getsockopt$inet6_tcp_int(r1, 0x6, 0xc, &(0x7f0000002600), &(0x7f0000002640)=0x4) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="f00000001a00030f0000000000000000ac1414aa0000000000000000000000007f00000100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000ac1414bb0000ae5100"/168], 0xf0}}, 0x0) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) r3 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(r3, 0x0, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(r3, &(0x7f0000002580)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x30, 0x140c, 0x5, 0x70bd27, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x4008010) read$FUSE(r2, &(0x7f0000000540)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_WRITE(r2, &(0x7f0000000280)={0x18, 0xfffffffffffffffe, r4, {0x8f}}, 0x18) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r2, 0x6, 0x23, 0x0, 0x0) r5 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r5, 0x6, 0x23, 0x0, 0x0) r6 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r6, 0x6, 0x23, 0x0, 0x0) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@bloom_filter={0x1e, 0x7, 0x1, 0x4d9f8c6, 0x200, 0xffffffffffffffff, 0x12, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x1, 0x2, 0x5}, 0x48) r8 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r8, 0x6, 0x23, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x6, 0x2, &(0x7f0000000040)=ANY=[@ANYBLOB="be8d80508260000000"], &(0x7f00000000c0)='syzkaller\x00', 0xffffffff, 0x29, &(0x7f0000000100)=""/41, 0x41100, 0x8, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000140)={0x8, 0x2}, 0x8, 0x10, &(0x7f0000000180)={0x0, 0x6, 0x5, 0x6}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000240)=[0x1, r0, r2, r5, 0x1, 0xffffffffffffffff, r6, r7, r8]}, 0x80) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(0xffffffffffffffff, 0xc02c5341, &(0x7f00000026c0)) 10:58:20 executing program 5: mount$fuse(0x0, &(0x7f0000000000)='.\x00', 0x0, 0x0, 0x0) [ 2051.886664] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 [ 2051.893935] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 [ 2051.901193] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 [ 2051.908443] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2051.915697] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 10:58:20 executing program 2: write$FUSE_NOTIFY_STORE(0xffffffffffffffff, &(0x7f0000000000)={0x2e, 0x4, 0x0, {0x1cc, 0x400, 0x6, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, 0x2e) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$FUSE_NOTIFY_POLL(r0, &(0x7f0000000080)={0x18, 0x1, 0x0, {0x3}}, 0x18) write$FUSE_LSEEK(r0, &(0x7f00000000c0)={0x18, 0x55a03d0cde8be95f, 0x0, {0x32}}, 0x18) openat$cuse(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) read$FUSE(r1, &(0x7f0000000680)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_STATFS(r2, &(0x7f0000000080)={0x60, 0x0, r3}, 0x60) write$FUSE_DIRENT(r0, &(0x7f0000000100)={0xd8, 0xfffffffffffffffe, r3, [{0x6, 0x8, 0x2, 0xc6, ':&'}, {0x0, 0xffffffff00000001, 0x1c, 0x8, '[.--&]}*+\x1f///.^]$*&%:\x1c*+^]*!'}, {0x2, 0x6, 0xa, 0x36f, '/dev/fuse\x00'}, {0x3, 0x7fffffffffffffff, 0xa, 0xff, '/dev/fuse\x00'}, {0x5, 0x40, 0x4, 0x9, ']+$\''}]}, 0xd8) 10:58:21 executing program 2: write$FUSE_NOTIFY_STORE(0xffffffffffffffff, &(0x7f0000000000)={0x2e, 0x4, 0x0, {0x1cc, 0x400, 0x6, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, 0x2e) (async) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$FUSE_NOTIFY_POLL(r0, &(0x7f0000000080)={0x18, 0x1, 0x0, {0x3}}, 0x18) (async) write$FUSE_LSEEK(r0, &(0x7f00000000c0)={0x18, 0x55a03d0cde8be95f, 0x0, {0x32}}, 0x18) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) (async) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) read$FUSE(r1, &(0x7f0000000680)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_STATFS(r2, &(0x7f0000000080)={0x60, 0x0, r3}, 0x60) (async) write$FUSE_DIRENT(r0, &(0x7f0000000100)={0xd8, 0xfffffffffffffffe, r3, [{0x6, 0x8, 0x2, 0xc6, ':&'}, {0x0, 0xffffffff00000001, 0x1c, 0x8, '[.--&]}*+\x1f///.^]$*&%:\x1c*+^]*!'}, {0x2, 0x6, 0xa, 0x36f, '/dev/fuse\x00'}, {0x3, 0x7fffffffffffffff, 0xa, 0xff, '/dev/fuse\x00'}, {0x5, 0x40, 0x4, 0x9, ']+$\''}]}, 0xd8) [ 2052.004484] FAULT_INJECTION: forcing a failure. [ 2052.004484] name failslab, interval 1, probability 0, space 0, times 0 [ 2052.025137] CPU: 0 PID: 24538 Comm: syz-executor.1 Not tainted 4.14.286-syzkaller #0 [ 2052.033346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 10:58:21 executing program 5: mount$fuse(0x0, &(0x7f0000000000)='.\x00', 0x0, 0x0, 0x0) 10:58:21 executing program 0: bpf$LINK_DETACH(0x22, &(0x7f0000000080), 0x4) read$FUSE(0xffffffffffffffff, &(0x7f0000000240)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_STATFS(0xffffffffffffffff, &(0x7f0000002280)={0x60, 0xfffffffffffffff5, r0, {{0x8, 0xff, 0x78a, 0x2, 0x8, 0x0, 0x200, 0x7}}}, 0x60) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000002300)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@blksize={'blksize', 0x3d, 0x1700}}]}}) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) write$FUSE_NOTIFY_POLL(r2, &(0x7f0000000180)={0x18}, 0x18) 10:58:21 executing program 2: write$FUSE_NOTIFY_STORE(0xffffffffffffffff, &(0x7f0000000000)={0x2e, 0x4, 0x0, {0x1cc, 0x400, 0x6, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, 0x2e) (async, rerun: 32) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (rerun: 32) write$FUSE_NOTIFY_POLL(r0, &(0x7f0000000080)={0x18, 0x1, 0x0, {0x3}}, 0x18) (async) write$FUSE_LSEEK(r0, &(0x7f00000000c0)={0x18, 0x55a03d0cde8be95f, 0x0, {0x32}}, 0x18) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) (async, rerun: 64) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (rerun: 64) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) read$FUSE(r1, &(0x7f0000000680)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_STATFS(r2, &(0x7f0000000080)={0x60, 0x0, r3}, 0x60) (async) write$FUSE_DIRENT(r0, &(0x7f0000000100)={0xd8, 0xfffffffffffffffe, r3, [{0x6, 0x8, 0x2, 0xc6, ':&'}, {0x0, 0xffffffff00000001, 0x1c, 0x8, '[.--&]}*+\x1f///.^]$*&%:\x1c*+^]*!'}, {0x2, 0x6, 0xa, 0x36f, '/dev/fuse\x00'}, {0x3, 0x7fffffffffffffff, 0xa, 0xff, '/dev/fuse\x00'}, {0x5, 0x40, 0x4, 0x9, ']+$\''}]}, 0xd8) [ 2052.033376] Call Trace: [ 2052.033392] dump_stack+0x1b2/0x281 [ 2052.033408] should_fail.cold+0x10a/0x149 [ 2052.033423] should_failslab+0xd6/0x130 [ 2052.033436] kmem_cache_alloc_node_trace+0x25a/0x400 [ 2052.033451] __kmalloc_node_track_caller+0x38/0x70 10:58:21 executing program 5: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) write$FUSE_NOTIFY_STORE(0xffffffffffffffff, &(0x7f00000000c0)={0x2d, 0x4, 0x0, {0x6, 0xffffffffffffff80, 0x5, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0]}}, 0x2d) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x202880, 0x0) syz_open_dev$MSR(&(0x7f0000000080), 0x1f, 0x0) ioctl$PPPIOCSMRU1(r0, 0x40047452, &(0x7f0000000040)=0x1f) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) read$FUSE(r2, &(0x7f0000000680)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_STATFS(r3, &(0x7f0000000080)={0x60, 0x0, r4}, 0x60) write$FUSE_INIT(r1, &(0x7f0000000140)={0x50, 0x0, r4, {0x7, 0x24, 0x101, 0x206020, 0x8, 0xa8, 0x3ff, 0x9}}, 0x50) [ 2052.033464] __alloc_skb+0x96/0x510 [ 2052.033477] kobject_uevent_env+0x882/0xf30 [ 2052.033494] device_add+0xa47/0x15c0 [ 2052.033507] ? device_is_dependent+0x2a0/0x2a0 [ 2052.033516] ? kfree+0x1f0/0x250 [ 2052.033530] device_create_groups_vargs+0x1dc/0x250 [ 2052.033541] device_create_vargs+0x3a/0x50 [ 2052.033555] bdi_register_va.part.0+0x35/0x650 [ 2052.033568] bdi_register_va+0x63/0x80 [ 2052.033579] super_setup_bdi_name+0x123/0x220 [ 2052.033588] ? kill_block_super+0xe0/0xe0 [ 2052.033600] ? do_raw_spin_unlock+0x164/0x220 [ 2052.033616] fuse_fill_super+0x937/0x15c0 [ 2052.033629] ? fuse_get_root_inode+0xc0/0xc0 [ 2052.033638] ? up_write+0x17/0x60 [ 2052.033646] ? register_shrinker+0x15f/0x220 [ 2052.033653] ? sget_userns+0x768/0xc10 [ 2052.033669] ? get_anon_bdev+0x1c0/0x1c0 [ 2052.033676] ? sget+0xd9/0x110 [ 2052.033685] ? fuse_get_root_inode+0xc0/0xc0 [ 2052.033694] mount_nodev+0x4c/0xf0 [ 2052.033704] mount_fs+0x92/0x2a0 [ 2052.033718] vfs_kern_mount.part.0+0x5b/0x470 [ 2052.033730] do_mount+0xe65/0x2a30 [ 2052.033740] ? do_raw_spin_unlock+0x164/0x220 [ 2052.033755] ? copy_mount_string+0x40/0x40 [ 2052.033768] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 2052.033779] ? copy_mnt_ns+0xa30/0xa30 [ 2052.033791] ? copy_mount_options+0x1fa/0x2f0 [ 2052.033801] ? copy_mnt_ns+0xa30/0xa30 [ 2052.033811] SyS_mount+0xa8/0x120 [ 2052.033820] ? copy_mnt_ns+0xa30/0xa30 [ 2052.033831] do_syscall_64+0x1d5/0x640 [ 2052.033846] entry_SYSCALL_64_after_hwframe+0x46/0xbb 10:58:21 executing program 3: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) (async) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) (async, rerun: 64) ioctl$sock_inet6_tcp_SIOCOUTQNSD(r0, 0x894b, &(0x7f0000000000)) (rerun: 64) 10:58:21 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 47) 10:58:21 executing program 0: bpf$LINK_DETACH(0x22, &(0x7f0000000080), 0x4) read$FUSE(0xffffffffffffffff, &(0x7f0000000240)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_STATFS(0xffffffffffffffff, &(0x7f0000002280)={0x60, 0xfffffffffffffff5, r0, {{0x8, 0xff, 0x78a, 0x2, 0x8, 0x0, 0x200, 0x7}}}, 0x60) (async) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000002300)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@blksize={'blksize', 0x3d, 0x1700}}]}}) (async, rerun: 32) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) (rerun: 32) write$FUSE_NOTIFY_POLL(r2, &(0x7f0000000180)={0x18}, 0x18) 10:58:21 executing program 2: ioctl$PPPIOCSMAXCID(0xffffffffffffffff, 0x40047451, &(0x7f0000000040)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0) 10:58:21 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = bpf$ITER_CREATE(0x21, &(0x7f00000025c0), 0x8) getsockopt$inet6_tcp_int(r1, 0x6, 0xc, &(0x7f0000002600), &(0x7f0000002640)=0x4) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="f00000001a00030f0000000000000000ac1414aa0000000000000000000000007f00000100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000ac1414bb0000ae5100"/168], 0xf0}}, 0x0) (async) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) r3 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(r3, 0x0, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(r3, &(0x7f0000002580)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x30, 0x140c, 0x5, 0x70bd27, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x4008010) (async) read$FUSE(r2, &(0x7f0000000540)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_WRITE(r2, &(0x7f0000000280)={0x18, 0xfffffffffffffffe, r4, {0x8f}}, 0x18) (async) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r2, 0x6, 0x23, 0x0, 0x0) (async) r5 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r5, 0x6, 0x23, 0x0, 0x0) (async) r6 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r6, 0x6, 0x23, 0x0, 0x0) (async) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@bloom_filter={0x1e, 0x7, 0x1, 0x4d9f8c6, 0x200, 0xffffffffffffffff, 0x12, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x1, 0x2, 0x5}, 0x48) (async) r8 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r8, 0x6, 0x23, 0x0, 0x0) (async) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x6, 0x2, &(0x7f0000000040)=ANY=[@ANYBLOB="be8d80508260000000"], &(0x7f00000000c0)='syzkaller\x00', 0xffffffff, 0x29, &(0x7f0000000100)=""/41, 0x41100, 0x8, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000140)={0x8, 0x2}, 0x8, 0x10, &(0x7f0000000180)={0x0, 0x6, 0x5, 0x6}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000240)=[0x1, r0, r2, r5, 0x1, 0xffffffffffffffff, r6, r7, r8]}, 0x80) (async) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(0xffffffffffffffff, 0xc02c5341, &(0x7f00000026c0)) 10:58:21 executing program 5: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) (async, rerun: 64) write$FUSE_NOTIFY_STORE(0xffffffffffffffff, &(0x7f00000000c0)={0x2d, 0x4, 0x0, {0x6, 0xffffffffffffff80, 0x5, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0]}}, 0x2d) (async, rerun: 64) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x202880, 0x0) syz_open_dev$MSR(&(0x7f0000000080), 0x1f, 0x0) (async) ioctl$PPPIOCSMRU1(r0, 0x40047452, &(0x7f0000000040)=0x1f) (async) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) (async, rerun: 64) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (rerun: 64) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) read$FUSE(r2, &(0x7f0000000680)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_STATFS(r3, &(0x7f0000000080)={0x60, 0x0, r4}, 0x60) write$FUSE_INIT(r1, &(0x7f0000000140)={0x50, 0x0, r4, {0x7, 0x24, 0x101, 0x206020, 0x8, 0xa8, 0x3ff, 0x9}}, 0x50) [ 2052.033854] RIP: 0033:0x7fc09e230109 [ 2052.033859] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2052.033870] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 [ 2052.033876] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 [ 2052.033882] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 [ 2052.033887] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2052.033892] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 10:58:21 executing program 3: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000240)={0x2020, 0x0, 0x0}, 0x2020) r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000180), 0x8) ioctl$SNDRV_SEQ_IOCTL_PVERSION(r1, 0x80045300, &(0x7f00000001c0)) ioctl$PPPIOCSPASS(0xffffffffffffffff, 0x40107447, &(0x7f0000000140)={0x5, &(0x7f0000000000)=[{0x1ff, 0x3f, 0x61, 0x4}, {0x7ff, 0x72, 0x7, 0x7fff}, {0x101, 0x3, 0x6, 0x80000001}, {0x8001, 0x8, 0x6, 0x6}, {0x15, 0x32, 0x2, 0x3}]}) openat$cuse(0xffffffffffffff9c, &(0x7f0000002280), 0x2, 0x0) write$FUSE_DIRENT(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYBLOB="16000000feffffff", @ANYRES64=r0, @ANYBLOB="01000000000000000000000001000000040000000600000040537900200aeb70a4ae14dd8ad7b3569865fca172c73f1fc4282f041fcef98c19a8db264bdd4418ab3b2f0f4773708b83ab9c0f15c53e8bbd319a8adfd5572f6d03a0cbf35a036ea2d44c8af93f412c2980e4407525d07de70148a1c6d750b856a406ddd5d0e255e89169f7ef0bb6be2b2e02c643dbb412c032c157871cc8293e17b3994121267bcfdd3a7501b3c24713d98f3ada5b6014d94f0845adfe81ec4d6975426eaf2db6a1386e81b8041554377cd78171faf44d140dc2a7e6a8a860"], 0x10) 10:58:21 executing program 2: ioctl$PPPIOCSMAXCID(0xffffffffffffffff, 0x40047451, &(0x7f0000000040)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0) ioctl$PPPIOCSMAXCID(0xffffffffffffffff, 0x40047451, &(0x7f0000000040)) (async) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0) (async) 10:58:21 executing program 2: ioctl$PPPIOCSMAXCID(0xffffffffffffffff, 0x40047451, &(0x7f0000000040)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0) 10:58:21 executing program 5: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) write$FUSE_NOTIFY_STORE(0xffffffffffffffff, &(0x7f00000000c0)={0x2d, 0x4, 0x0, {0x6, 0xffffffffffffff80, 0x5, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0]}}, 0x2d) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x202880, 0x0) syz_open_dev$MSR(&(0x7f0000000080), 0x1f, 0x0) ioctl$PPPIOCSMRU1(r0, 0x40047452, &(0x7f0000000040)=0x1f) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) read$FUSE(r2, &(0x7f0000000680)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_STATFS(r3, &(0x7f0000000080)={0x60, 0x0, r4}, 0x60) write$FUSE_INIT(r1, &(0x7f0000000140)={0x50, 0x0, r4, {0x7, 0x24, 0x101, 0x206020, 0x8, 0xa8, 0x3ff, 0x9}}, 0x50) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) (async) write$FUSE_NOTIFY_STORE(0xffffffffffffffff, &(0x7f00000000c0)={0x2d, 0x4, 0x0, {0x6, 0xffffffffffffff80, 0x5, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0]}}, 0x2d) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x202880, 0x0) (async) syz_open_dev$MSR(&(0x7f0000000080), 0x1f, 0x0) (async) ioctl$PPPIOCSMRU1(r0, 0x40047452, &(0x7f0000000040)=0x1f) (async) openat$fuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) read$FUSE(r2, &(0x7f0000000680)={0x2020}, 0x2020) (async) write$FUSE_STATFS(r3, &(0x7f0000000080)={0x60, 0x0, r4}, 0x60) (async) write$FUSE_INIT(r1, &(0x7f0000000140)={0x50, 0x0, r4, {0x7, 0x24, 0x101, 0x206020, 0x8, 0xa8, 0x3ff, 0x9}}, 0x50) (async) 10:58:21 executing program 3: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) (async) read$FUSE(0xffffffffffffffff, &(0x7f0000000240)={0x2020, 0x0, 0x0}, 0x2020) r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000180), 0x8) ioctl$SNDRV_SEQ_IOCTL_PVERSION(r1, 0x80045300, &(0x7f00000001c0)) (async) ioctl$PPPIOCSPASS(0xffffffffffffffff, 0x40107447, &(0x7f0000000140)={0x5, &(0x7f0000000000)=[{0x1ff, 0x3f, 0x61, 0x4}, {0x7ff, 0x72, 0x7, 0x7fff}, {0x101, 0x3, 0x6, 0x80000001}, {0x8001, 0x8, 0x6, 0x6}, {0x15, 0x32, 0x2, 0x3}]}) openat$cuse(0xffffffffffffff9c, &(0x7f0000002280), 0x2, 0x0) (async) write$FUSE_DIRENT(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYBLOB="16000000feffffff", @ANYRES64=r0, @ANYBLOB="01000000000000000000000001000000040000000600000040537900200aeb70a4ae14dd8ad7b3569865fca172c73f1fc4282f041fcef98c19a8db264bdd4418ab3b2f0f4773708b83ab9c0f15c53e8bbd319a8adfd5572f6d03a0cbf35a036ea2d44c8af93f412c2980e4407525d07de70148a1c6d750b856a406ddd5d0e255e89169f7ef0bb6be2b2e02c643dbb412c032c157871cc8293e17b3994121267bcfdd3a7501b3c24713d98f3ada5b6014d94f0845adfe81ec4d6975426eaf2db6a1386e81b8041554377cd78171faf44d140dc2a7e6a8a860"], 0x10) 10:58:21 executing program 0: bpf$LINK_DETACH(0x22, &(0x7f0000000080), 0x4) read$FUSE(0xffffffffffffffff, &(0x7f0000000240)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_STATFS(0xffffffffffffffff, &(0x7f0000002280)={0x60, 0xfffffffffffffff5, r0, {{0x8, 0xff, 0x78a, 0x2, 0x8, 0x0, 0x200, 0x7}}}, 0x60) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000002300)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@blksize={'blksize', 0x3d, 0x1700}}]}}) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) write$FUSE_NOTIFY_POLL(r2, &(0x7f0000000180)={0x18}, 0x18) bpf$LINK_DETACH(0x22, &(0x7f0000000080), 0x4) (async) read$FUSE(0xffffffffffffffff, &(0x7f0000000240)={0x2020}, 0x2020) (async) write$FUSE_STATFS(0xffffffffffffffff, &(0x7f0000002280)={0x60, 0xfffffffffffffff5, r0, {{0x8, 0xff, 0x78a, 0x2, 0x8, 0x0, 0x200, 0x7}}}, 0x60) (async) openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000002300)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@blksize={'blksize', 0x3d, 0x1700}}]}}) (async) openat$fuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) (async) write$FUSE_NOTIFY_POLL(r2, &(0x7f0000000180)={0x18}, 0x18) (async) 10:58:21 executing program 2: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) getsockopt$inet6_tcp_int(r0, 0x6, 0x1e, &(0x7f0000000000), &(0x7f0000000080)=0x4) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0xc0, 0x0) ioctl$PPPIOCGDEBUG(r1, 0x80047441, &(0x7f0000000100)) mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0xa2808, 0x0) [ 2052.598970] FAULT_INJECTION: forcing a failure. [ 2052.598970] name failslab, interval 1, probability 0, space 0, times 0 [ 2052.612770] CPU: 0 PID: 24611 Comm: syz-executor.1 Not tainted 4.14.286-syzkaller #0 [ 2052.620659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2052.630103] Call Trace: [ 2052.632672] dump_stack+0x1b2/0x281 [ 2052.636281] should_fail.cold+0x10a/0x149 [ 2052.640413] should_failslab+0xd6/0x130 [ 2052.644366] kmem_cache_alloc_node+0x263/0x410 [ 2052.648926] __alloc_skb+0x5c/0x510 [ 2052.652534] kobject_uevent_env+0x882/0xf30 [ 2052.656837] device_add+0xa47/0x15c0 [ 2052.660528] ? device_is_dependent+0x2a0/0x2a0 [ 2052.665085] ? kfree+0x1f0/0x250 [ 2052.668430] device_create_groups_vargs+0x1dc/0x250 [ 2052.673426] device_create_vargs+0x3a/0x50 [ 2052.677638] bdi_register_va.part.0+0x35/0x650 [ 2052.682211] bdi_register_va+0x63/0x80 [ 2052.686077] super_setup_bdi_name+0x123/0x220 [ 2052.690547] ? kill_block_super+0xe0/0xe0 [ 2052.694695] ? do_raw_spin_unlock+0x164/0x220 [ 2052.699183] fuse_fill_super+0x937/0x15c0 [ 2052.703321] ? fuse_get_root_inode+0xc0/0xc0 [ 2052.707708] ? up_write+0x17/0x60 [ 2052.711147] ? register_shrinker+0x15f/0x220 [ 2052.715546] ? sget_userns+0x768/0xc10 [ 2052.719413] ? get_anon_bdev+0x1c0/0x1c0 [ 2052.723448] ? sget+0xd9/0x110 [ 2052.726618] ? fuse_get_root_inode+0xc0/0xc0 [ 2052.731001] mount_nodev+0x4c/0xf0 [ 2052.734516] mount_fs+0x92/0x2a0 [ 2052.737863] vfs_kern_mount.part.0+0x5b/0x470 [ 2052.742336] do_mount+0xe65/0x2a30 [ 2052.745856] ? copy_mount_string+0x40/0x40 [ 2052.750070] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 2052.755067] ? copy_mnt_ns+0xa30/0xa30 [ 2052.758935] ? copy_mount_options+0x1fa/0x2f0 [ 2052.763404] ? copy_mnt_ns+0xa30/0xa30 [ 2052.767279] SyS_mount+0xa8/0x120 [ 2052.770724] ? copy_mnt_ns+0xa30/0xa30 [ 2052.774604] do_syscall_64+0x1d5/0x640 [ 2052.778485] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2052.783663] RIP: 0033:0x7fc09e230109 [ 2052.787349] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 10:58:21 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 48) 10:58:21 executing program 3: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000240)={0x2020, 0x0, 0x0}, 0x2020) (async) r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000180), 0x8) ioctl$SNDRV_SEQ_IOCTL_PVERSION(r1, 0x80045300, &(0x7f00000001c0)) (async, rerun: 32) ioctl$PPPIOCSPASS(0xffffffffffffffff, 0x40107447, &(0x7f0000000140)={0x5, &(0x7f0000000000)=[{0x1ff, 0x3f, 0x61, 0x4}, {0x7ff, 0x72, 0x7, 0x7fff}, {0x101, 0x3, 0x6, 0x80000001}, {0x8001, 0x8, 0x6, 0x6}, {0x15, 0x32, 0x2, 0x3}]}) (rerun: 32) openat$cuse(0xffffffffffffff9c, &(0x7f0000002280), 0x2, 0x0) (async) write$FUSE_DIRENT(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYBLOB="16000000feffffff", @ANYRES64=r0, @ANYBLOB="01000000000000000000000001000000040000000600000040537900200aeb70a4ae14dd8ad7b3569865fca172c73f1fc4282f041fcef98c19a8db264bdd4418ab3b2f0f4773708b83ab9c0f15c53e8bbd319a8adfd5572f6d03a0cbf35a036ea2d44c8af93f412c2980e4407525d07de70148a1c6d750b856a406ddd5d0e255e89169f7ef0bb6be2b2e02c643dbb412c032c157871cc8293e17b3994121267bcfdd3a7501b3c24713d98f3ada5b6014d94f0845adfe81ec4d6975426eaf2db6a1386e81b8041554377cd78171faf44d140dc2a7e6a8a860"], 0x10) 10:58:21 executing program 2: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) getsockopt$inet6_tcp_int(r0, 0x6, 0x1e, &(0x7f0000000000), &(0x7f0000000080)=0x4) (async) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0xc0, 0x0) ioctl$PPPIOCGDEBUG(r1, 0x80047441, &(0x7f0000000100)) mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0xa2808, 0x0) 10:58:21 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000080), &(0x7f0000000100)=0x4) 10:58:21 executing program 5: ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(0xffffffffffffffff, 0x80083313, &(0x7f0000000000)) read$snapshot(0xffffffffffffffff, &(0x7f0000000080)=""/177, 0xb1) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x21e880, 0x0) ioctl$SNAPSHOT_UNFREEZE(r0, 0x3302) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) 10:58:21 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = bpf$ITER_CREATE(0x21, &(0x7f00000025c0), 0x8) getsockopt$inet6_tcp_int(r1, 0x6, 0xc, &(0x7f0000002600), &(0x7f0000002640)=0x4) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="f00000001a00030f0000000000000000ac1414aa0000000000000000000000007f00000100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000ac1414bb0000ae5100"/168], 0xf0}}, 0x0) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) r3 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(r3, 0x0, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(r3, &(0x7f0000002580)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x30, 0x140c, 0x5, 0x70bd27, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x4008010) read$FUSE(r2, &(0x7f0000000540)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_WRITE(r2, &(0x7f0000000280)={0x18, 0xfffffffffffffffe, r4, {0x8f}}, 0x18) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r2, 0x6, 0x23, 0x0, 0x0) r5 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r5, 0x6, 0x23, 0x0, 0x0) r6 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r6, 0x6, 0x23, 0x0, 0x0) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@bloom_filter={0x1e, 0x7, 0x1, 0x4d9f8c6, 0x200, 0xffffffffffffffff, 0x12, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x1, 0x2, 0x5}, 0x48) r8 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r8, 0x6, 0x23, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x6, 0x2, &(0x7f0000000040)=ANY=[@ANYBLOB="be8d80508260000000"], &(0x7f00000000c0)='syzkaller\x00', 0xffffffff, 0x29, &(0x7f0000000100)=""/41, 0x41100, 0x8, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000140)={0x8, 0x2}, 0x8, 0x10, &(0x7f0000000180)={0x0, 0x6, 0x5, 0x6}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000240)=[0x1, r0, r2, r5, 0x1, 0xffffffffffffffff, r6, r7, r8]}, 0x80) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(0xffffffffffffffff, 0xc02c5341, &(0x7f00000026c0)) socket$nl_xfrm(0x10, 0x3, 0x6) (async) bpf$ITER_CREATE(0x21, &(0x7f00000025c0), 0x8) (async) getsockopt$inet6_tcp_int(r1, 0x6, 0xc, &(0x7f0000002600), &(0x7f0000002640)=0x4) (async) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="f00000001a00030f0000000000000000ac1414aa0000000000000000000000007f00000100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000ac1414bb0000ae5100"/168], 0xf0}}, 0x0) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (async) socket$nl_rdma(0x10, 0x3, 0x14) (async) sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(r3, 0x0, 0x0) (async) sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(r3, &(0x7f0000002580)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x30, 0x140c, 0x5, 0x70bd27, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x4008010) (async) read$FUSE(r2, &(0x7f0000000540)={0x2020}, 0x2020) (async) write$FUSE_WRITE(r2, &(0x7f0000000280)={0x18, 0xfffffffffffffffe, r4, {0x8f}}, 0x18) (async) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r2, 0x6, 0x23, 0x0, 0x0) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (async) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r5, 0x6, 0x23, 0x0, 0x0) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (async) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r6, 0x6, 0x23, 0x0, 0x0) (async) bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@bloom_filter={0x1e, 0x7, 0x1, 0x4d9f8c6, 0x200, 0xffffffffffffffff, 0x12, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x1, 0x2, 0x5}, 0x48) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (async) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r8, 0x6, 0x23, 0x0, 0x0) (async) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x6, 0x2, &(0x7f0000000040)=ANY=[@ANYBLOB="be8d80508260000000"], &(0x7f00000000c0)='syzkaller\x00', 0xffffffff, 0x29, &(0x7f0000000100)=""/41, 0x41100, 0x8, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000140)={0x8, 0x2}, 0x8, 0x10, &(0x7f0000000180)={0x0, 0x6, 0x5, 0x6}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000240)=[0x1, r0, r2, r5, 0x1, 0xffffffffffffffff, r6, r7, r8]}, 0x80) (async) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(0xffffffffffffffff, 0xc02c5341, &(0x7f00000026c0)) (async) [ 2052.795156] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 [ 2052.802404] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 [ 2052.809764] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 [ 2052.817023] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2052.824278] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 10:58:21 executing program 2: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) (async) getsockopt$inet6_tcp_int(r0, 0x6, 0x1e, &(0x7f0000000000), &(0x7f0000000080)=0x4) (async) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0xc0, 0x0) ioctl$PPPIOCGDEBUG(r1, 0x80047441, &(0x7f0000000100)) (async) mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0xa2808, 0x0) 10:58:21 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (async) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000080), &(0x7f0000000100)=0x4) 10:58:21 executing program 3: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) rt_sigreturn() eventfd(0x9) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) prctl$PR_CAP_AMBIENT(0x2f, 0x7, 0x19) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x5400, 0x0) r2 = bpf$ITER_CREATE(0x21, &(0x7f00000000c0)={r1}, 0x8) ioctl$KVM_SET_CLOCK(r2, 0x4030ae7b, &(0x7f0000000100)={0x3, 0x5, 0x9, 0x100000000, 0xf251}) r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r3, 0x6, 0x23, 0x0, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000300)={r3, &(0x7f0000000180)="ddee13db156ca1d3966a3d60b764b6337ae8553e9a166e48560032387c0cccc4c1dfe0910e1edb795ba3d210eb8cddd741f8177afa25efab3772c91454ac6c8a69e3fc5a8a34fd352d6ed5f70d0b95b843201bd0896cc84f240f8cbcc91b02803e18a15808901400224cec", &(0x7f0000000240)=@buf="d719bebc48ee24ba8967f18126503a946c77dfc9ab8188984464a66b8a9664351fecdaa1f74a0b6013d8e1a6c2dbe1a47ba5efe09d03fa79cc276e131b01de4c0e5aa13cb538b231f1750e8defd8895dcb6437f1318c50010c800c4cf12a21453035a17ef2c380adade94d1c83e081f5798ae3b9c376938fdfc9a24c4dfa0a6ea2a63d4322287807aa2f015c6b26", 0x4}, 0x20) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000080), 0x4) ioctl$SNDRV_SEQ_IOCTL_PVERSION(r1, 0x80045300, &(0x7f0000000140)) write$6lowpan_control(r0, &(0x7f0000000000)='connect aa:aa:aa:aa:aa:11 0', 0x1b) 10:58:21 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000040)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) write$FUSE_NOTIFY_POLL(r1, &(0x7f0000000000)={0x18, 0x1, 0x0, {0x3}}, 0x18) 10:58:21 executing program 5: ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(0xffffffffffffffff, 0x80083313, &(0x7f0000000000)) read$snapshot(0xffffffffffffffff, &(0x7f0000000080)=""/177, 0xb1) (async) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x21e880, 0x0) ioctl$SNAPSHOT_UNFREEZE(r0, 0x3302) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) 10:58:22 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) (async) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000040)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) write$FUSE_NOTIFY_POLL(r1, &(0x7f0000000000)={0x18, 0x1, 0x0, {0x3}}, 0x18) [ 2053.077076] FAULT_INJECTION: forcing a failure. [ 2053.077076] name failslab, interval 1, probability 0, space 0, times 0 [ 2053.088709] CPU: 0 PID: 24695 Comm: syz-executor.1 Not tainted 4.14.286-syzkaller #0 [ 2053.096586] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2053.105920] Call Trace: [ 2053.108491] dump_stack+0x1b2/0x281 [ 2053.112097] should_fail.cold+0x10a/0x149 [ 2053.116234] should_failslab+0xd6/0x130 [ 2053.120197] kmem_cache_alloc_node_trace+0x25a/0x400 [ 2053.125284] __kmalloc_node_track_caller+0x38/0x70 [ 2053.130195] __alloc_skb+0x96/0x510 [ 2053.133867] kobject_uevent_env+0x882/0xf30 [ 2053.138183] device_add+0xa47/0x15c0 [ 2053.141887] ? device_is_dependent+0x2a0/0x2a0 [ 2053.146446] ? kfree+0x1f0/0x250 [ 2053.149791] device_create_groups_vargs+0x1dc/0x250 [ 2053.154786] device_create_vargs+0x3a/0x50 [ 2053.159000] bdi_register_va.part.0+0x35/0x650 [ 2053.163559] bdi_register_va+0x63/0x80 [ 2053.167423] super_setup_bdi_name+0x123/0x220 [ 2053.171894] ? kill_block_super+0xe0/0xe0 [ 2053.176020] ? do_raw_spin_unlock+0x164/0x220 [ 2053.180492] fuse_fill_super+0x937/0x15c0 [ 2053.184620] ? fuse_get_root_inode+0xc0/0xc0 [ 2053.189048] ? up_write+0x17/0x60 [ 2053.192474] ? register_shrinker+0x15f/0x220 [ 2053.196863] ? sget_userns+0x768/0xc10 [ 2053.200734] ? get_anon_bdev+0x1c0/0x1c0 [ 2053.204769] ? sget+0xd9/0x110 [ 2053.207939] ? fuse_get_root_inode+0xc0/0xc0 [ 2053.212328] mount_nodev+0x4c/0xf0 [ 2053.215845] mount_fs+0x92/0x2a0 [ 2053.219189] vfs_kern_mount.part.0+0x5b/0x470 [ 2053.223669] do_mount+0xe65/0x2a30 [ 2053.227198] ? copy_mount_string+0x40/0x40 [ 2053.231931] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 2053.236924] ? copy_mnt_ns+0xa30/0xa30 [ 2053.240800] ? copy_mount_options+0x1fa/0x2f0 [ 2053.245269] ? copy_mnt_ns+0xa30/0xa30 [ 2053.249135] SyS_mount+0xa8/0x120 [ 2053.252566] ? copy_mnt_ns+0xa30/0xa30 [ 2053.256448] do_syscall_64+0x1d5/0x640 [ 2053.260313] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2053.265477] RIP: 0033:0x7fc09e230109 [ 2053.269175] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 10:58:22 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 49) 10:58:22 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000080), &(0x7f0000000100)=0x4) openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (async) socket$inet6_tcp(0xa, 0x1, 0x0) (async) getsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000080), &(0x7f0000000100)=0x4) (async) 10:58:22 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) (async) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) (async) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000040)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) write$FUSE_NOTIFY_POLL(r1, &(0x7f0000000000)={0x18, 0x1, 0x0, {0x3}}, 0x18) 10:58:22 executing program 3: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) (async) rt_sigreturn() (async) eventfd(0x9) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) (async) prctl$PR_CAP_AMBIENT(0x2f, 0x7, 0x19) (async) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x5400, 0x0) r2 = bpf$ITER_CREATE(0x21, &(0x7f00000000c0)={r1}, 0x8) ioctl$KVM_SET_CLOCK(r2, 0x4030ae7b, &(0x7f0000000100)={0x3, 0x5, 0x9, 0x100000000, 0xf251}) r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r3, 0x6, 0x23, 0x0, 0x0) (async) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000300)={r3, &(0x7f0000000180)="ddee13db156ca1d3966a3d60b764b6337ae8553e9a166e48560032387c0cccc4c1dfe0910e1edb795ba3d210eb8cddd741f8177afa25efab3772c91454ac6c8a69e3fc5a8a34fd352d6ed5f70d0b95b843201bd0896cc84f240f8cbcc91b02803e18a15808901400224cec", &(0x7f0000000240)=@buf="d719bebc48ee24ba8967f18126503a946c77dfc9ab8188984464a66b8a9664351fecdaa1f74a0b6013d8e1a6c2dbe1a47ba5efe09d03fa79cc276e131b01de4c0e5aa13cb538b231f1750e8defd8895dcb6437f1318c50010c800c4cf12a21453035a17ef2c380adade94d1c83e081f5798ae3b9c376938fdfc9a24c4dfa0a6ea2a63d4322287807aa2f015c6b26", 0x4}, 0x20) (async) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000080), 0x4) (async) ioctl$SNDRV_SEQ_IOCTL_PVERSION(r1, 0x80045300, &(0x7f0000000140)) write$6lowpan_control(r0, &(0x7f0000000000)='connect aa:aa:aa:aa:aa:11 0', 0x1b) 10:58:22 executing program 5: ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(0xffffffffffffffff, 0x80083313, &(0x7f0000000000)) (async) read$snapshot(0xffffffffffffffff, &(0x7f0000000080)=""/177, 0xb1) (async) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x21e880, 0x0) ioctl$SNAPSHOT_UNFREEZE(r0, 0x3302) (async, rerun: 64) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) (rerun: 64) 10:58:22 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="f00000001a00030f0000000000000000ac1414aa0000000000000000000000007f00000100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000ac1414bb0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008cbdf3600000000000ff001c71d91a00000000000000000000000000000000000000000000000000000000000000a2a9edf1ec93093223a45143ff0ca9e447b8e7416d8aa05afa65c60568bdec7b57ee911340666a7fe578330c01b8120c0700000000000000929a1e89da7942d779f69d73300af061001fedf483375e2258e423fa66cd63a07b23dc505d73f5507a5b7195d1b585deb0f09caf4ad3b65ac61ee128400f497bcde7b32c12b4b1f5442c29b4bb"], 0xf0}}, 0x0) sendmsg$RDMA_NLDEV_CMD_DELLINK(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x50, 0x1404, 0x200, 0x70bd2a, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x7}]}, 0x50}, 0x1, 0x0, 0x0, 0x14000808}, 0x40011) syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT, 0x2) [ 2053.276857] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 [ 2053.284122] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 [ 2053.291369] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 [ 2053.298626] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2053.305873] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 10:58:22 executing program 2: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x22000, 0x0) sendmsg$RDMA_NLDEV_CMD_STAT_SET(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x30, 0x1410, 0x400, 0x70bd25, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_RES_LQPN={0x8, 0x15, 0x1}, @RDMA_NLDEV_ATTR_STAT_RES={0x8}, @RDMA_NLDEV_ATTR_STAT_RES={0x8}, @RDMA_NLDEV_ATTR_STAT_MODE={0x8, 0x4a, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0x20008010}, 0x4000000) 10:58:22 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="f00000001a00030f0000000000000000ac1414aa0000000000000000000000007f00000100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000ac1414bb0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008cbdf3600000000000ff001c71d91a00000000000000000000000000000000000000000000000000000000000000a2a9edf1ec93093223a45143ff0ca9e447b8e7416d8aa05afa65c60568bdec7b57ee911340666a7fe578330c01b8120c0700000000000000929a1e89da7942d779f69d73300af061001fedf483375e2258e423fa66cd63a07b23dc505d73f5507a5b7195d1b585deb0f09caf4ad3b65ac61ee128400f497bcde7b32c12b4b1f5442c29b4bb"], 0xf0}}, 0x0) sendmsg$RDMA_NLDEV_CMD_DELLINK(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x50, 0x1404, 0x200, 0x70bd2a, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x7}]}, 0x50}, 0x1, 0x0, 0x0, 0x14000808}, 0x40011) syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT, 0x2) socket$nl_xfrm(0x10, 0x3, 0x6) (async) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="f00000001a00030f0000000000000000ac1414aa0000000000000000000000007f00000100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000ac1414bb0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008cbdf3600000000000ff001c71d91a00000000000000000000000000000000000000000000000000000000000000a2a9edf1ec93093223a45143ff0ca9e447b8e7416d8aa05afa65c60568bdec7b57ee911340666a7fe578330c01b8120c0700000000000000929a1e89da7942d779f69d73300af061001fedf483375e2258e423fa66cd63a07b23dc505d73f5507a5b7195d1b585deb0f09caf4ad3b65ac61ee128400f497bcde7b32c12b4b1f5442c29b4bb"], 0xf0}}, 0x0) (async) sendmsg$RDMA_NLDEV_CMD_DELLINK(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x50, 0x1404, 0x200, 0x70bd2a, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x7}]}, 0x50}, 0x1, 0x0, 0x0, 0x14000808}, 0x40011) (async) syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT, 0x2) (async) 10:58:22 executing program 2: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x22000, 0x0) sendmsg$RDMA_NLDEV_CMD_STAT_SET(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x30, 0x1410, 0x400, 0x70bd25, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_RES_LQPN={0x8, 0x15, 0x1}, @RDMA_NLDEV_ATTR_STAT_RES={0x8}, @RDMA_NLDEV_ATTR_STAT_RES={0x8}, @RDMA_NLDEV_ATTR_STAT_MODE={0x8, 0x4a, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0x20008010}, 0x4000000) 10:58:22 executing program 5: bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000180)={0x1, 0x58, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x5, &(0x7f0000000040)=@raw=[@map_val={0x18, 0x9, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xffffffff}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x4}, @call={0x85, 0x0, 0x0, 0x52}], &(0x7f0000000080)='syzkaller\x00', 0x4, 0xb, &(0x7f00000000c0)=""/11, 0x41000, 0x0, '\x00', r0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000001c0)={0xa, 0x1}, 0x8, 0x10, &(0x7f0000000240)={0x2, 0xa, 0xfffffffa, 0x80000000}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000280)=[0x1, 0x1]}, 0x80) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22cec86, 0x0) r1 = getpgid(0x0) ptrace$poke(0xffffffffffffffff, r1, 0x0, 0x0) ptrace$poke(0x4, r1, &(0x7f0000000000), 0x63c6) 10:58:22 executing program 2: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x22000, 0x0) sendmsg$RDMA_NLDEV_CMD_STAT_SET(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x30, 0x1410, 0x400, 0x70bd25, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_RES_LQPN={0x8, 0x15, 0x1}, @RDMA_NLDEV_ATTR_STAT_RES={0x8}, @RDMA_NLDEV_ATTR_STAT_RES={0x8}, @RDMA_NLDEV_ATTR_STAT_MODE={0x8, 0x4a, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0x20008010}, 0x4000000) 10:58:22 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) read$FUSE(r0, &(0x7f0000000540)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_ENTRY(r0, &(0x7f0000000000)={0x90, 0x0, 0x0, {0x1, 0x3, 0x2, 0x80000001, 0x4, 0xc6, {0x4, 0x753abe63, 0xfffffffffffffffb, 0x4, 0x87, 0x7, 0x7, 0x2, 0x4, 0x6000, 0x8, 0xee00, r3, 0xdc, 0xf37}}}, 0x90) write$FUSE_ENTRY(r0, &(0x7f0000000240)={0x90, 0x0, r1, {0x3, 0x0, 0x1, 0x0, 0x7fffffff, 0x8, {0x6, 0x7fff, 0x8000000000000000, 0x7fff, 0x8, 0x4, 0x0, 0x3f, 0x400, 0x2000, 0x71, r2, r3, 0x9, 0xfffffff7}}}, 0x90) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r5 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r5, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=r6, @ANYBLOB=',group_id=', @ANYRESDEC=r4, @ANYBLOB=',blksyze=0\t\x00\x00\x00\x00\x00\x00\x00,blksize=0x000000000001400,default_permissions,dont_hash,\x00']) read$FUSE(r0, &(0x7f0000002580)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_LSEEK(r5, &(0x7f00000000c0)={0x18, 0xfffffffffffffffe, r7}, 0x18) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r0, 0x3312, 0x8) [ 2053.466766] FAULT_INJECTION: forcing a failure. [ 2053.466766] name failslab, interval 1, probability 0, space 0, times 0 [ 2053.514029] CPU: 1 PID: 24723 Comm: syz-executor.1 Not tainted 4.14.286-syzkaller #0 [ 2053.521929] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2053.531379] Call Trace: [ 2053.533968] dump_stack+0x1b2/0x281 [ 2053.537599] should_fail.cold+0x10a/0x149 [ 2053.541749] should_failslab+0xd6/0x130 [ 2053.545729] kmem_cache_alloc_node+0x263/0x410 [ 2053.550312] __alloc_skb+0x5c/0x510 [ 2053.553935] kobject_uevent_env+0x882/0xf30 [ 2053.558268] device_add+0xa47/0x15c0 10:58:22 executing program 0: bpf$BPF_MAP_FREEZE(0x16, &(0x7f0000000080)=0x1, 0x4) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) [ 2053.561982] ? device_is_dependent+0x2a0/0x2a0 [ 2053.566566] ? kfree+0x1f0/0x250 [ 2053.566585] device_create_groups_vargs+0x1dc/0x250 [ 2053.574951] device_create_vargs+0x3a/0x50 [ 2053.574968] bdi_register_va.part.0+0x35/0x650 [ 2053.574981] bdi_register_va+0x63/0x80 [ 2053.574994] super_setup_bdi_name+0x123/0x220 [ 2053.575004] ? kill_block_super+0xe0/0xe0 10:58:22 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 50) 10:58:22 executing program 5: bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000180)={0x1, 0x58, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x5, &(0x7f0000000040)=@raw=[@map_val={0x18, 0x9, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xffffffff}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x4}, @call={0x85, 0x0, 0x0, 0x52}], &(0x7f0000000080)='syzkaller\x00', 0x4, 0xb, &(0x7f00000000c0)=""/11, 0x41000, 0x0, '\x00', r0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000001c0)={0xa, 0x1}, 0x8, 0x10, &(0x7f0000000240)={0x2, 0xa, 0xfffffffa, 0x80000000}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000280)=[0x1, 0x1]}, 0x80) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22cec86, 0x0) r1 = getpgid(0x0) ptrace$poke(0xffffffffffffffff, r1, 0x0, 0x0) ptrace$poke(0x4, r1, &(0x7f0000000000), 0x63c6) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000180)={0x1, 0x58, &(0x7f0000000100)}, 0x10) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x5, &(0x7f0000000040)=@raw=[@map_val={0x18, 0x9, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xffffffff}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x4}, @call={0x85, 0x0, 0x0, 0x52}], &(0x7f0000000080)='syzkaller\x00', 0x4, 0xb, &(0x7f00000000c0)=""/11, 0x41000, 0x0, '\x00', r0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000001c0)={0xa, 0x1}, 0x8, 0x10, &(0x7f0000000240)={0x2, 0xa, 0xfffffffa, 0x80000000}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000280)=[0x1, 0x1]}, 0x80) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22cec86, 0x0) (async) getpgid(0x0) (async) ptrace$poke(0xffffffffffffffff, r1, 0x0, 0x0) (async) ptrace$poke(0x4, r1, &(0x7f0000000000), 0x63c6) (async) [ 2053.575016] ? do_raw_spin_unlock+0x164/0x220 [ 2053.575034] fuse_fill_super+0x937/0x15c0 [ 2053.575054] ? fuse_get_root_inode+0xc0/0xc0 [ 2053.575064] ? up_write+0x17/0x60 [ 2053.575072] ? register_shrinker+0x15f/0x220 [ 2053.575081] ? sget_userns+0x768/0xc10 [ 2053.575098] ? get_anon_bdev+0x1c0/0x1c0 [ 2053.575105] ? sget+0xd9/0x110 [ 2053.575115] ? fuse_get_root_inode+0xc0/0xc0 [ 2053.575124] mount_nodev+0x4c/0xf0 [ 2053.575134] mount_fs+0x92/0x2a0 [ 2053.575148] vfs_kern_mount.part.0+0x5b/0x470 [ 2053.575160] do_mount+0xe65/0x2a30 [ 2053.575176] ? copy_mount_string+0x40/0x40 [ 2053.575188] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 2053.575198] ? copy_mnt_ns+0xa30/0xa30 [ 2053.575210] ? copy_mount_options+0x1fa/0x2f0 [ 2053.575218] ? copy_mnt_ns+0xa30/0xa30 [ 2053.575229] SyS_mount+0xa8/0x120 [ 2053.575237] ? copy_mnt_ns+0xa30/0xa30 [ 2053.575249] do_syscall_64+0x1d5/0x640 [ 2053.575264] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2053.575272] RIP: 0033:0x7fc09e230109 [ 2053.575277] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2053.575288] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 [ 2053.575293] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 [ 2053.575299] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 [ 2053.575304] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2053.575310] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 [ 2053.730559] FAULT_INJECTION: forcing a failure. [ 2053.730559] name failslab, interval 1, probability 0, space 0, times 0 [ 2053.783286] CPU: 1 PID: 24764 Comm: syz-executor.1 Not tainted 4.14.286-syzkaller #0 [ 2053.783292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2053.783295] Call Trace: [ 2053.783309] dump_stack+0x1b2/0x281 [ 2053.783322] should_fail.cold+0x10a/0x149 [ 2053.810833] should_failslab+0xd6/0x130 [ 2053.810846] kmem_cache_alloc_node+0x263/0x410 [ 2053.819381] __alloc_skb+0x5c/0x510 [ 2053.819398] kobject_uevent_env+0x882/0xf30 [ 2053.827320] device_add+0xa47/0x15c0 [ 2053.831057] ? device_is_dependent+0x2a0/0x2a0 [ 2053.835648] ? kfree+0x1f0/0x250 [ 2053.839017] device_create_groups_vargs+0x1dc/0x250 [ 2053.844029] device_create_vargs+0x3a/0x50 [ 2053.848255] bdi_register_va.part.0+0x35/0x650 [ 2053.852838] bdi_register_va+0x63/0x80 [ 2053.856720] super_setup_bdi_name+0x123/0x220 [ 2053.861216] ? kill_block_super+0xe0/0xe0 [ 2053.865354] ? do_raw_spin_unlock+0x164/0x220 [ 2053.869834] fuse_fill_super+0x937/0x15c0 [ 2053.874084] ? fuse_get_root_inode+0xc0/0xc0 [ 2053.878484] ? up_write+0x17/0x60 [ 2053.881925] ? register_shrinker+0x15f/0x220 [ 2053.886323] ? sget_userns+0x768/0xc10 [ 2053.890200] ? get_anon_bdev+0x1c0/0x1c0 [ 2053.894246] ? sget+0xd9/0x110 [ 2053.897431] ? fuse_get_root_inode+0xc0/0xc0 [ 2053.901825] mount_nodev+0x4c/0xf0 [ 2053.905353] mount_fs+0x92/0x2a0 [ 2053.908706] vfs_kern_mount.part.0+0x5b/0x470 [ 2053.913180] do_mount+0xe65/0x2a30 [ 2053.916716] ? do_raw_spin_unlock+0x164/0x220 [ 2053.921255] ? copy_mount_string+0x40/0x40 [ 2053.925487] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 2053.930495] ? copy_mnt_ns+0xa30/0xa30 [ 2053.934368] ? copy_mount_options+0x1fa/0x2f0 [ 2053.938850] ? copy_mnt_ns+0xa30/0xa30 [ 2053.942735] SyS_mount+0xa8/0x120 [ 2053.946171] ? copy_mnt_ns+0xa30/0xa30 [ 2053.950102] do_syscall_64+0x1d5/0x640 [ 2053.954157] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2053.959332] RIP: 0033:0x7fc09e230109 [ 2053.963020] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2053.970724] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 [ 2053.977971] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 [ 2053.985227] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 [ 2053.992478] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2053.999731] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 10:58:23 executing program 3: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) rt_sigreturn() eventfd(0x9) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) prctl$PR_CAP_AMBIENT(0x2f, 0x7, 0x19) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x5400, 0x0) r2 = bpf$ITER_CREATE(0x21, &(0x7f00000000c0)={r1}, 0x8) ioctl$KVM_SET_CLOCK(r2, 0x4030ae7b, &(0x7f0000000100)={0x3, 0x5, 0x9, 0x100000000, 0xf251}) r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r3, 0x6, 0x23, 0x0, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000300)={r3, &(0x7f0000000180)="ddee13db156ca1d3966a3d60b764b6337ae8553e9a166e48560032387c0cccc4c1dfe0910e1edb795ba3d210eb8cddd741f8177afa25efab3772c91454ac6c8a69e3fc5a8a34fd352d6ed5f70d0b95b843201bd0896cc84f240f8cbcc91b02803e18a15808901400224cec", &(0x7f0000000240)=@buf="d719bebc48ee24ba8967f18126503a946c77dfc9ab8188984464a66b8a9664351fecdaa1f74a0b6013d8e1a6c2dbe1a47ba5efe09d03fa79cc276e131b01de4c0e5aa13cb538b231f1750e8defd8895dcb6437f1318c50010c800c4cf12a21453035a17ef2c380adade94d1c83e081f5798ae3b9c376938fdfc9a24c4dfa0a6ea2a63d4322287807aa2f015c6b26", 0x4}, 0x20) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000080), 0x4) ioctl$SNDRV_SEQ_IOCTL_PVERSION(r1, 0x80045300, &(0x7f0000000140)) write$6lowpan_control(r0, &(0x7f0000000000)='connect aa:aa:aa:aa:aa:11 0', 0x1b) openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (async) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) (async) rt_sigreturn() (async) eventfd(0x9) (async) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) (async) prctl$PR_CAP_AMBIENT(0x2f, 0x7, 0x19) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x5400, 0x0) (async) bpf$ITER_CREATE(0x21, &(0x7f00000000c0)={r1}, 0x8) (async) ioctl$KVM_SET_CLOCK(r2, 0x4030ae7b, &(0x7f0000000100)={0x3, 0x5, 0x9, 0x100000000, 0xf251}) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) (async) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r3, 0x6, 0x23, 0x0, 0x0) (async) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000300)={r3, &(0x7f0000000180)="ddee13db156ca1d3966a3d60b764b6337ae8553e9a166e48560032387c0cccc4c1dfe0910e1edb795ba3d210eb8cddd741f8177afa25efab3772c91454ac6c8a69e3fc5a8a34fd352d6ed5f70d0b95b843201bd0896cc84f240f8cbcc91b02803e18a15808901400224cec", &(0x7f0000000240)=@buf="d719bebc48ee24ba8967f18126503a946c77dfc9ab8188984464a66b8a9664351fecdaa1f74a0b6013d8e1a6c2dbe1a47ba5efe09d03fa79cc276e131b01de4c0e5aa13cb538b231f1750e8defd8895dcb6437f1318c50010c800c4cf12a21453035a17ef2c380adade94d1c83e081f5798ae3b9c376938fdfc9a24c4dfa0a6ea2a63d4322287807aa2f015c6b26", 0x4}, 0x20) (async) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000080), 0x4) (async) ioctl$SNDRV_SEQ_IOCTL_PVERSION(r1, 0x80045300, &(0x7f0000000140)) (async) write$6lowpan_control(r0, &(0x7f0000000000)='connect aa:aa:aa:aa:aa:11 0', 0x1b) (async) 10:58:23 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="f00000001a00030f0000000000000000ac1414aa0000000000000000000000007f00000100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000ac1414bb0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008cbdf3600000000000ff001c71d91a00000000000000000000000000000000000000000000000000000000000000a2a9edf1ec93093223a45143ff0ca9e447b8e7416d8aa05afa65c60568bdec7b57ee911340666a7fe578330c01b8120c0700000000000000929a1e89da7942d779f69d73300af061001fedf483375e2258e423fa66cd63a07b23dc505d73f5507a5b7195d1b585deb0f09caf4ad3b65ac61ee128400f497bcde7b32c12b4b1f5442c29b4bb"], 0xf0}}, 0x0) sendmsg$RDMA_NLDEV_CMD_DELLINK(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x50, 0x1404, 0x200, 0x70bd2a, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x7}]}, 0x50}, 0x1, 0x0, 0x0, 0x14000808}, 0x40011) syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT, 0x2) socket$nl_xfrm(0x10, 0x3, 0x6) (async) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="f00000001a00030f0000000000000000ac1414aa0000000000000000000000007f00000100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000ac1414bb0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008cbdf3600000000000ff001c71d91a00000000000000000000000000000000000000000000000000000000000000a2a9edf1ec93093223a45143ff0ca9e447b8e7416d8aa05afa65c60568bdec7b57ee911340666a7fe578330c01b8120c0700000000000000929a1e89da7942d779f69d73300af061001fedf483375e2258e423fa66cd63a07b23dc505d73f5507a5b7195d1b585deb0f09caf4ad3b65ac61ee128400f497bcde7b32c12b4b1f5442c29b4bb"], 0xf0}}, 0x0) (async) sendmsg$RDMA_NLDEV_CMD_DELLINK(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x50, 0x1404, 0x200, 0x70bd2a, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x7}]}, 0x50}, 0x1, 0x0, 0x0, 0x14000808}, 0x40011) (async) syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT, 0x2) (async) 10:58:23 executing program 0: bpf$BPF_MAP_FREEZE(0x16, &(0x7f0000000080)=0x1, 0x4) (async) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) 10:58:23 executing program 5: bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000180)={0x1, 0x58, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x5, &(0x7f0000000040)=@raw=[@map_val={0x18, 0x9, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xffffffff}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x4}, @call={0x85, 0x0, 0x0, 0x52}], &(0x7f0000000080)='syzkaller\x00', 0x4, 0xb, &(0x7f00000000c0)=""/11, 0x41000, 0x0, '\x00', r0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000001c0)={0xa, 0x1}, 0x8, 0x10, &(0x7f0000000240)={0x2, 0xa, 0xfffffffa, 0x80000000}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000280)=[0x1, 0x1]}, 0x80) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22cec86, 0x0) r1 = getpgid(0x0) ptrace$poke(0xffffffffffffffff, r1, 0x0, 0x0) ptrace$poke(0x4, r1, &(0x7f0000000000), 0x63c6) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000180)={0x1, 0x58, &(0x7f0000000100)}, 0x10) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x5, &(0x7f0000000040)=@raw=[@map_val={0x18, 0x9, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xffffffff}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x4}, @call={0x85, 0x0, 0x0, 0x52}], &(0x7f0000000080)='syzkaller\x00', 0x4, 0xb, &(0x7f00000000c0)=""/11, 0x41000, 0x0, '\x00', r0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000001c0)={0xa, 0x1}, 0x8, 0x10, &(0x7f0000000240)={0x2, 0xa, 0xfffffffa, 0x80000000}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000280)=[0x1, 0x1]}, 0x80) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22cec86, 0x0) (async) getpgid(0x0) (async) ptrace$poke(0xffffffffffffffff, r1, 0x0, 0x0) (async) ptrace$poke(0x4, r1, &(0x7f0000000000), 0x63c6) (async) 10:58:23 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) read$FUSE(r0, &(0x7f0000000540)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_ENTRY(r0, &(0x7f0000000000)={0x90, 0x0, 0x0, {0x1, 0x3, 0x2, 0x80000001, 0x4, 0xc6, {0x4, 0x753abe63, 0xfffffffffffffffb, 0x4, 0x87, 0x7, 0x7, 0x2, 0x4, 0x6000, 0x8, 0xee00, r3, 0xdc, 0xf37}}}, 0x90) write$FUSE_ENTRY(r0, &(0x7f0000000240)={0x90, 0x0, r1, {0x3, 0x0, 0x1, 0x0, 0x7fffffff, 0x8, {0x6, 0x7fff, 0x8000000000000000, 0x7fff, 0x8, 0x4, 0x0, 0x3f, 0x400, 0x2000, 0x71, r2, r3, 0x9, 0xfffffff7}}}, 0x90) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r5 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r5, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=r6, @ANYBLOB=',group_id=', @ANYRESDEC=r4, @ANYBLOB=',blksyze=0\t\x00\x00\x00\x00\x00\x00\x00,blksize=0x000000000001400,default_permissions,dont_hash,\x00']) read$FUSE(r0, &(0x7f0000002580)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_LSEEK(r5, &(0x7f00000000c0)={0x18, 0xfffffffffffffffe, r7}, 0x18) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r0, 0x3312, 0x8) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (async) read$FUSE(r0, &(0x7f0000000540)={0x2020}, 0x2020) (async) write$FUSE_ENTRY(r0, &(0x7f0000000000)={0x90, 0x0, 0x0, {0x1, 0x3, 0x2, 0x80000001, 0x4, 0xc6, {0x4, 0x753abe63, 0xfffffffffffffffb, 0x4, 0x87, 0x7, 0x7, 0x2, 0x4, 0x6000, 0x8, 0xee00, r3, 0xdc, 0xf37}}}, 0x90) (async) write$FUSE_ENTRY(r0, &(0x7f0000000240)={0x90, 0x0, r1, {0x3, 0x0, 0x1, 0x0, 0x7fffffff, 0x8, {0x6, 0x7fff, 0x8000000000000000, 0x7fff, 0x8, 0x4, 0x0, 0x3f, 0x400, 0x2000, 0x71, r2, r3, 0x9, 0xfffffff7}}}, 0x90) (async) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)) (async) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r5, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=r6, @ANYBLOB=',group_id=', @ANYRESDEC=r4, @ANYBLOB=',blksyze=0\t\x00\x00\x00\x00\x00\x00\x00,blksize=0x000000000001400,default_permissions,dont_hash,\x00']) (async) read$FUSE(r0, &(0x7f0000002580)={0x2020}, 0x2020) (async) write$FUSE_LSEEK(r5, &(0x7f00000000c0)={0x18, 0xfffffffffffffffe, r7}, 0x18) (async) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) (async) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r0, 0x3312, 0x8) (async) 10:58:23 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 51) 10:58:23 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) (async, rerun: 64) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (rerun: 64) read$FUSE(r0, &(0x7f0000000540)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_ENTRY(r0, &(0x7f0000000000)={0x90, 0x0, 0x0, {0x1, 0x3, 0x2, 0x80000001, 0x4, 0xc6, {0x4, 0x753abe63, 0xfffffffffffffffb, 0x4, 0x87, 0x7, 0x7, 0x2, 0x4, 0x6000, 0x8, 0xee00, r3, 0xdc, 0xf37}}}, 0x90) (async) write$FUSE_ENTRY(r0, &(0x7f0000000240)={0x90, 0x0, r1, {0x3, 0x0, 0x1, 0x0, 0x7fffffff, 0x8, {0x6, 0x7fff, 0x8000000000000000, 0x7fff, 0x8, 0x4, 0x0, 0x3f, 0x400, 0x2000, 0x71, r2, r3, 0x9, 0xfffffff7}}}, 0x90) (async, rerun: 64) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) (async, rerun: 64) r5 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r5, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=r6, @ANYBLOB=',group_id=', @ANYRESDEC=r4, @ANYBLOB=',blksyze=0\t\x00\x00\x00\x00\x00\x00\x00,blksize=0x000000000001400,default_permissions,dont_hash,\x00']) (async) read$FUSE(r0, &(0x7f0000002580)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_LSEEK(r5, &(0x7f00000000c0)={0x18, 0xfffffffffffffffe, r7}, 0x18) (async, rerun: 64) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) (rerun: 64) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r0, 0x3312, 0x8) 10:58:23 executing program 4: getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000040)={@empty, @multicast2, 0x0}, &(0x7f00000000c0)=0xc) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) openat$cuse(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@updsa={0xf0, 0x1a, 0x100, 0x0, 0x0, {{@in=@local, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, r0}, {@in6=@empty}, @in=@remote, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x0, 0x0, 0xea}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60}}, 0xf0}, 0x1, 0x0, 0x0, 0x4000010}, 0x0) read$FUSE(r1, &(0x7f00000003c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_STATFS(r1, &(0x7f0000000180)={0x60, 0x0, r2, {{0x3, 0x27a0, 0x1, 0x7fff, 0x2, 0x10000, 0x9f8, 0xfffffffe}}}, 0x60) write$FUSE_NOTIFY_DELETE(r1, &(0x7f0000000140)={0x2b, 0x6, 0x0, {0x2, 0x2, 0x2, 0x0, '-$'}}, 0x2b) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) write$FUSE_NOTIFY_DELETE(r3, &(0x7f0000000240)=ANY=[@ANYBLOB="330000000600000000000000000000000300000000ad090000000000000000000a000000000000002f6465762f637573650000"], 0x33) 10:58:23 executing program 3: mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x1, 0x0) setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000000), 0x4) 10:58:23 executing program 0: bpf$BPF_MAP_FREEZE(0x16, &(0x7f0000000080)=0x1, 0x4) (async) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) 10:58:23 executing program 2: ioctl$sock_inet6_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000000)) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000180)={@dev, @loopback, 0x0}, &(0x7f00000001c0)=0xc) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r2, 0x6, 0x23, 0x0, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@bloom_filter={0x1e, 0x40, 0x9, 0x1, 0x1, 0x1, 0x401, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x5, 0x4}, 0x48) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x4, 0xfffffffd, 0x8000, 0x0, 0x42c, 0x1, 0x11a, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x2, 0x5}, 0x48) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@bloom_filter={0x1e, 0x0, 0x2, 0x8, 0xa0, 0x1, 0x1f, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x0, 0x1, 0xb}, 0x48) r6 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r6, 0x6, 0x23, 0x0, 0x0) r7 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x719f4017, 0x8}, 0xc) r8 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r8, 0x6, 0x23, 0x0, 0x0) r9 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000480)={&(0x7f0000000440)='./file0\x00', 0x0, 0x18}, 0x10) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000500)=@bpf_ext={0x1c, 0xb, &(0x7f0000000040)=@raw=[@cb_func={0x18, 0x6, 0x4, 0x0, 0xfffffffffffffffa}, @exit, @map_val={0x18, 0x3, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x40}, @call={0x85, 0x0, 0x0, 0x5b}, @btf_id={0x18, 0xb, 0x3, 0x0, 0x1}, @alu={0x4, 0x0, 0x6, 0xa, 0x8, 0x100, 0x1}, @alu={0x4, 0x1, 0x7, 0x4, 0x7, 0x10, 0x4}, @func={0x85, 0x0, 0x1, 0x0, 0x1}], &(0x7f00000000c0)='syzkaller\x00', 0xffffff00, 0x67, &(0x7f0000000100)=""/103, 0x41000, 0x2, '\x00', r0, 0x0, r1, 0x8, &(0x7f0000000200)={0x6, 0x1}, 0x8, 0x10, &(0x7f0000000240)={0x3, 0x7, 0x6, 0x70}, 0x10, 0xb436, r2, 0x0, &(0x7f00000004c0)=[r3, r4, 0xffffffffffffffff, r5, r6, 0xffffffffffffffff, r7, r8, r9, 0x1]}, 0x80) 10:58:23 executing program 5: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000000)={0x50, 0xb, 0x0, {0x7, 0x24, 0x200, 0x202001, 0x5, 0x829d, 0x1, 0x5e8a64f6}}, 0x50) r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) read$FUSE(r1, &(0x7f0000000680)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_STATFS(r2, &(0x7f0000000080)={0x60, 0x0, r3}, 0x60) write$FUSE_DIRENT(r0, &(0x7f00000000c0)={0x30, 0xfffffffffffffff5, r3, [{0x6, 0x5b, 0x1, 0x6, '\x00'}]}, 0x30) 10:58:23 executing program 2: ioctl$sock_inet6_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000000)) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000180)={@dev, @loopback, 0x0}, &(0x7f00000001c0)=0xc) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) (async) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r2, 0x6, 0x23, 0x0, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@bloom_filter={0x1e, 0x40, 0x9, 0x1, 0x1, 0x1, 0x401, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x5, 0x4}, 0x48) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x4, 0xfffffffd, 0x8000, 0x0, 0x42c, 0x1, 0x11a, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x2, 0x5}, 0x48) (async) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@bloom_filter={0x1e, 0x0, 0x2, 0x8, 0xa0, 0x1, 0x1f, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x0, 0x1, 0xb}, 0x48) (async) r6 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r6, 0x6, 0x23, 0x0, 0x0) r7 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x719f4017, 0x8}, 0xc) r8 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r8, 0x6, 0x23, 0x0, 0x0) (async) r9 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000480)={&(0x7f0000000440)='./file0\x00', 0x0, 0x18}, 0x10) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000500)=@bpf_ext={0x1c, 0xb, &(0x7f0000000040)=@raw=[@cb_func={0x18, 0x6, 0x4, 0x0, 0xfffffffffffffffa}, @exit, @map_val={0x18, 0x3, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x40}, @call={0x85, 0x0, 0x0, 0x5b}, @btf_id={0x18, 0xb, 0x3, 0x0, 0x1}, @alu={0x4, 0x0, 0x6, 0xa, 0x8, 0x100, 0x1}, @alu={0x4, 0x1, 0x7, 0x4, 0x7, 0x10, 0x4}, @func={0x85, 0x0, 0x1, 0x0, 0x1}], &(0x7f00000000c0)='syzkaller\x00', 0xffffff00, 0x67, &(0x7f0000000100)=""/103, 0x41000, 0x2, '\x00', r0, 0x0, r1, 0x8, &(0x7f0000000200)={0x6, 0x1}, 0x8, 0x10, &(0x7f0000000240)={0x3, 0x7, 0x6, 0x70}, 0x10, 0xb436, r2, 0x0, &(0x7f00000004c0)=[r3, r4, 0xffffffffffffffff, r5, r6, 0xffffffffffffffff, r7, r8, r9, 0x1]}, 0x80) 10:58:23 executing program 3: mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x1, 0x0) setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000000), 0x4) mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x1, 0x0) (async) setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000000), 0x4) (async) 10:58:23 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) ioctl$KVM_SET_CLOCK(r1, 0x4030ae7b, &(0x7f0000000080)={0x4051, 0xffff, 0x0, 0x83, 0x9}) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) 10:58:23 executing program 2: ioctl$sock_inet6_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000000)) (async) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000180)={@dev, @loopback, 0x0}, &(0x7f00000001c0)=0xc) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) (async) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r2, 0x6, 0x23, 0x0, 0x0) (async) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@bloom_filter={0x1e, 0x40, 0x9, 0x1, 0x1, 0x1, 0x401, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x5, 0x4}, 0x48) (async) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x4, 0xfffffffd, 0x8000, 0x0, 0x42c, 0x1, 0x11a, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x2, 0x5}, 0x48) (async) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@bloom_filter={0x1e, 0x0, 0x2, 0x8, 0xa0, 0x1, 0x1f, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x0, 0x1, 0xb}, 0x48) (async) r6 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r6, 0x6, 0x23, 0x0, 0x0) (async) r7 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x719f4017, 0x8}, 0xc) r8 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r8, 0x6, 0x23, 0x0, 0x0) (async) r9 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000480)={&(0x7f0000000440)='./file0\x00', 0x0, 0x18}, 0x10) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000500)=@bpf_ext={0x1c, 0xb, &(0x7f0000000040)=@raw=[@cb_func={0x18, 0x6, 0x4, 0x0, 0xfffffffffffffffa}, @exit, @map_val={0x18, 0x3, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x40}, @call={0x85, 0x0, 0x0, 0x5b}, @btf_id={0x18, 0xb, 0x3, 0x0, 0x1}, @alu={0x4, 0x0, 0x6, 0xa, 0x8, 0x100, 0x1}, @alu={0x4, 0x1, 0x7, 0x4, 0x7, 0x10, 0x4}, @func={0x85, 0x0, 0x1, 0x0, 0x1}], &(0x7f00000000c0)='syzkaller\x00', 0xffffff00, 0x67, &(0x7f0000000100)=""/103, 0x41000, 0x2, '\x00', r0, 0x0, r1, 0x8, &(0x7f0000000200)={0x6, 0x1}, 0x8, 0x10, &(0x7f0000000240)={0x3, 0x7, 0x6, 0x70}, 0x10, 0xb436, r2, 0x0, &(0x7f00000004c0)=[r3, r4, 0xffffffffffffffff, r5, r6, 0xffffffffffffffff, r7, r8, r9, 0x1]}, 0x80) 10:58:23 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)) r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0)=0x0, &(0x7f0000000500), &(0x7f0000000540)) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r3}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r4}}]}}) r5 = openat$fuse(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0) r6 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) r7 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) read$FUSE(r6, &(0x7f0000000680)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_STATFS(r7, &(0x7f0000000080)={0x60, 0x0, r8}, 0x60) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r9}, 0x2c, {'group_id', 0x3d, r10}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r11}}]}}) write$FUSE_ENTRY(r5, &(0x7f0000000580)={0x90, 0x0, r8, {0x0, 0x1, 0x80000000, 0x5, 0x5, 0x0, {0x2, 0x1, 0x1, 0x6, 0x4, 0xa8c, 0x3ff, 0x8, 0x8, 0xa000, 0x10000, r1, r10, 0x4, 0x8}}}, 0x90) mount$fuseblk(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x90, &(0x7f0000000700)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id', 0x3d, 0xee00}, 0x2c, {}, 0x2c, {[{@blksize={'blksize', 0x3d, 0x1600}}, {@max_read={'max_read', 0x3d, 0x1}}, {@max_read={'max_read', 0x3d, 0x3}}, {@max_read={'max_read', 0x3d, 0x5}}, {@max_read={'max_read', 0x3d, 0x4}}], [{@uid_gt={'uid>', r4}}, {@smackfsfloor={'smackfsfloor', 0x3d, '%^'}}, {@uid_gt={'uid>', 0xee01}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x9}}]}}) [ 2054.557585] FAULT_INJECTION: forcing a failure. [ 2054.557585] name failslab, interval 1, probability 0, space 0, times 0 [ 2054.569805] CPU: 0 PID: 24854 Comm: syz-executor.1 Not tainted 4.14.286-syzkaller #0 [ 2054.577688] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2054.587031] Call Trace: [ 2054.589603] dump_stack+0x1b2/0x281 [ 2054.593736] should_fail.cold+0x10a/0x149 [ 2054.597865] should_failslab+0xd6/0x130 [ 2054.601837] kmem_cache_alloc_node_trace+0x25a/0x400 [ 2054.606917] __kmalloc_node_track_caller+0x38/0x70 [ 2054.611825] __alloc_skb+0x96/0x510 [ 2054.615431] kobject_uevent_env+0x882/0xf30 [ 2054.619737] device_add+0xa47/0x15c0 [ 2054.623446] ? device_is_dependent+0x2a0/0x2a0 [ 2054.628005] ? kfree+0x1f0/0x250 [ 2054.631353] device_create_groups_vargs+0x1dc/0x250 [ 2054.636345] device_create_vargs+0x3a/0x50 [ 2054.640561] bdi_register_va.part.0+0x35/0x650 [ 2054.645121] bdi_register_va+0x63/0x80 [ 2054.648987] super_setup_bdi_name+0x123/0x220 [ 2054.653457] ? kill_block_super+0xe0/0xe0 [ 2054.657586] ? do_raw_spin_unlock+0x164/0x220 [ 2054.662061] fuse_fill_super+0x937/0x15c0 [ 2054.666187] ? fuse_get_root_inode+0xc0/0xc0 [ 2054.670573] ? up_write+0x17/0x60 [ 2054.674001] ? register_shrinker+0x15f/0x220 [ 2054.678387] ? sget_userns+0x768/0xc10 [ 2054.682254] ? get_anon_bdev+0x1c0/0x1c0 [ 2054.686290] ? sget+0xd9/0x110 [ 2054.689459] ? fuse_get_root_inode+0xc0/0xc0 [ 2054.693848] mount_nodev+0x4c/0xf0 [ 2054.697374] mount_fs+0x92/0x2a0 [ 2054.700717] vfs_kern_mount.part.0+0x5b/0x470 [ 2054.705186] do_mount+0xe65/0x2a30 [ 2054.708704] ? do_raw_spin_unlock+0x164/0x220 [ 2054.713175] ? copy_mount_string+0x40/0x40 [ 2054.717387] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 2054.722379] ? copy_mnt_ns+0xa30/0xa30 [ 2054.726242] ? copy_mount_options+0x1fa/0x2f0 [ 2054.730711] ? copy_mnt_ns+0xa30/0xa30 [ 2054.734573] SyS_mount+0xa8/0x120 [ 2054.737999] ? copy_mnt_ns+0xa30/0xa30 [ 2054.741864] do_syscall_64+0x1d5/0x640 [ 2054.745745] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2054.750925] RIP: 0033:0x7fc09e230109 10:58:23 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 52) 10:58:23 executing program 5: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) (async) write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000000)={0x50, 0xb, 0x0, {0x7, 0x24, 0x200, 0x202001, 0x5, 0x829d, 0x1, 0x5e8a64f6}}, 0x50) (async) r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async, rerun: 64) read$FUSE(r1, &(0x7f0000000680)={0x2020, 0x0, 0x0}, 0x2020) (rerun: 64) write$FUSE_STATFS(r2, &(0x7f0000000080)={0x60, 0x0, r3}, 0x60) (async) write$FUSE_DIRENT(r0, &(0x7f00000000c0)={0x30, 0xfffffffffffffff5, r3, [{0x6, 0x5b, 0x1, 0x6, '\x00'}]}, 0x30) 10:58:23 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) (async) ioctl$KVM_SET_CLOCK(r1, 0x4030ae7b, &(0x7f0000000080)={0x4051, 0xffff, 0x0, 0x83, 0x9}) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) 10:58:23 executing program 3: mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x1, 0x0) (async) setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000000), 0x4) 10:58:23 executing program 4: getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000040)={@empty, @multicast2, 0x0}, &(0x7f00000000c0)=0xc) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) openat$cuse(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@updsa={0xf0, 0x1a, 0x100, 0x0, 0x0, {{@in=@local, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, r0}, {@in6=@empty}, @in=@remote, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x0, 0x0, 0xea}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60}}, 0xf0}, 0x1, 0x0, 0x0, 0x4000010}, 0x0) read$FUSE(r1, &(0x7f00000003c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_STATFS(r1, &(0x7f0000000180)={0x60, 0x0, r2, {{0x3, 0x27a0, 0x1, 0x7fff, 0x2, 0x10000, 0x9f8, 0xfffffffe}}}, 0x60) write$FUSE_NOTIFY_DELETE(r1, &(0x7f0000000140)={0x2b, 0x6, 0x0, {0x2, 0x2, 0x2, 0x0, '-$'}}, 0x2b) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) write$FUSE_NOTIFY_DELETE(r3, &(0x7f0000000240)=ANY=[@ANYBLOB="330000000600000000000000000000000300000000ad090000000000000000000a000000000000002f6465762f637573650000"], 0x33) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000040)={@empty, @multicast2}, &(0x7f00000000c0)=0xc) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0) (async) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@updsa={0xf0, 0x1a, 0x100, 0x0, 0x0, {{@in=@local, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, r0}, {@in6=@empty}, @in=@remote, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x0, 0x0, 0xea}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60}}, 0xf0}, 0x1, 0x0, 0x0, 0x4000010}, 0x0) (async) read$FUSE(r1, &(0x7f00000003c0)={0x2020}, 0x2020) (async) write$FUSE_STATFS(r1, &(0x7f0000000180)={0x60, 0x0, r2, {{0x3, 0x27a0, 0x1, 0x7fff, 0x2, 0x10000, 0x9f8, 0xfffffffe}}}, 0x60) (async) write$FUSE_NOTIFY_DELETE(r1, &(0x7f0000000140)={0x2b, 0x6, 0x0, {0x2, 0x2, 0x2, 0x0, '-$'}}, 0x2b) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) (async) write$FUSE_NOTIFY_DELETE(r3, &(0x7f0000000240)=ANY=[@ANYBLOB="330000000600000000000000000000000300000000ad090000000000000000000a000000000000002f6465762f637573650000"], 0x33) (async) 10:58:23 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)) r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0)=0x0, &(0x7f0000000500), &(0x7f0000000540)) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r3}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r4}}]}}) r5 = openat$fuse(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0) r6 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) r7 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) read$FUSE(r6, &(0x7f0000000680)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_STATFS(r7, &(0x7f0000000080)={0x60, 0x0, r8}, 0x60) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r9}, 0x2c, {'group_id', 0x3d, r10}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r11}}]}}) write$FUSE_ENTRY(r5, &(0x7f0000000580)={0x90, 0x0, r8, {0x0, 0x1, 0x80000000, 0x5, 0x5, 0x0, {0x2, 0x1, 0x1, 0x6, 0x4, 0xa8c, 0x3ff, 0x8, 0x8, 0xa000, 0x10000, r1, r10, 0x4, 0x8}}}, 0x90) mount$fuseblk(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x90, &(0x7f0000000700)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id', 0x3d, 0xee00}, 0x2c, {}, 0x2c, {[{@blksize={'blksize', 0x3d, 0x1600}}, {@max_read={'max_read', 0x3d, 0x1}}, {@max_read={'max_read', 0x3d, 0x3}}, {@max_read={'max_read', 0x3d, 0x5}}, {@max_read={'max_read', 0x3d, 0x4}}], [{@uid_gt={'uid>', r4}}, {@smackfsfloor={'smackfsfloor', 0x3d, '%^'}}, {@uid_gt={'uid>', 0xee01}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x9}}]}}) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) (async) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)) (async) getresuid(&(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100)) (async) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)) (async) getresuid(&(0x7f0000000200), &(0x7f0000000240), &(0x7f0000000280)) (async) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r3}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r4}}]}}) (async) openat$fuse(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) read$FUSE(r6, &(0x7f0000000680)={0x2020}, 0x2020) (async) write$FUSE_STATFS(r7, &(0x7f0000000080)={0x60, 0x0, r8}, 0x60) (async) getresuid(&(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100)) (async) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)) (async) getresuid(&(0x7f0000000200), &(0x7f0000000240), &(0x7f0000000280)) (async) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r9}, 0x2c, {'group_id', 0x3d, r10}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r11}}]}}) (async) write$FUSE_ENTRY(r5, &(0x7f0000000580)={0x90, 0x0, r8, {0x0, 0x1, 0x80000000, 0x5, 0x5, 0x0, {0x2, 0x1, 0x1, 0x6, 0x4, 0xa8c, 0x3ff, 0x8, 0x8, 0xa000, 0x10000, r1, r10, 0x4, 0x8}}}, 0x90) (async) mount$fuseblk(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x90, &(0x7f0000000700)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id', 0x3d, 0xee00}, 0x2c, {}, 0x2c, {[{@blksize={'blksize', 0x3d, 0x1600}}, {@max_read={'max_read', 0x3d, 0x1}}, {@max_read={'max_read', 0x3d, 0x3}}, {@max_read={'max_read', 0x3d, 0x5}}, {@max_read={'max_read', 0x3d, 0x4}}], [{@uid_gt={'uid>', r4}}, {@smackfsfloor={'smackfsfloor', 0x3d, '%^'}}, {@uid_gt={'uid>', 0xee01}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x9}}]}}) (async) [ 2054.754614] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2054.762304] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 [ 2054.769550] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 [ 2054.776798] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 [ 2054.784059] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2054.791306] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 10:58:23 executing program 3: mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x600023, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) write$FUSE_NOTIFY_INVAL_INODE(r0, &(0x7f0000000080)={0x28, 0x2, 0x0, {0x4, 0x7, 0x9}}, 0x28) 10:58:23 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) (async) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)) (async) r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0)=0x0, &(0x7f0000000500), &(0x7f0000000540)) (async) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) (async) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r3}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r4}}]}}) (async) r5 = openat$fuse(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0) (async) r6 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) r7 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) read$FUSE(r6, &(0x7f0000000680)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_STATFS(r7, &(0x7f0000000080)={0x60, 0x0, r8}, 0x60) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) (async) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r9}, 0x2c, {'group_id', 0x3d, r10}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r11}}]}}) write$FUSE_ENTRY(r5, &(0x7f0000000580)={0x90, 0x0, r8, {0x0, 0x1, 0x80000000, 0x5, 0x5, 0x0, {0x2, 0x1, 0x1, 0x6, 0x4, 0xa8c, 0x3ff, 0x8, 0x8, 0xa000, 0x10000, r1, r10, 0x4, 0x8}}}, 0x90) (async) mount$fuseblk(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x90, &(0x7f0000000700)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id', 0x3d, 0xee00}, 0x2c, {}, 0x2c, {[{@blksize={'blksize', 0x3d, 0x1600}}, {@max_read={'max_read', 0x3d, 0x1}}, {@max_read={'max_read', 0x3d, 0x3}}, {@max_read={'max_read', 0x3d, 0x5}}, {@max_read={'max_read', 0x3d, 0x4}}], [{@uid_gt={'uid>', r4}}, {@smackfsfloor={'smackfsfloor', 0x3d, '%^'}}, {@uid_gt={'uid>', 0xee01}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x9}}]}}) 10:58:23 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) (async) ioctl$KVM_SET_CLOCK(r1, 0x4030ae7b, &(0x7f0000000080)={0x4051, 0xffff, 0x0, 0x83, 0x9}) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) 10:58:23 executing program 2: mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x3012800, 0x0) 10:58:23 executing program 4: getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000040)={@empty, @multicast2, 0x0}, &(0x7f00000000c0)=0xc) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) openat$cuse(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0) (async) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@updsa={0xf0, 0x1a, 0x100, 0x0, 0x0, {{@in=@local, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, r0}, {@in6=@empty}, @in=@remote, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x0, 0x0, 0xea}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60}}, 0xf0}, 0x1, 0x0, 0x0, 0x4000010}, 0x0) (async) read$FUSE(r1, &(0x7f00000003c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_STATFS(r1, &(0x7f0000000180)={0x60, 0x0, r2, {{0x3, 0x27a0, 0x1, 0x7fff, 0x2, 0x10000, 0x9f8, 0xfffffffe}}}, 0x60) (async) write$FUSE_NOTIFY_DELETE(r1, &(0x7f0000000140)={0x2b, 0x6, 0x0, {0x2, 0x2, 0x2, 0x0, '-$'}}, 0x2b) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) write$FUSE_NOTIFY_DELETE(r3, &(0x7f0000000240)=ANY=[@ANYBLOB="330000000600000000000000000000000300000000ad090000000000000000000a000000000000002f6465762f637573650000"], 0x33) 10:58:24 executing program 3: mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x600023, 0x0) (async, rerun: 64) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (rerun: 64) write$FUSE_NOTIFY_INVAL_INODE(r0, &(0x7f0000000080)={0x28, 0x2, 0x0, {0x4, 0x7, 0x9}}, 0x28) 10:58:24 executing program 2: mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x3012800, 0x0) [ 2055.058948] FAULT_INJECTION: forcing a failure. [ 2055.058948] name failslab, interval 1, probability 0, space 0, times 0 [ 2055.073063] CPU: 0 PID: 24921 Comm: syz-executor.1 Not tainted 4.14.286-syzkaller #0 [ 2055.080957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2055.090299] Call Trace: [ 2055.092867] dump_stack+0x1b2/0x281 [ 2055.096473] should_fail.cold+0x10a/0x149 [ 2055.100598] should_failslab+0xd6/0x130 [ 2055.104551] kmem_cache_alloc_node_trace+0x25a/0x400 [ 2055.109637] __kmalloc_node_track_caller+0x38/0x70 [ 2055.114548] __alloc_skb+0x96/0x510 [ 2055.118150] kobject_uevent_env+0x882/0xf30 [ 2055.122454] device_add+0xa47/0x15c0 [ 2055.126147] ? device_is_dependent+0x2a0/0x2a0 [ 2055.130713] ? kfree+0x1f0/0x250 [ 2055.134060] device_create_groups_vargs+0x1dc/0x250 [ 2055.139053] device_create_vargs+0x3a/0x50 [ 2055.143269] bdi_register_va.part.0+0x35/0x650 [ 2055.147827] bdi_register_va+0x63/0x80 [ 2055.151699] super_setup_bdi_name+0x123/0x220 [ 2055.156176] ? kill_block_super+0xe0/0xe0 [ 2055.160407] ? do_raw_spin_unlock+0x164/0x220 [ 2055.164985] fuse_fill_super+0x937/0x15c0 [ 2055.169114] ? fuse_get_root_inode+0xc0/0xc0 [ 2055.173506] ? up_write+0x17/0x60 [ 2055.176937] ? register_shrinker+0x15f/0x220 [ 2055.181337] ? sget_userns+0x768/0xc10 [ 2055.185219] ? get_anon_bdev+0x1c0/0x1c0 [ 2055.189280] ? sget+0xd9/0x110 [ 2055.192810] ? fuse_get_root_inode+0xc0/0xc0 [ 2055.197196] mount_nodev+0x4c/0xf0 [ 2055.200714] mount_fs+0x92/0x2a0 [ 2055.204061] vfs_kern_mount.part.0+0x5b/0x470 [ 2055.208550] do_mount+0xe65/0x2a30 [ 2055.212071] ? do_raw_spin_unlock+0x164/0x220 [ 2055.216544] ? copy_mount_string+0x40/0x40 [ 2055.220758] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 2055.225750] ? copy_mnt_ns+0xa30/0xa30 [ 2055.229631] ? copy_mount_options+0x1fa/0x2f0 [ 2055.234109] ? copy_mnt_ns+0xa30/0xa30 [ 2055.237977] SyS_mount+0xa8/0x120 [ 2055.241405] ? copy_mnt_ns+0xa30/0xa30 [ 2055.245271] do_syscall_64+0x1d5/0x640 [ 2055.249138] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2055.254308] RIP: 0033:0x7fc09e230109 10:58:24 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 53) [ 2055.258000] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2055.265690] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 [ 2055.272936] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 [ 2055.280268] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 [ 2055.287512] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2055.294757] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 [ 2055.341933] FAULT_INJECTION: forcing a failure. [ 2055.341933] name failslab, interval 1, probability 0, space 0, times 0 [ 2055.354204] CPU: 0 PID: 24932 Comm: syz-executor.1 Not tainted 4.14.286-syzkaller #0 [ 2055.362080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2055.371411] Call Trace: [ 2055.373984] dump_stack+0x1b2/0x281 [ 2055.377596] should_fail.cold+0x10a/0x149 [ 2055.381724] should_failslab+0xd6/0x130 [ 2055.385679] kmem_cache_alloc_node_trace+0x25a/0x400 [ 2055.390765] __kmalloc_node_track_caller+0x38/0x70 [ 2055.395676] __alloc_skb+0x96/0x510 [ 2055.399281] kobject_uevent_env+0x882/0xf30 [ 2055.403593] device_add+0xa47/0x15c0 [ 2055.407289] ? device_is_dependent+0x2a0/0x2a0 [ 2055.411846] ? kfree+0x1f0/0x250 [ 2055.415192] device_create_groups_vargs+0x1dc/0x250 [ 2055.420210] device_create_vargs+0x3a/0x50 [ 2055.424566] bdi_register_va.part.0+0x35/0x650 [ 2055.429136] bdi_register_va+0x63/0x80 [ 2055.433007] super_setup_bdi_name+0x123/0x220 [ 2055.437496] ? kill_block_super+0xe0/0xe0 [ 2055.441630] ? do_raw_spin_unlock+0x164/0x220 [ 2055.446107] fuse_fill_super+0x937/0x15c0 [ 2055.450236] ? fuse_get_root_inode+0xc0/0xc0 [ 2055.454625] ? up_write+0x17/0x60 [ 2055.458054] ? register_shrinker+0x15f/0x220 [ 2055.462452] ? sget_userns+0x768/0xc10 [ 2055.466324] ? get_anon_bdev+0x1c0/0x1c0 [ 2055.470359] ? sget+0xd9/0x110 [ 2055.473552] ? fuse_get_root_inode+0xc0/0xc0 [ 2055.478083] mount_nodev+0x4c/0xf0 [ 2055.481607] mount_fs+0x92/0x2a0 [ 2055.484957] vfs_kern_mount.part.0+0x5b/0x470 [ 2055.489443] do_mount+0xe65/0x2a30 [ 2055.492972] ? do_raw_spin_unlock+0x164/0x220 [ 2055.497453] ? copy_mount_string+0x40/0x40 [ 2055.501673] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 2055.506739] ? copy_mnt_ns+0xa30/0xa30 [ 2055.510618] ? copy_mount_options+0x1fa/0x2f0 [ 2055.515088] ? copy_mnt_ns+0xa30/0xa30 [ 2055.518962] SyS_mount+0xa8/0x120 [ 2055.522403] ? copy_mnt_ns+0xa30/0xa30 [ 2055.526270] do_syscall_64+0x1d5/0x640 [ 2055.530143] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2055.535312] RIP: 0033:0x7fc09e230109 [ 2055.538999] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2055.546683] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 [ 2055.553927] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 [ 2055.561179] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 [ 2055.568433] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2055.575677] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 10:58:24 executing program 5: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000000)={0x50, 0xb, 0x0, {0x7, 0x24, 0x200, 0x202001, 0x5, 0x829d, 0x1, 0x5e8a64f6}}, 0x50) r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) read$FUSE(r1, &(0x7f0000000680)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_STATFS(r2, &(0x7f0000000080)={0x60, 0x0, r3}, 0x60) write$FUSE_DIRENT(r0, &(0x7f00000000c0)={0x30, 0xfffffffffffffff5, r3, [{0x6, 0x5b, 0x1, 0x6, '\x00'}]}, 0x30) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) (async) write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000000)={0x50, 0xb, 0x0, {0x7, 0x24, 0x200, 0x202001, 0x5, 0x829d, 0x1, 0x5e8a64f6}}, 0x50) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) read$FUSE(r1, &(0x7f0000000680)={0x2020}, 0x2020) (async) write$FUSE_STATFS(r2, &(0x7f0000000080)={0x60, 0x0, r3}, 0x60) (async) write$FUSE_DIRENT(r0, &(0x7f00000000c0)={0x30, 0xfffffffffffffff5, r3, [{0x6, 0x5b, 0x1, 0x6, '\x00'}]}, 0x30) (async) 10:58:24 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) 10:58:24 executing program 2: mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x3012800, 0x0) 10:58:24 executing program 3: mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x600023, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) write$FUSE_NOTIFY_INVAL_INODE(r0, &(0x7f0000000080)={0x28, 0x2, 0x0, {0x4, 0x7, 0x9}}, 0x28) 10:58:24 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@updsa={0xf0, 0x1a, 0xf03, 0x0, 0x0, {{@in=@local, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a0, 0xa0}, {@in6=@empty}, @in=@remote}}, 0xf0}}, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x28, 0x140b, 0x400, 0x70bd28, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @RDMA_NLDEV_ATTR_RES_CM_IDN={0x8, 0x3f, 0x5}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x2}]}, 0x28}, 0x1, 0x0, 0x0, 0x4}, 0x40) 10:58:24 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 54) 10:58:24 executing program 2: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r1}, 0x2c, {'group_id', 0x3d, r2}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r3}}]}}) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000240)=@getsadinfo={0x1a4, 0x23, 0x1a, 0x70bd29, 0x25dfdbfb, 0x0, [@address_filter={0x28, 0x1a, {@in=@loopback, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x2, 0xb, 0x12}}, @migrate={0x50, 0x11, [{@in6=@private2, @in=@remote, @in6=@private0={0xfc, 0x0, '\x00', 0x1}, @in6=@mcast2, 0x2b, 0x3, 0x0, 0x3504, 0x2, 0x2}]}, @address_filter={0x28, 0x1a, {@in=@empty, @in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0xa, 0x9, 0x9}}, @offload={0xc}, @sa={0xe4, 0x6, {{@in6=@private1, @in=@empty, 0x4e24, 0xff, 0x4e23, 0x5, 0xa, 0x20, 0x80, 0x5c, 0x0, r1}, {@in=@multicast1, 0x4d6, 0x32}, @in6=@mcast2, {0x9, 0x6, 0x9, 0x7, 0x10001, 0x7, 0x0, 0x80000001}, {0x8, 0xfffffffffffff34d, 0x44106569, 0x6}, {0x7, 0x6}, 0x70bd2a, 0x0, 0x2, 0x4, 0x1f, 0x8}}]}, 0x1a4}, 0x1, 0x0, 0x0, 0x80}, 0x0) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r4, 0x6, 0x23, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@bloom_filter={0x1e, 0xff, 0x8, 0x2, 0x0, r4, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x4, 0x1, 0x7}, 0x48) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) 10:58:24 executing program 3: r0 = socket$inet_dccp(0x2, 0x6, 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0xe, &(0x7f0000000000)=""/228, &(0x7f0000000100)=0xe4) 10:58:24 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) (async) mount$fuse(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) (async) 10:58:24 executing program 2: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r1}, 0x2c, {'group_id', 0x3d, r2}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r3}}]}}) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000240)=@getsadinfo={0x1a4, 0x23, 0x1a, 0x70bd29, 0x25dfdbfb, 0x0, [@address_filter={0x28, 0x1a, {@in=@loopback, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x2, 0xb, 0x12}}, @migrate={0x50, 0x11, [{@in6=@private2, @in=@remote, @in6=@private0={0xfc, 0x0, '\x00', 0x1}, @in6=@mcast2, 0x2b, 0x3, 0x0, 0x3504, 0x2, 0x2}]}, @address_filter={0x28, 0x1a, {@in=@empty, @in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0xa, 0x9, 0x9}}, @offload={0xc}, @sa={0xe4, 0x6, {{@in6=@private1, @in=@empty, 0x4e24, 0xff, 0x4e23, 0x5, 0xa, 0x20, 0x80, 0x5c, 0x0, r1}, {@in=@multicast1, 0x4d6, 0x32}, @in6=@mcast2, {0x9, 0x6, 0x9, 0x7, 0x10001, 0x7, 0x0, 0x80000001}, {0x8, 0xfffffffffffff34d, 0x44106569, 0x6}, {0x7, 0x6}, 0x70bd2a, 0x0, 0x2, 0x4, 0x1f, 0x8}}]}, 0x1a4}, 0x1, 0x0, 0x0, 0x80}, 0x0) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r4, 0x6, 0x23, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@bloom_filter={0x1e, 0xff, 0x8, 0x2, 0x0, r4, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x4, 0x1, 0x7}, 0x48) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (async) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) (async) getresuid(&(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100)) (async) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)) (async) getresuid(&(0x7f0000000200), &(0x7f0000000240), &(0x7f0000000280)) (async) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r1}, 0x2c, {'group_id', 0x3d, r2}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r3}}]}}) (async) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000240)=@getsadinfo={0x1a4, 0x23, 0x1a, 0x70bd29, 0x25dfdbfb, 0x0, [@address_filter={0x28, 0x1a, {@in=@loopback, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x2, 0xb, 0x12}}, @migrate={0x50, 0x11, [{@in6=@private2, @in=@remote, @in6=@private0={0xfc, 0x0, '\x00', 0x1}, @in6=@mcast2, 0x2b, 0x3, 0x0, 0x3504, 0x2, 0x2}]}, @address_filter={0x28, 0x1a, {@in=@empty, @in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0xa, 0x9, 0x9}}, @offload={0xc}, @sa={0xe4, 0x6, {{@in6=@private1, @in=@empty, 0x4e24, 0xff, 0x4e23, 0x5, 0xa, 0x20, 0x80, 0x5c, 0x0, r1}, {@in=@multicast1, 0x4d6, 0x32}, @in6=@mcast2, {0x9, 0x6, 0x9, 0x7, 0x10001, 0x7, 0x0, 0x80000001}, {0x8, 0xfffffffffffff34d, 0x44106569, 0x6}, {0x7, 0x6}, 0x70bd2a, 0x0, 0x2, 0x4, 0x1f, 0x8}}]}, 0x1a4}, 0x1, 0x0, 0x0, 0x80}, 0x0) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (async) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r4, 0x6, 0x23, 0x0, 0x0) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@bloom_filter={0x1e, 0xff, 0x8, 0x2, 0x0, r4, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x4, 0x1, 0x7}, 0x48) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) (async) 10:58:24 executing program 3: r0 = socket$inet_dccp(0x2, 0x6, 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0xe, &(0x7f0000000000)=""/228, &(0x7f0000000100)=0xe4) 10:58:24 executing program 5: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x0, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000240)={0x2020, 0x0, 0x0, 0x0}, 0x2020) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f0000002400)=ANY=[@ANYBLOB="66643deb1869a2f3982b624983f16ec717722ee945cb929f4ef8d96afd18954079ce37157d", @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000020000,user_id=', @ANYRESDEC=r1, @ANYBLOB=',group_id=', @ANYRESDEC=r2, @ANYBLOB=',allow_other,blksize=0x0000000000000600,smackfsroot=(,euid<', @ANYRESDEC=r3, @ANYBLOB=',\x00']) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80c014, &(0x7f0000002280)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r0}, 0x2c, {'group_id', 0x3d, r2}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x1e00}}, {@default_permissions}, {@blksize={'blksize', 0x3d, 0xa00}}, {@allow_other}, {@allow_other}, {@allow_other}], [{@euid_lt={'euid<', r4}}, {@fowner_lt={'fowner<', 0xffffffffffffffff}}, {@fsname={'fsname', 0x3d, '-'}}, {@appraise_type}, {@appraise}]}}) 10:58:24 executing program 2: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r1}, 0x2c, {'group_id', 0x3d, r2}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r3}}]}}) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000240)=@getsadinfo={0x1a4, 0x23, 0x1a, 0x70bd29, 0x25dfdbfb, 0x0, [@address_filter={0x28, 0x1a, {@in=@loopback, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x2, 0xb, 0x12}}, @migrate={0x50, 0x11, [{@in6=@private2, @in=@remote, @in6=@private0={0xfc, 0x0, '\x00', 0x1}, @in6=@mcast2, 0x2b, 0x3, 0x0, 0x3504, 0x2, 0x2}]}, @address_filter={0x28, 0x1a, {@in=@empty, @in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0xa, 0x9, 0x9}}, @offload={0xc}, @sa={0xe4, 0x6, {{@in6=@private1, @in=@empty, 0x4e24, 0xff, 0x4e23, 0x5, 0xa, 0x20, 0x80, 0x5c, 0x0, r1}, {@in=@multicast1, 0x4d6, 0x32}, @in6=@mcast2, {0x9, 0x6, 0x9, 0x7, 0x10001, 0x7, 0x0, 0x80000001}, {0x8, 0xfffffffffffff34d, 0x44106569, 0x6}, {0x7, 0x6}, 0x70bd2a, 0x0, 0x2, 0x4, 0x1f, 0x8}}]}, 0x1a4}, 0x1, 0x0, 0x0, 0x80}, 0x0) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r4, 0x6, 0x23, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@bloom_filter={0x1e, 0xff, 0x8, 0x2, 0x0, r4, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x4, 0x1, 0x7}, 0x48) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (async) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) (async) getresuid(&(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100)) (async) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)) (async) getresuid(&(0x7f0000000200), &(0x7f0000000240), &(0x7f0000000280)) (async) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r1}, 0x2c, {'group_id', 0x3d, r2}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r3}}]}}) (async) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000240)=@getsadinfo={0x1a4, 0x23, 0x1a, 0x70bd29, 0x25dfdbfb, 0x0, [@address_filter={0x28, 0x1a, {@in=@loopback, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x2, 0xb, 0x12}}, @migrate={0x50, 0x11, [{@in6=@private2, @in=@remote, @in6=@private0={0xfc, 0x0, '\x00', 0x1}, @in6=@mcast2, 0x2b, 0x3, 0x0, 0x3504, 0x2, 0x2}]}, @address_filter={0x28, 0x1a, {@in=@empty, @in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0xa, 0x9, 0x9}}, @offload={0xc}, @sa={0xe4, 0x6, {{@in6=@private1, @in=@empty, 0x4e24, 0xff, 0x4e23, 0x5, 0xa, 0x20, 0x80, 0x5c, 0x0, r1}, {@in=@multicast1, 0x4d6, 0x32}, @in6=@mcast2, {0x9, 0x6, 0x9, 0x7, 0x10001, 0x7, 0x0, 0x80000001}, {0x8, 0xfffffffffffff34d, 0x44106569, 0x6}, {0x7, 0x6}, 0x70bd2a, 0x0, 0x2, 0x4, 0x1f, 0x8}}]}, 0x1a4}, 0x1, 0x0, 0x0, 0x80}, 0x0) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (async) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r4, 0x6, 0x23, 0x0, 0x0) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@bloom_filter={0x1e, 0xff, 0x8, 0x2, 0x0, r4, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x4, 0x1, 0x7}, 0x48) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) (async) 10:58:24 executing program 3: r0 = socket$inet_dccp(0x2, 0x6, 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0xe, &(0x7f0000000000)=""/228, &(0x7f0000000100)=0xe4) 10:58:24 executing program 3: prctl$PR_MCE_KILL(0x21, 0x1, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) 10:58:24 executing program 2: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000000)=""/4096) 10:58:24 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@updsa={0xf0, 0x1a, 0xf03, 0x0, 0x0, {{@in=@local, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a0, 0xa0}, {@in6=@empty}, @in=@remote}}, 0xf0}}, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x28, 0x140b, 0x400, 0x70bd28, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @RDMA_NLDEV_ATTR_RES_CM_IDN={0x8, 0x3f, 0x5}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x2}]}, 0x28}, 0x1, 0x0, 0x0, 0x4}, 0x40) socket$nl_xfrm(0x10, 0x3, 0x6) (async) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@updsa={0xf0, 0x1a, 0xf03, 0x0, 0x0, {{@in=@local, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a0, 0xa0}, {@in6=@empty}, @in=@remote}}, 0xf0}}, 0x0) (async) sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x28, 0x140b, 0x400, 0x70bd28, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @RDMA_NLDEV_ATTR_RES_CM_IDN={0x8, 0x3f, 0x5}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x2}]}, 0x28}, 0x1, 0x0, 0x0, 0x4}, 0x40) (async) [ 2055.840745] FAULT_INJECTION: forcing a failure. [ 2055.840745] name failslab, interval 1, probability 0, space 0, times 0 [ 2055.864128] CPU: 0 PID: 24999 Comm: syz-executor.1 Not tainted 4.14.286-syzkaller #0 [ 2055.872023] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2055.881378] Call Trace: [ 2055.883955] dump_stack+0x1b2/0x281 [ 2055.887619] should_fail.cold+0x10a/0x149 [ 2055.891861] should_failslab+0xd6/0x130 [ 2055.895816] kmem_cache_alloc_node_trace+0x25a/0x400 [ 2055.900912] __kmalloc_node_track_caller+0x38/0x70 [ 2055.905837] __alloc_skb+0x96/0x510 [ 2055.909465] kobject_uevent_env+0x882/0xf30 [ 2055.913767] device_add+0xa47/0x15c0 [ 2055.917463] ? device_is_dependent+0x2a0/0x2a0 [ 2055.922029] ? kfree+0x1f0/0x250 [ 2055.925376] device_create_groups_vargs+0x1dc/0x250 [ 2055.930373] device_create_vargs+0x3a/0x50 [ 2055.934600] bdi_register_va.part.0+0x35/0x650 [ 2055.939247] bdi_register_va+0x63/0x80 [ 2055.943112] super_setup_bdi_name+0x123/0x220 [ 2055.947582] ? kill_block_super+0xe0/0xe0 [ 2055.951709] ? do_raw_spin_unlock+0x164/0x220 [ 2055.956184] fuse_fill_super+0x937/0x15c0 [ 2055.960307] ? fuse_get_root_inode+0xc0/0xc0 [ 2055.964738] ? up_write+0x17/0x60 [ 2055.968164] ? register_shrinker+0x15f/0x220 [ 2055.972554] ? sget_userns+0x768/0xc10 [ 2055.976461] ? get_anon_bdev+0x1c0/0x1c0 [ 2055.980501] ? sget+0xd9/0x110 [ 2055.983669] ? fuse_get_root_inode+0xc0/0xc0 [ 2055.988050] mount_nodev+0x4c/0xf0 [ 2055.991580] mount_fs+0x92/0x2a0 [ 2055.994925] vfs_kern_mount.part.0+0x5b/0x470 [ 2055.999395] do_mount+0xe65/0x2a30 [ 2056.002910] ? do_raw_spin_unlock+0x164/0x220 [ 2056.007380] ? copy_mount_string+0x40/0x40 [ 2056.011592] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 2056.016601] ? copy_mnt_ns+0xa30/0xa30 [ 2056.020478] ? copy_mount_options+0x1fa/0x2f0 [ 2056.024954] ? copy_mnt_ns+0xa30/0xa30 [ 2056.028830] SyS_mount+0xa8/0x120 [ 2056.032267] ? copy_mnt_ns+0xa30/0xa30 [ 2056.036134] do_syscall_64+0x1d5/0x640 [ 2056.040000] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2056.045166] RIP: 0033:0x7fc09e230109 [ 2056.048853] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2056.056550] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 [ 2056.063794] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 [ 2056.071039] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 [ 2056.078284] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 10:58:25 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 55) 10:58:25 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) 10:58:25 executing program 5: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x0, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000240)={0x2020, 0x0, 0x0, 0x0}, 0x2020) (async) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) (async) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f0000002400)=ANY=[@ANYBLOB="66643deb1869a2f3982b624983f16ec717722ee945cb929f4ef8d96afd18954079ce37157d", @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000020000,user_id=', @ANYRESDEC=r1, @ANYBLOB=',group_id=', @ANYRESDEC=r2, @ANYBLOB=',allow_other,blksize=0x0000000000000600,smackfsroot=(,euid<', @ANYRESDEC=r3, @ANYBLOB=',\x00']) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80c014, &(0x7f0000002280)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r0}, 0x2c, {'group_id', 0x3d, r2}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x1e00}}, {@default_permissions}, {@blksize={'blksize', 0x3d, 0xa00}}, {@allow_other}, {@allow_other}, {@allow_other}], [{@euid_lt={'euid<', r4}}, {@fowner_lt={'fowner<', 0xffffffffffffffff}}, {@fsname={'fsname', 0x3d, '-'}}, {@appraise_type}, {@appraise}]}}) 10:58:25 executing program 2: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000000)=""/4096) 10:58:25 executing program 3: prctl$PR_MCE_KILL(0x21, 0x1, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) prctl$PR_MCE_KILL(0x21, 0x1, 0x0) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) (async) 10:58:25 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@updsa={0xf0, 0x1a, 0xf03, 0x0, 0x0, {{@in=@local, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a0, 0xa0}, {@in6=@empty}, @in=@remote}}, 0xf0}}, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x28, 0x140b, 0x400, 0x70bd28, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @RDMA_NLDEV_ATTR_RES_CM_IDN={0x8, 0x3f, 0x5}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x2}]}, 0x28}, 0x1, 0x0, 0x0, 0x4}, 0x40) [ 2056.085546] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 10:58:25 executing program 2: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000000)=""/4096) 10:58:25 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000000)={0x81}, 0x8) 10:58:25 executing program 3: prctl$PR_MCE_KILL(0x21, 0x1, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) prctl$PR_MCE_KILL(0x21, 0x1, 0x0) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) (async) 10:58:25 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000001700)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB="2c726f6f746d6f64653d30303030303030303830302e30303021fdc92230303031303030302c757365721fc29c9dc41e", @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="b2ddc48eb75882c716573868e8058e90e2"]) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) getresuid(&(0x7f0000000400), &(0x7f0000000440), &(0x7f0000000480)) ioctl$sock_inet6_tcp_SIOCINQ(r3, 0x541b, &(0x7f00000003c0)) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r2, 0x6, 0x23, 0x0, 0x0) ioctl$sock_inet6_tcp_SIOCATMARK(r2, 0x8905, &(0x7f0000000180)) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000001680), 0x4e204, 0x0) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000016c0)={&(0x7f0000000540)="80a6e5c2483db03796cc933a0f599b0f06ea279735985a609799cdc880a5a14460e07f10d1fd60327d425b4c91af8779ed36a27abaa9109146334faa459b178f7203735b09737d472e295a7d0c4137660a08fbee2c4b6887bdd81fb0e1cbbf840701b0f6a76afdce6d89cbe0cdf6f534cf9a5df7d76d34701d6b949284b51722054c1d0b62cb38582e154b9204db5a2744276b0ee80ca29066063a246a6ce49defd041d493bcfab57e3dd64e3dc9b05b3b5de7381a45622d1f9f489e470f26c9a4c768503844f49d4cd1a911ab0c09528e2e0f8fca62e431c98e5296891cc5ca75ad6ac6e394fcf5cd6e1fb97f7dd5c018591649c91527bae6766776a6cb672cfd6b3884ccfc50cf9a874297cb82350e234704c5897f6a62004e7977ae4f14d62d993323543e268355866dc59f19ba8abad5df2ca9b94b208facb0a7ed9dea9ca799c5fd476605d1cb4d57d7743e5b3dac07fb41e64a246fbc6b182624ba8bad691264cb1ffc5bb84d4cb7b6ec52932c5b5e3aa265eaf9ce14cea336bdda09fefc8ef9b9b256760000580edb72fa46dfd9c79b08099b604308538cd3690436b9df230a536f174f6af14af7c0b7a34ba8618456848199aff0565cba370b9cb9b6cf698893f3e0f97663cc062d952b3610b736910e67c3e2812c54540a2f2e35e2cc48891fa8bc5bd945fa249124bf249800d4c7c8067fd053df96640e2c89ebaa3bd3f7eafa4795414bde9ba8cab4c1c722485f4aa2d9cf9618873251c381285b88b639fe7488a3fab73081cdf00297adeef67a472e65d503703643573bb233d6c3ffa8eaaea1d54ac2f2d9afb8ea93306a0cb7627e6cf136707fc4687e225cdbe391ca447f9782ba3c4fa52880bfc9919791a99a64795cf3511a14375c8d97f30cda6e0ca0c61d77106f1b35e54554f6349e09b463c3e8bc3350025377898ab9e34d23a47b86e38f6d63d19815a16b40c2db12379fd79e0c4310fad88b762852aa117bfdef7f681d7a223d882e00d189512c605f01285117e2f75f8ae3ad4e3b5cd542f4da9f1b109778e758e58956790a3757712c4b4dc2df801f8efe095c146942a85a8401354e90b6e4a1d7dde42707230c12305d74b5e0937de2b8f07d658e8a99978e96771c67c199dd5dcdd4b6899746046058ba6d8809c70ae9b6cd0c5b58bd5ddb2a5ba27190efc2d411734c30da4872ffd65bbbc12969807b2016919ba291845fce3c8cbdb3168febb4307f22e75753c4e9f98308b6c753779595f72bcab4fed98afdb179bfe0b451171851c9eb0617c5ebe7ac24c01709d3d0e2fb8ffa9c511a6894b30a8b277692d2c736c0de8f0aef9ff59ffa8689f552a14ed55227a63133fb90ec59fbc7e62b1fa283b1e5b4e1e8e94d7ceb1e58fa6237ffcd174ae613b67728516ff0d3d1852a8c2803f7de4c903be32464234c505c1b43359d148bc6887bb53e0cd640d6324ab2be99bfc62af333f28bab4bedef3e9094b4908fb6fff22ad3d881e6c1120eef01349c1f99005b7118a471bbcbc80c92afa1ff12b7efc0bc310067ad9bebca0e4fcde12220c4dcab7e3a39d69e1c4cc0bbae2027c442b99517a7995cd233343ce738dafbed335e2e645514f004da11140fb8365ce5cbdc68e3b0b38a83b8560e4283eea511e364ae8d6de8bc161c6785eedc5172d6b5b99a36a99ffe70d0f367004c08475c1abe0c9e0532cef4a699eeadaac88a220ea1715a32efa0ae0ab41c33e566fcc10aab8feee2076d322474c213af5e20f254a705605eec06543e40b62e336c21fe4ad69e335ca171444a5b0fe47075269c59d273cb518735bc61f1c85b0610b04c2b9e2787f84f06afcb4c5b9d5dcf14bdb5a95b516dade8d41cf00f19e5e1f0efb7274341b5cfe071a5c05c2a5d0ade1374a07682b01c5813b151620cb9d95784e33a0d7e1180863b99f52622b80f8a7da5c511fa0ff11d7875fa31e7c2d22c39f59f2e4af83a173f8a23b1a275c373937ccad54acc17adcd61a7e6cb98507d60462496d56cb97a956d6e241b9ddcab03ed0dbf51fffdd87feb2ddbd21eb699e4d58b1455f7d2087eebf009f89cef99cbbbe9fb995bb8495ee05ac96ed0921fdee7f79af463e8b7f3259f4a145eaf1bfa9a94a84168a1e722843c8d14dc9b6537b7408eb1851e030f270e22b2bd2e087219b26b513ee7c9e8d61c2245a54e05308bf9c813c6d7102b0f02409dae2db6e27f262e13e0f317eddaebefdf4e4284f5a59ef7d83c8b06e23654efdc3130c804a52f5095b0a6a2b2f6d04c842e55e82ba3af839ae6d469a970cc9598a9ce651d0d5ef04c8ae7c05c6ee4a8e5bb78d6b470d9b79da55adf0db6068ee67752892c2b1f7306ccdefc2a4d7924e63e955d73efede37abb88e375daf45787caab076d210256973c1955665f7bbef2fcc0fd6fdf998bfa8ad59cf4ccace88af2457bdb9e6ba3bcef54a53bb327d742d397dccd29ea4d50ad4cbd236ff46981a52d77eaba4fdb4ba8ed6b6f4a33e2cd0203c1fe5e4922162a25b8038a0a2a69654e711af152773851838fd3028f0e6eba048a2231265170840cdc6f81c5cacc0d307113d1fd54fb0266851bdf2c352503aaeec18d0f15101a4e263c629cfe9e3d6e34d99daaff55c443e04423ed822348532f12da4462ac3722eaed0d06b4bdfa55f142fd177bd4221c91ca9b39289ba85a1b90bc34e6e99b91968ca9c98105b5d0358c5ecc2a244b8e2efbfec62074c8684240546f6129d6ac50a2eaaaa482f11da9d11465709396149c94c73d001060212feaa82e816717c355ef5c869e7702863da235f1939aeba84e12eefd93ab5c1f7f717bccb59bf70794305f65c94d06462b5898ff341a685a1a1fcb55bf02d2238dbe0f512447052382d9de6e4f80aaad07ae0b1e9a211402a5a33165dc4920fe3347a606a86e0b59027ac40c88aa5d54d0460c2cbfad29cd6abcca4b339b5e2d0e580b6cf2b7e3b95aaaba294094d51fa5895535517eb20271ab78efb1da39a3a6ec1a2b5c8474c853085245a03f5151c649c54696a194000bc1092f4c5a0bff857d3bc62a41ac3347a0cddbd6d7c85f3c9bb7eb48c7ddb37f717898a9d04839c5db2b55a567b05171654feda251a5906ce86fa40411cf795f4772372ed3d7d9484d819700576800bd0c615cd5aadfc53f3d49987a0c4ed820c3d3046b5aefd83bae7ced8f39f5cab605187de40bfee54caa90efd38279f331e2aa834b08e363ba1a467b79f0a24bd0f41322dd8aadd990aec165e861605a8ae1559c604b40a71de748971925f7b0f6714f19efcf8f9bdad1b249c298c3b095b5a29c4f5b423a22f930597d6df9e6f1dab034cdd9c8d618c8a8e6b79aa44f29a4de9cf74298961d04d2784c7ba36a06fcb5a3591629abbd973f9163ad08039c559761b45a44dc73f77016b61aad70708d86d4fc5a8a7d12577b8fc22da7314e27cc0300da81b720caaacdfb631604efe10e7637e63f7d1363852bab69aa91969453d211eba5d4a3472cd2503c34ba666c4d27f42928c91b4664fc6c2273f9cb584589f87e04fa56fc722f82169de565ca8d5509202a2564997aa612dac724c6b4cb38f1ac734026a01af218aa2eca961b8c4e053d258c34ce80b60f10053edf973213333eacddc439dd42cc0024b649e667f31462d27d4a52d9dc3205cd45c2e56fe3c54bee0e0d559e68e4b99f57e0f41a6be955a26e93baf96573e5c71305bc3070369ffc55942719cc2dbdbe262808132d1ca1f09f4529226d99607d480e376191ed79155cf2649ee7ff6e070a7e60621f0b12af142280242fc3e0e8182c3ad8ba6f5b8798d61ec46d46a5e602dc08500c97d5f9274176fffc4bad6587af68d0bf507189e5692d8ee2af2032fd99e9d9f312633c6b1d698ec274e43c3f7c709c9a81ff28ae46570d8f3e1855bb9a98331c60c0de41950ee7baf75fca1c56dd623625515af00090ef1f0dc22c398a16a26d8a963de02996441f03e8248d110852bb22dd166dd9b666810d7810c24a40f407be1204ec1b0dd1584e1ad945791debd34e033b0e2bc63f681528d0844ada6253eec3313ab89e4472ea5eacd0398a776673ccb85c89d93573561530980719df0dfbe4788d04568c022e8e1748077da574795c490d868ec13b92911074ba5d5151617c15ef2ea5ad6080c31f9cc020fdb17b4d4cd10e52d9a19cbcc6d9f2dc6fa59437329f617e047c08eaf510a6baa4484f306c172b13ee4c77ee186b83640c29d57a1c477da8bef290b823cf53304a8e4e563fb0638e7f45dd2254adcd034498f40b7d3b06c2e6cfbce64aa4e2669c34f7e278ff0b40dbe31d0d63b9fe64539a1d64cf6d5386bb9b89b853c3cddee8b3592f6be0285569945b38a38bfa5f3046e44aa631b33eb2d3a48171dc1b90caec86c30d5ae88d3d546eecff3e0f0772f4f37929a0a8a66d5143dd4d9638161353ff620457dad3905d1c192843ebc6d97da39959ed2b098f45845b54102f3a2d124ba8c23dc6e29858025344612e6f71b9d64bda94605f6af34060d6d3592941169d4f8a2245cc0e92191f1bff90da8ce7061dbcdf8c08b84d8764d0cc96224da544918dc7c67b4b3239c6111d18b9e7c1e940cfb2404d8188acf53726a3e5f6f9a3ebd70fac1b90be6197c3a230b65055a0fe6b613087bd4325c53a80e8a5beb3f47ba45359ca2f2d74a3e826ac3373340af109b9760b3c269083941322ce23a40ba74a389be2696bbbbcb6edaca7d1fa16959b894ab618dd7998771ffb96f9b2450cf8ed88c0cdf1ebfa3c0b754fad2aac6504a268d04734b43809551c723e97464e6a2a3097c67b147016d7adda849dea3c422ded1ff2934541a73a4c3d81fb5bb90632a3918b9dbd951e9f502341eb254f95dd4b983ae773dc98be7e1942bfbd125a065aa0c87f1c10e421adbb7c2fdace8a43c08a3ef9f0c6f0558a084000b4bf7945b9c27b0e63b7fcd8e57530498abd1e911d537d79c0510e199abd2d611e334e554101891419bc69f184f4375775b9da05b55a7c1082813383c22d67cba3edcf79b40a295affeb9e2d5d574b52eb261b05d15d4737186ab38ee0517bc364770835cd6557b415a8ef18772ff8f91f28efc7e159d5f923df8b0a1ef73520515546fe17c9fbf5ffcd454422402feebec347feaf6f9089d7369e1f721183a40d256410e243b3654217f207ba700c5cfc15bbbeb1eb3350336833e4b5958dddcd551d6b8356b44dcbe9cca29a7c83654501ebba7156642f1e2f71392f1a0fc8ae32aa7d6a89eca9d4731ba7c6f10e3639e6b202acc8f20b5d69a71d38c10f7c92df25651651e75b131909db1b6485e4990dada54f4907ff69b7c72c1212877cf14dfae474b5ab80cd05b23d890c7704acf8c7aeb5abf5ca74f08fc21bc50bd4a700dc1fd2c4ec95309d80c45d4e146ee85fcc5b816c57b0bfd0b73450abfd90e378ede2801d8f80fe2987cc48c8126503342a49834eed03aa4ccf92fe6e289ce4f6389be372183790e781bbc06e4cd51ebcb77685d50c20ba394e2deae0f3246a6216a0c9df9d052cbf5c4a52e6468e9617dfda1b1f6a44e9d72a15d6dd141804464e57a01a57ee0cea56e08b8790a47368df67229b342de64308c738942ec9713eef747b3e4750295b3be689dd45bc2db3d4134eb2bea0e2ddc9371905895584a311e39a7343067b744154f7bc5ff9b9d50d138508e52d9cbb5455199d60e09e9f405137dae6c5958756185053fdaccc872a467cae9d1f5c65c33156cccb341706fe224f7d2b12db59123d7e97f5e6a33243", &(0x7f00000004c0)=""/17, &(0x7f0000001540)="20f30bcc9e4ec82e62a4861dfd7bba68bca89daa80f4884e010a0a35fe9750d10c43228a7629319851896b4b0c6307c0133e538635c59e56befceef65f829ab8c46a43e9273af0c2ee366c80ae300c0c5967ac853633de4a8668e8fe", &(0x7f00000015c0)="6fe04d3d9ccda9ab059e4cac3f73d37fecd8f0a244cfd73441f30e30b076137acd98f474d7c0a8e2fab967f6311d9033fb2b882b076882ec8cb93c9fe30bc81e87c87aadf80d8253e291c4b757011800b8d5e583a72661856b4061c2cfcdc3776faf58f7ea85992c4fd640906a3956b016685deed29d02a6e2895ab1a79b0905f406c18633601cacde760595cf69587192770d8a226502041bc909abea4188887b82764afe8d1487c5c89859ee916cd1f665fc0f70", 0x0, r4}, 0x38) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000340)=@bpf_lsm={0x1d, 0x5, &(0x7f0000000000)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0x7}, @initr0={0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x10001}, @call={0x85, 0x0, 0x0, 0x79}, @jmp={0x5, 0x0, 0x2, 0x2, 0x9, 0xfffffffffffffff8, 0x8}], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x93, &(0x7f0000000240)=""/147, 0x41000, 0x2, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f0000000080)={0x5, 0x5}, 0x8, 0x10, &(0x7f0000000100)={0x3, 0x9, 0xfffd, 0x5d}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000300)=[r1, 0xffffffffffffffff, r2]}, 0x80) r5 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r5, 0x6, 0x23, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r5, 0x6, 0x16, &(0x7f00000001c0)=[@timestamp, @sack_perm, @sack_perm, @window={0x3, 0x5, 0xfff}, @window={0x3, 0x9, 0x4395}], 0x5) 10:58:25 executing program 5: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x0, 0x0) (async) read$FUSE(0xffffffffffffffff, &(0x7f0000000240)={0x2020, 0x0, 0x0, 0x0}, 0x2020) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) (async) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f0000002400)=ANY=[@ANYBLOB="66643deb1869a2f3982b624983f16ec717722ee945cb929f4ef8d96afd18954079ce37157d", @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000020000,user_id=', @ANYRESDEC=r1, @ANYBLOB=',group_id=', @ANYRESDEC=r2, @ANYBLOB=',allow_other,blksize=0x0000000000000600,smackfsroot=(,euid<', @ANYRESDEC=r3, @ANYBLOB=',\x00']) (async) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80c014, &(0x7f0000002280)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r0}, 0x2c, {'group_id', 0x3d, r2}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x1e00}}, {@default_permissions}, {@blksize={'blksize', 0x3d, 0xa00}}, {@allow_other}, {@allow_other}, {@allow_other}], [{@euid_lt={'euid<', r4}}, {@fowner_lt={'fowner<', 0xffffffffffffffff}}, {@fsname={'fsname', 0x3d, '-'}}, {@appraise_type}, {@appraise}]}}) 10:58:25 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@updsa={0xf0, 0x1a, 0xf03, 0x0, 0x0, {{@in=@local, @in=@loopback}, {@in6=@empty}, @in=@remote}}, 0xf0}}, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000140), 0x440000, 0x0) ioctl$PPPIOCSDEBUG(r2, 0x40047440, &(0x7f0000000180)=0x80) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1c, 0x71e, 0x2, 0xd9b, 0x110e, 0x1, 0x9, '\x00', 0x0, r1, 0x1, 0x4, 0x4}, 0x48) ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000040)={0x5, 0x0, 0xfffffff8, 0x4d113aeb, 0x6273}) [ 2056.212753] FAULT_INJECTION: forcing a failure. [ 2056.212753] name failslab, interval 1, probability 0, space 0, times 0 [ 2056.230149] CPU: 0 PID: 25040 Comm: syz-executor.1 Not tainted 4.14.286-syzkaller #0 [ 2056.230155] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2056.230159] Call Trace: 10:58:25 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 56) 10:58:25 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) (async) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000000)={0x81}, 0x8) 10:58:25 executing program 5: arch_prctl$ARCH_SET_CPUID(0x1012, 0x1) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x400801, 0x0) ioctl$PPPIOCGDEBUG(r0, 0x80047441, &(0x7f00000000c0)) r1 = openat$vcs(0xffffffffffffff9c, 0x0, 0x2b0002, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@bloom_filter={0x1e, 0x0, 0x80000000, 0x3f, 0x1410, r1, 0x37ed, '\x00', 0x0, r1, 0x3, 0x1, 0x2, 0xc}, 0x48) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) 10:58:25 executing program 3: add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, &(0x7f00000000c0)={0x2, 0x0, @b}, 0x48, 0xfffffffffffffffd) 10:58:25 executing program 3: add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, &(0x7f00000000c0)={0x2, 0x0, @b}, 0x48, 0xfffffffffffffffd) add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, &(0x7f00000000c0)={0x2, 0x0, @b}, 0x48, 0xfffffffffffffffd) (async) 10:58:25 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000000)={0x81}, 0x8) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) (async) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000000)={0x81}, 0x8) (async) 10:58:25 executing program 3: add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, &(0x7f00000000c0)={0x2, 0x0, @b}, 0x48, 0xfffffffffffffffd) add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, &(0x7f00000000c0)={0x2, 0x0, @b}, 0x48, 0xfffffffffffffffd) (async) 10:58:25 executing program 5: arch_prctl$ARCH_SET_CPUID(0x1012, 0x1) (async) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x400801, 0x0) ioctl$PPPIOCGDEBUG(r0, 0x80047441, &(0x7f00000000c0)) (async) r1 = openat$vcs(0xffffffffffffff9c, 0x0, 0x2b0002, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@bloom_filter={0x1e, 0x0, 0x80000000, 0x3f, 0x1410, r1, 0x37ed, '\x00', 0x0, r1, 0x3, 0x1, 0x2, 0xc}, 0x48) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) [ 2056.230173] dump_stack+0x1b2/0x281 [ 2056.230188] should_fail.cold+0x10a/0x149 10:58:25 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) [ 2056.230203] should_failslab+0xd6/0x130 [ 2056.230217] kmem_cache_alloc_node_trace+0x25a/0x400 [ 2056.230232] __kmalloc_node_track_caller+0x38/0x70 [ 2056.230245] __alloc_skb+0x96/0x510 [ 2056.230258] kobject_uevent_env+0x882/0xf30 [ 2056.230277] device_add+0xa47/0x15c0 [ 2056.230290] ? device_is_dependent+0x2a0/0x2a0 [ 2056.230299] ? kfree+0x1f0/0x250 [ 2056.230314] device_create_groups_vargs+0x1dc/0x250 [ 2056.230326] device_create_vargs+0x3a/0x50 [ 2056.230341] bdi_register_va.part.0+0x35/0x650 [ 2056.230354] bdi_register_va+0x63/0x80 [ 2056.230366] super_setup_bdi_name+0x123/0x220 [ 2056.230376] ? kill_block_super+0xe0/0xe0 [ 2056.230387] ? do_raw_spin_unlock+0x164/0x220 [ 2056.230404] fuse_fill_super+0x937/0x15c0 [ 2056.230417] ? fuse_get_root_inode+0xc0/0xc0 [ 2056.230427] ? up_write+0x17/0x60 [ 2056.230434] ? register_shrinker+0x15f/0x220 [ 2056.230443] ? sget_userns+0x768/0xc10 [ 2056.230459] ? get_anon_bdev+0x1c0/0x1c0 [ 2056.230466] ? sget+0xd9/0x110 [ 2056.230484] ? fuse_get_root_inode+0xc0/0xc0 [ 2056.230494] mount_nodev+0x4c/0xf0 [ 2056.230519] mount_fs+0x92/0x2a0 [ 2056.230534] vfs_kern_mount.part.0+0x5b/0x470 [ 2056.230546] do_mount+0xe65/0x2a30 [ 2056.230557] ? do_raw_spin_unlock+0x164/0x220 [ 2056.230571] ? copy_mount_string+0x40/0x40 [ 2056.230584] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 2056.230595] ? copy_mnt_ns+0xa30/0xa30 [ 2056.230605] ? copy_mount_options+0x1fa/0x2f0 [ 2056.230613] ? copy_mnt_ns+0xa30/0xa30 [ 2056.230623] SyS_mount+0xa8/0x120 [ 2056.230632] ? copy_mnt_ns+0xa30/0xa30 [ 2056.230642] do_syscall_64+0x1d5/0x640 [ 2056.230657] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2056.230665] RIP: 0033:0x7fc09e230109 [ 2056.230670] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2056.230681] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 [ 2056.230687] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 [ 2056.230692] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 [ 2056.230697] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2056.230703] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 [ 2056.353468] FAULT_INJECTION: forcing a failure. [ 2056.353468] name failslab, interval 1, probability 0, space 0, times 0 [ 2056.552541] CPU: 0 PID: 25072 Comm: syz-executor.1 Not tainted 4.14.286-syzkaller #0 [ 2056.560422] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2056.569774] Call Trace: [ 2056.572343] dump_stack+0x1b2/0x281 [ 2056.575966] should_fail.cold+0x10a/0x149 [ 2056.580106] should_failslab+0xd6/0x130 [ 2056.584095] kmem_cache_alloc_node_trace+0x25a/0x400 [ 2056.589279] __kmalloc_node_track_caller+0x38/0x70 [ 2056.594530] __alloc_skb+0x96/0x510 [ 2056.598142] kobject_uevent_env+0x882/0xf30 [ 2056.602496] device_add+0xa47/0x15c0 [ 2056.606187] ? device_is_dependent+0x2a0/0x2a0 [ 2056.610828] ? kfree+0x1f0/0x250 [ 2056.614181] device_create_groups_vargs+0x1dc/0x250 [ 2056.619182] device_create_vargs+0x3a/0x50 [ 2056.623409] bdi_register_va.part.0+0x35/0x650 [ 2056.627979] bdi_register_va+0x63/0x80 [ 2056.631845] super_setup_bdi_name+0x123/0x220 [ 2056.636320] ? kill_block_super+0xe0/0xe0 [ 2056.640446] ? do_raw_spin_unlock+0x164/0x220 [ 2056.644924] fuse_fill_super+0x937/0x15c0 [ 2056.649051] ? fuse_get_root_inode+0xc0/0xc0 [ 2056.653443] ? up_write+0x17/0x60 [ 2056.656873] ? register_shrinker+0x15f/0x220 [ 2056.661258] ? sget_userns+0x768/0xc10 [ 2056.665129] ? get_anon_bdev+0x1c0/0x1c0 [ 2056.669166] ? sget+0xd9/0x110 [ 2056.672335] ? fuse_get_root_inode+0xc0/0xc0 [ 2056.676716] mount_nodev+0x4c/0xf0 [ 2056.680240] mount_fs+0x92/0x2a0 [ 2056.683646] vfs_kern_mount.part.0+0x5b/0x470 [ 2056.688120] do_mount+0xe65/0x2a30 [ 2056.691635] ? do_raw_spin_unlock+0x164/0x220 [ 2056.696120] ? copy_mount_string+0x40/0x40 [ 2056.700331] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 2056.705321] ? copy_mnt_ns+0xa30/0xa30 [ 2056.709183] ? copy_mount_options+0x1fa/0x2f0 [ 2056.713652] ? copy_mnt_ns+0xa30/0xa30 [ 2056.717521] SyS_mount+0xa8/0x120 [ 2056.720950] ? copy_mnt_ns+0xa30/0xa30 [ 2056.724814] do_syscall_64+0x1d5/0x640 [ 2056.728689] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2056.733853] RIP: 0033:0x7fc09e230109 [ 2056.737539] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2056.745234] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 [ 2056.752479] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 10:58:25 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000001700)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB="2c726f6f746d6f64653d30303030303030303830302e30303021fdc92230303031303030302c757365721fc29c9dc41e", @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="b2ddc48eb75882c716573868e8058e90e2"]) (async) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) (async) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) getresuid(&(0x7f0000000400), &(0x7f0000000440), &(0x7f0000000480)) (async) ioctl$sock_inet6_tcp_SIOCINQ(r3, 0x541b, &(0x7f00000003c0)) (async) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r2, 0x6, 0x23, 0x0, 0x0) (async) ioctl$sock_inet6_tcp_SIOCATMARK(r2, 0x8905, &(0x7f0000000180)) (async) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000001680), 0x4e204, 0x0) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000016c0)={&(0x7f0000000540)="80a6e5c2483db03796cc933a0f599b0f06ea279735985a609799cdc880a5a14460e07f10d1fd60327d425b4c91af8779ed36a27abaa9109146334faa459b178f7203735b09737d472e295a7d0c4137660a08fbee2c4b6887bdd81fb0e1cbbf840701b0f6a76afdce6d89cbe0cdf6f534cf9a5df7d76d34701d6b949284b51722054c1d0b62cb38582e154b9204db5a2744276b0ee80ca29066063a246a6ce49defd041d493bcfab57e3dd64e3dc9b05b3b5de7381a45622d1f9f489e470f26c9a4c768503844f49d4cd1a911ab0c09528e2e0f8fca62e431c98e5296891cc5ca75ad6ac6e394fcf5cd6e1fb97f7dd5c018591649c91527bae6766776a6cb672cfd6b3884ccfc50cf9a874297cb82350e234704c5897f6a62004e7977ae4f14d62d993323543e268355866dc59f19ba8abad5df2ca9b94b208facb0a7ed9dea9ca799c5fd476605d1cb4d57d7743e5b3dac07fb41e64a246fbc6b182624ba8bad691264cb1ffc5bb84d4cb7b6ec52932c5b5e3aa265eaf9ce14cea336bdda09fefc8ef9b9b256760000580edb72fa46dfd9c79b08099b604308538cd3690436b9df230a536f174f6af14af7c0b7a34ba8618456848199aff0565cba370b9cb9b6cf698893f3e0f97663cc062d952b3610b736910e67c3e2812c54540a2f2e35e2cc48891fa8bc5bd945fa249124bf249800d4c7c8067fd053df96640e2c89ebaa3bd3f7eafa4795414bde9ba8cab4c1c722485f4aa2d9cf9618873251c381285b88b639fe7488a3fab73081cdf00297adeef67a472e65d503703643573bb233d6c3ffa8eaaea1d54ac2f2d9afb8ea93306a0cb7627e6cf136707fc4687e225cdbe391ca447f9782ba3c4fa52880bfc9919791a99a64795cf3511a14375c8d97f30cda6e0ca0c61d77106f1b35e54554f6349e09b463c3e8bc3350025377898ab9e34d23a47b86e38f6d63d19815a16b40c2db12379fd79e0c4310fad88b762852aa117bfdef7f681d7a223d882e00d189512c605f01285117e2f75f8ae3ad4e3b5cd542f4da9f1b109778e758e58956790a3757712c4b4dc2df801f8efe095c146942a85a8401354e90b6e4a1d7dde42707230c12305d74b5e0937de2b8f07d658e8a99978e96771c67c199dd5dcdd4b6899746046058ba6d8809c70ae9b6cd0c5b58bd5ddb2a5ba27190efc2d411734c30da4872ffd65bbbc12969807b2016919ba291845fce3c8cbdb3168febb4307f22e75753c4e9f98308b6c753779595f72bcab4fed98afdb179bfe0b451171851c9eb0617c5ebe7ac24c01709d3d0e2fb8ffa9c511a6894b30a8b277692d2c736c0de8f0aef9ff59ffa8689f552a14ed55227a63133fb90ec59fbc7e62b1fa283b1e5b4e1e8e94d7ceb1e58fa6237ffcd174ae613b67728516ff0d3d1852a8c2803f7de4c903be32464234c505c1b43359d148bc6887bb53e0cd640d6324ab2be99bfc62af333f28bab4bedef3e9094b4908fb6fff22ad3d881e6c1120eef01349c1f99005b7118a471bbcbc80c92afa1ff12b7efc0bc310067ad9bebca0e4fcde12220c4dcab7e3a39d69e1c4cc0bbae2027c442b99517a7995cd233343ce738dafbed335e2e645514f004da11140fb8365ce5cbdc68e3b0b38a83b8560e4283eea511e364ae8d6de8bc161c6785eedc5172d6b5b99a36a99ffe70d0f367004c08475c1abe0c9e0532cef4a699eeadaac88a220ea1715a32efa0ae0ab41c33e566fcc10aab8feee2076d322474c213af5e20f254a705605eec06543e40b62e336c21fe4ad69e335ca171444a5b0fe47075269c59d273cb518735bc61f1c85b0610b04c2b9e2787f84f06afcb4c5b9d5dcf14bdb5a95b516dade8d41cf00f19e5e1f0efb7274341b5cfe071a5c05c2a5d0ade1374a07682b01c5813b151620cb9d95784e33a0d7e1180863b99f52622b80f8a7da5c511fa0ff11d7875fa31e7c2d22c39f59f2e4af83a173f8a23b1a275c373937ccad54acc17adcd61a7e6cb98507d60462496d56cb97a956d6e241b9ddcab03ed0dbf51fffdd87feb2ddbd21eb699e4d58b1455f7d2087eebf009f89cef99cbbbe9fb995bb8495ee05ac96ed0921fdee7f79af463e8b7f3259f4a145eaf1bfa9a94a84168a1e722843c8d14dc9b6537b7408eb1851e030f270e22b2bd2e087219b26b513ee7c9e8d61c2245a54e05308bf9c813c6d7102b0f02409dae2db6e27f262e13e0f317eddaebefdf4e4284f5a59ef7d83c8b06e23654efdc3130c804a52f5095b0a6a2b2f6d04c842e55e82ba3af839ae6d469a970cc9598a9ce651d0d5ef04c8ae7c05c6ee4a8e5bb78d6b470d9b79da55adf0db6068ee67752892c2b1f7306ccdefc2a4d7924e63e955d73efede37abb88e375daf45787caab076d210256973c1955665f7bbef2fcc0fd6fdf998bfa8ad59cf4ccace88af2457bdb9e6ba3bcef54a53bb327d742d397dccd29ea4d50ad4cbd236ff46981a52d77eaba4fdb4ba8ed6b6f4a33e2cd0203c1fe5e4922162a25b8038a0a2a69654e711af152773851838fd3028f0e6eba048a2231265170840cdc6f81c5cacc0d307113d1fd54fb0266851bdf2c352503aaeec18d0f15101a4e263c629cfe9e3d6e34d99daaff55c443e04423ed822348532f12da4462ac3722eaed0d06b4bdfa55f142fd177bd4221c91ca9b39289ba85a1b90bc34e6e99b91968ca9c98105b5d0358c5ecc2a244b8e2efbfec62074c8684240546f6129d6ac50a2eaaaa482f11da9d11465709396149c94c73d001060212feaa82e816717c355ef5c869e7702863da235f1939aeba84e12eefd93ab5c1f7f717bccb59bf70794305f65c94d06462b5898ff341a685a1a1fcb55bf02d2238dbe0f512447052382d9de6e4f80aaad07ae0b1e9a211402a5a33165dc4920fe3347a606a86e0b59027ac40c88aa5d54d0460c2cbfad29cd6abcca4b339b5e2d0e580b6cf2b7e3b95aaaba294094d51fa5895535517eb20271ab78efb1da39a3a6ec1a2b5c8474c853085245a03f5151c649c54696a194000bc1092f4c5a0bff857d3bc62a41ac3347a0cddbd6d7c85f3c9bb7eb48c7ddb37f717898a9d04839c5db2b55a567b05171654feda251a5906ce86fa40411cf795f4772372ed3d7d9484d819700576800bd0c615cd5aadfc53f3d49987a0c4ed820c3d3046b5aefd83bae7ced8f39f5cab605187de40bfee54caa90efd38279f331e2aa834b08e363ba1a467b79f0a24bd0f41322dd8aadd990aec165e861605a8ae1559c604b40a71de748971925f7b0f6714f19efcf8f9bdad1b249c298c3b095b5a29c4f5b423a22f930597d6df9e6f1dab034cdd9c8d618c8a8e6b79aa44f29a4de9cf74298961d04d2784c7ba36a06fcb5a3591629abbd973f9163ad08039c559761b45a44dc73f77016b61aad70708d86d4fc5a8a7d12577b8fc22da7314e27cc0300da81b720caaacdfb631604efe10e7637e63f7d1363852bab69aa91969453d211eba5d4a3472cd2503c34ba666c4d27f42928c91b4664fc6c2273f9cb584589f87e04fa56fc722f82169de565ca8d5509202a2564997aa612dac724c6b4cb38f1ac734026a01af218aa2eca961b8c4e053d258c34ce80b60f10053edf973213333eacddc439dd42cc0024b649e667f31462d27d4a52d9dc3205cd45c2e56fe3c54bee0e0d559e68e4b99f57e0f41a6be955a26e93baf96573e5c71305bc3070369ffc55942719cc2dbdbe262808132d1ca1f09f4529226d99607d480e376191ed79155cf2649ee7ff6e070a7e60621f0b12af142280242fc3e0e8182c3ad8ba6f5b8798d61ec46d46a5e602dc08500c97d5f9274176fffc4bad6587af68d0bf507189e5692d8ee2af2032fd99e9d9f312633c6b1d698ec274e43c3f7c709c9a81ff28ae46570d8f3e1855bb9a98331c60c0de41950ee7baf75fca1c56dd623625515af00090ef1f0dc22c398a16a26d8a963de02996441f03e8248d110852bb22dd166dd9b666810d7810c24a40f407be1204ec1b0dd1584e1ad945791debd34e033b0e2bc63f681528d0844ada6253eec3313ab89e4472ea5eacd0398a776673ccb85c89d93573561530980719df0dfbe4788d04568c022e8e1748077da574795c490d868ec13b92911074ba5d5151617c15ef2ea5ad6080c31f9cc020fdb17b4d4cd10e52d9a19cbcc6d9f2dc6fa59437329f617e047c08eaf510a6baa4484f306c172b13ee4c77ee186b83640c29d57a1c477da8bef290b823cf53304a8e4e563fb0638e7f45dd2254adcd034498f40b7d3b06c2e6cfbce64aa4e2669c34f7e278ff0b40dbe31d0d63b9fe64539a1d64cf6d5386bb9b89b853c3cddee8b3592f6be0285569945b38a38bfa5f3046e44aa631b33eb2d3a48171dc1b90caec86c30d5ae88d3d546eecff3e0f0772f4f37929a0a8a66d5143dd4d9638161353ff620457dad3905d1c192843ebc6d97da39959ed2b098f45845b54102f3a2d124ba8c23dc6e29858025344612e6f71b9d64bda94605f6af34060d6d3592941169d4f8a2245cc0e92191f1bff90da8ce7061dbcdf8c08b84d8764d0cc96224da544918dc7c67b4b3239c6111d18b9e7c1e940cfb2404d8188acf53726a3e5f6f9a3ebd70fac1b90be6197c3a230b65055a0fe6b613087bd4325c53a80e8a5beb3f47ba45359ca2f2d74a3e826ac3373340af109b9760b3c269083941322ce23a40ba74a389be2696bbbbcb6edaca7d1fa16959b894ab618dd7998771ffb96f9b2450cf8ed88c0cdf1ebfa3c0b754fad2aac6504a268d04734b43809551c723e97464e6a2a3097c67b147016d7adda849dea3c422ded1ff2934541a73a4c3d81fb5bb90632a3918b9dbd951e9f502341eb254f95dd4b983ae773dc98be7e1942bfbd125a065aa0c87f1c10e421adbb7c2fdace8a43c08a3ef9f0c6f0558a084000b4bf7945b9c27b0e63b7fcd8e57530498abd1e911d537d79c0510e199abd2d611e334e554101891419bc69f184f4375775b9da05b55a7c1082813383c22d67cba3edcf79b40a295affeb9e2d5d574b52eb261b05d15d4737186ab38ee0517bc364770835cd6557b415a8ef18772ff8f91f28efc7e159d5f923df8b0a1ef73520515546fe17c9fbf5ffcd454422402feebec347feaf6f9089d7369e1f721183a40d256410e243b3654217f207ba700c5cfc15bbbeb1eb3350336833e4b5958dddcd551d6b8356b44dcbe9cca29a7c83654501ebba7156642f1e2f71392f1a0fc8ae32aa7d6a89eca9d4731ba7c6f10e3639e6b202acc8f20b5d69a71d38c10f7c92df25651651e75b131909db1b6485e4990dada54f4907ff69b7c72c1212877cf14dfae474b5ab80cd05b23d890c7704acf8c7aeb5abf5ca74f08fc21bc50bd4a700dc1fd2c4ec95309d80c45d4e146ee85fcc5b816c57b0bfd0b73450abfd90e378ede2801d8f80fe2987cc48c8126503342a49834eed03aa4ccf92fe6e289ce4f6389be372183790e781bbc06e4cd51ebcb77685d50c20ba394e2deae0f3246a6216a0c9df9d052cbf5c4a52e6468e9617dfda1b1f6a44e9d72a15d6dd141804464e57a01a57ee0cea56e08b8790a47368df67229b342de64308c738942ec9713eef747b3e4750295b3be689dd45bc2db3d4134eb2bea0e2ddc9371905895584a311e39a7343067b744154f7bc5ff9b9d50d138508e52d9cbb5455199d60e09e9f405137dae6c5958756185053fdaccc872a467cae9d1f5c65c33156cccb341706fe224f7d2b12db59123d7e97f5e6a33243", &(0x7f00000004c0)=""/17, &(0x7f0000001540)="20f30bcc9e4ec82e62a4861dfd7bba68bca89daa80f4884e010a0a35fe9750d10c43228a7629319851896b4b0c6307c0133e538635c59e56befceef65f829ab8c46a43e9273af0c2ee366c80ae300c0c5967ac853633de4a8668e8fe", &(0x7f00000015c0)="6fe04d3d9ccda9ab059e4cac3f73d37fecd8f0a244cfd73441f30e30b076137acd98f474d7c0a8e2fab967f6311d9033fb2b882b076882ec8cb93c9fe30bc81e87c87aadf80d8253e291c4b757011800b8d5e583a72661856b4061c2cfcdc3776faf58f7ea85992c4fd640906a3956b016685deed29d02a6e2895ab1a79b0905f406c18633601cacde760595cf69587192770d8a226502041bc909abea4188887b82764afe8d1487c5c89859ee916cd1f665fc0f70", 0x0, r4}, 0x38) (async) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000340)=@bpf_lsm={0x1d, 0x5, &(0x7f0000000000)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0x7}, @initr0={0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x10001}, @call={0x85, 0x0, 0x0, 0x79}, @jmp={0x5, 0x0, 0x2, 0x2, 0x9, 0xfffffffffffffff8, 0x8}], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x93, &(0x7f0000000240)=""/147, 0x41000, 0x2, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f0000000080)={0x5, 0x5}, 0x8, 0x10, &(0x7f0000000100)={0x3, 0x9, 0xfffd, 0x5d}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000300)=[r1, 0xffffffffffffffff, r2]}, 0x80) (async) r5 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r5, 0x6, 0x23, 0x0, 0x0) (async) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r5, 0x6, 0x16, &(0x7f00000001c0)=[@timestamp, @sack_perm, @sack_perm, @window={0x3, 0x5, 0xfff}, @window={0x3, 0x9, 0x4395}], 0x5) 10:58:25 executing program 5: arch_prctl$ARCH_SET_CPUID(0x1012, 0x1) (async) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x400801, 0x0) ioctl$PPPIOCGDEBUG(r0, 0x80047441, &(0x7f00000000c0)) r1 = openat$vcs(0xffffffffffffff9c, 0x0, 0x2b0002, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@bloom_filter={0x1e, 0x0, 0x80000000, 0x3f, 0x1410, r1, 0x37ed, '\x00', 0x0, r1, 0x3, 0x1, 0x2, 0xc}, 0x48) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) 10:58:25 executing program 3: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000240)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000000)={0x50, 0x0, r0, {0x7, 0x24, 0x2, 0x820088, 0x6, 0x0, 0x4}}, 0x50) [ 2056.759725] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 [ 2056.766972] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2056.774234] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 10:58:25 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 57) 10:58:25 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@updsa={0xf0, 0x1a, 0xf03, 0x0, 0x0, {{@in=@local, @in=@loopback}, {@in6=@empty}, @in=@remote}}, 0xf0}}, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000140), 0x440000, 0x0) ioctl$PPPIOCSDEBUG(r2, 0x40047440, &(0x7f0000000180)=0x80) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1c, 0x71e, 0x2, 0xd9b, 0x110e, 0x1, 0x9, '\x00', 0x0, r1, 0x1, 0x4, 0x4}, 0x48) ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000040)={0x5, 0x0, 0xfffffff8, 0x4d113aeb, 0x6273}) socket$nl_xfrm(0x10, 0x3, 0x6) (async) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@updsa={0xf0, 0x1a, 0xf03, 0x0, 0x0, {{@in=@local, @in=@loopback}, {@in6=@empty}, @in=@remote}}, 0xf0}}, 0x0) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000140), 0x440000, 0x0) (async) ioctl$PPPIOCSDEBUG(r2, 0x40047440, &(0x7f0000000180)=0x80) (async) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) (async) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1c, 0x71e, 0x2, 0xd9b, 0x110e, 0x1, 0x9, '\x00', 0x0, r1, 0x1, 0x4, 0x4}, 0x48) (async) ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000040)={0x5, 0x0, 0xfffffff8, 0x4d113aeb, 0x6273}) (async) 10:58:25 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) (async) socket$inet_udplite(0x2, 0x2, 0x88) 10:58:25 executing program 3: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) (async) read$FUSE(0xffffffffffffffff, &(0x7f0000000240)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000000)={0x50, 0x0, r0, {0x7, 0x24, 0x2, 0x820088, 0x6, 0x0, 0x4}}, 0x50) 10:58:25 executing program 5: mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x33c98c4, 0x0) write$FUSE_WRITE(0xffffffffffffffff, &(0x7f0000000040)={0x18, 0x0, 0x0, {0x7}}, 0x18) openat$vcs(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) 10:58:25 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000001700)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB="2c726f6f746d6f64653d30303030303030303830302e30303021fdc92230303031303030302c757365721fc29c9dc41e", @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="b2ddc48eb75882c716573868e8058e90e2"]) (async, rerun: 32) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (rerun: 32) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) (async, rerun: 64) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (rerun: 64) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) getresuid(&(0x7f0000000400), &(0x7f0000000440), &(0x7f0000000480)) (async) ioctl$sock_inet6_tcp_SIOCINQ(r3, 0x541b, &(0x7f00000003c0)) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r2, 0x6, 0x23, 0x0, 0x0) (async, rerun: 64) ioctl$sock_inet6_tcp_SIOCATMARK(r2, 0x8905, &(0x7f0000000180)) (async, rerun: 64) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000001680), 0x4e204, 0x0) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000016c0)={&(0x7f0000000540)="80a6e5c2483db03796cc933a0f599b0f06ea279735985a609799cdc880a5a14460e07f10d1fd60327d425b4c91af8779ed36a27abaa9109146334faa459b178f7203735b09737d472e295a7d0c4137660a08fbee2c4b6887bdd81fb0e1cbbf840701b0f6a76afdce6d89cbe0cdf6f534cf9a5df7d76d34701d6b949284b51722054c1d0b62cb38582e154b9204db5a2744276b0ee80ca29066063a246a6ce49defd041d493bcfab57e3dd64e3dc9b05b3b5de7381a45622d1f9f489e470f26c9a4c768503844f49d4cd1a911ab0c09528e2e0f8fca62e431c98e5296891cc5ca75ad6ac6e394fcf5cd6e1fb97f7dd5c018591649c91527bae6766776a6cb672cfd6b3884ccfc50cf9a874297cb82350e234704c5897f6a62004e7977ae4f14d62d993323543e268355866dc59f19ba8abad5df2ca9b94b208facb0a7ed9dea9ca799c5fd476605d1cb4d57d7743e5b3dac07fb41e64a246fbc6b182624ba8bad691264cb1ffc5bb84d4cb7b6ec52932c5b5e3aa265eaf9ce14cea336bdda09fefc8ef9b9b256760000580edb72fa46dfd9c79b08099b604308538cd3690436b9df230a536f174f6af14af7c0b7a34ba8618456848199aff0565cba370b9cb9b6cf698893f3e0f97663cc062d952b3610b736910e67c3e2812c54540a2f2e35e2cc48891fa8bc5bd945fa249124bf249800d4c7c8067fd053df96640e2c89ebaa3bd3f7eafa4795414bde9ba8cab4c1c722485f4aa2d9cf9618873251c381285b88b639fe7488a3fab73081cdf00297adeef67a472e65d503703643573bb233d6c3ffa8eaaea1d54ac2f2d9afb8ea93306a0cb7627e6cf136707fc4687e225cdbe391ca447f9782ba3c4fa52880bfc9919791a99a64795cf3511a14375c8d97f30cda6e0ca0c61d77106f1b35e54554f6349e09b463c3e8bc3350025377898ab9e34d23a47b86e38f6d63d19815a16b40c2db12379fd79e0c4310fad88b762852aa117bfdef7f681d7a223d882e00d189512c605f01285117e2f75f8ae3ad4e3b5cd542f4da9f1b109778e758e58956790a3757712c4b4dc2df801f8efe095c146942a85a8401354e90b6e4a1d7dde42707230c12305d74b5e0937de2b8f07d658e8a99978e96771c67c199dd5dcdd4b6899746046058ba6d8809c70ae9b6cd0c5b58bd5ddb2a5ba27190efc2d411734c30da4872ffd65bbbc12969807b2016919ba291845fce3c8cbdb3168febb4307f22e75753c4e9f98308b6c753779595f72bcab4fed98afdb179bfe0b451171851c9eb0617c5ebe7ac24c01709d3d0e2fb8ffa9c511a6894b30a8b277692d2c736c0de8f0aef9ff59ffa8689f552a14ed55227a63133fb90ec59fbc7e62b1fa283b1e5b4e1e8e94d7ceb1e58fa6237ffcd174ae613b67728516ff0d3d1852a8c2803f7de4c903be32464234c505c1b43359d148bc6887bb53e0cd640d6324ab2be99bfc62af333f28bab4bedef3e9094b4908fb6fff22ad3d881e6c1120eef01349c1f99005b7118a471bbcbc80c92afa1ff12b7efc0bc310067ad9bebca0e4fcde12220c4dcab7e3a39d69e1c4cc0bbae2027c442b99517a7995cd233343ce738dafbed335e2e645514f004da11140fb8365ce5cbdc68e3b0b38a83b8560e4283eea511e364ae8d6de8bc161c6785eedc5172d6b5b99a36a99ffe70d0f367004c08475c1abe0c9e0532cef4a699eeadaac88a220ea1715a32efa0ae0ab41c33e566fcc10aab8feee2076d322474c213af5e20f254a705605eec06543e40b62e336c21fe4ad69e335ca171444a5b0fe47075269c59d273cb518735bc61f1c85b0610b04c2b9e2787f84f06afcb4c5b9d5dcf14bdb5a95b516dade8d41cf00f19e5e1f0efb7274341b5cfe071a5c05c2a5d0ade1374a07682b01c5813b151620cb9d95784e33a0d7e1180863b99f52622b80f8a7da5c511fa0ff11d7875fa31e7c2d22c39f59f2e4af83a173f8a23b1a275c373937ccad54acc17adcd61a7e6cb98507d60462496d56cb97a956d6e241b9ddcab03ed0dbf51fffdd87feb2ddbd21eb699e4d58b1455f7d2087eebf009f89cef99cbbbe9fb995bb8495ee05ac96ed0921fdee7f79af463e8b7f3259f4a145eaf1bfa9a94a84168a1e722843c8d14dc9b6537b7408eb1851e030f270e22b2bd2e087219b26b513ee7c9e8d61c2245a54e05308bf9c813c6d7102b0f02409dae2db6e27f262e13e0f317eddaebefdf4e4284f5a59ef7d83c8b06e23654efdc3130c804a52f5095b0a6a2b2f6d04c842e55e82ba3af839ae6d469a970cc9598a9ce651d0d5ef04c8ae7c05c6ee4a8e5bb78d6b470d9b79da55adf0db6068ee67752892c2b1f7306ccdefc2a4d7924e63e955d73efede37abb88e375daf45787caab076d210256973c1955665f7bbef2fcc0fd6fdf998bfa8ad59cf4ccace88af2457bdb9e6ba3bcef54a53bb327d742d397dccd29ea4d50ad4cbd236ff46981a52d77eaba4fdb4ba8ed6b6f4a33e2cd0203c1fe5e4922162a25b8038a0a2a69654e711af152773851838fd3028f0e6eba048a2231265170840cdc6f81c5cacc0d307113d1fd54fb0266851bdf2c352503aaeec18d0f15101a4e263c629cfe9e3d6e34d99daaff55c443e04423ed822348532f12da4462ac3722eaed0d06b4bdfa55f142fd177bd4221c91ca9b39289ba85a1b90bc34e6e99b91968ca9c98105b5d0358c5ecc2a244b8e2efbfec62074c8684240546f6129d6ac50a2eaaaa482f11da9d11465709396149c94c73d001060212feaa82e816717c355ef5c869e7702863da235f1939aeba84e12eefd93ab5c1f7f717bccb59bf70794305f65c94d06462b5898ff341a685a1a1fcb55bf02d2238dbe0f512447052382d9de6e4f80aaad07ae0b1e9a211402a5a33165dc4920fe3347a606a86e0b59027ac40c88aa5d54d0460c2cbfad29cd6abcca4b339b5e2d0e580b6cf2b7e3b95aaaba294094d51fa5895535517eb20271ab78efb1da39a3a6ec1a2b5c8474c853085245a03f5151c649c54696a194000bc1092f4c5a0bff857d3bc62a41ac3347a0cddbd6d7c85f3c9bb7eb48c7ddb37f717898a9d04839c5db2b55a567b05171654feda251a5906ce86fa40411cf795f4772372ed3d7d9484d819700576800bd0c615cd5aadfc53f3d49987a0c4ed820c3d3046b5aefd83bae7ced8f39f5cab605187de40bfee54caa90efd38279f331e2aa834b08e363ba1a467b79f0a24bd0f41322dd8aadd990aec165e861605a8ae1559c604b40a71de748971925f7b0f6714f19efcf8f9bdad1b249c298c3b095b5a29c4f5b423a22f930597d6df9e6f1dab034cdd9c8d618c8a8e6b79aa44f29a4de9cf74298961d04d2784c7ba36a06fcb5a3591629abbd973f9163ad08039c559761b45a44dc73f77016b61aad70708d86d4fc5a8a7d12577b8fc22da7314e27cc0300da81b720caaacdfb631604efe10e7637e63f7d1363852bab69aa91969453d211eba5d4a3472cd2503c34ba666c4d27f42928c91b4664fc6c2273f9cb584589f87e04fa56fc722f82169de565ca8d5509202a2564997aa612dac724c6b4cb38f1ac734026a01af218aa2eca961b8c4e053d258c34ce80b60f10053edf973213333eacddc439dd42cc0024b649e667f31462d27d4a52d9dc3205cd45c2e56fe3c54bee0e0d559e68e4b99f57e0f41a6be955a26e93baf96573e5c71305bc3070369ffc55942719cc2dbdbe262808132d1ca1f09f4529226d99607d480e376191ed79155cf2649ee7ff6e070a7e60621f0b12af142280242fc3e0e8182c3ad8ba6f5b8798d61ec46d46a5e602dc08500c97d5f9274176fffc4bad6587af68d0bf507189e5692d8ee2af2032fd99e9d9f312633c6b1d698ec274e43c3f7c709c9a81ff28ae46570d8f3e1855bb9a98331c60c0de41950ee7baf75fca1c56dd623625515af00090ef1f0dc22c398a16a26d8a963de02996441f03e8248d110852bb22dd166dd9b666810d7810c24a40f407be1204ec1b0dd1584e1ad945791debd34e033b0e2bc63f681528d0844ada6253eec3313ab89e4472ea5eacd0398a776673ccb85c89d93573561530980719df0dfbe4788d04568c022e8e1748077da574795c490d868ec13b92911074ba5d5151617c15ef2ea5ad6080c31f9cc020fdb17b4d4cd10e52d9a19cbcc6d9f2dc6fa59437329f617e047c08eaf510a6baa4484f306c172b13ee4c77ee186b83640c29d57a1c477da8bef290b823cf53304a8e4e563fb0638e7f45dd2254adcd034498f40b7d3b06c2e6cfbce64aa4e2669c34f7e278ff0b40dbe31d0d63b9fe64539a1d64cf6d5386bb9b89b853c3cddee8b3592f6be0285569945b38a38bfa5f3046e44aa631b33eb2d3a48171dc1b90caec86c30d5ae88d3d546eecff3e0f0772f4f37929a0a8a66d5143dd4d9638161353ff620457dad3905d1c192843ebc6d97da39959ed2b098f45845b54102f3a2d124ba8c23dc6e29858025344612e6f71b9d64bda94605f6af34060d6d3592941169d4f8a2245cc0e92191f1bff90da8ce7061dbcdf8c08b84d8764d0cc96224da544918dc7c67b4b3239c6111d18b9e7c1e940cfb2404d8188acf53726a3e5f6f9a3ebd70fac1b90be6197c3a230b65055a0fe6b613087bd4325c53a80e8a5beb3f47ba45359ca2f2d74a3e826ac3373340af109b9760b3c269083941322ce23a40ba74a389be2696bbbbcb6edaca7d1fa16959b894ab618dd7998771ffb96f9b2450cf8ed88c0cdf1ebfa3c0b754fad2aac6504a268d04734b43809551c723e97464e6a2a3097c67b147016d7adda849dea3c422ded1ff2934541a73a4c3d81fb5bb90632a3918b9dbd951e9f502341eb254f95dd4b983ae773dc98be7e1942bfbd125a065aa0c87f1c10e421adbb7c2fdace8a43c08a3ef9f0c6f0558a084000b4bf7945b9c27b0e63b7fcd8e57530498abd1e911d537d79c0510e199abd2d611e334e554101891419bc69f184f4375775b9da05b55a7c1082813383c22d67cba3edcf79b40a295affeb9e2d5d574b52eb261b05d15d4737186ab38ee0517bc364770835cd6557b415a8ef18772ff8f91f28efc7e159d5f923df8b0a1ef73520515546fe17c9fbf5ffcd454422402feebec347feaf6f9089d7369e1f721183a40d256410e243b3654217f207ba700c5cfc15bbbeb1eb3350336833e4b5958dddcd551d6b8356b44dcbe9cca29a7c83654501ebba7156642f1e2f71392f1a0fc8ae32aa7d6a89eca9d4731ba7c6f10e3639e6b202acc8f20b5d69a71d38c10f7c92df25651651e75b131909db1b6485e4990dada54f4907ff69b7c72c1212877cf14dfae474b5ab80cd05b23d890c7704acf8c7aeb5abf5ca74f08fc21bc50bd4a700dc1fd2c4ec95309d80c45d4e146ee85fcc5b816c57b0bfd0b73450abfd90e378ede2801d8f80fe2987cc48c8126503342a49834eed03aa4ccf92fe6e289ce4f6389be372183790e781bbc06e4cd51ebcb77685d50c20ba394e2deae0f3246a6216a0c9df9d052cbf5c4a52e6468e9617dfda1b1f6a44e9d72a15d6dd141804464e57a01a57ee0cea56e08b8790a47368df67229b342de64308c738942ec9713eef747b3e4750295b3be689dd45bc2db3d4134eb2bea0e2ddc9371905895584a311e39a7343067b744154f7bc5ff9b9d50d138508e52d9cbb5455199d60e09e9f405137dae6c5958756185053fdaccc872a467cae9d1f5c65c33156cccb341706fe224f7d2b12db59123d7e97f5e6a33243", &(0x7f00000004c0)=""/17, &(0x7f0000001540)="20f30bcc9e4ec82e62a4861dfd7bba68bca89daa80f4884e010a0a35fe9750d10c43228a7629319851896b4b0c6307c0133e538635c59e56befceef65f829ab8c46a43e9273af0c2ee366c80ae300c0c5967ac853633de4a8668e8fe", &(0x7f00000015c0)="6fe04d3d9ccda9ab059e4cac3f73d37fecd8f0a244cfd73441f30e30b076137acd98f474d7c0a8e2fab967f6311d9033fb2b882b076882ec8cb93c9fe30bc81e87c87aadf80d8253e291c4b757011800b8d5e583a72661856b4061c2cfcdc3776faf58f7ea85992c4fd640906a3956b016685deed29d02a6e2895ab1a79b0905f406c18633601cacde760595cf69587192770d8a226502041bc909abea4188887b82764afe8d1487c5c89859ee916cd1f665fc0f70", 0x0, r4}, 0x38) (async) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000340)=@bpf_lsm={0x1d, 0x5, &(0x7f0000000000)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0x7}, @initr0={0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x10001}, @call={0x85, 0x0, 0x0, 0x79}, @jmp={0x5, 0x0, 0x2, 0x2, 0x9, 0xfffffffffffffff8, 0x8}], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x93, &(0x7f0000000240)=""/147, 0x41000, 0x2, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f0000000080)={0x5, 0x5}, 0x8, 0x10, &(0x7f0000000100)={0x3, 0x9, 0xfffd, 0x5d}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000300)=[r1, 0xffffffffffffffff, r2]}, 0x80) r5 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r5, 0x6, 0x23, 0x0, 0x0) (async) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r5, 0x6, 0x16, &(0x7f00000001c0)=[@timestamp, @sack_perm, @sack_perm, @window={0x3, 0x5, 0xfff}, @window={0x3, 0x9, 0x4395}], 0x5) 10:58:25 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) (async) socket$inet_udplite(0x2, 0x2, 0x88) (async) 10:58:25 executing program 3: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000240)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000000)={0x50, 0x0, r0, {0x7, 0x24, 0x2, 0x820088, 0x6, 0x0, 0x4}}, 0x50) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) (async) read$FUSE(0xffffffffffffffff, &(0x7f0000000240)={0x2020}, 0x2020) (async) write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000000)={0x50, 0x0, r0, {0x7, 0x24, 0x2, 0x820088, 0x6, 0x0, 0x4}}, 0x50) (async) 10:58:25 executing program 5: mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x33c98c4, 0x0) (async) write$FUSE_WRITE(0xffffffffffffffff, &(0x7f0000000040)={0x18, 0x0, 0x0, {0x7}}, 0x18) openat$vcs(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) 10:58:25 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00', 0x0, 0x4}, 0x10) 10:58:25 executing program 3: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) r3 = bpf$ITER_CREATE(0x21, &(0x7f0000000480), 0x8) getresgid(&(0x7f00000004c0), &(0x7f0000000500)=0x0, &(0x7f0000000540)) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x100000, &(0x7f0000000580)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, 0xffffffffffffffff}, 0x2c, {'group_id', 0x3d, r4}, 0x2c, {[{@default_permissions}], [{@measure}, {@appraise}, {@dont_hash}, {@subj_role={'subj_role', 0x3d, '!]'}}, {@hash}]}}) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r0}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r2}}]}}) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x102000, &(0x7f0000000080)={{}, 0x2c, {'rootmode', 0x3d, 0x8000}, 0x2c, {'user_id', 0x3d, 0xee01}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[{@max_read={'max_read', 0x3d, 0xfffffffffffffffe}}, {@blksize={'blksize', 0x3d, 0xc00}}, {@blksize}], [{@fsuuid={'fsuuid', 0x3d, {[0x65, 0x39, 0x37, 0x36, 0x39, 0x66, 0x61, 0x66], 0x2d, [0x0, 0x34, 0x61, 0x30], 0x2d, [0x6e, 0x62, 0x33, 0x66], 0x2d, [0x33, 0x37, 0x64, 0x31], 0x2d, [0x34, 0x34, 0x36, 0x36, 0x38, 0x61, 0x61, 0x64]}}}, {@obj_role={'obj_role', 0x3d, '!]'}}]}}) 10:58:25 executing program 5: mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x33c98c4, 0x0) write$FUSE_WRITE(0xffffffffffffffff, &(0x7f0000000040)={0x18, 0x0, 0x0, {0x7}}, 0x18) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) [ 2056.880549] FAULT_INJECTION: forcing a failure. [ 2056.880549] name failslab, interval 1, probability 0, space 0, times 0 [ 2056.910422] CPU: 1 PID: 25106 Comm: syz-executor.1 Not tainted 4.14.286-syzkaller #0 10:58:25 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 58) [ 2056.918355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2056.918359] Call Trace: [ 2056.918374] dump_stack+0x1b2/0x281 [ 2056.918389] should_fail.cold+0x10a/0x149 [ 2056.918404] should_failslab+0xd6/0x130 [ 2056.918417] kmem_cache_alloc_trace+0x29a/0x3d0 [ 2056.918429] ? kobj_ns_drop+0x80/0x80 [ 2056.918443] call_usermodehelper_setup+0x73/0x2e0 [ 2056.918456] kobject_uevent_env+0xc21/0xf30 [ 2056.918476] device_add+0xa47/0x15c0 [ 2056.918488] ? device_is_dependent+0x2a0/0x2a0 [ 2056.918496] ? kfree+0x1f0/0x250 [ 2056.918509] device_create_groups_vargs+0x1dc/0x250 [ 2056.918521] device_create_vargs+0x3a/0x50 [ 2056.918536] bdi_register_va.part.0+0x35/0x650 [ 2056.918549] bdi_register_va+0x63/0x80 [ 2056.918560] super_setup_bdi_name+0x123/0x220 [ 2056.918571] ? kill_block_super+0xe0/0xe0 [ 2056.918583] ? do_raw_spin_unlock+0x164/0x220 [ 2056.918599] fuse_fill_super+0x937/0x15c0 [ 2056.918611] ? fuse_get_root_inode+0xc0/0xc0 [ 2056.918621] ? up_write+0x17/0x60 [ 2056.918628] ? register_shrinker+0x15f/0x220 [ 2056.918637] ? sget_userns+0x768/0xc10 [ 2056.918652] ? get_anon_bdev+0x1c0/0x1c0 [ 2056.918658] ? sget+0xd9/0x110 [ 2056.918668] ? fuse_get_root_inode+0xc0/0xc0 [ 2056.918676] mount_nodev+0x4c/0xf0 [ 2056.918686] mount_fs+0x92/0x2a0 [ 2056.918699] vfs_kern_mount.part.0+0x5b/0x470 [ 2056.918710] do_mount+0xe65/0x2a30 [ 2056.918719] ? do_raw_spin_unlock+0x164/0x220 [ 2056.918732] ? copy_mount_string+0x40/0x40 [ 2056.918745] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 2056.918755] ? copy_mnt_ns+0xa30/0xa30 [ 2056.918766] ? copy_mount_options+0x1fa/0x2f0 [ 2056.918776] ? copy_mnt_ns+0xa30/0xa30 [ 2056.918786] SyS_mount+0xa8/0x120 [ 2056.918794] ? copy_mnt_ns+0xa30/0xa30 [ 2056.918805] do_syscall_64+0x1d5/0x640 [ 2056.918820] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2056.918827] RIP: 0033:0x7fc09e230109 [ 2056.918832] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2056.918843] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 [ 2056.918849] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 [ 2056.918855] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 [ 2056.918861] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2056.918867] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 [ 2056.988912] FAULT_INJECTION: forcing a failure. [ 2056.988912] name failslab, interval 1, probability 0, space 0, times 0 [ 2056.988924] CPU: 1 PID: 25130 Comm: syz-executor.1 Not tainted 4.14.286-syzkaller #0 [ 2056.988930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2056.988932] Call Trace: [ 2056.988945] dump_stack+0x1b2/0x281 [ 2056.988960] should_fail.cold+0x10a/0x149 [ 2056.988974] should_failslab+0xd6/0x130 [ 2056.988987] kmem_cache_alloc_trace+0x29a/0x3d0 [ 2056.988998] ? kobj_ns_drop+0x80/0x80 [ 2056.989009] call_usermodehelper_setup+0x73/0x2e0 [ 2056.989021] kobject_uevent_env+0xc21/0xf30 [ 2056.989040] device_add+0xa47/0x15c0 [ 2056.989051] ? device_is_dependent+0x2a0/0x2a0 [ 2056.989059] ? kfree+0x1f0/0x250 [ 2056.989073] device_create_groups_vargs+0x1dc/0x250 [ 2056.989083] device_create_vargs+0x3a/0x50 [ 2056.989095] bdi_register_va.part.0+0x35/0x650 [ 2056.989107] bdi_register_va+0x63/0x80 [ 2056.989118] super_setup_bdi_name+0x123/0x220 [ 2056.989127] ? kill_block_super+0xe0/0xe0 [ 2056.989138] ? do_raw_spin_unlock+0x164/0x220 [ 2056.989154] fuse_fill_super+0x937/0x15c0 [ 2056.989165] ? fuse_get_root_inode+0xc0/0xc0 [ 2057.276049] ? up_write+0x17/0x60 [ 2057.276060] ? register_shrinker+0x15f/0x220 [ 2057.283900] ? sget_userns+0x768/0xc10 [ 2057.283917] ? get_anon_bdev+0x1c0/0x1c0 [ 2057.291844] ? sget+0xd9/0x110 [ 2057.291856] ? fuse_get_root_inode+0xc0/0xc0 [ 2057.291866] mount_nodev+0x4c/0xf0 [ 2057.302968] mount_fs+0x92/0x2a0 [ 2057.302982] vfs_kern_mount.part.0+0x5b/0x470 [ 2057.310834] do_mount+0xe65/0x2a30 [ 2057.310845] ? do_raw_spin_unlock+0x164/0x220 [ 2057.318868] ? copy_mount_string+0x40/0x40 [ 2057.318881] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 2057.328114] ? copy_mnt_ns+0xa30/0xa30 10:58:26 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@updsa={0xf0, 0x1a, 0xf03, 0x0, 0x0, {{@in=@local, @in=@loopback}, {@in6=@empty}, @in=@remote}}, 0xf0}}, 0x0) (async) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (async) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000140), 0x440000, 0x0) ioctl$PPPIOCSDEBUG(r2, 0x40047440, &(0x7f0000000180)=0x80) (async) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1c, 0x71e, 0x2, 0xd9b, 0x110e, 0x1, 0x9, '\x00', 0x0, r1, 0x1, 0x4, 0x4}, 0x48) ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000040)={0x5, 0x0, 0xfffffff8, 0x4d113aeb, 0x6273}) 10:58:26 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00', 0x0, 0x4}, 0x10) 10:58:26 executing program 3: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) (async) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) (async) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) (async, rerun: 64) r3 = bpf$ITER_CREATE(0x21, &(0x7f0000000480), 0x8) (rerun: 64) getresgid(&(0x7f00000004c0), &(0x7f0000000500)=0x0, &(0x7f0000000540)) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x100000, &(0x7f0000000580)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, 0xffffffffffffffff}, 0x2c, {'group_id', 0x3d, r4}, 0x2c, {[{@default_permissions}], [{@measure}, {@appraise}, {@dont_hash}, {@subj_role={'subj_role', 0x3d, '!]'}}, {@hash}]}}) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r0}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r2}}]}}) (async) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x102000, &(0x7f0000000080)={{}, 0x2c, {'rootmode', 0x3d, 0x8000}, 0x2c, {'user_id', 0x3d, 0xee01}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[{@max_read={'max_read', 0x3d, 0xfffffffffffffffe}}, {@blksize={'blksize', 0x3d, 0xc00}}, {@blksize}], [{@fsuuid={'fsuuid', 0x3d, {[0x65, 0x39, 0x37, 0x36, 0x39, 0x66, 0x61, 0x66], 0x2d, [0x0, 0x34, 0x61, 0x30], 0x2d, [0x6e, 0x62, 0x33, 0x66], 0x2d, [0x33, 0x37, 0x64, 0x31], 0x2d, [0x34, 0x34, 0x36, 0x36, 0x38, 0x61, 0x61, 0x64]}}}, {@obj_role={'obj_role', 0x3d, '!]'}}]}}) 10:58:26 executing program 5: r0 = getpgid(0x0) ptrace$poke(0xffffffffffffffff, r0, 0x0, 0x0) r1 = getpgid(0x0) ptrace$poke(0xffffffffffffffff, r1, 0x0, 0x0) prctl$PR_SET_PTRACER(0x59616d61, r0) [ 2057.328126] ? copy_mount_options+0x1fa/0x2f0 [ 2057.328135] ? copy_mnt_ns+0xa30/0xa30 [ 2057.328146] SyS_mount+0xa8/0x120 [ 2057.328155] ? copy_mnt_ns+0xa30/0xa30 [ 2057.328167] do_syscall_64+0x1d5/0x640 [ 2057.328183] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2057.328191] RIP: 0033:0x7fc09e230109 10:58:26 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) read$FUSE(r0, &(0x7f0000000240)={0x2020, 0x0, 0x0, 0x0}, 0x2020) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r5 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r5}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {'user_id', 0x3d, r6}, 0x2c, {'group_id', 0x3d, r4}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1600}}, {@default_permissions}], [{@dont_hash}]}}) getresgid(&(0x7f00000001c0), &(0x7f00000023c0), &(0x7f0000002400)=0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000180), 0x200c00, &(0x7f0000002580)={{'fd', 0x3d, r5}, 0x2c, {'rootmode', 0x3d, 0xa000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r7}, 0x2c, {[{@blksize={'blksize', 0x3d, 0x200}}, {@blksize={'blksize', 0x3d, 0x400}}, {@max_read={'max_read', 0x3d, 0x5}}, {@max_read={'max_read', 0x3d, 0x4c}}], [{@smackfsdef={'smackfsdef', 0x3d, '-)#%!'}}, {@func={'func', 0x3d, 'FILE_MMAP'}}, {@uid_eq={'uid', 0x3d, r3}}, {@rootcontext={'rootcontext', 0x3d, 'root'}}, {@smackfsroot={'smackfsroot', 0x3d, 'fuse\x00'}}]}}) write$FUSE_DIRENT(r1, &(0x7f0000002280)={0x130, 0xb9e01f4b9d27e1f4, r2, [{0x5, 0x0, 0x8, 0x6, 'rootmode'}, {0x5, 0x5, 0x5, 0x7, '\xd5#\\(['}, {0x4, 0x7fffffff, 0x8, 0x8, 'group_id'}, {0x6, 0x7fff, 0x5, 0x8, 'fuse\x00'}, {0x4, 0x40, 0x8, 0x5, 'group_id'}, {0x4, 0xfffffffffffffff7, 0x8, 0x2, 'group_id'}, {0x6, 0x4, 0x3, 0x5, 'q\','}, {0x1, 0x9, 0x7, 0x7fffffff, 'user_id'}, {0x0, 0x6, 0x1, 0x7, ']'}]}, 0x130) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) 10:58:26 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 59) 10:58:26 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) (async) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00', 0x0, 0x4}, 0x10) 10:58:26 executing program 5: r0 = getpgid(0x0) ptrace$poke(0xffffffffffffffff, r0, 0x0, 0x0) r1 = getpgid(0x0) ptrace$poke(0xffffffffffffffff, r1, 0x0, 0x0) prctl$PR_SET_PTRACER(0x59616d61, r0) getpgid(0x0) (async) ptrace$poke(0xffffffffffffffff, r0, 0x0, 0x0) (async) getpgid(0x0) (async) ptrace$poke(0xffffffffffffffff, r1, 0x0, 0x0) (async) prctl$PR_SET_PTRACER(0x59616d61, r0) (async) 10:58:26 executing program 3: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) r3 = bpf$ITER_CREATE(0x21, &(0x7f0000000480), 0x8) getresgid(&(0x7f00000004c0), &(0x7f0000000500)=0x0, &(0x7f0000000540)) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x100000, &(0x7f0000000580)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, 0xffffffffffffffff}, 0x2c, {'group_id', 0x3d, r4}, 0x2c, {[{@default_permissions}], [{@measure}, {@appraise}, {@dont_hash}, {@subj_role={'subj_role', 0x3d, '!]'}}, {@hash}]}}) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r0}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r2}}]}}) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x102000, &(0x7f0000000080)={{}, 0x2c, {'rootmode', 0x3d, 0x8000}, 0x2c, {'user_id', 0x3d, 0xee01}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[{@max_read={'max_read', 0x3d, 0xfffffffffffffffe}}, {@blksize={'blksize', 0x3d, 0xc00}}, {@blksize}], [{@fsuuid={'fsuuid', 0x3d, {[0x65, 0x39, 0x37, 0x36, 0x39, 0x66, 0x61, 0x66], 0x2d, [0x0, 0x34, 0x61, 0x30], 0x2d, [0x6e, 0x62, 0x33, 0x66], 0x2d, [0x33, 0x37, 0x64, 0x31], 0x2d, [0x34, 0x34, 0x36, 0x36, 0x38, 0x61, 0x61, 0x64]}}}, {@obj_role={'obj_role', 0x3d, '!]'}}]}}) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) (async) getresuid(&(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100)) (async) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)) (async) getresuid(&(0x7f0000000200), &(0x7f0000000240), &(0x7f0000000280)) (async) bpf$ITER_CREATE(0x21, &(0x7f0000000480), 0x8) (async) getresgid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)) (async) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x100000, &(0x7f0000000580)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, 0xffffffffffffffff}, 0x2c, {'group_id', 0x3d, r4}, 0x2c, {[{@default_permissions}], [{@measure}, {@appraise}, {@dont_hash}, {@subj_role={'subj_role', 0x3d, '!]'}}, {@hash}]}}) (async) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r0}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r2}}]}}) (async) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x102000, &(0x7f0000000080)={{}, 0x2c, {'rootmode', 0x3d, 0x8000}, 0x2c, {'user_id', 0x3d, 0xee01}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[{@max_read={'max_read', 0x3d, 0xfffffffffffffffe}}, {@blksize={'blksize', 0x3d, 0xc00}}, {@blksize}], [{@fsuuid={'fsuuid', 0x3d, {[0x65, 0x39, 0x37, 0x36, 0x39, 0x66, 0x61, 0x66], 0x2d, [0x0, 0x34, 0x61, 0x30], 0x2d, [0x6e, 0x62, 0x33, 0x66], 0x2d, [0x33, 0x37, 0x64, 0x31], 0x2d, [0x34, 0x34, 0x36, 0x36, 0x38, 0x61, 0x61, 0x64]}}}, {@obj_role={'obj_role', 0x3d, '!]'}}]}}) (async) 10:58:26 executing program 5: r0 = getpgid(0x0) ptrace$poke(0xffffffffffffffff, r0, 0x0, 0x0) r1 = getpgid(0x0) ptrace$poke(0xffffffffffffffff, r1, 0x0, 0x0) (async, rerun: 64) prctl$PR_SET_PTRACER(0x59616d61, r0) (rerun: 64) 10:58:26 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r4}, 0x2c, {'group_id', 0x3d, r5}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r6}}]}}) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x84001, &(0x7f00000000c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, 0xffffffffffffffff}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x9}}, {@blksize={'blksize', 0x3d, 0x1a00}}, {@blksize={'blksize', 0x3d, 0xc00}}, {@allow_other}], [{@smackfstransmute={'smackfstransmute', 0x3d, '.\xc6,'}}, {@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}, {@uid_eq={'uid', 0x3d, r6}}, {@func={'func', 0x3d, 'MMAP_CHECK'}}, {@obj_role={'obj_role', 0x3d, ',.+\xa9'}}]}}) [ 2057.328196] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2057.328206] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 [ 2057.328212] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 [ 2057.328218] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 [ 2057.328224] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2057.328230] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 10:58:26 executing program 5: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x40140, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_PD_GET(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x18, 0x140e, 0x800, 0x70bd29, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_RES_PDN={0x8, 0x3c, 0x2}]}, 0x18}, 0x1, 0x0, 0x0, 0x10}, 0x4) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) [ 2057.492692] FAULT_INJECTION: forcing a failure. [ 2057.492692] name failslab, interval 1, probability 0, space 0, times 0 [ 2057.508320] CPU: 0 PID: 25176 Comm: syz-executor.1 Not tainted 4.14.286-syzkaller #0 [ 2057.516219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2057.525567] Call Trace: [ 2057.528172] dump_stack+0x1b2/0x281 [ 2057.531778] should_fail.cold+0x10a/0x149 [ 2057.535904] should_failslab+0xd6/0x130 [ 2057.539856] kmem_cache_alloc+0x28e/0x3c0 [ 2057.543980] __d_alloc+0x2a/0xa20 [ 2057.547414] ? d_lookup+0x172/0x220 [ 2057.551033] d_alloc+0x46/0x240 [ 2057.554291] __lookup_hash+0x101/0x270 [ 2057.558171] ? __inode_permission+0xcd/0x2f0 [ 2057.562569] lookup_one_len+0x279/0x3a0 [ 2057.566546] ? lookup_one_len_unlocked+0x410/0x410 [ 2057.571462] start_creating+0xb0/0x200 [ 2057.575342] __debugfs_create_file+0x4f/0x440 [ 2057.579822] ? debugfs_create_file+0x37/0x60 [ 2057.584320] bdi_register_va.part.0+0x1f4/0x650 [ 2057.588985] bdi_register_va+0x63/0x80 [ 2057.592854] super_setup_bdi_name+0x123/0x220 [ 2057.597330] ? kill_block_super+0xe0/0xe0 [ 2057.601457] ? do_raw_spin_unlock+0x164/0x220 [ 2057.605944] fuse_fill_super+0x937/0x15c0 [ 2057.610085] ? fuse_get_root_inode+0xc0/0xc0 [ 2057.614479] ? up_write+0x17/0x60 [ 2057.617912] ? register_shrinker+0x15f/0x220 [ 2057.622314] ? sget_userns+0x768/0xc10 [ 2057.626186] ? get_anon_bdev+0x1c0/0x1c0 [ 2057.630233] ? sget+0xd9/0x110 [ 2057.633429] ? fuse_get_root_inode+0xc0/0xc0 [ 2057.637829] mount_nodev+0x4c/0xf0 [ 2057.641349] mount_fs+0x92/0x2a0 [ 2057.644720] vfs_kern_mount.part.0+0x5b/0x470 [ 2057.649195] do_mount+0xe65/0x2a30 [ 2057.652719] ? copy_mount_string+0x40/0x40 [ 2057.656934] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 2057.661928] ? copy_mnt_ns+0xa30/0xa30 [ 2057.665879] ? copy_mount_options+0x1fa/0x2f0 [ 2057.670352] ? copy_mnt_ns+0xa30/0xa30 [ 2057.674220] SyS_mount+0xa8/0x120 [ 2057.677666] ? copy_mnt_ns+0xa30/0xa30 [ 2057.681540] do_syscall_64+0x1d5/0x640 [ 2057.685420] entry_SYSCALL_64_after_hwframe+0x46/0xbb 10:58:26 executing program 5: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x40140, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_PD_GET(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x18, 0x140e, 0x800, 0x70bd29, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_RES_PDN={0x8, 0x3c, 0x2}]}, 0x18}, 0x1, 0x0, 0x0, 0x10}, 0x4) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x40140, 0x0) (async) sendmsg$RDMA_NLDEV_CMD_RES_PD_GET(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x18, 0x140e, 0x800, 0x70bd29, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_RES_PDN={0x8, 0x3c, 0x2}]}, 0x18}, 0x1, 0x0, 0x0, 0x10}, 0x4) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) (async) 10:58:26 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="f00000001a00030f0000000000000000ac1414aa0000000000000000000000007f00000100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000ac1414bb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e500"/168], 0xf0}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x17, 0xd, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x401}, [@cb_func={0x18, 0x4, 0x4, 0x0, 0x6}, @map_idx={0x18, 0x3, 0x5, 0x0, 0x7}, @ldst={0x2, 0x1, 0x3, 0x3, 0xa, 0x0, 0xfffffffffffffff0}, @initr0={0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xfffffffc}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x4}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x4}, @alu={0x4, 0x0, 0x1, 0x7, 0x5, 0xffffffffffffffff, 0x8}]}, &(0x7f0000000040)='syzkaller\x00', 0x70, 0x1000, &(0x7f00000003c0)=""/4096, 0x41100, 0x8, '\x00', 0x0, 0x14, 0xffffffffffffffff, 0x8, &(0x7f0000000140)={0x6, 0x5}, 0x8, 0x10, &(0x7f0000000180)={0x0, 0x9, 0x5, 0x3}, 0x10, 0xffffffffffffffff}, 0x80) 10:58:26 executing program 3: mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x213018, 0x0) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000080)={&(0x7f0000000000)='./file0\x00'}, 0x10) 10:58:26 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r4}, 0x2c, {'group_id', 0x3d, r5}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r6}}]}}) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x84001, &(0x7f00000000c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, 0xffffffffffffffff}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x9}}, {@blksize={'blksize', 0x3d, 0x1a00}}, {@blksize={'blksize', 0x3d, 0xc00}}, {@allow_other}], [{@smackfstransmute={'smackfstransmute', 0x3d, '.\xc6,'}}, {@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}, {@uid_eq={'uid', 0x3d, r6}}, {@func={'func', 0x3d, 'MMAP_CHECK'}}, {@obj_role={'obj_role', 0x3d, ',.+\xa9'}}]}}) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) (async) openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)) (async) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async) getresuid(&(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100)) (async) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)) (async) getresuid(&(0x7f0000000200), &(0x7f0000000240), &(0x7f0000000280)) (async) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r4}, 0x2c, {'group_id', 0x3d, r5}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r6}}]}}) (async) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x84001, &(0x7f00000000c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, 0xffffffffffffffff}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x9}}, {@blksize={'blksize', 0x3d, 0x1a00}}, {@blksize={'blksize', 0x3d, 0xc00}}, {@allow_other}], [{@smackfstransmute={'smackfstransmute', 0x3d, '.\xc6,'}}, {@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}, {@uid_eq={'uid', 0x3d, r6}}, {@func={'func', 0x3d, 'MMAP_CHECK'}}, {@obj_role={'obj_role', 0x3d, ',.+\xa9'}}]}}) (async) 10:58:26 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) read$FUSE(r0, &(0x7f0000000240)={0x2020, 0x0, 0x0, 0x0}, 0x2020) (async) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r5 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r5}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {'user_id', 0x3d, r6}, 0x2c, {'group_id', 0x3d, r4}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1600}}, {@default_permissions}], [{@dont_hash}]}}) getresgid(&(0x7f00000001c0), &(0x7f00000023c0), &(0x7f0000002400)=0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000180), 0x200c00, &(0x7f0000002580)={{'fd', 0x3d, r5}, 0x2c, {'rootmode', 0x3d, 0xa000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r7}, 0x2c, {[{@blksize={'blksize', 0x3d, 0x200}}, {@blksize={'blksize', 0x3d, 0x400}}, {@max_read={'max_read', 0x3d, 0x5}}, {@max_read={'max_read', 0x3d, 0x4c}}], [{@smackfsdef={'smackfsdef', 0x3d, '-)#%!'}}, {@func={'func', 0x3d, 'FILE_MMAP'}}, {@uid_eq={'uid', 0x3d, r3}}, {@rootcontext={'rootcontext', 0x3d, 'root'}}, {@smackfsroot={'smackfsroot', 0x3d, 'fuse\x00'}}]}}) (async) write$FUSE_DIRENT(r1, &(0x7f0000002280)={0x130, 0xb9e01f4b9d27e1f4, r2, [{0x5, 0x0, 0x8, 0x6, 'rootmode'}, {0x5, 0x5, 0x5, 0x7, '\xd5#\\(['}, {0x4, 0x7fffffff, 0x8, 0x8, 'group_id'}, {0x6, 0x7fff, 0x5, 0x8, 'fuse\x00'}, {0x4, 0x40, 0x8, 0x5, 'group_id'}, {0x4, 0xfffffffffffffff7, 0x8, 0x2, 'group_id'}, {0x6, 0x4, 0x3, 0x5, 'q\','}, {0x1, 0x9, 0x7, 0x7fffffff, 'user_id'}, {0x0, 0x6, 0x1, 0x7, ']'}]}, 0x130) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) [ 2057.690594] RIP: 0033:0x7fc09e230109 [ 2057.694318] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2057.702005] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 [ 2057.709261] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 [ 2057.716514] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 [ 2057.723778] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2057.731033] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 10:58:26 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 60) 10:58:26 executing program 3: mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x213018, 0x0) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000080)={&(0x7f0000000000)='./file0\x00'}, 0x10) 10:58:26 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="f00000001a00030f0000000000000000ac1414aa0000000000000000000000007f00000100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000ac1414bb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e500"/168], 0xf0}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x17, 0xd, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x401}, [@cb_func={0x18, 0x4, 0x4, 0x0, 0x6}, @map_idx={0x18, 0x3, 0x5, 0x0, 0x7}, @ldst={0x2, 0x1, 0x3, 0x3, 0xa, 0x0, 0xfffffffffffffff0}, @initr0={0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xfffffffc}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x4}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x4}, @alu={0x4, 0x0, 0x1, 0x7, 0x5, 0xffffffffffffffff, 0x8}]}, &(0x7f0000000040)='syzkaller\x00', 0x70, 0x1000, &(0x7f00000003c0)=""/4096, 0x41100, 0x8, '\x00', 0x0, 0x14, 0xffffffffffffffff, 0x8, &(0x7f0000000140)={0x6, 0x5}, 0x8, 0x10, &(0x7f0000000180)={0x0, 0x9, 0x5, 0x3}, 0x10, 0xffffffffffffffff}, 0x80) 10:58:26 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) (async, rerun: 32) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async, rerun: 32) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) (async) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) (async, rerun: 64) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) (rerun: 64) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r4}, 0x2c, {'group_id', 0x3d, r5}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r6}}]}}) (async) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x84001, &(0x7f00000000c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, 0xffffffffffffffff}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x9}}, {@blksize={'blksize', 0x3d, 0x1a00}}, {@blksize={'blksize', 0x3d, 0xc00}}, {@allow_other}], [{@smackfstransmute={'smackfstransmute', 0x3d, '.\xc6,'}}, {@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}, {@uid_eq={'uid', 0x3d, r6}}, {@func={'func', 0x3d, 'MMAP_CHECK'}}, {@obj_role={'obj_role', 0x3d, ',.+\xa9'}}]}}) 10:58:26 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async) read$FUSE(r0, &(0x7f0000000240)={0x2020, 0x0, 0x0, 0x0}, 0x2020) (async) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r5 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r5}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {'user_id', 0x3d, r6}, 0x2c, {'group_id', 0x3d, r4}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1600}}, {@default_permissions}], [{@dont_hash}]}}) getresgid(&(0x7f00000001c0), &(0x7f00000023c0), &(0x7f0000002400)=0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000180), 0x200c00, &(0x7f0000002580)={{'fd', 0x3d, r5}, 0x2c, {'rootmode', 0x3d, 0xa000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r7}, 0x2c, {[{@blksize={'blksize', 0x3d, 0x200}}, {@blksize={'blksize', 0x3d, 0x400}}, {@max_read={'max_read', 0x3d, 0x5}}, {@max_read={'max_read', 0x3d, 0x4c}}], [{@smackfsdef={'smackfsdef', 0x3d, '-)#%!'}}, {@func={'func', 0x3d, 'FILE_MMAP'}}, {@uid_eq={'uid', 0x3d, r3}}, {@rootcontext={'rootcontext', 0x3d, 'root'}}, {@smackfsroot={'smackfsroot', 0x3d, 'fuse\x00'}}]}}) (async) write$FUSE_DIRENT(r1, &(0x7f0000002280)={0x130, 0xb9e01f4b9d27e1f4, r2, [{0x5, 0x0, 0x8, 0x6, 'rootmode'}, {0x5, 0x5, 0x5, 0x7, '\xd5#\\(['}, {0x4, 0x7fffffff, 0x8, 0x8, 'group_id'}, {0x6, 0x7fff, 0x5, 0x8, 'fuse\x00'}, {0x4, 0x40, 0x8, 0x5, 'group_id'}, {0x4, 0xfffffffffffffff7, 0x8, 0x2, 'group_id'}, {0x6, 0x4, 0x3, 0x5, 'q\','}, {0x1, 0x9, 0x7, 0x7fffffff, 'user_id'}, {0x0, 0x6, 0x1, 0x7, ']'}]}, 0x130) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) 10:58:26 executing program 5: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x40140, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_PD_GET(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x18, 0x140e, 0x800, 0x70bd29, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_RES_PDN={0x8, 0x3c, 0x2}]}, 0x18}, 0x1, 0x0, 0x0, 0x10}, 0x4) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) 10:58:26 executing program 3: mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x213018, 0x0) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000080)={&(0x7f0000000000)='./file0\x00'}, 0x10) 10:58:26 executing program 2: mount$fuse(0x0, &(0x7f0000000000)='.\x00', 0x0, 0x1034888, 0x0) 10:58:26 executing program 2: mount$fuse(0x0, &(0x7f0000000000)='.\x00', 0x0, 0x1034888, 0x0) 10:58:26 executing program 3: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r4 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r5}, 0x2c, {'group_id', 0x3d, r3}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0xed402, &(0x7f0000000080)={{}, 0x2c, {'rootmode', 0x3d, 0x5000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r3}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x1}}, {@default_permissions}, {@default_permissions}, {@default_permissions}, {@max_read={'max_read', 0x3d, 0x3}}], [{@fsuuid={'fsuuid', 0x3d, {[0x38, 0x32, 0x32, 0x64, 0x62, 0x5, 0x31, 0x35], 0x2d, [0x32, 0x30, 0x34, 0x32], 0x2d, [0x31, 0x30, 0xf, 0x61], 0x2d, [0x62, 0x39, 0x39, 0x38], 0x2d, [0x64, 0x31, 0x35, 0x61, 0x36, 0x30, 0x61, 0x39]}}}, {@audit}, {@appraise}]}}) 10:58:26 executing program 5: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x2dc886, 0x0) 10:58:26 executing program 2: mount$fuse(0x0, &(0x7f0000000000)='.\x00', 0x0, 0x1034888, 0x0) mount$fuse(0x0, &(0x7f0000000000)='.\x00', 0x0, 0x1034888, 0x0) (async) 10:58:26 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) getsockopt$inet6_tcp_buf(r1, 0x6, 0x21, &(0x7f0000000080)=""/45, &(0x7f0000000100)=0x2d) [ 2057.936201] FAULT_INJECTION: forcing a failure. [ 2057.936201] name failslab, interval 1, probability 0, space 0, times 0 [ 2057.947934] CPU: 1 PID: 25244 Comm: syz-executor.1 Not tainted 4.14.286-syzkaller #0 [ 2057.955803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2057.965143] Call Trace: [ 2057.967840] dump_stack+0x1b2/0x281 [ 2057.971451] should_fail.cold+0x10a/0x149 [ 2057.975582] should_failslab+0xd6/0x130 [ 2057.979537] kmem_cache_alloc+0x28e/0x3c0 [ 2057.983708] alloc_inode+0xa0/0x170 [ 2057.987319] new_inode+0x1d/0xf0 [ 2057.990664] debugfs_get_inode+0x1a/0x130 [ 2057.994800] __debugfs_create_file+0x93/0x440 [ 2057.999274] ? debugfs_create_file+0x37/0x60 [ 2058.003660] bdi_register_va.part.0+0x1f4/0x650 [ 2058.008312] bdi_register_va+0x63/0x80 [ 2058.012180] super_setup_bdi_name+0x123/0x220 [ 2058.016666] ? kill_block_super+0xe0/0xe0 [ 2058.020795] ? do_raw_spin_unlock+0x164/0x220 [ 2058.025284] fuse_fill_super+0x937/0x15c0 [ 2058.029424] ? fuse_get_root_inode+0xc0/0xc0 [ 2058.033811] ? up_write+0x17/0x60 [ 2058.037243] ? register_shrinker+0x15f/0x220 [ 2058.041654] ? sget_userns+0x768/0xc10 [ 2058.045532] ? get_anon_bdev+0x1c0/0x1c0 [ 2058.049598] ? sget+0xd9/0x110 [ 2058.052775] ? fuse_get_root_inode+0xc0/0xc0 [ 2058.057162] mount_nodev+0x4c/0xf0 [ 2058.060685] mount_fs+0x92/0x2a0 [ 2058.064055] vfs_kern_mount.part.0+0x5b/0x470 [ 2058.068538] do_mount+0xe65/0x2a30 [ 2058.072147] ? copy_mount_string+0x40/0x40 [ 2058.076364] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 2058.081362] ? copy_mnt_ns+0xa30/0xa30 [ 2058.085236] ? copy_mount_options+0x1fa/0x2f0 [ 2058.089715] ? copy_mnt_ns+0xa30/0xa30 [ 2058.093597] SyS_mount+0xa8/0x120 [ 2058.097043] ? copy_mnt_ns+0xa30/0xa30 [ 2058.100920] do_syscall_64+0x1d5/0x640 [ 2058.104800] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2058.109971] RIP: 0033:0x7fc09e230109 [ 2058.113659] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2058.121358] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 [ 2058.128607] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 10:58:27 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 61) 10:58:27 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="f00000001a00030f0000000000000000ac1414aa0000000000000000000000007f00000100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000ac1414bb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e500"/168], 0xf0}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x17, 0xd, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x401}, [@cb_func={0x18, 0x4, 0x4, 0x0, 0x6}, @map_idx={0x18, 0x3, 0x5, 0x0, 0x7}, @ldst={0x2, 0x1, 0x3, 0x3, 0xa, 0x0, 0xfffffffffffffff0}, @initr0={0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xfffffffc}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x4}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x4}, @alu={0x4, 0x0, 0x1, 0x7, 0x5, 0xffffffffffffffff, 0x8}]}, &(0x7f0000000040)='syzkaller\x00', 0x70, 0x1000, &(0x7f00000003c0)=""/4096, 0x41100, 0x8, '\x00', 0x0, 0x14, 0xffffffffffffffff, 0x8, &(0x7f0000000140)={0x6, 0x5}, 0x8, 0x10, &(0x7f0000000180)={0x0, 0x9, 0x5, 0x3}, 0x10, 0xffffffffffffffff}, 0x80) socket$nl_xfrm(0x10, 0x3, 0x6) (async) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="f00000001a00030f0000000000000000ac1414aa0000000000000000000000007f00000100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000ac1414bb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e500"/168], 0xf0}}, 0x0) (async) bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x17, 0xd, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x401}, [@cb_func={0x18, 0x4, 0x4, 0x0, 0x6}, @map_idx={0x18, 0x3, 0x5, 0x0, 0x7}, @ldst={0x2, 0x1, 0x3, 0x3, 0xa, 0x0, 0xfffffffffffffff0}, @initr0={0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xfffffffc}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x4}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x4}, @alu={0x4, 0x0, 0x1, 0x7, 0x5, 0xffffffffffffffff, 0x8}]}, &(0x7f0000000040)='syzkaller\x00', 0x70, 0x1000, &(0x7f00000003c0)=""/4096, 0x41100, 0x8, '\x00', 0x0, 0x14, 0xffffffffffffffff, 0x8, &(0x7f0000000140)={0x6, 0x5}, 0x8, 0x10, &(0x7f0000000180)={0x0, 0x9, 0x5, 0x3}, 0x10, 0xffffffffffffffff}, 0x80) (async) 10:58:27 executing program 3: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r4 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r5}, 0x2c, {'group_id', 0x3d, r3}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0xed402, &(0x7f0000000080)={{}, 0x2c, {'rootmode', 0x3d, 0x5000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r3}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x1}}, {@default_permissions}, {@default_permissions}, {@default_permissions}, {@max_read={'max_read', 0x3d, 0x3}}], [{@fsuuid={'fsuuid', 0x3d, {[0x38, 0x32, 0x32, 0x64, 0x62, 0x5, 0x31, 0x35], 0x2d, [0x32, 0x30, 0x34, 0x32], 0x2d, [0x31, 0x30, 0xf, 0x61], 0x2d, [0x62, 0x39, 0x39, 0x38], 0x2d, [0x64, 0x31, 0x35, 0x61, 0x36, 0x30, 0x61, 0x39]}}}, {@audit}, {@appraise}]}}) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) (async) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)) (async) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)) (async) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r5}, 0x2c, {'group_id', 0x3d, r3}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0xed402, &(0x7f0000000080)={{}, 0x2c, {'rootmode', 0x3d, 0x5000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r3}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x1}}, {@default_permissions}, {@default_permissions}, {@default_permissions}, {@max_read={'max_read', 0x3d, 0x3}}], [{@fsuuid={'fsuuid', 0x3d, {[0x38, 0x32, 0x32, 0x64, 0x62, 0x5, 0x31, 0x35], 0x2d, [0x32, 0x30, 0x34, 0x32], 0x2d, [0x31, 0x30, 0xf, 0x61], 0x2d, [0x62, 0x39, 0x39, 0x38], 0x2d, [0x64, 0x31, 0x35, 0x61, 0x36, 0x30, 0x61, 0x39]}}}, {@audit}, {@appraise}]}}) (async) 10:58:27 executing program 2: mount$fuse(0x0, &(0x7f0000000040)='./file1\x00', 0x0, 0x100009, 0x0) 10:58:27 executing program 5: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x2dc886, 0x0) 10:58:27 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (async) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) (async, rerun: 64) getsockopt$inet6_tcp_buf(r1, 0x6, 0x21, &(0x7f0000000080)=""/45, &(0x7f0000000100)=0x2d) (rerun: 64) 10:58:27 executing program 2: mount$fuse(0x0, &(0x7f0000000040)='./file1\x00', 0x0, 0x100009, 0x0) [ 2058.135854] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 [ 2058.143098] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2058.150362] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 10:58:27 executing program 2: mount$fuse(0x0, &(0x7f0000000040)='./file1\x00', 0x0, 0x100009, 0x0) 10:58:27 executing program 3: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) (async) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) (async) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r4 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r5}, 0x2c, {'group_id', 0x3d, r3}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0xed402, &(0x7f0000000080)={{}, 0x2c, {'rootmode', 0x3d, 0x5000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r3}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x1}}, {@default_permissions}, {@default_permissions}, {@default_permissions}, {@max_read={'max_read', 0x3d, 0x3}}], [{@fsuuid={'fsuuid', 0x3d, {[0x38, 0x32, 0x32, 0x64, 0x62, 0x5, 0x31, 0x35], 0x2d, [0x32, 0x30, 0x34, 0x32], 0x2d, [0x31, 0x30, 0xf, 0x61], 0x2d, [0x62, 0x39, 0x39, 0x38], 0x2d, [0x64, 0x31, 0x35, 0x61, 0x36, 0x30, 0x61, 0x39]}}}, {@audit}, {@appraise}]}}) 10:58:27 executing program 5: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x2dc886, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x2dc886, 0x0) (async) 10:58:27 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) write$FUSE_NOTIFY_DELETE(r1, &(0x7f0000000000)={0x2a, 0x6, 0x0, {0x5, 0x2, 0x1, 0x0, '('}}, 0x2a) getresuid(&(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0)) 10:58:27 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) getsockopt$inet6_tcp_buf(r1, 0x6, 0x21, &(0x7f0000000080)=""/45, &(0x7f0000000100)=0x2d) openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (async) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) (async) getsockopt$inet6_tcp_buf(r1, 0x6, 0x21, &(0x7f0000000080)=""/45, &(0x7f0000000100)=0x2d) (async) 10:58:27 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000040)={0x4, 0x10000, 0xfff, 0x80, 0x9}) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@updsa={0xf0, 0x1a, 0xf03, 0x0, 0x0, {{@in6=@rand_addr=' \x01\x00', @in=@loopback}, {@in6=@empty, 0x2000}, @in=@private=0xa010101, {0x0, 0x4}, {0x0, 0x0, 0x1}, {}, 0x70bd26}}, 0xf0}}, 0x0) [ 2058.324893] FAULT_INJECTION: forcing a failure. [ 2058.324893] name failslab, interval 1, probability 0, space 0, times 0 [ 2058.345182] CPU: 1 PID: 25303 Comm: syz-executor.1 Not tainted 4.14.286-syzkaller #0 [ 2058.353069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2058.362412] Call Trace: [ 2058.364979] dump_stack+0x1b2/0x281 [ 2058.368586] should_fail.cold+0x10a/0x149 [ 2058.372714] should_failslab+0xd6/0x130 [ 2058.376679] kmem_cache_alloc+0x28e/0x3c0 [ 2058.380813] alloc_inode+0xa0/0x170 [ 2058.384415] new_inode+0x1d/0xf0 [ 2058.387760] debugfs_get_inode+0x1a/0x130 [ 2058.391889] __debugfs_create_file+0x93/0x440 [ 2058.396361] ? debugfs_create_file+0x37/0x60 [ 2058.400747] bdi_register_va.part.0+0x1f4/0x650 [ 2058.405398] bdi_register_va+0x63/0x80 [ 2058.409272] super_setup_bdi_name+0x123/0x220 [ 2058.413758] ? kill_block_super+0xe0/0xe0 [ 2058.417884] ? do_raw_spin_unlock+0x164/0x220 [ 2058.422359] fuse_fill_super+0x937/0x15c0 [ 2058.426500] ? fuse_get_root_inode+0xc0/0xc0 [ 2058.430885] ? up_write+0x17/0x60 [ 2058.434316] ? register_shrinker+0x15f/0x220 [ 2058.438702] ? sget_userns+0x768/0xc10 [ 2058.442570] ? get_anon_bdev+0x1c0/0x1c0 [ 2058.446604] ? sget+0xd9/0x110 [ 2058.449774] ? fuse_get_root_inode+0xc0/0xc0 [ 2058.454160] mount_nodev+0x4c/0xf0 [ 2058.457677] mount_fs+0x92/0x2a0 [ 2058.461021] vfs_kern_mount.part.0+0x5b/0x470 [ 2058.465509] do_mount+0xe65/0x2a30 [ 2058.469040] ? do_raw_spin_unlock+0x164/0x220 [ 2058.473512] ? copy_mount_string+0x40/0x40 [ 2058.477722] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 2058.482715] ? copy_mnt_ns+0xa30/0xa30 [ 2058.486577] ? copy_mount_options+0x1fa/0x2f0 [ 2058.491048] ? copy_mnt_ns+0xa30/0xa30 [ 2058.494909] SyS_mount+0xa8/0x120 [ 2058.498339] ? copy_mnt_ns+0xa30/0xa30 [ 2058.502203] do_syscall_64+0x1d5/0x640 [ 2058.506071] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2058.511248] RIP: 0033:0x7fc09e230109 [ 2058.514932] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 10:58:27 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 62) 10:58:27 executing program 5: getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180)=0x0, &(0x7f00000001c0)) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500)=0x0, &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r4}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) write$FUSE_NOTIFY_STORE(r2, &(0x7f0000000000)={0x2e, 0x4, 0x0, {0x3, 0x200, 0x6, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, 0x2e) r5 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r6 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) r7 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) read$FUSE(r6, &(0x7f0000000680)={0x2020, 0x0, 0x0}, 0x2020) getresuid(&(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) write$FUSE_STATFS(r7, &(0x7f0000000080)={0x60, 0x0, r8}, 0x60) write$FUSE_ENTRY(r5, &(0x7f0000000080)={0x90, 0xffffffffffffffda, r8, {0x4, 0x2, 0x5, 0x7fff, 0x6, 0x6, {0x1, 0x5b2, 0x2, 0x1, 0x8, 0x7, 0x4, 0x7f, 0x3f, 0x8000, 0x9, r3, r1, 0x400, 0x1}}}, 0x90) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) 10:58:27 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) write$FUSE_NOTIFY_DELETE(r1, &(0x7f0000000000)={0x2a, 0x6, 0x0, {0x5, 0x2, 0x1, 0x0, '('}}, 0x2a) getresuid(&(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0)) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) (async) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)) (async) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async) write$FUSE_NOTIFY_DELETE(r1, &(0x7f0000000000)={0x2a, 0x6, 0x0, {0x5, 0x2, 0x1, 0x0, '('}}, 0x2a) (async) getresuid(&(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0)) (async) 10:58:27 executing program 3: mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x84010, 0x0) 10:58:27 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r4, 0x6, 0x23, 0x0, 0x0) ioctl$sock_inet6_tcp_SIOCOUTQ(r4, 0x5411, &(0x7f0000000000)) read$FUSE(r2, &(0x7f0000000680)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_STATFS(r3, &(0x7f0000000080)={0x60, 0x0, r5}, 0x60) write$FUSE_INIT(r1, &(0x7f0000000240)={0x50, 0x0, r5, {0x7, 0x24, 0x5c41, 0x400, 0x101, 0x0, 0x6, 0x9}}, 0x50) write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000180)={0x2a, 0x4, 0x0, {0xffffffffffffffff, 0xfe00000000000000, 0x2, 0x0, [0x0, 0x0]}}, 0x2a) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000010000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="2c00ffb042645c0e084509d1d6ae17228814ac14a574fde881ec4de72c6a158ebfc9dcc4898c36850dfa7a803d6ec87c28d0d17e92a4cba7202cb8c179990ad3051bea4883f66c7e65fab6790db8223ca855422f200b895c6d23425f133781d9b025ab982e8da8d231267181317f575c44cd50ab95640b66c526664cd15e000000000000"]) 10:58:27 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000040)={0x4, 0x10000, 0xfff, 0x80, 0x9}) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@updsa={0xf0, 0x1a, 0xf03, 0x0, 0x0, {{@in6=@rand_addr=' \x01\x00', @in=@loopback}, {@in6=@empty, 0x2000}, @in=@private=0xa010101, {0x0, 0x4}, {0x0, 0x0, 0x1}, {}, 0x70bd26}}, 0xf0}}, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) (async) ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000040)={0x4, 0x10000, 0xfff, 0x80, 0x9}) (async) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@updsa={0xf0, 0x1a, 0xf03, 0x0, 0x0, {{@in6=@rand_addr=' \x01\x00', @in=@loopback}, {@in6=@empty, 0x2000}, @in=@private=0xa010101, {0x0, 0x4}, {0x0, 0x0, 0x1}, {}, 0x70bd26}}, 0xf0}}, 0x0) (async) [ 2058.522616] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 [ 2058.529861] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 [ 2058.537120] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 [ 2058.544366] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2058.551610] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 10:58:27 executing program 5: getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180)=0x0, &(0x7f00000001c0)) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500)=0x0, &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r4}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) write$FUSE_NOTIFY_STORE(r2, &(0x7f0000000000)={0x2e, 0x4, 0x0, {0x3, 0x200, 0x6, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, 0x2e) (async) r5 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async) r6 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) r7 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) read$FUSE(r6, &(0x7f0000000680)={0x2020, 0x0, 0x0}, 0x2020) (async) getresuid(&(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) write$FUSE_STATFS(r7, &(0x7f0000000080)={0x60, 0x0, r8}, 0x60) (async) write$FUSE_ENTRY(r5, &(0x7f0000000080)={0x90, 0xffffffffffffffda, r8, {0x4, 0x2, 0x5, 0x7fff, 0x6, 0x6, {0x1, 0x5b2, 0x2, 0x1, 0x8, 0x7, 0x4, 0x7f, 0x3f, 0x8000, 0x9, r3, r1, 0x400, 0x1}}}, 0x90) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) 10:58:27 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) (async) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async) write$FUSE_NOTIFY_DELETE(r1, &(0x7f0000000000)={0x2a, 0x6, 0x0, {0x5, 0x2, 0x1, 0x0, '('}}, 0x2a) (async) getresuid(&(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0)) 10:58:27 executing program 3: mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x84010, 0x0) 10:58:27 executing program 2: keyctl$KEYCTL_CAPABILITIES(0x1f, &(0x7f0000000240)=""/102394, 0x18ffa) sched_yield() mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)=0x0) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r4}, 0x2c, {'group_id', 0x3d, r2}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r6 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r6}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r7}, 0x2c, {'group_id', 0x3d, r5}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x9000, &(0x7f0000019240)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {'user_id', 0x3d, 0xee01}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[], [{@subj_user={'subj_user', 0x3d, '/dev/loop0\x00'}}, {@fsmagic={'fsmagic', 0x3d, 0x6}}, {@fsuuid={'fsuuid', 0x3d, {[0x31, 0x63, 0x0, 0x70, 0x33, 0x33, 0x65, 0x35], 0x2d, [0x0, 0x35, 0x30, 0x32], 0x2d, [0x32, 0x318749150599f903, 0x61, 0x38], 0x2d, [0x66, 0x61, 0x63, 0x32], 0x2d, [0x37, 0x62, 0x33, 0x61, 0x0, 0x32, 0x62, 0x37]}}}, {@rootcontext={'rootcontext', 0x3d, 'system_u'}}, {@smackfsdef={'smackfsdef', 0x3d, '/dev/loop0\x00'}}, {@fowner_gt={'fowner>', r7}}, {@dont_hash}]}}) r8 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)=ANY=[@ANYBLOB="000200", @ANYRESHEX=r8, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=r9, @ANYBLOB=',group_id=', @ANYRESDEC=r0, @ANYBLOB=',blksize=0x0000000000000000,blksize=0x0000000000001400,default_permissions,dont_hash,\x00']) read$FUSE(r8, &(0x7f000001b280)={0x2020}, 0xffffffffffffffb9) 10:58:27 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) (async) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r4, 0x6, 0x23, 0x0, 0x0) (async) ioctl$sock_inet6_tcp_SIOCOUTQ(r4, 0x5411, &(0x7f0000000000)) (async) read$FUSE(r2, &(0x7f0000000680)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_STATFS(r3, &(0x7f0000000080)={0x60, 0x0, r5}, 0x60) (async, rerun: 64) write$FUSE_INIT(r1, &(0x7f0000000240)={0x50, 0x0, r5, {0x7, 0x24, 0x5c41, 0x400, 0x101, 0x0, 0x6, 0x9}}, 0x50) (rerun: 64) write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000180)={0x2a, 0x4, 0x0, {0xffffffffffffffff, 0xfe00000000000000, 0x2, 0x0, [0x0, 0x0]}}, 0x2a) (async, rerun: 64) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000010000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="2c00ffb042645c0e084509d1d6ae17228814ac14a574fde881ec4de72c6a158ebfc9dcc4898c36850dfa7a803d6ec87c28d0d17e92a4cba7202cb8c179990ad3051bea4883f66c7e65fab6790db8223ca855422f200b895c6d23425f133781d9b025ab982e8da8d231267181317f575c44cd50ab95640b66c526664cd15e000000000000"]) (rerun: 64) 10:58:27 executing program 5: getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180)=0x0, &(0x7f00000001c0)) (async, rerun: 32) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async, rerun: 32) getresuid(&(0x7f00000004c0), &(0x7f0000000500)=0x0, &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r4}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) write$FUSE_NOTIFY_STORE(r2, &(0x7f0000000000)={0x2e, 0x4, 0x0, {0x3, 0x200, 0x6, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, 0x2e) (async) r5 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async, rerun: 64) r6 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (rerun: 64) r7 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) read$FUSE(r6, &(0x7f0000000680)={0x2020, 0x0, 0x0}, 0x2020) getresuid(&(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) (async) write$FUSE_STATFS(r7, &(0x7f0000000080)={0x60, 0x0, r8}, 0x60) write$FUSE_ENTRY(r5, &(0x7f0000000080)={0x90, 0xffffffffffffffda, r8, {0x4, 0x2, 0x5, 0x7fff, 0x6, 0x6, {0x1, 0x5b2, 0x2, 0x1, 0x8, 0x7, 0x4, 0x7f, 0x3f, 0x8000, 0x9, r3, r1, 0x400, 0x1}}}, 0x90) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) [ 2058.749027] FAULT_INJECTION: forcing a failure. [ 2058.749027] name failslab, interval 1, probability 0, space 0, times 0 [ 2058.766066] CPU: 0 PID: 25365 Comm: syz-executor.1 Not tainted 4.14.286-syzkaller #0 [ 2058.773966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2058.783320] Call Trace: [ 2058.785909] dump_stack+0x1b2/0x281 [ 2058.789543] should_fail.cold+0x10a/0x149 [ 2058.793686] should_failslab+0xd6/0x130 [ 2058.797641] kmem_cache_alloc+0x28e/0x3c0 [ 2058.801771] __d_alloc+0x2a/0xa20 [ 2058.805211] ? d_lookup+0x172/0x220 [ 2058.808823] d_alloc+0x46/0x240 [ 2058.812086] __lookup_hash+0x101/0x270 [ 2058.815949] ? __inode_permission+0xcd/0x2f0 [ 2058.820337] lookup_one_len+0x279/0x3a0 [ 2058.824289] ? lookup_one_len_unlocked+0x410/0x410 [ 2058.829196] start_creating+0xb0/0x200 [ 2058.833061] __debugfs_create_file+0x4f/0x440 [ 2058.837530] ? debugfs_create_file+0x37/0x60 [ 2058.841917] bdi_register_va.part.0+0x1f4/0x650 [ 2058.846586] bdi_register_va+0x63/0x80 [ 2058.850468] super_setup_bdi_name+0x123/0x220 [ 2058.854941] ? kill_block_super+0xe0/0xe0 [ 2058.859067] ? do_raw_spin_unlock+0x164/0x220 [ 2058.863545] fuse_fill_super+0x937/0x15c0 [ 2058.867681] ? fuse_get_root_inode+0xc0/0xc0 [ 2058.872071] ? up_write+0x17/0x60 [ 2058.875500] ? register_shrinker+0x15f/0x220 [ 2058.879891] ? sget_userns+0x768/0xc10 [ 2058.883848] ? get_anon_bdev+0x1c0/0x1c0 [ 2058.888086] ? sget+0xd9/0x110 [ 2058.891262] ? fuse_get_root_inode+0xc0/0xc0 [ 2058.895663] mount_nodev+0x4c/0xf0 [ 2058.899181] mount_fs+0x92/0x2a0 [ 2058.902536] vfs_kern_mount.part.0+0x5b/0x470 [ 2058.907009] do_mount+0xe65/0x2a30 [ 2058.910531] ? do_raw_spin_unlock+0x164/0x220 [ 2058.915007] ? copy_mount_string+0x40/0x40 [ 2058.919231] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 2058.924235] ? copy_mnt_ns+0xa30/0xa30 [ 2058.928099] ? copy_mount_options+0x1fa/0x2f0 [ 2058.932569] ? copy_mnt_ns+0xa30/0xa30 [ 2058.936435] SyS_mount+0xa8/0x120 [ 2058.939865] ? copy_mnt_ns+0xa30/0xa30 [ 2058.943730] do_syscall_64+0x1d5/0x640 [ 2058.947598] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2058.952777] RIP: 0033:0x7fc09e230109 [ 2058.956471] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2058.964167] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 [ 2058.971416] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 [ 2058.978660] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 [ 2058.985905] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2058.993152] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 10:58:28 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 63) 10:58:28 executing program 3: mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x84010, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x84010, 0x0) (async) 10:58:28 executing program 2: keyctl$KEYCTL_CAPABILITIES(0x1f, &(0x7f0000000240)=""/102394, 0x18ffa) (async) sched_yield() mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) (async) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)=0x0) (async) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) (async) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r4}, 0x2c, {'group_id', 0x3d, r2}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) (async) r6 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r6}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r7}, 0x2c, {'group_id', 0x3d, r5}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x9000, &(0x7f0000019240)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {'user_id', 0x3d, 0xee01}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[], [{@subj_user={'subj_user', 0x3d, '/dev/loop0\x00'}}, {@fsmagic={'fsmagic', 0x3d, 0x6}}, {@fsuuid={'fsuuid', 0x3d, {[0x31, 0x63, 0x0, 0x70, 0x33, 0x33, 0x65, 0x35], 0x2d, [0x0, 0x35, 0x30, 0x32], 0x2d, [0x32, 0x318749150599f903, 0x61, 0x38], 0x2d, [0x66, 0x61, 0x63, 0x32], 0x2d, [0x37, 0x62, 0x33, 0x61, 0x0, 0x32, 0x62, 0x37]}}}, {@rootcontext={'rootcontext', 0x3d, 'system_u'}}, {@smackfsdef={'smackfsdef', 0x3d, '/dev/loop0\x00'}}, {@fowner_gt={'fowner>', r7}}, {@dont_hash}]}}) (async) r8 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)=ANY=[@ANYBLOB="000200", @ANYRESHEX=r8, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=r9, @ANYBLOB=',group_id=', @ANYRESDEC=r0, @ANYBLOB=',blksize=0x0000000000000000,blksize=0x0000000000001400,default_permissions,dont_hash,\x00']) (async) read$FUSE(r8, &(0x7f000001b280)={0x2020}, 0xffffffffffffffb9) 10:58:28 executing program 5: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) write$FUSE_STATFS(r1, &(0x7f0000000000)={0x60, 0x0, 0x0, {{0xda5, 0xfffffffffffffffa, 0x3, 0x7, 0x2, 0x7, 0x20, 0x9}}}, 0x60) 10:58:28 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000040)={0x4, 0x10000, 0xfff, 0x80, 0x9}) (async) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@updsa={0xf0, 0x1a, 0xf03, 0x0, 0x0, {{@in6=@rand_addr=' \x01\x00', @in=@loopback}, {@in6=@empty, 0x2000}, @in=@private=0xa010101, {0x0, 0x4}, {0x0, 0x0, 0x1}, {}, 0x70bd26}}, 0xf0}}, 0x0) 10:58:28 executing program 2: keyctl$KEYCTL_CAPABILITIES(0x1f, &(0x7f0000000240)=""/102394, 0x18ffa) (async) sched_yield() (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) (async) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)=0x0) (async) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) (async) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r4}, 0x2c, {'group_id', 0x3d, r2}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) (async) r6 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r6}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r7}, 0x2c, {'group_id', 0x3d, r5}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x9000, &(0x7f0000019240)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {'user_id', 0x3d, 0xee01}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[], [{@subj_user={'subj_user', 0x3d, '/dev/loop0\x00'}}, {@fsmagic={'fsmagic', 0x3d, 0x6}}, {@fsuuid={'fsuuid', 0x3d, {[0x31, 0x63, 0x0, 0x70, 0x33, 0x33, 0x65, 0x35], 0x2d, [0x0, 0x35, 0x30, 0x32], 0x2d, [0x32, 0x318749150599f903, 0x61, 0x38], 0x2d, [0x66, 0x61, 0x63, 0x32], 0x2d, [0x37, 0x62, 0x33, 0x61, 0x0, 0x32, 0x62, 0x37]}}}, {@rootcontext={'rootcontext', 0x3d, 'system_u'}}, {@smackfsdef={'smackfsdef', 0x3d, '/dev/loop0\x00'}}, {@fowner_gt={'fowner>', r7}}, {@dont_hash}]}}) r8 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)=ANY=[@ANYBLOB="000200", @ANYRESHEX=r8, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=r9, @ANYBLOB=',group_id=', @ANYRESDEC=r0, @ANYBLOB=',blksize=0x0000000000000000,blksize=0x0000000000001400,default_permissions,dont_hash,\x00']) read$FUSE(r8, &(0x7f000001b280)={0x2020}, 0xffffffffffffffb9) 10:58:28 executing program 5: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) (async, rerun: 32) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) (rerun: 32) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async) write$FUSE_STATFS(r1, &(0x7f0000000000)={0x60, 0x0, 0x0, {{0xda5, 0xfffffffffffffffa, 0x3, 0x7, 0x2, 0x7, 0x20, 0x9}}}, 0x60) 10:58:28 executing program 2: prctl$PR_CAP_AMBIENT(0x2f, 0x4, 0x1f) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040), 0x80000, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x2054808, 0x0) 10:58:28 executing program 3: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) mount$fuseblk(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x40821, &(0x7f00000000c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, 0xffffffffffffffff}, 0x2c, {'group_id', 0x3d, 0xee01}, 0x2c, {[{@blksize={'blksize', 0x3d, 0x600}}, {@allow_other}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}, {@allow_other}], [{@context={'context', 0x3d, 'staff_u'}}, {@fscontext={'fscontext', 0x3d, 'system_u'}}, {@uid_eq={'uid', 0x3d, 0xee00}}, {@uid_eq}, {@defcontext={'defcontext', 0x3d, 'staff_u'}}]}}) 10:58:28 executing program 2: prctl$PR_CAP_AMBIENT(0x2f, 0x4, 0x1f) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040), 0x80000, 0x0) (async) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x2054808, 0x0) [ 2059.234571] FAULT_INJECTION: forcing a failure. [ 2059.234571] name failslab, interval 1, probability 0, space 0, times 0 [ 2059.246122] CPU: 1 PID: 25459 Comm: syz-executor.1 Not tainted 4.14.286-syzkaller #0 [ 2059.254005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2059.263348] Call Trace: [ 2059.265926] dump_stack+0x1b2/0x281 [ 2059.269542] should_fail.cold+0x10a/0x149 [ 2059.273673] should_failslab+0xd6/0x130 [ 2059.277627] kmem_cache_alloc+0x28e/0x3c0 [ 2059.281749] __d_alloc+0x2a/0xa20 [ 2059.285190] d_make_root+0x3e/0xc0 [ 2059.288729] fuse_fill_super+0xc49/0x15c0 [ 2059.292865] ? fuse_get_root_inode+0xc0/0xc0 [ 2059.297269] ? up_write+0x17/0x60 [ 2059.300700] ? register_shrinker+0x15f/0x220 [ 2059.305094] ? sget_userns+0x768/0xc10 [ 2059.308968] ? get_anon_bdev+0x1c0/0x1c0 [ 2059.313004] ? sget+0xd9/0x110 [ 2059.316173] ? fuse_get_root_inode+0xc0/0xc0 [ 2059.320558] mount_nodev+0x4c/0xf0 [ 2059.324081] mount_fs+0x92/0x2a0 [ 2059.327443] vfs_kern_mount.part.0+0x5b/0x470 [ 2059.331922] do_mount+0xe65/0x2a30 [ 2059.335441] ? copy_mount_string+0x40/0x40 [ 2059.339662] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 2059.344668] ? copy_mnt_ns+0xa30/0xa30 [ 2059.348542] ? copy_mount_options+0x1fa/0x2f0 [ 2059.353013] ? copy_mnt_ns+0xa30/0xa30 [ 2059.356880] SyS_mount+0xa8/0x120 [ 2059.360311] ? copy_mnt_ns+0xa30/0xa30 [ 2059.364180] do_syscall_64+0x1d5/0x640 [ 2059.368072] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2059.373237] RIP: 0033:0x7fc09e230109 [ 2059.376945] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2059.384724] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 [ 2059.391986] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 [ 2059.399238] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 [ 2059.406495] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2059.413753] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 10:58:28 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async, rerun: 32) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async, rerun: 32) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async, rerun: 64) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (rerun: 64) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r4, 0x6, 0x23, 0x0, 0x0) (async) ioctl$sock_inet6_tcp_SIOCOUTQ(r4, 0x5411, &(0x7f0000000000)) (async) read$FUSE(r2, &(0x7f0000000680)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_STATFS(r3, &(0x7f0000000080)={0x60, 0x0, r5}, 0x60) write$FUSE_INIT(r1, &(0x7f0000000240)={0x50, 0x0, r5, {0x7, 0x24, 0x5c41, 0x400, 0x101, 0x0, 0x6, 0x9}}, 0x50) (async) write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000180)={0x2a, 0x4, 0x0, {0xffffffffffffffff, 0xfe00000000000000, 0x2, 0x0, [0x0, 0x0]}}, 0x2a) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000010000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="2c00ffb042645c0e084509d1d6ae17228814ac14a574fde881ec4de72c6a158ebfc9dcc4898c36850dfa7a803d6ec87c28d0d17e92a4cba7202cb8c179990ad3051bea4883f66c7e65fab6790db8223ca855422f200b895c6d23425f133781d9b025ab982e8da8d231267181317f575c44cd50ab95640b66c526664cd15e000000000000"]) 10:58:28 executing program 3: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) (async) mount$fuseblk(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x40821, &(0x7f00000000c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, 0xffffffffffffffff}, 0x2c, {'group_id', 0x3d, 0xee01}, 0x2c, {[{@blksize={'blksize', 0x3d, 0x600}}, {@allow_other}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}, {@allow_other}], [{@context={'context', 0x3d, 'staff_u'}}, {@fscontext={'fscontext', 0x3d, 'system_u'}}, {@uid_eq={'uid', 0x3d, 0xee00}}, {@uid_eq}, {@defcontext={'defcontext', 0x3d, 'staff_u'}}]}}) 10:58:28 executing program 5: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) write$FUSE_STATFS(r1, &(0x7f0000000000)={0x60, 0x0, 0x0, {{0xda5, 0xfffffffffffffffa, 0x3, 0x7, 0x2, 0x7, 0x20, 0x9}}}, 0x60) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) (async) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)) (async) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async) write$FUSE_STATFS(r1, &(0x7f0000000000)={0x60, 0x0, 0x0, {{0xda5, 0xfffffffffffffffa, 0x3, 0x7, 0x2, 0x7, 0x20, 0x9}}}, 0x60) (async) 10:58:28 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@updsa={0xf0, 0x1a, 0xf03, 0x0, 0x0, {{@in=@local, @in=@loopback}, {@in6=@empty}, @in=@remote}}, 0xf0}}, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000040)={0xffffffffffffffff}, 0x4) 10:58:28 executing program 2: prctl$PR_CAP_AMBIENT(0x2f, 0x4, 0x1f) (async) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040), 0x80000, 0x0) (async) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x2054808, 0x0) 10:58:28 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 64) 10:58:28 executing program 2: mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x248a0, 0x0) 10:58:28 executing program 3: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) mount$fuseblk(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x40821, &(0x7f00000000c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, 0xffffffffffffffff}, 0x2c, {'group_id', 0x3d, 0xee01}, 0x2c, {[{@blksize={'blksize', 0x3d, 0x600}}, {@allow_other}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}, {@allow_other}], [{@context={'context', 0x3d, 'staff_u'}}, {@fscontext={'fscontext', 0x3d, 'system_u'}}, {@uid_eq={'uid', 0x3d, 0xee00}}, {@uid_eq}, {@defcontext={'defcontext', 0x3d, 'staff_u'}}]}}) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) (async) mount$fuseblk(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x40821, &(0x7f00000000c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, 0xffffffffffffffff}, 0x2c, {'group_id', 0x3d, 0xee01}, 0x2c, {[{@blksize={'blksize', 0x3d, 0x600}}, {@allow_other}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}, {@allow_other}], [{@context={'context', 0x3d, 'staff_u'}}, {@fscontext={'fscontext', 0x3d, 'system_u'}}, {@uid_eq={'uid', 0x3d, 0xee00}}, {@uid_eq}, {@defcontext={'defcontext', 0x3d, 'staff_u'}}]}}) (async) 10:58:28 executing program 2: mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x248a0, 0x0) 10:58:28 executing program 5: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) r3 = getpgid(0xffffffffffffffff) capset(&(0x7f00000000c0)={0x20080522, r3}, &(0x7f0000000100)={0x8, 0x611, 0x5, 0x2, 0x390c, 0x10001}) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000680)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=r2, @ANYBLOB=',group_id=', @ANYRESDEC=r0, @ANYBLOB="2c626c6b73697a653d3078303030303030303030303030303030302c626c6b73697a653d2078303030303030303030303030313430302c64656661756c745f7065726d697373696f6e732c646f6e745f686173682c004af62386cfecdabe3e"]) mount$fuseblk(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x2008, &(0x7f0000000240)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x8000}, 0x2c, {'user_id', 0x3d, 0xee00}, 0x2c, {'group_id', 0x3d, 0xffffffffffffffff}, 0x2c, {[{@default_permissions}, {@blksize={'blksize', 0x3d, 0x1000}}, {@default_permissions}, {@blksize={'blksize', 0x3d, 0x400}}, {@default_permissions}, {@blksize={'blksize', 0x3d, 0xe00}}, {@allow_other}], [{@appraise}, {@appraise}, {@dont_appraise}, {@fsmagic={'fsmagic', 0x3d, 0x6}}, {@obj_user}, {@hash}]}}) 10:58:28 executing program 2: mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x248a0, 0x0) 10:58:28 executing program 3: mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x81048a, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000000c0)={0xffffffffffffffff, 0x58, &(0x7f0000000040)}, 0x10) 10:58:28 executing program 2: r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8) ioctl$SNDRV_SEQ_IOCTL_PVERSION(r0, 0x80045300, &(0x7f0000000040)) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) bpf$MAP_DELETE_BATCH(0x1b, &(0x7f0000000440)={&(0x7f0000000080)="e3995a09483f67bf29b6253f2b7bc04be9148241e067fd47371b8f3822d314eb0d7b591e8241eed57010f8261490cd856288231a370c361a4b01c845026de6a6cda240c007aa1ef7dff0f19211439b36231fbba074e448865562d14ae2fc7e9f5d5c54529dfcd924340d9f551525d89f13c5b54a32682db052dffd447d4e01cd0c6ef46b61de2c0254de81f28e365555da27a31ca28f20f00a8a", &(0x7f0000000240)=""/207, &(0x7f0000000340)="29d7a5f7adca523d8dc791de5a3933384ac89abd37009a7c0b5c3437653f27a1bfb1c88b0f728542c699b5bf5d49bee17dff03cc431f2071ab2a86ed1dc15928a1a327d2a373ccfd5767b2a657349067f896a6c07cdd559fafaace7c1481026387b8208594d1bf8e3d65c9b6416dcb5b8e22572a5ecf29893a763f4008a76e0371b307502780147dd20dfeb41869fbad9e7915b285e875f36462e9b7d874197dd3d6b59ae160a52249fb1f9b2a5701c42c02c992ba937aafdb8cde1a8b49f20070d13c87c28dd2a4ecc904090df0bdc44b8d664e1ab2b1ffd8b269f860392e3576241f9c877ed2efc303b523543241c0a4d4dda19dd920e9c36325884c", &(0x7f0000000140)="95110e610d8a322016cd033fedc8aa73271008fd038eb9dc32e9db0fbe135322e9e6d1360a384a34a29f6cd980f49d3642cebdbee4ef7a218001ad26b76e6b1074e0e091f9a1dfd363191c138d7d9f170b0214f0e906df3be067d7c34f91130b3e9a7014a04b72ec695110ba3edd7e834c91dab086d667e211958804d09f1b569697a06f9cb63bae69aa3318ae317ed64a6143630d212dfc188dd2f33bdb", 0x1, r1}, 0x38) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) 10:58:28 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@updsa={0xf0, 0x1a, 0xf03, 0x0, 0x0, {{@in=@local, @in=@loopback}, {@in6=@empty}, @in=@remote}}, 0xf0}}, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) (async) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000040)={0xffffffffffffffff}, 0x4) 10:58:28 executing program 5: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) (async) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) (async) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) (async) r3 = getpgid(0xffffffffffffffff) capset(&(0x7f00000000c0)={0x20080522, r3}, &(0x7f0000000100)={0x8, 0x611, 0x5, 0x2, 0x390c, 0x10001}) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000680)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=r2, @ANYBLOB=',group_id=', @ANYRESDEC=r0, @ANYBLOB="2c626c6b73697a653d3078303030303030303030303030303030302c626c6b73697a653d2078303030303030303030303030313430302c64656661756c745f7065726d697373696f6e732c646f6e745f686173682c004af62386cfecdabe3e"]) mount$fuseblk(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x2008, &(0x7f0000000240)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x8000}, 0x2c, {'user_id', 0x3d, 0xee00}, 0x2c, {'group_id', 0x3d, 0xffffffffffffffff}, 0x2c, {[{@default_permissions}, {@blksize={'blksize', 0x3d, 0x1000}}, {@default_permissions}, {@blksize={'blksize', 0x3d, 0x400}}, {@default_permissions}, {@blksize={'blksize', 0x3d, 0xe00}}, {@allow_other}], [{@appraise}, {@appraise}, {@dont_appraise}, {@fsmagic={'fsmagic', 0x3d, 0x6}}, {@obj_user}, {@hash}]}}) 10:58:28 executing program 0: r0 = getpgid(0x0) ptrace$poke(0xffffffffffffffff, r0, 0x0, 0x10) clock_settime(0x5, &(0x7f0000000080)={0x77359400}) setpriority(0x0, r0, 0x86ea) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r2 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(r2, 0x0, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000000), 0x0, &(0x7f0000000100)=ANY=[@ANYRESOCT=r2, @ANYRESOCT=r2, @ANYBLOB=',rootmode=00000000000000000010000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRES64=r1, @ANYBLOB=',\x00']) 10:58:28 executing program 3: mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x81048a, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000000c0)={0xffffffffffffffff, 0x58, &(0x7f0000000040)}, 0x10) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x81048a, 0x0) (async) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000000c0)={0xffffffffffffffff, 0x58, &(0x7f0000000040)}, 0x10) (async) [ 2059.662580] FAULT_INJECTION: forcing a failure. [ 2059.662580] name failslab, interval 1, probability 0, space 0, times 0 [ 2059.721135] CPU: 0 PID: 25540 Comm: syz-executor.1 Not tainted 4.14.286-syzkaller #0 [ 2059.729044] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2059.738396] Call Trace: [ 2059.741152] dump_stack+0x1b2/0x281 [ 2059.744767] should_fail.cold+0x10a/0x149 [ 2059.748921] should_failslab+0xd6/0x130 [ 2059.752893] kmem_cache_alloc_trace+0x29a/0x3d0 [ 2059.757547] ? fuse_init_file_inode+0x70/0x70 [ 2059.762018] fuse_alloc_inode+0x2ea/0x3f0 [ 2059.766144] ? do_raw_spin_unlock+0x164/0x220 [ 2059.770633] ? fuse_kill_sb_anon+0x50/0x50 [ 2059.774845] alloc_inode+0x5d/0x170 [ 2059.778448] iget5_locked+0x169/0x450 [ 2059.782225] ? trace_hardirqs_on+0x10/0x10 [ 2059.786443] ? fuse_inode_eq+0x70/0x70 [ 2059.790314] fuse_iget+0x1b5/0x790 [ 2059.793841] ? fuse_change_attributes+0x4d0/0x4d0 [ 2059.798662] fuse_get_root_inode+0x99/0xc0 [ 2059.802900] ? fuse_iget+0x790/0x790 [ 2059.806603] ? __local_bh_enable_ip+0xc1/0x170 [ 2059.811162] ? bdi_set_max_ratio+0xe5/0x120 [ 2059.815461] fuse_fill_super+0xc18/0x15c0 [ 2059.819590] ? fuse_get_root_inode+0xc0/0xc0 [ 2059.824022] ? up_write+0x17/0x60 [ 2059.827456] ? register_shrinker+0x15f/0x220 [ 2059.831841] ? sget_userns+0x768/0xc10 [ 2059.835722] ? get_anon_bdev+0x1c0/0x1c0 [ 2059.839764] ? sget+0xd9/0x110 [ 2059.842936] ? fuse_get_root_inode+0xc0/0xc0 [ 2059.847320] mount_nodev+0x4c/0xf0 [ 2059.850836] mount_fs+0x92/0x2a0 [ 2059.854182] vfs_kern_mount.part.0+0x5b/0x470 [ 2059.858667] do_mount+0xe65/0x2a30 [ 2059.862206] ? do_raw_spin_unlock+0x164/0x220 [ 2059.866678] ? copy_mount_string+0x40/0x40 [ 2059.870891] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 2059.875883] ? copy_mnt_ns+0xa30/0xa30 [ 2059.879745] ? copy_mount_options+0x1fa/0x2f0 [ 2059.884214] ? copy_mnt_ns+0xa30/0xa30 [ 2059.888077] SyS_mount+0xa8/0x120 [ 2059.891509] ? copy_mnt_ns+0xa30/0xa30 [ 2059.895376] do_syscall_64+0x1d5/0x640 [ 2059.899244] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2059.904413] RIP: 0033:0x7fc09e230109 [ 2059.908100] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 10:58:28 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 65) 10:58:28 executing program 0: r0 = getpgid(0x0) ptrace$poke(0xffffffffffffffff, r0, 0x0, 0x10) (async) clock_settime(0x5, &(0x7f0000000080)={0x77359400}) setpriority(0x0, r0, 0x86ea) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) (async) r2 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(r2, 0x0, 0x0) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000000), 0x0, &(0x7f0000000100)=ANY=[@ANYRESOCT=r2, @ANYRESOCT=r2, @ANYBLOB=',rootmode=00000000000000000010000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRES64=r1, @ANYBLOB=',\x00']) 10:58:28 executing program 5: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) r3 = getpgid(0xffffffffffffffff) capset(&(0x7f00000000c0)={0x20080522, r3}, &(0x7f0000000100)={0x8, 0x611, 0x5, 0x2, 0x390c, 0x10001}) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000680)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=r2, @ANYBLOB=',group_id=', @ANYRESDEC=r0, @ANYBLOB="2c626c6b73697a653d3078303030303030303030303030303030302c626c6b73697a653d2078303030303030303030303030313430302c64656661756c745f7065726d697373696f6e732c646f6e745f686173682c004af62386cfecdabe3e"]) mount$fuseblk(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x2008, &(0x7f0000000240)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x8000}, 0x2c, {'user_id', 0x3d, 0xee00}, 0x2c, {'group_id', 0x3d, 0xffffffffffffffff}, 0x2c, {[{@default_permissions}, {@blksize={'blksize', 0x3d, 0x1000}}, {@default_permissions}, {@blksize={'blksize', 0x3d, 0x400}}, {@default_permissions}, {@blksize={'blksize', 0x3d, 0xe00}}, {@allow_other}], [{@appraise}, {@appraise}, {@dont_appraise}, {@fsmagic={'fsmagic', 0x3d, 0x6}}, {@obj_user}, {@hash}]}}) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) (async) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)) (async) getpgid(0xffffffffffffffff) (async) capset(&(0x7f00000000c0)={0x20080522, r3}, &(0x7f0000000100)={0x8, 0x611, 0x5, 0x2, 0x390c, 0x10001}) (async) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000680)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=r2, @ANYBLOB=',group_id=', @ANYRESDEC=r0, @ANYBLOB="2c626c6b73697a653d3078303030303030303030303030303030302c626c6b73697a653d2078303030303030303030303030313430302c64656661756c745f7065726d697373696f6e732c646f6e745f686173682c004af62386cfecdabe3e"]) (async) mount$fuseblk(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x2008, &(0x7f0000000240)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x8000}, 0x2c, {'user_id', 0x3d, 0xee00}, 0x2c, {'group_id', 0x3d, 0xffffffffffffffff}, 0x2c, {[{@default_permissions}, {@blksize={'blksize', 0x3d, 0x1000}}, {@default_permissions}, {@blksize={'blksize', 0x3d, 0x400}}, {@default_permissions}, {@blksize={'blksize', 0x3d, 0xe00}}, {@allow_other}], [{@appraise}, {@appraise}, {@dont_appraise}, {@fsmagic={'fsmagic', 0x3d, 0x6}}, {@obj_user}, {@hash}]}}) (async) 10:58:28 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@updsa={0xf0, 0x1a, 0xf03, 0x0, 0x0, {{@in=@local, @in=@loopback}, {@in6=@empty}, @in=@remote}}, 0xf0}}, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000040)={0xffffffffffffffff}, 0x4) 10:58:28 executing program 3: mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x81048a, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000000c0)={0xffffffffffffffff, 0x58, &(0x7f0000000040)}, 0x10) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x81048a, 0x0) (async) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000000c0)={0xffffffffffffffff, 0x58, &(0x7f0000000040)}, 0x10) (async) 10:58:28 executing program 2: r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8) ioctl$SNDRV_SEQ_IOCTL_PVERSION(r0, 0x80045300, &(0x7f0000000040)) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) bpf$MAP_DELETE_BATCH(0x1b, &(0x7f0000000440)={&(0x7f0000000080)="e3995a09483f67bf29b6253f2b7bc04be9148241e067fd47371b8f3822d314eb0d7b591e8241eed57010f8261490cd856288231a370c361a4b01c845026de6a6cda240c007aa1ef7dff0f19211439b36231fbba074e448865562d14ae2fc7e9f5d5c54529dfcd924340d9f551525d89f13c5b54a32682db052dffd447d4e01cd0c6ef46b61de2c0254de81f28e365555da27a31ca28f20f00a8a", &(0x7f0000000240)=""/207, &(0x7f0000000340)="29d7a5f7adca523d8dc791de5a3933384ac89abd37009a7c0b5c3437653f27a1bfb1c88b0f728542c699b5bf5d49bee17dff03cc431f2071ab2a86ed1dc15928a1a327d2a373ccfd5767b2a657349067f896a6c07cdd559fafaace7c1481026387b8208594d1bf8e3d65c9b6416dcb5b8e22572a5ecf29893a763f4008a76e0371b307502780147dd20dfeb41869fbad9e7915b285e875f36462e9b7d874197dd3d6b59ae160a52249fb1f9b2a5701c42c02c992ba937aafdb8cde1a8b49f20070d13c87c28dd2a4ecc904090df0bdc44b8d664e1ab2b1ffd8b269f860392e3576241f9c877ed2efc303b523543241c0a4d4dda19dd920e9c36325884c", &(0x7f0000000140)="95110e610d8a322016cd033fedc8aa73271008fd038eb9dc32e9db0fbe135322e9e6d1360a384a34a29f6cd980f49d3642cebdbee4ef7a218001ad26b76e6b1074e0e091f9a1dfd363191c138d7d9f170b0214f0e906df3be067d7c34f91130b3e9a7014a04b72ec695110ba3edd7e834c91dab086d667e211958804d09f1b569697a06f9cb63bae69aa3318ae317ed64a6143630d212dfc188dd2f33bdb", 0x1, r1}, 0x38) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) 10:58:29 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@updsa={0xf0, 0x1a, 0xf03, 0x0, 0x0, {{@in=@local, @in=@loopback}, {@in6=@empty}, @in=@remote}}, 0xf0}}, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000040)) [ 2059.916484] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 [ 2059.923729] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 [ 2059.930977] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 [ 2059.938221] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2059.945463] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 10:58:29 executing program 2: r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8) ioctl$SNDRV_SEQ_IOCTL_PVERSION(r0, 0x80045300, &(0x7f0000000040)) (async) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) (async, rerun: 64) bpf$MAP_DELETE_BATCH(0x1b, &(0x7f0000000440)={&(0x7f0000000080)="e3995a09483f67bf29b6253f2b7bc04be9148241e067fd47371b8f3822d314eb0d7b591e8241eed57010f8261490cd856288231a370c361a4b01c845026de6a6cda240c007aa1ef7dff0f19211439b36231fbba074e448865562d14ae2fc7e9f5d5c54529dfcd924340d9f551525d89f13c5b54a32682db052dffd447d4e01cd0c6ef46b61de2c0254de81f28e365555da27a31ca28f20f00a8a", &(0x7f0000000240)=""/207, &(0x7f0000000340)="29d7a5f7adca523d8dc791de5a3933384ac89abd37009a7c0b5c3437653f27a1bfb1c88b0f728542c699b5bf5d49bee17dff03cc431f2071ab2a86ed1dc15928a1a327d2a373ccfd5767b2a657349067f896a6c07cdd559fafaace7c1481026387b8208594d1bf8e3d65c9b6416dcb5b8e22572a5ecf29893a763f4008a76e0371b307502780147dd20dfeb41869fbad9e7915b285e875f36462e9b7d874197dd3d6b59ae160a52249fb1f9b2a5701c42c02c992ba937aafdb8cde1a8b49f20070d13c87c28dd2a4ecc904090df0bdc44b8d664e1ab2b1ffd8b269f860392e3576241f9c877ed2efc303b523543241c0a4d4dda19dd920e9c36325884c", &(0x7f0000000140)="95110e610d8a322016cd033fedc8aa73271008fd038eb9dc32e9db0fbe135322e9e6d1360a384a34a29f6cd980f49d3642cebdbee4ef7a218001ad26b76e6b1074e0e091f9a1dfd363191c138d7d9f170b0214f0e906df3be067d7c34f91130b3e9a7014a04b72ec695110ba3edd7e834c91dab086d667e211958804d09f1b569697a06f9cb63bae69aa3318ae317ed64a6143630d212dfc188dd2f33bdb", 0x1, r1}, 0x38) (async, rerun: 64) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) 10:58:29 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@updsa={0xf0, 0x1a, 0xf03, 0x0, 0x0, {{@in=@local, @in=@loopback}, {@in6=@empty}, @in=@remote}}, 0xf0}}, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000040)) socket$nl_xfrm(0x10, 0x3, 0x6) (async) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@updsa={0xf0, 0x1a, 0xf03, 0x0, 0x0, {{@in=@local, @in=@loopback}, {@in6=@empty}, @in=@remote}}, 0xf0}}, 0x0) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (async) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) (async) ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000040)) (async) 10:58:29 executing program 3: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) write$ppp(r0, &(0x7f0000002380)="613a1ebce9c24297b0085d752665d07d1f13293f6602b4da8520cec4026762ac5a89390283335a5d91eb2c95", 0x2c) socket$inet_smc(0x2b, 0x1, 0x0) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, &(0x7f0000002480)="f335e178cbc1d9fe2e8181191cff5e47", 0x10) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f00000024c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB="2c726f00046d6f64653d30303030303030303030303030303030153036303030302c757365725f69643d7b75fdde35de4419bae4e29842c7ef7dc46cc61a0e812fdd666dc027b8ad6e28ab0197ebda2b7cd640819700b82d57f99989958209208b6eb6b114002d06653f29c48a2ea7f97d315343dc60cff0cb6a98b69ddc1962f5ea7b3a80e622225d10a7a0f668923cbf11d91cb73941d8e6b3c18688f1350062eac74a3c5bda5a81f13219b75ab00ea1534d64e7bb9b903a0265fd316e944b2163957d4b3e773a6acf1b571de08822", @ANYRESDEC=r3, @ANYBLOB=',group_id=', @ANYRESDEC=r1, @ANYBLOB=',blksize=0x0000000000000000,blksize=0x0000000000001400,default_permissions,dont_hash,\x00']) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f00000023c0), 0x400, 0x0) ioctl$PPPIOCSPASS(r4, 0x40107447, &(0x7f0000002440)={0x3, &(0x7f0000002400)=[{0xeee0, 0x1, 0x7, 0x5}, {0x2530, 0x81, 0x81, 0x5}, {0x8, 0x2a, 0x4, 0x6}]}) ptrace$setregset(0x4205, 0xffffffffffffffff, 0x202, &(0x7f0000000000)={&(0x7f00000022c0)="a915a898e63a6ff81103b6aa8786a3e9bb8a162a045893285dd9ed734e5afabf064a41018fb332a5d9f5e36b5084ec3d0f973d5bc5c573cba77ce97b2582e1b5227838d12055cde87e3c02ff19a4825adaf1d665774b8268c2369c0cd0bfef75b819d6b94b8edb348d0836e5711380f9b9c79257ebf0746166127edf6fc1fd32de0551573cf9a070edf24931", 0x8c}) read$FUSE(r2, &(0x7f0000000240)={0x2020}, 0x2020) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000002280)={0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000040)=""/221, 0x4}, 0x20) 10:58:29 executing program 2: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000000)={&(0x7f0000fed000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000000100)=""/251, 0xee, 0x1, &(0x7f0000000080)=""/19, 0x13}, &(0x7f00000000c0)=0x22) ioctl$sock_inet6_tcp_SIOCATMARK(r0, 0x8905, &(0x7f0000000040)) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) 10:58:29 executing program 0: r0 = getpgid(0x0) ptrace$poke(0xffffffffffffffff, r0, 0x0, 0x10) (async) clock_settime(0x5, &(0x7f0000000080)={0x77359400}) (async) setpriority(0x0, r0, 0x86ea) (async) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) (async) r2 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(r2, 0x0, 0x0) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000000), 0x0, &(0x7f0000000100)=ANY=[@ANYRESOCT=r2, @ANYRESOCT=r2, @ANYBLOB=',rootmode=00000000000000000010000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRES64=r1, @ANYBLOB=',\x00']) 10:58:29 executing program 5: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={&(0x7f0000000000)="8bf459f032962fbbe8669f3f19c5293b2ebb291bfa2b98bf19c48d21ee462d571a11be94f6dd53c9419326b868e0c1e0dbd3da2fe76dd6973fbbb0557b2848fed8d88a687388d0d48a46e04ef909b19133d688e65a71edd7c0a70e1f54afc96f35273d7d552bc41c6adcebbbf85a24c50ccc6bbdf7a3b13ce72cb9dc7327d9215cf1634b04f62f69374141bbebabb74217c3ad0abc3b72d7b71824e5e3856e094d5fb283030462f6d026d6438054e99f2a8dbb74a067fbfb523f85e8251b9381c9b9c1d5b04fdc03f424e4fc0ced9467dd0467ab", &(0x7f0000000100)=""/180, &(0x7f0000000240)="4f0e3ff1086c1b9f24d7583a93130aa6c6d2b2fe97bb076266c408f611d8cba226945e7de29f7a67a04d0c6ed55c5b4355e63c2aab3b1b1e3e58f04f5aa4511860e03205b4432a8531db722799244566f6883e769540eea327732c4fc5876ab2cb67cd24cc0b25258c337679329235376c06b6aeec6f059e91ec69b900c80aa59f59cb8ee6c8ed9f70a1aa6d6bb4f3bc8cae4dc7bcbf11cb9a1c30c5339c944180e8e77fd0e5c1aed19b0b7d48e5d0959dd934e2e7075c8649d7539f4cc81e553b4cc0db1478fab6113faf1339497b0186", &(0x7f00000001c0)="f013f06c9cfb9f8674f5ec342ec5bf38ca9bccda7305e7a8d1ae50091cf862e0d81f5c8c69cfcf67229360653a1171318c49296880037012a187", 0xfffffff8, r0, 0x4}, 0x38) [ 2060.115857] FAULT_INJECTION: forcing a failure. [ 2060.115857] name failslab, interval 1, probability 0, space 0, times 0 [ 2060.128160] CPU: 0 PID: 25606 Comm: syz-executor.1 Not tainted 4.14.286-syzkaller #0 [ 2060.136040] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2060.145393] Call Trace: [ 2060.147961] dump_stack+0x1b2/0x281 [ 2060.151567] should_fail.cold+0x10a/0x149 [ 2060.155697] should_failslab+0xd6/0x130 [ 2060.159657] kmem_cache_alloc+0x28e/0x3c0 [ 2060.163785] __d_alloc+0x2a/0xa20 [ 2060.167217] d_alloc+0x46/0x240 [ 2060.170472] d_alloc_name+0x70/0x80 [ 2060.174078] ? d_alloc+0x240/0x240 [ 2060.177603] fuse_ctl_add_dentry+0x70/0x410 [ 2060.181903] ? __lockdep_init_map+0x100/0x560 [ 2060.186376] fuse_ctl_add_conn+0x110/0x250 [ 2060.190588] ? fuse_ctl_remove_conn+0x1a0/0x1a0 [ 2060.195232] ? SMBQueryInformation+0x165/0x910 [ 2060.199799] fuse_fill_super+0xe0c/0x15c0 [ 2060.203927] ? fuse_get_root_inode+0xc0/0xc0 [ 2060.208330] ? up_write+0x17/0x60 [ 2060.211763] ? register_shrinker+0x15f/0x220 [ 2060.216146] ? sget_userns+0x768/0xc10 [ 2060.220016] ? get_anon_bdev+0x1c0/0x1c0 [ 2060.224051] ? sget+0xd9/0x110 [ 2060.227221] ? fuse_get_root_inode+0xc0/0xc0 [ 2060.231612] mount_nodev+0x4c/0xf0 [ 2060.235140] mount_fs+0x92/0x2a0 [ 2060.238491] vfs_kern_mount.part.0+0x5b/0x470 [ 2060.242964] do_mount+0xe65/0x2a30 [ 2060.246486] ? copy_mount_string+0x40/0x40 [ 2060.250696] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 2060.255762] ? copy_mnt_ns+0xa30/0xa30 [ 2060.259626] ? copy_mount_options+0x1fa/0x2f0 [ 2060.264106] ? copy_mnt_ns+0xa30/0xa30 [ 2060.267989] SyS_mount+0xa8/0x120 [ 2060.271420] ? copy_mnt_ns+0xa30/0xa30 [ 2060.275288] do_syscall_64+0x1d5/0x640 [ 2060.279183] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2060.284352] RIP: 0033:0x7fc09e230109 [ 2060.288037] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2060.295722] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 [ 2060.303330] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 10:58:29 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 66) 10:58:29 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@updsa={0xf0, 0x1a, 0xf03, 0x0, 0x0, {{@in=@local, @in=@loopback}, {@in6=@empty}, @in=@remote}}, 0xf0}}, 0x0) (async) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000040)) 10:58:29 executing program 2: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) (async) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000000)={&(0x7f0000fed000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000000100)=""/251, 0xee, 0x1, &(0x7f0000000080)=""/19, 0x13}, &(0x7f00000000c0)=0x22) (async) ioctl$sock_inet6_tcp_SIOCATMARK(r0, 0x8905, &(0x7f0000000040)) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) 10:58:29 executing program 3: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) (async) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) (async) write$ppp(r0, &(0x7f0000002380)="613a1ebce9c24297b0085d752665d07d1f13293f6602b4da8520cec4026762ac5a89390283335a5d91eb2c95", 0x2c) (async) socket$inet_smc(0x2b, 0x1, 0x0) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) (async) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, &(0x7f0000002480)="f335e178cbc1d9fe2e8181191cff5e47", 0x10) (async, rerun: 32) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async, rerun: 32) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f00000024c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB="2c726f00046d6f64653d30303030303030303030303030303030153036303030302c757365725f69643d7b75fdde35de4419bae4e29842c7ef7dc46cc61a0e812fdd666dc027b8ad6e28ab0197ebda2b7cd640819700b82d57f99989958209208b6eb6b114002d06653f29c48a2ea7f97d315343dc60cff0cb6a98b69ddc1962f5ea7b3a80e622225d10a7a0f668923cbf11d91cb73941d8e6b3c18688f1350062eac74a3c5bda5a81f13219b75ab00ea1534d64e7bb9b903a0265fd316e944b2163957d4b3e773a6acf1b571de08822", @ANYRESDEC=r3, @ANYBLOB=',group_id=', @ANYRESDEC=r1, @ANYBLOB=',blksize=0x0000000000000000,blksize=0x0000000000001400,default_permissions,dont_hash,\x00']) (async) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f00000023c0), 0x400, 0x0) ioctl$PPPIOCSPASS(r4, 0x40107447, &(0x7f0000002440)={0x3, &(0x7f0000002400)=[{0xeee0, 0x1, 0x7, 0x5}, {0x2530, 0x81, 0x81, 0x5}, {0x8, 0x2a, 0x4, 0x6}]}) ptrace$setregset(0x4205, 0xffffffffffffffff, 0x202, &(0x7f0000000000)={&(0x7f00000022c0)="a915a898e63a6ff81103b6aa8786a3e9bb8a162a045893285dd9ed734e5afabf064a41018fb332a5d9f5e36b5084ec3d0f973d5bc5c573cba77ce97b2582e1b5227838d12055cde87e3c02ff19a4825adaf1d665774b8268c2369c0cd0bfef75b819d6b94b8edb348d0836e5711380f9b9c79257ebf0746166127edf6fc1fd32de0551573cf9a070edf24931", 0x8c}) read$FUSE(r2, &(0x7f0000000240)={0x2020}, 0x2020) (async, rerun: 64) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000002280)={0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000040)=""/221, 0x4}, 0x20) (rerun: 64) 10:58:29 executing program 5: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) (async, rerun: 64) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (rerun: 64) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) (async) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={&(0x7f0000000000)="8bf459f032962fbbe8669f3f19c5293b2ebb291bfa2b98bf19c48d21ee462d571a11be94f6dd53c9419326b868e0c1e0dbd3da2fe76dd6973fbbb0557b2848fed8d88a687388d0d48a46e04ef909b19133d688e65a71edd7c0a70e1f54afc96f35273d7d552bc41c6adcebbbf85a24c50ccc6bbdf7a3b13ce72cb9dc7327d9215cf1634b04f62f69374141bbebabb74217c3ad0abc3b72d7b71824e5e3856e094d5fb283030462f6d026d6438054e99f2a8dbb74a067fbfb523f85e8251b9381c9b9c1d5b04fdc03f424e4fc0ced9467dd0467ab", &(0x7f0000000100)=""/180, &(0x7f0000000240)="4f0e3ff1086c1b9f24d7583a93130aa6c6d2b2fe97bb076266c408f611d8cba226945e7de29f7a67a04d0c6ed55c5b4355e63c2aab3b1b1e3e58f04f5aa4511860e03205b4432a8531db722799244566f6883e769540eea327732c4fc5876ab2cb67cd24cc0b25258c337679329235376c06b6aeec6f059e91ec69b900c80aa59f59cb8ee6c8ed9f70a1aa6d6bb4f3bc8cae4dc7bcbf11cb9a1c30c5339c944180e8e77fd0e5c1aed19b0b7d48e5d0959dd934e2e7075c8649d7539f4cc81e553b4cc0db1478fab6113faf1339497b0186", &(0x7f00000001c0)="f013f06c9cfb9f8674f5ec342ec5bf38ca9bccda7305e7a8d1ae50091cf862e0d81f5c8c69cfcf67229360653a1171318c49296880037012a187", 0xfffffff8, r0, 0x4}, 0x38) 10:58:29 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\x00\x00\x00', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000010000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',\x00']) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080), 0x40000, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x6, 0x0, 0x2000, 0x2000, &(0x7f0000ffb000/0x2000)=nil}) write$FUSE_NOTIFY_POLL(r1, &(0x7f0000000180)={0x18}, 0x18) [ 2060.310575] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 [ 2060.317822] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2060.325070] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 10:58:29 executing program 2: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000000)={&(0x7f0000fed000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000000100)=""/251, 0xee, 0x1, &(0x7f0000000080)=""/19, 0x13}, &(0x7f00000000c0)=0x22) ioctl$sock_inet6_tcp_SIOCATMARK(r0, 0x8905, &(0x7f0000000040)) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (async) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (async) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0) (async) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000000)={&(0x7f0000fed000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000000100)=""/251, 0xee, 0x1, &(0x7f0000000080)=""/19, 0x13}, &(0x7f00000000c0)=0x22) (async) ioctl$sock_inet6_tcp_SIOCATMARK(r0, 0x8905, &(0x7f0000000040)) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) (async) 10:58:29 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\x00\x00\x00', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000010000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',\x00']) (async) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080), 0x40000, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x6, 0x0, 0x2000, 0x2000, &(0x7f0000ffb000/0x2000)=nil}) (async) write$FUSE_NOTIFY_POLL(r1, &(0x7f0000000180)={0x18}, 0x18) 10:58:29 executing program 3: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) write$ppp(r0, &(0x7f0000002380)="613a1ebce9c24297b0085d752665d07d1f13293f6602b4da8520cec4026762ac5a89390283335a5d91eb2c95", 0x2c) socket$inet_smc(0x2b, 0x1, 0x0) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, &(0x7f0000002480)="f335e178cbc1d9fe2e8181191cff5e47", 0x10) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f00000024c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB="2c726f00046d6f64653d30303030303030303030303030303030153036303030302c757365725f69643d7b75fdde35de4419bae4e29842c7ef7dc46cc61a0e812fdd666dc027b8ad6e28ab0197ebda2b7cd640819700b82d57f99989958209208b6eb6b114002d06653f29c48a2ea7f97d315343dc60cff0cb6a98b69ddc1962f5ea7b3a80e622225d10a7a0f668923cbf11d91cb73941d8e6b3c18688f1350062eac74a3c5bda5a81f13219b75ab00ea1534d64e7bb9b903a0265fd316e944b2163957d4b3e773a6acf1b571de08822", @ANYRESDEC=r3, @ANYBLOB=',group_id=', @ANYRESDEC=r1, @ANYBLOB=',blksize=0x0000000000000000,blksize=0x0000000000001400,default_permissions,dont_hash,\x00']) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f00000023c0), 0x400, 0x0) ioctl$PPPIOCSPASS(r4, 0x40107447, &(0x7f0000002440)={0x3, &(0x7f0000002400)=[{0xeee0, 0x1, 0x7, 0x5}, {0x2530, 0x81, 0x81, 0x5}, {0x8, 0x2a, 0x4, 0x6}]}) ptrace$setregset(0x4205, 0xffffffffffffffff, 0x202, &(0x7f0000000000)={&(0x7f00000022c0)="a915a898e63a6ff81103b6aa8786a3e9bb8a162a045893285dd9ed734e5afabf064a41018fb332a5d9f5e36b5084ec3d0f973d5bc5c573cba77ce97b2582e1b5227838d12055cde87e3c02ff19a4825adaf1d665774b8268c2369c0cd0bfef75b819d6b94b8edb348d0836e5711380f9b9c79257ebf0746166127edf6fc1fd32de0551573cf9a070edf24931", 0x8c}) read$FUSE(r2, &(0x7f0000000240)={0x2020}, 0x2020) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000002280)={0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000040)=""/221, 0x4}, 0x20) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (async) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) (async) write$ppp(r0, &(0x7f0000002380)="613a1ebce9c24297b0085d752665d07d1f13293f6602b4da8520cec4026762ac5a89390283335a5d91eb2c95", 0x2c) (async) socket$inet_smc(0x2b, 0x1, 0x0) (async) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)) (async) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, &(0x7f0000002480)="f335e178cbc1d9fe2e8181191cff5e47", 0x10) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)) (async) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f00000024c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB="2c726f00046d6f64653d30303030303030303030303030303030153036303030302c757365725f69643d7b75fdde35de4419bae4e29842c7ef7dc46cc61a0e812fdd666dc027b8ad6e28ab0197ebda2b7cd640819700b82d57f99989958209208b6eb6b114002d06653f29c48a2ea7f97d315343dc60cff0cb6a98b69ddc1962f5ea7b3a80e622225d10a7a0f668923cbf11d91cb73941d8e6b3c18688f1350062eac74a3c5bda5a81f13219b75ab00ea1534d64e7bb9b903a0265fd316e944b2163957d4b3e773a6acf1b571de08822", @ANYRESDEC=r3, @ANYBLOB=',group_id=', @ANYRESDEC=r1, @ANYBLOB=',blksize=0x0000000000000000,blksize=0x0000000000001400,default_permissions,dont_hash,\x00']) (async) openat$ppp(0xffffffffffffff9c, &(0x7f00000023c0), 0x400, 0x0) (async) ioctl$PPPIOCSPASS(r4, 0x40107447, &(0x7f0000002440)={0x3, &(0x7f0000002400)=[{0xeee0, 0x1, 0x7, 0x5}, {0x2530, 0x81, 0x81, 0x5}, {0x8, 0x2a, 0x4, 0x6}]}) (async) ptrace$setregset(0x4205, 0xffffffffffffffff, 0x202, &(0x7f0000000000)={&(0x7f00000022c0)="a915a898e63a6ff81103b6aa8786a3e9bb8a162a045893285dd9ed734e5afabf064a41018fb332a5d9f5e36b5084ec3d0f973d5bc5c573cba77ce97b2582e1b5227838d12055cde87e3c02ff19a4825adaf1d665774b8268c2369c0cd0bfef75b819d6b94b8edb348d0836e5711380f9b9c79257ebf0746166127edf6fc1fd32de0551573cf9a070edf24931", 0x8c}) (async) read$FUSE(r2, &(0x7f0000000240)={0x2020}, 0x2020) (async) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000002280)={0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000040)=""/221, 0x4}, 0x20) (async) 10:58:29 executing program 2: add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)={0x3, 0x0, @auto=[0x35]}, 0x9, 0xfffffffffffffff9) mount$fuse(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0xa4c88, 0x0) 10:58:29 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0)=0x0, &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r4}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) r5 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r7 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f0000002840), &(0x7f0000002880)=0x0, &(0x7f00000028c0)) getresuid(&(0x7f0000002900), &(0x7f0000002940), &(0x7f0000002980)=0x0) mount$fuseblk(&(0x7f0000000280), &(0x7f00000026c0)='./file0\x00', &(0x7f0000002700), 0x100000, &(0x7f00000029c0)={{}, 0x2c, {'rootmode', 0x3d, 0x8000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x4}}, {@max_read={'max_read', 0x3d, 0x59}}, {@default_permissions}], [{@fowner_eq={'fowner', 0x3d, r4}}, {@obj_type={'obj_type', 0x3d, '+}@,*'}}, {@fowner_lt={'fowner<', r4}}, {@appraise}, {@fowner_gt={'fowner>', r8}}, {@euid_lt={'euid<', r3}}, {@subj_role={'subj_role', 0x3d, '%,\xda:'}}, {@measure}, {@fowner_eq={'fowner', 0x3d, r9}}, {@smackfsroot={'smackfsroot', 0x3d, '$'}}]}}) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000002cc0)={{'fd', 0x3d, r7}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r10}, 0x2c, {'group_id', 0x3d, r6}, 0x2c, {[{@blksize={'blksize', 0x3d, 0xa00}}, {@blksize={'blksize', 0x3d, 0x1200}}, {@allow_other}], [{@subj_type={'subj_type', 0x3d, '#%J%{-+-'}}, {@fowner_gt}, {@defcontext={'defcontext', 0x3d, 'root'}}, {@smackfsdef={'smackfsdef', 0x3d, '%'}}]}}) read$FUSE(r7, &(0x7f0000000680)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_STATFS(r5, &(0x7f0000000080)={0x60, 0x0, r11}, 0x60) write$FUSE_STATFS(r2, &(0x7f00000000c0)={0x60, 0x0, r11, {{0xfffffffffffffffa, 0xffffffffffffffff, 0x31d, 0xfffffffffffffffa, 0xfffffffffffffffc, 0x1, 0x7, 0xcc9}}}, 0x60) r12 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x200000) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r12, 0xc05c5340, &(0x7f0000000200)={0x100, 0x2, 0x3, {0x3, 0x1ff}, 0x80, 0x5}) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@updsa={0xf0, 0x1a, 0xf03, 0x0, 0x0, {{@in=@local, @in=@loopback}, {@in6=@empty}, @in=@remote}}, 0xf0}}, 0x0) 10:58:29 executing program 2: add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)={0x3, 0x0, @auto=[0x35]}, 0x9, 0xfffffffffffffff9) (async) mount$fuse(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0xa4c88, 0x0) 10:58:29 executing program 5: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) (async) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={&(0x7f0000000000)="8bf459f032962fbbe8669f3f19c5293b2ebb291bfa2b98bf19c48d21ee462d571a11be94f6dd53c9419326b868e0c1e0dbd3da2fe76dd6973fbbb0557b2848fed8d88a687388d0d48a46e04ef909b19133d688e65a71edd7c0a70e1f54afc96f35273d7d552bc41c6adcebbbf85a24c50ccc6bbdf7a3b13ce72cb9dc7327d9215cf1634b04f62f69374141bbebabb74217c3ad0abc3b72d7b71824e5e3856e094d5fb283030462f6d026d6438054e99f2a8dbb74a067fbfb523f85e8251b9381c9b9c1d5b04fdc03f424e4fc0ced9467dd0467ab", &(0x7f0000000100)=""/180, &(0x7f0000000240)="4f0e3ff1086c1b9f24d7583a93130aa6c6d2b2fe97bb076266c408f611d8cba226945e7de29f7a67a04d0c6ed55c5b4355e63c2aab3b1b1e3e58f04f5aa4511860e03205b4432a8531db722799244566f6883e769540eea327732c4fc5876ab2cb67cd24cc0b25258c337679329235376c06b6aeec6f059e91ec69b900c80aa59f59cb8ee6c8ed9f70a1aa6d6bb4f3bc8cae4dc7bcbf11cb9a1c30c5339c944180e8e77fd0e5c1aed19b0b7d48e5d0959dd934e2e7075c8649d7539f4cc81e553b4cc0db1478fab6113faf1339497b0186", &(0x7f00000001c0)="f013f06c9cfb9f8674f5ec342ec5bf38ca9bccda7305e7a8d1ae50091cf862e0d81f5c8c69cfcf67229360653a1171318c49296880037012a187", 0xfffffff8, r0, 0x4}, 0x38) [ 2060.465883] FAULT_INJECTION: forcing a failure. [ 2060.465883] name failslab, interval 1, probability 0, space 0, times 0 [ 2060.508277] CPU: 1 PID: 25638 Comm: syz-executor.1 Not tainted 4.14.286-syzkaller #0 [ 2060.516179] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2060.525514] Call Trace: [ 2060.528084] dump_stack+0x1b2/0x281 [ 2060.531688] should_fail.cold+0x10a/0x149 [ 2060.535827] should_failslab+0xd6/0x130 [ 2060.539777] kmem_cache_alloc+0x28e/0x3c0 [ 2060.543911] alloc_inode+0xa0/0x170 [ 2060.547513] new_inode+0x1d/0xf0 [ 2060.550857] fuse_ctl_add_dentry+0x8d/0x410 [ 2060.555168] ? __lockdep_init_map+0x100/0x560 [ 2060.559640] fuse_ctl_add_conn+0x110/0x250 [ 2060.563856] ? fuse_ctl_remove_conn+0x1a0/0x1a0 [ 2060.568498] ? SMBQueryInformation+0x165/0x910 [ 2060.573061] fuse_fill_super+0xe0c/0x15c0 [ 2060.577185] ? fuse_get_root_inode+0xc0/0xc0 [ 2060.581570] ? up_write+0x17/0x60 [ 2060.584999] ? register_shrinker+0x15f/0x220 [ 2060.589383] ? sget_userns+0x768/0xc10 [ 2060.593255] ? get_anon_bdev+0x1c0/0x1c0 [ 2060.597301] ? sget+0xd9/0x110 [ 2060.600472] ? fuse_get_root_inode+0xc0/0xc0 [ 2060.604905] mount_nodev+0x4c/0xf0 [ 2060.608422] mount_fs+0x92/0x2a0 [ 2060.611765] vfs_kern_mount.part.0+0x5b/0x470 [ 2060.616239] do_mount+0xe65/0x2a30 [ 2060.619754] ? retint_kernel+0x2d/0x2d [ 2060.623619] ? copy_mount_string+0x40/0x40 [ 2060.627829] ? __sanitizer_cov_trace_pc+0x23/0x50 [ 2060.632647] ? copy_mount_options+0x1fa/0x2f0 [ 2060.637116] ? copy_mnt_ns+0xa30/0xa30 [ 2060.640977] SyS_mount+0xa8/0x120 [ 2060.644404] ? copy_mnt_ns+0xa30/0xa30 [ 2060.648271] do_syscall_64+0x1d5/0x640 [ 2060.652141] entry_SYSCALL_64_after_hwframe+0x46/0xbb 10:58:29 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 67) 10:58:29 executing program 5: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r4}, 0x2c, {'group_id', 0x3d, r2}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) getresgid(&(0x7f0000000100)=0x0, &(0x7f0000000140), &(0x7f0000000180)) write$FUSE_ATTR(r3, &(0x7f0000000240)={0x78, 0x0, 0x0, {0x6, 0x4, 0x0, {0x2, 0x8, 0x75, 0x6, 0xb63, 0x1, 0x5, 0x8001, 0x3, 0x6000, 0x10000, 0xffffffffffffffff, r5, 0x800, 0x1}}}, 0x78) read$FUSE(r0, &(0x7f0000000680)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_STATFS(r1, &(0x7f0000000080)={0x60, 0x0, r6}, 0x60) write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000000)={0x50, 0x0, r6, {0x7, 0x24, 0x0, 0x2, 0x80, 0x0, 0x9, 0x1}}, 0x50) write$FUSE_NOTIFY_INVAL_INODE(0xffffffffffffffff, &(0x7f00000002c0)={0x28, 0x2, 0x0, {0x2, 0x1d0f, 0x826}}, 0x28) 10:58:29 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\x00\x00\x00', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000010000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',\x00']) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080), 0x40000, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x6, 0x0, 0x2000, 0x2000, &(0x7f0000ffb000/0x2000)=nil}) (async) write$FUSE_NOTIFY_POLL(r1, &(0x7f0000000180)={0x18}, 0x18) 10:58:29 executing program 3: mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x1020000, 0x0) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) write$FUSE_NOTIFY_INVAL_INODE(r1, &(0x7f0000002080)={0x28, 0x2, 0x0, {0x6, 0x3, 0x1}}, 0x28) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) read$FUSE(r1, &(0x7f0000000040)={0x2020}, 0x2020) 10:58:29 executing program 2: add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)={0x3, 0x0, @auto=[0x35]}, 0x9, 0xfffffffffffffff9) mount$fuse(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0xa4c88, 0x0) 10:58:29 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0)=0x0, &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r4}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) r5 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) (async) r7 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f0000002840), &(0x7f0000002880)=0x0, &(0x7f00000028c0)) (async) getresuid(&(0x7f0000002900), &(0x7f0000002940), &(0x7f0000002980)=0x0) mount$fuseblk(&(0x7f0000000280), &(0x7f00000026c0)='./file0\x00', &(0x7f0000002700), 0x100000, &(0x7f00000029c0)={{}, 0x2c, {'rootmode', 0x3d, 0x8000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x4}}, {@max_read={'max_read', 0x3d, 0x59}}, {@default_permissions}], [{@fowner_eq={'fowner', 0x3d, r4}}, {@obj_type={'obj_type', 0x3d, '+}@,*'}}, {@fowner_lt={'fowner<', r4}}, {@appraise}, {@fowner_gt={'fowner>', r8}}, {@euid_lt={'euid<', r3}}, {@subj_role={'subj_role', 0x3d, '%,\xda:'}}, {@measure}, {@fowner_eq={'fowner', 0x3d, r9}}, {@smackfsroot={'smackfsroot', 0x3d, '$'}}]}}) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000002cc0)={{'fd', 0x3d, r7}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r10}, 0x2c, {'group_id', 0x3d, r6}, 0x2c, {[{@blksize={'blksize', 0x3d, 0xa00}}, {@blksize={'blksize', 0x3d, 0x1200}}, {@allow_other}], [{@subj_type={'subj_type', 0x3d, '#%J%{-+-'}}, {@fowner_gt}, {@defcontext={'defcontext', 0x3d, 'root'}}, {@smackfsdef={'smackfsdef', 0x3d, '%'}}]}}) (async) read$FUSE(r7, &(0x7f0000000680)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_STATFS(r5, &(0x7f0000000080)={0x60, 0x0, r11}, 0x60) (async) write$FUSE_STATFS(r2, &(0x7f00000000c0)={0x60, 0x0, r11, {{0xfffffffffffffffa, 0xffffffffffffffff, 0x31d, 0xfffffffffffffffa, 0xfffffffffffffffc, 0x1, 0x7, 0xcc9}}}, 0x60) r12 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x200000) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r12, 0xc05c5340, &(0x7f0000000200)={0x100, 0x2, 0x3, {0x3, 0x1ff}, 0x80, 0x5}) (async) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@updsa={0xf0, 0x1a, 0xf03, 0x0, 0x0, {{@in=@local, @in=@loopback}, {@in6=@empty}, @in=@remote}}, 0xf0}}, 0x0) [ 2060.657305] RIP: 0033:0x7fc09e230109 [ 2060.660988] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2060.668671] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 [ 2060.675914] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 [ 2060.683157] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 [ 2060.690416] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2060.697664] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 10:58:29 executing program 3: mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x1020000, 0x0) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) write$FUSE_NOTIFY_INVAL_INODE(r1, &(0x7f0000002080)={0x28, 0x2, 0x0, {0x6, 0x3, 0x1}}, 0x28) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) read$FUSE(r1, &(0x7f0000000040)={0x2020}, 0x2020) 10:58:29 executing program 2: rt_sigreturn() mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="280000000b1401002bbd700025080001000200000008000001000000000000000000000000500eca41e00655d7accd0ea7fc18e9527de631bac2e174932166abac83a82f5a5cb096ece348aad07a8eeb96fb29f8caac45fd4780ff1fce8c1da9cff71da7bf93c75274ddeac748e8cf7225dacf2fe24b55656f557d07457d1c5af9dd76322381b3fc471b05834f418b1843d3348df2c22b8fbf8fe4bb48b2e6b2d0f93b5dc6d4dc956eaf10f77154753b6903eb50b27627f09158d28dc84263e2c162da9d0746911dd4f30066f88fa451f315d352c92f2ac464cb194fe6270bcd2f4b930687f73f90070fd741a4069dcfcc653db98ec850220141c992b8efa859c5"], 0x28}, 0x1, 0x0, 0x0, 0x805d}, 0x10000) getsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x12, &(0x7f0000000080), &(0x7f0000000140)=0x4) ioctl$sock_inet6_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000000)) 10:58:29 executing program 5: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) (async) r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) (async) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r4}, 0x2c, {'group_id', 0x3d, r2}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) getresgid(&(0x7f0000000100)=0x0, &(0x7f0000000140), &(0x7f0000000180)) write$FUSE_ATTR(r3, &(0x7f0000000240)={0x78, 0x0, 0x0, {0x6, 0x4, 0x0, {0x2, 0x8, 0x75, 0x6, 0xb63, 0x1, 0x5, 0x8001, 0x3, 0x6000, 0x10000, 0xffffffffffffffff, r5, 0x800, 0x1}}}, 0x78) (async) read$FUSE(r0, &(0x7f0000000680)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_STATFS(r1, &(0x7f0000000080)={0x60, 0x0, r6}, 0x60) (async) write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000000)={0x50, 0x0, r6, {0x7, 0x24, 0x0, 0x2, 0x80, 0x0, 0x9, 0x1}}, 0x50) (async) write$FUSE_NOTIFY_INVAL_INODE(0xffffffffffffffff, &(0x7f00000002c0)={0x28, 0x2, 0x0, {0x2, 0x1d0f, 0x826}}, 0x28) 10:58:29 executing program 2: rt_sigreturn() mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="280000000b1401002bbd700025080001000200000008000001000000000000000000000000500eca41e00655d7accd0ea7fc18e9527de631bac2e174932166abac83a82f5a5cb096ece348aad07a8eeb96fb29f8caac45fd4780ff1fce8c1da9cff71da7bf93c75274ddeac748e8cf7225dacf2fe24b55656f557d07457d1c5af9dd76322381b3fc471b05834f418b1843d3348df2c22b8fbf8fe4bb48b2e6b2d0f93b5dc6d4dc956eaf10f77154753b6903eb50b27627f09158d28dc84263e2c162da9d0746911dd4f30066f88fa451f315d352c92f2ac464cb194fe6270bcd2f4b930687f73f90070fd741a4069dcfcc653db98ec850220141c992b8efa859c5"], 0x28}, 0x1, 0x0, 0x0, 0x805d}, 0x10000) getsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x12, &(0x7f0000000080), &(0x7f0000000140)=0x4) ioctl$sock_inet6_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000000)) rt_sigreturn() (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) (async) sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="280000000b1401002bbd700025080001000200000008000001000000000000000000000000500eca41e00655d7accd0ea7fc18e9527de631bac2e174932166abac83a82f5a5cb096ece348aad07a8eeb96fb29f8caac45fd4780ff1fce8c1da9cff71da7bf93c75274ddeac748e8cf7225dacf2fe24b55656f557d07457d1c5af9dd76322381b3fc471b05834f418b1843d3348df2c22b8fbf8fe4bb48b2e6b2d0f93b5dc6d4dc956eaf10f77154753b6903eb50b27627f09158d28dc84263e2c162da9d0746911dd4f30066f88fa451f315d352c92f2ac464cb194fe6270bcd2f4b930687f73f90070fd741a4069dcfcc653db98ec850220141c992b8efa859c5"], 0x28}, 0x1, 0x0, 0x0, 0x805d}, 0x10000) (async) getsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x12, &(0x7f0000000080), &(0x7f0000000140)=0x4) (async) ioctl$sock_inet6_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000000)) (async) 10:58:29 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$FUSE_STATFS(0xffffffffffffffff, &(0x7f0000000180)={0x60, 0xfffffffffffffff5, 0x0, {{0x9, 0x5, 0x1, 0xfffffffffffffff9, 0x7fffffff, 0x1c00000, 0x8}}}, 0x60) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000010000,user_id=', @ANYRESDEC=0x0, @ANYBLOB="2c741536ae420c253a96", @ANYRESDEC=0x0, @ANYBLOB=',\x00']) 10:58:29 executing program 2: rt_sigreturn() mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) (async) sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="280000000b1401002bbd700025080001000200000008000001000000000000000000000000500eca41e00655d7accd0ea7fc18e9527de631bac2e174932166abac83a82f5a5cb096ece348aad07a8eeb96fb29f8caac45fd4780ff1fce8c1da9cff71da7bf93c75274ddeac748e8cf7225dacf2fe24b55656f557d07457d1c5af9dd76322381b3fc471b05834f418b1843d3348df2c22b8fbf8fe4bb48b2e6b2d0f93b5dc6d4dc956eaf10f77154753b6903eb50b27627f09158d28dc84263e2c162da9d0746911dd4f30066f88fa451f315d352c92f2ac464cb194fe6270bcd2f4b930687f73f90070fd741a4069dcfcc653db98ec850220141c992b8efa859c5"], 0x28}, 0x1, 0x0, 0x0, 0x805d}, 0x10000) getsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x12, &(0x7f0000000080), &(0x7f0000000140)=0x4) (async) ioctl$sock_inet6_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000000)) 10:58:29 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$FUSE_STATFS(0xffffffffffffffff, &(0x7f0000000180)={0x60, 0xfffffffffffffff5, 0x0, {{0x9, 0x5, 0x1, 0xfffffffffffffff9, 0x7fffffff, 0x1c00000, 0x8}}}, 0x60) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000010000,user_id=', @ANYRESDEC=0x0, @ANYBLOB="2c741536ae420c253a96", @ANYRESDEC=0x0, @ANYBLOB=',\x00']) openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) (async) write$FUSE_STATFS(0xffffffffffffffff, &(0x7f0000000180)={0x60, 0xfffffffffffffff5, 0x0, {{0x9, 0x5, 0x1, 0xfffffffffffffff9, 0x7fffffff, 0x1c00000, 0x8}}}, 0x60) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000010000,user_id=', @ANYRESDEC=0x0, @ANYBLOB="2c741536ae420c253a96", @ANYRESDEC=0x0, @ANYBLOB=',\x00']) (async) [ 2060.867280] FAULT_INJECTION: forcing a failure. [ 2060.867280] name failslab, interval 1, probability 0, space 0, times 0 [ 2060.878739] CPU: 0 PID: 25702 Comm: syz-executor.1 Not tainted 4.14.286-syzkaller #0 [ 2060.886613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2060.895962] Call Trace: [ 2060.898533] dump_stack+0x1b2/0x281 [ 2060.902146] should_fail.cold+0x10a/0x149 [ 2060.906278] should_failslab+0xd6/0x130 [ 2060.910230] kmem_cache_alloc+0x28e/0x3c0 [ 2060.914358] __d_alloc+0x2a/0xa20 [ 2060.917801] ? lock_acquire+0x170/0x3f0 [ 2060.921764] d_alloc+0x46/0x240 [ 2060.925044] d_alloc_name+0x70/0x80 [ 2060.928689] ? d_alloc+0x240/0x240 [ 2060.932223] fuse_ctl_add_dentry+0x70/0x410 [ 2060.936524] ? __lockdep_init_map+0x100/0x560 [ 2060.940997] fuse_ctl_add_conn+0x17c/0x250 [ 2060.945213] ? fuse_ctl_remove_conn+0x1a0/0x1a0 [ 2060.949864] ? SMBQueryInformation+0x165/0x910 [ 2060.954446] fuse_fill_super+0xe0c/0x15c0 [ 2060.958583] ? fuse_get_root_inode+0xc0/0xc0 [ 2060.962980] ? up_write+0x17/0x60 [ 2060.966414] ? register_shrinker+0x15f/0x220 [ 2060.970801] ? sget_userns+0x768/0xc10 [ 2060.974682] ? get_anon_bdev+0x1c0/0x1c0 [ 2060.978729] ? sget+0xd9/0x110 [ 2060.981899] ? fuse_get_root_inode+0xc0/0xc0 [ 2060.986282] mount_nodev+0x4c/0xf0 [ 2060.989801] mount_fs+0x92/0x2a0 [ 2060.993150] vfs_kern_mount.part.0+0x5b/0x470 [ 2060.997626] do_mount+0xe65/0x2a30 [ 2061.001147] ? copy_mount_string+0x40/0x40 [ 2061.005384] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 2061.010388] ? copy_mnt_ns+0xa30/0xa30 [ 2061.014261] ? copy_mount_options+0x1fa/0x2f0 [ 2061.018757] ? copy_mnt_ns+0xa30/0xa30 [ 2061.022633] SyS_mount+0xa8/0x120 [ 2061.026069] ? copy_mnt_ns+0xa30/0xa30 [ 2061.029943] do_syscall_64+0x1d5/0x640 [ 2061.033817] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2061.038992] RIP: 0033:0x7fc09e230109 [ 2061.042682] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2061.050373] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 [ 2061.057625] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 10:58:30 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 68) 10:58:30 executing program 3: mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x1020000, 0x0) (async) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) write$FUSE_NOTIFY_INVAL_INODE(r1, &(0x7f0000002080)={0x28, 0x2, 0x0, {0x6, 0x3, 0x1}}, 0x28) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async) read$FUSE(r1, &(0x7f0000000040)={0x2020}, 0x2020) 10:58:30 executing program 5: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r4}, 0x2c, {'group_id', 0x3d, r2}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) getresgid(&(0x7f0000000100)=0x0, &(0x7f0000000140), &(0x7f0000000180)) write$FUSE_ATTR(r3, &(0x7f0000000240)={0x78, 0x0, 0x0, {0x6, 0x4, 0x0, {0x2, 0x8, 0x75, 0x6, 0xb63, 0x1, 0x5, 0x8001, 0x3, 0x6000, 0x10000, 0xffffffffffffffff, r5, 0x800, 0x1}}}, 0x78) read$FUSE(r0, &(0x7f0000000680)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_STATFS(r1, &(0x7f0000000080)={0x60, 0x0, r6}, 0x60) write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000000)={0x50, 0x0, r6, {0x7, 0x24, 0x0, 0x2, 0x80, 0x0, 0x9, 0x1}}, 0x50) write$FUSE_NOTIFY_INVAL_INODE(0xffffffffffffffff, &(0x7f00000002c0)={0x28, 0x2, 0x0, {0x2, 0x1d0f, 0x826}}, 0x28) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)) (async) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r4}, 0x2c, {'group_id', 0x3d, r2}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async) getresgid(&(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180)) (async) write$FUSE_ATTR(r3, &(0x7f0000000240)={0x78, 0x0, 0x0, {0x6, 0x4, 0x0, {0x2, 0x8, 0x75, 0x6, 0xb63, 0x1, 0x5, 0x8001, 0x3, 0x6000, 0x10000, 0xffffffffffffffff, r5, 0x800, 0x1}}}, 0x78) (async) read$FUSE(r0, &(0x7f0000000680)={0x2020}, 0x2020) (async) write$FUSE_STATFS(r1, &(0x7f0000000080)={0x60, 0x0, r6}, 0x60) (async) write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000000)={0x50, 0x0, r6, {0x7, 0x24, 0x0, 0x2, 0x80, 0x0, 0x9, 0x1}}, 0x50) (async) write$FUSE_NOTIFY_INVAL_INODE(0xffffffffffffffff, &(0x7f00000002c0)={0x28, 0x2, 0x0, {0x2, 0x1d0f, 0x826}}, 0x28) (async) 10:58:30 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000005060000,user_id=', @ANYRESDEC=r2, @ANYBLOB=',group_id=', @ANYRESDEC=r0, @ANYBLOB=',blksize=0x0000000000000000,blksize=0x0000000000001400,default_permissions,dont_hash,\x00']) getresuid(&(0x7f00000000c0)=0x0, &(0x7f0000000100), &(0x7f0000000140)) mount$fuseblk(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x213403, &(0x7f0000000680)=ANY=[@ANYBLOB="66643de2dd6c3a1aec1df36f91a1bb38f75ab821300f99cbc4b1a431bbec9608a03393f3cbc13ea6326d16c471d81250f3a3c95c9925bfcc06c5c915a867feadc99441df5a3a25f05c8689c7f3f317e21c50ccf300c2e87d1db806e6b26c9d6b4bf3671c4af1c37845ce765df9a75cadb06c1fd1768c4e7cfcb0a00145da16c3f00cba0b1f192272d8d3e3fde7d72ccb13177799a61845e31391dfbd055ae0434ef4edc8d340a0d2dea01600ff30b12593075106f666461149f209a4aa46e2c6fe74b726725e9ccaae3c7352be4956fd1d4ba1ba3f33620ac77d96000fe8dd1925b126822f332ecc551fa7d3bee67fa7a18717e427f83d90585b1c7f8acfe3eaf7cb387d7bcc2b4d3857434b7734dea2211c629382bb59aae00176006662c7ca1b3d5a2ffc4c93eff7435e08eba09a33f7d653a3cc662a8b91dd3b020c238ed3e9d6325b7dc8ac3ed1b0410fe8b334e366dc58b42c6c87c10a1a8d02e205fb40fc8e6d2dabc5459c7432816736fe418614691cc2f9b8151895b68158d1954e13bede26bc778a5981a2288b30382bcb6ae8beb94f3a7f71f77c4b4894a1baaa7a42f3ee640a4729b6bafe15d99a7d9f92", @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000020000,user_id=', @ANYRESDEC=r3, @ANYBLOB=',group_id=', @ANYRESDEC=0xee01, @ANYBLOB=',allow_other,max_read=0x0000000000000002,max_read=0x0000000000001a79,allow_other,default_permissions,max_read=0x00000000000004f0,smackfsdef=\\:,smackfsroot=} *\\+{-!:#\\%,appraise,subj_type=,hash,fsmagic=0x0000000000000008,fsname=,euid>', @ANYRESDEC=0xee01, @ANYBLOB=',\x00']) 10:58:30 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$FUSE_STATFS(0xffffffffffffffff, &(0x7f0000000180)={0x60, 0xfffffffffffffff5, 0x0, {{0x9, 0x5, 0x1, 0xfffffffffffffff9, 0x7fffffff, 0x1c00000, 0x8}}}, 0x60) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000010000,user_id=', @ANYRESDEC=0x0, @ANYBLOB="2c741536ae420c253a96", @ANYRESDEC=0x0, @ANYBLOB=',\x00']) 10:58:30 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0)=0x0, &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r4}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async, rerun: 32) openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async, rerun: 32) r5 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async, rerun: 32) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) (async, rerun: 32) r7 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async, rerun: 32) getresuid(&(0x7f0000002840), &(0x7f0000002880)=0x0, &(0x7f00000028c0)) (async, rerun: 32) getresuid(&(0x7f0000002900), &(0x7f0000002940), &(0x7f0000002980)=0x0) mount$fuseblk(&(0x7f0000000280), &(0x7f00000026c0)='./file0\x00', &(0x7f0000002700), 0x100000, &(0x7f00000029c0)={{}, 0x2c, {'rootmode', 0x3d, 0x8000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x4}}, {@max_read={'max_read', 0x3d, 0x59}}, {@default_permissions}], [{@fowner_eq={'fowner', 0x3d, r4}}, {@obj_type={'obj_type', 0x3d, '+}@,*'}}, {@fowner_lt={'fowner<', r4}}, {@appraise}, {@fowner_gt={'fowner>', r8}}, {@euid_lt={'euid<', r3}}, {@subj_role={'subj_role', 0x3d, '%,\xda:'}}, {@measure}, {@fowner_eq={'fowner', 0x3d, r9}}, {@smackfsroot={'smackfsroot', 0x3d, '$'}}]}}) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000002cc0)={{'fd', 0x3d, r7}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r10}, 0x2c, {'group_id', 0x3d, r6}, 0x2c, {[{@blksize={'blksize', 0x3d, 0xa00}}, {@blksize={'blksize', 0x3d, 0x1200}}, {@allow_other}], [{@subj_type={'subj_type', 0x3d, '#%J%{-+-'}}, {@fowner_gt}, {@defcontext={'defcontext', 0x3d, 'root'}}, {@smackfsdef={'smackfsdef', 0x3d, '%'}}]}}) (async, rerun: 32) read$FUSE(r7, &(0x7f0000000680)={0x2020, 0x0, 0x0}, 0x2020) (rerun: 32) write$FUSE_STATFS(r5, &(0x7f0000000080)={0x60, 0x0, r11}, 0x60) (async) write$FUSE_STATFS(r2, &(0x7f00000000c0)={0x60, 0x0, r11, {{0xfffffffffffffffa, 0xffffffffffffffff, 0x31d, 0xfffffffffffffffa, 0xfffffffffffffffc, 0x1, 0x7, 0xcc9}}}, 0x60) (async) r12 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x200000) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r12, 0xc05c5340, &(0x7f0000000200)={0x100, 0x2, 0x3, {0x3, 0x1ff}, 0x80, 0x5}) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@updsa={0xf0, 0x1a, 0xf03, 0x0, 0x0, {{@in=@local, @in=@loopback}, {@in6=@empty}, @in=@remote}}, 0xf0}}, 0x0) [ 2061.064880] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 [ 2061.072127] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2061.079376] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 10:58:30 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) (async) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000005060000,user_id=', @ANYRESDEC=r2, @ANYBLOB=',group_id=', @ANYRESDEC=r0, @ANYBLOB=',blksize=0x0000000000000000,blksize=0x0000000000001400,default_permissions,dont_hash,\x00']) (async) getresuid(&(0x7f00000000c0)=0x0, &(0x7f0000000100), &(0x7f0000000140)) mount$fuseblk(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x213403, &(0x7f0000000680)=ANY=[@ANYBLOB="66643de2dd6c3a1aec1df36f91a1bb38f75ab821300f99cbc4b1a431bbec9608a03393f3cbc13ea6326d16c471d81250f3a3c95c9925bfcc06c5c915a867feadc99441df5a3a25f05c8689c7f3f317e21c50ccf300c2e87d1db806e6b26c9d6b4bf3671c4af1c37845ce765df9a75cadb06c1fd1768c4e7cfcb0a00145da16c3f00cba0b1f192272d8d3e3fde7d72ccb13177799a61845e31391dfbd055ae0434ef4edc8d340a0d2dea01600ff30b12593075106f666461149f209a4aa46e2c6fe74b726725e9ccaae3c7352be4956fd1d4ba1ba3f33620ac77d96000fe8dd1925b126822f332ecc551fa7d3bee67fa7a18717e427f83d90585b1c7f8acfe3eaf7cb387d7bcc2b4d3857434b7734dea2211c629382bb59aae00176006662c7ca1b3d5a2ffc4c93eff7435e08eba09a33f7d653a3cc662a8b91dd3b020c238ed3e9d6325b7dc8ac3ed1b0410fe8b334e366dc58b42c6c87c10a1a8d02e205fb40fc8e6d2dabc5459c7432816736fe418614691cc2f9b8151895b68158d1954e13bede26bc778a5981a2288b30382bcb6ae8beb94f3a7f71f77c4b4894a1baaa7a42f3ee640a4729b6bafe15d99a7d9f92", @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000020000,user_id=', @ANYRESDEC=r3, @ANYBLOB=',group_id=', @ANYRESDEC=0xee01, @ANYBLOB=',allow_other,max_read=0x0000000000000002,max_read=0x0000000000001a79,allow_other,default_permissions,max_read=0x00000000000004f0,smackfsdef=\\:,smackfsroot=} *\\+{-!:#\\%,appraise,subj_type=,hash,fsmagic=0x0000000000000008,fsname=,euid>', @ANYRESDEC=0xee01, @ANYBLOB=',\x00']) 10:58:30 executing program 3: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) r0 = bpf$ITER_CREATE(0x21, &(0x7f00000000c0), 0x8) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000100), 0x4) mount$fuseblk(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x40000, &(0x7f0000000240)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xa000}, 0x2c, {'user_id', 0x3d, 0xee00}, 0x2c, {'group_id', 0x3d, 0xee00}, 0x2c, {[{@allow_other}, {@default_permissions}, {@default_permissions}, {@default_permissions}, {@default_permissions}, {@default_permissions}], [{@obj_role={'obj_role', 0x3d, '&&'}}, {@euid_lt}, {@fsname={'fsname', 0x3d, '/'}}]}}) 10:58:30 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) read$FUSE(r0, &(0x7f0000000240)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000180)={0x50, 0xfffffffffffffffe, r1, {0x7, 0x24, 0x7, 0xb0181c, 0x7, 0x5, 0x101, 0x4}}, 0x50) 10:58:30 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000005060000,user_id=', @ANYRESDEC=r2, @ANYBLOB=',group_id=', @ANYRESDEC=r0, @ANYBLOB=',blksize=0x0000000000000000,blksize=0x0000000000001400,default_permissions,dont_hash,\x00']) getresuid(&(0x7f00000000c0)=0x0, &(0x7f0000000100), &(0x7f0000000140)) mount$fuseblk(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x213403, &(0x7f0000000680)=ANY=[@ANYBLOB="66643de2dd6c3a1aec1df36f91a1bb38f75ab821300f99cbc4b1a431bbec9608a03393f3cbc13ea6326d16c471d81250f3a3c95c9925bfcc06c5c915a867feadc99441df5a3a25f05c8689c7f3f317e21c50ccf300c2e87d1db806e6b26c9d6b4bf3671c4af1c37845ce765df9a75cadb06c1fd1768c4e7cfcb0a00145da16c3f00cba0b1f192272d8d3e3fde7d72ccb13177799a61845e31391dfbd055ae0434ef4edc8d340a0d2dea01600ff30b12593075106f666461149f209a4aa46e2c6fe74b726725e9ccaae3c7352be4956fd1d4ba1ba3f33620ac77d96000fe8dd1925b126822f332ecc551fa7d3bee67fa7a18717e427f83d90585b1c7f8acfe3eaf7cb387d7bcc2b4d3857434b7734dea2211c629382bb59aae00176006662c7ca1b3d5a2ffc4c93eff7435e08eba09a33f7d653a3cc662a8b91dd3b020c238ed3e9d6325b7dc8ac3ed1b0410fe8b334e366dc58b42c6c87c10a1a8d02e205fb40fc8e6d2dabc5459c7432816736fe418614691cc2f9b8151895b68158d1954e13bede26bc778a5981a2288b30382bcb6ae8beb94f3a7f71f77c4b4894a1baaa7a42f3ee640a4729b6bafe15d99a7d9f92", @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000020000,user_id=', @ANYRESDEC=r3, @ANYBLOB=',group_id=', @ANYRESDEC=0xee01, @ANYBLOB=',allow_other,max_read=0x0000000000000002,max_read=0x0000000000001a79,allow_other,default_permissions,max_read=0x00000000000004f0,smackfsdef=\\:,smackfsroot=} *\\+{-!:#\\%,appraise,subj_type=,hash,fsmagic=0x0000000000000008,fsname=,euid>', @ANYRESDEC=0xee01, @ANYBLOB=',\x00']) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) (async) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)) (async) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000005060000,user_id=', @ANYRESDEC=r2, @ANYBLOB=',group_id=', @ANYRESDEC=r0, @ANYBLOB=',blksize=0x0000000000000000,blksize=0x0000000000001400,default_permissions,dont_hash,\x00']) (async) getresuid(&(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000140)) (async) mount$fuseblk(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x213403, &(0x7f0000000680)=ANY=[@ANYBLOB="66643de2dd6c3a1aec1df36f91a1bb38f75ab821300f99cbc4b1a431bbec9608a03393f3cbc13ea6326d16c471d81250f3a3c95c9925bfcc06c5c915a867feadc99441df5a3a25f05c8689c7f3f317e21c50ccf300c2e87d1db806e6b26c9d6b4bf3671c4af1c37845ce765df9a75cadb06c1fd1768c4e7cfcb0a00145da16c3f00cba0b1f192272d8d3e3fde7d72ccb13177799a61845e31391dfbd055ae0434ef4edc8d340a0d2dea01600ff30b12593075106f666461149f209a4aa46e2c6fe74b726725e9ccaae3c7352be4956fd1d4ba1ba3f33620ac77d96000fe8dd1925b126822f332ecc551fa7d3bee67fa7a18717e427f83d90585b1c7f8acfe3eaf7cb387d7bcc2b4d3857434b7734dea2211c629382bb59aae00176006662c7ca1b3d5a2ffc4c93eff7435e08eba09a33f7d653a3cc662a8b91dd3b020c238ed3e9d6325b7dc8ac3ed1b0410fe8b334e366dc58b42c6c87c10a1a8d02e205fb40fc8e6d2dabc5459c7432816736fe418614691cc2f9b8151895b68158d1954e13bede26bc778a5981a2288b30382bcb6ae8beb94f3a7f71f77c4b4894a1baaa7a42f3ee640a4729b6bafe15d99a7d9f92", @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000020000,user_id=', @ANYRESDEC=r3, @ANYBLOB=',group_id=', @ANYRESDEC=0xee01, @ANYBLOB=',allow_other,max_read=0x0000000000000002,max_read=0x0000000000001a79,allow_other,default_permissions,max_read=0x00000000000004f0,smackfsdef=\\:,smackfsroot=} *\\+{-!:#\\%,appraise,subj_type=,hash,fsmagic=0x0000000000000008,fsname=,euid>', @ANYRESDEC=0xee01, @ANYBLOB=',\x00']) (async) 10:58:30 executing program 5: bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x7, 0x1, 0xffffffff, 0x7, 0x400, 0xffffffffffffffff, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x2, 0x3}, 0x48) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x225c886, 0x0) 10:58:30 executing program 3: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) r0 = bpf$ITER_CREATE(0x21, &(0x7f00000000c0), 0x8) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000100), 0x4) mount$fuseblk(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x40000, &(0x7f0000000240)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xa000}, 0x2c, {'user_id', 0x3d, 0xee00}, 0x2c, {'group_id', 0x3d, 0xee00}, 0x2c, {[{@allow_other}, {@default_permissions}, {@default_permissions}, {@default_permissions}, {@default_permissions}, {@default_permissions}], [{@obj_role={'obj_role', 0x3d, '&&'}}, {@euid_lt}, {@fsname={'fsname', 0x3d, '/'}}]}}) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) (async) bpf$ITER_CREATE(0x21, &(0x7f00000000c0), 0x8) (async) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000100), 0x4) (async) mount$fuseblk(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x40000, &(0x7f0000000240)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xa000}, 0x2c, {'user_id', 0x3d, 0xee00}, 0x2c, {'group_id', 0x3d, 0xee00}, 0x2c, {[{@allow_other}, {@default_permissions}, {@default_permissions}, {@default_permissions}, {@default_permissions}, {@default_permissions}], [{@obj_role={'obj_role', 0x3d, '&&'}}, {@euid_lt}, {@fsname={'fsname', 0x3d, '/'}}]}}) (async) [ 2061.250374] FAULT_INJECTION: forcing a failure. [ 2061.250374] name failslab, interval 1, probability 0, space 0, times 0 [ 2061.263125] CPU: 1 PID: 25751 Comm: syz-executor.1 Not tainted 4.14.286-syzkaller #0 [ 2061.271012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2061.280345] Call Trace: [ 2061.282915] dump_stack+0x1b2/0x281 [ 2061.286526] should_fail.cold+0x10a/0x149 [ 2061.290655] should_failslab+0xd6/0x130 [ 2061.294617] kmem_cache_alloc+0x28e/0x3c0 [ 2061.298750] __d_alloc+0x2a/0xa20 [ 2061.302182] ? lock_acquire+0x170/0x3f0 [ 2061.306144] d_alloc+0x46/0x240 [ 2061.309402] d_alloc_name+0x70/0x80 [ 2061.313018] ? d_alloc+0x240/0x240 [ 2061.316538] fuse_ctl_add_dentry+0x70/0x410 [ 2061.320838] ? __lockdep_init_map+0x100/0x560 [ 2061.325318] fuse_ctl_add_conn+0x148/0x250 [ 2061.329540] ? fuse_ctl_remove_conn+0x1a0/0x1a0 [ 2061.334192] ? SMBQueryInformation+0x165/0x910 [ 2061.338758] fuse_fill_super+0xe0c/0x15c0 [ 2061.342882] ? fuse_get_root_inode+0xc0/0xc0 [ 2061.347270] ? up_write+0x17/0x60 [ 2061.350698] ? register_shrinker+0x15f/0x220 [ 2061.355089] ? sget_userns+0x768/0xc10 [ 2061.358962] ? get_anon_bdev+0x1c0/0x1c0 [ 2061.362998] ? sget+0xd9/0x110 [ 2061.366172] ? fuse_get_root_inode+0xc0/0xc0 [ 2061.370558] mount_nodev+0x4c/0xf0 [ 2061.374074] mount_fs+0x92/0x2a0 [ 2061.377429] vfs_kern_mount.part.0+0x5b/0x470 [ 2061.381907] do_mount+0xe65/0x2a30 [ 2061.385438] ? copy_mount_string+0x40/0x40 [ 2061.389658] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 2061.394660] ? copy_mnt_ns+0xa30/0xa30 [ 2061.398581] ? copy_mount_options+0x1fa/0x2f0 [ 2061.403050] ? copy_mnt_ns+0xa30/0xa30 [ 2061.406915] SyS_mount+0xa8/0x120 [ 2061.410352] ? copy_mnt_ns+0xa30/0xa30 [ 2061.414227] do_syscall_64+0x1d5/0x640 [ 2061.418106] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2061.423279] RIP: 0033:0x7fc09e230109 [ 2061.426972] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2061.434669] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 [ 2061.441922] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 10:58:30 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 69) 10:58:30 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, &(0x7f0000000080)={0x6, 0x0, @c}, 0x29, 0x0) 10:58:30 executing program 3: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) (async) r0 = bpf$ITER_CREATE(0x21, &(0x7f00000000c0), 0x8) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000100), 0x4) (async) mount$fuseblk(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x40000, &(0x7f0000000240)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xa000}, 0x2c, {'user_id', 0x3d, 0xee00}, 0x2c, {'group_id', 0x3d, 0xee00}, 0x2c, {[{@allow_other}, {@default_permissions}, {@default_permissions}, {@default_permissions}, {@default_permissions}, {@default_permissions}], [{@obj_role={'obj_role', 0x3d, '&&'}}, {@euid_lt}, {@fsname={'fsname', 0x3d, '/'}}]}}) 10:58:30 executing program 5: bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x7, 0x1, 0xffffffff, 0x7, 0x400, 0xffffffffffffffff, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x2, 0x3}, 0x48) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x225c886, 0x0) 10:58:30 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (async) read$FUSE(r0, &(0x7f0000000240)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000180)={0x50, 0xfffffffffffffffe, r1, {0x7, 0x24, 0x7, 0xb0181c, 0x7, 0x5, 0x101, 0x4}}, 0x50) 10:58:30 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x10, &(0x7f0000000100), &(0x7f0000000140)=0x4) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@updsa={0xf0, 0x1a, 0xf03, 0x0, 0x0, {{@in=@local, @in=@loopback}, {@in6=@empty}, @in=@remote}}, 0xf0}}, 0x0) r1 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000040)={0x0, 0x81, 0x10}, 0xc) bpf$BPF_MAP_FREEZE(0x16, &(0x7f00000000c0)=r1, 0x4) [ 2061.449169] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 [ 2061.456419] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2061.463663] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 10:58:30 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) (async) add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, &(0x7f0000000080)={0x6, 0x0, @c}, 0x29, 0x0) 10:58:30 executing program 3: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000000c0), 0x103441, 0x0) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[{@blksize}, {@default_permissions}, {@default_permissions}]}}) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r7}, 0x2c, {'group_id', 0x3d, r8}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x400}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r9}}]}}) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r11 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000880)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r11, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=r12, @ANYBLOB="2c028790188b559d5f69643d", @ANYRESDEC=r10, @ANYBLOB=',blksize=0x0000000000000000,blksize=0x0000000000001400,default_permissions,dont_hash,\x00']) mount$fuse(0x0, &(0x7f0000000680)='./file0\x00', &(0x7f00000006c0), 0x18440, &(0x7f0000000700)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@blksize={'blksize', 0x3d, 0x1c00}}, {@allow_other}, {@allow_other}, {@default_permissions}, {@max_read={'max_read', 0x3d, 0x9}}, {@blksize={'blksize', 0x3d, 0x400}}, {@default_permissions}, {@allow_other}], [{@euid_lt={'euid<', r7}}, {@seclabel}, {@hash}, {@audit}, {@euid_lt={'euid<', r12}}]}}) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r4}, 0x2c, {'group_id', 0x3d, r5}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r6}}]}}) mount$fuseblk(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x80, &(0x7f0000000240)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x8000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, 0xffffffffffffffff}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x2}}, {@max_read={'max_read', 0x3d, 0x8000}}, {@allow_other}], [{@smackfsfloor={'smackfsfloor', 0x3d, '-'}}, {@mask={'mask', 0x3d, 'MAY_APPEND'}}, {@euid_gt={'euid>', r6}}, {@smackfstransmute={'smackfstransmute', 0x3d, '*%&'}}]}}) 10:58:30 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) read$FUSE(r0, &(0x7f0000000240)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000180)={0x50, 0xfffffffffffffffe, r1, {0x7, 0x24, 0x7, 0xb0181c, 0x7, 0x5, 0x101, 0x4}}, 0x50) openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (async) read$FUSE(r0, &(0x7f0000000240)={0x2020}, 0x2020) (async) write$FUSE_INIT(r0, &(0x7f0000000180)={0x50, 0xfffffffffffffffe, r1, {0x7, 0x24, 0x7, 0xb0181c, 0x7, 0x5, 0x101, 0x4}}, 0x50) (async) 10:58:30 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, &(0x7f0000000080)={0x6, 0x0, @c}, 0x29, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) (async) add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, &(0x7f0000000080)={0x6, 0x0, @c}, 0x29, 0x0) (async) 10:58:30 executing program 5: bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x7, 0x1, 0xffffffff, 0x7, 0x400, 0xffffffffffffffff, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x2, 0x3}, 0x48) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x225c886, 0x0) 10:58:30 executing program 3: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000000c0), 0x103441, 0x0) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) (async) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[{@blksize}, {@default_permissions}, {@default_permissions}]}}) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) (async, rerun: 64) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) (async, rerun: 64) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) (async, rerun: 32) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) (async, rerun: 32) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) (async) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r7}, 0x2c, {'group_id', 0x3d, r8}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x400}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r9}}]}}) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) (async, rerun: 32) r11 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async, rerun: 32) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000880)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r11, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=r12, @ANYBLOB="2c028790188b559d5f69643d", @ANYRESDEC=r10, @ANYBLOB=',blksize=0x0000000000000000,blksize=0x0000000000001400,default_permissions,dont_hash,\x00']) mount$fuse(0x0, &(0x7f0000000680)='./file0\x00', &(0x7f00000006c0), 0x18440, &(0x7f0000000700)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@blksize={'blksize', 0x3d, 0x1c00}}, {@allow_other}, {@allow_other}, {@default_permissions}, {@max_read={'max_read', 0x3d, 0x9}}, {@blksize={'blksize', 0x3d, 0x400}}, {@default_permissions}, {@allow_other}], [{@euid_lt={'euid<', r7}}, {@seclabel}, {@hash}, {@audit}, {@euid_lt={'euid<', r12}}]}}) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r4}, 0x2c, {'group_id', 0x3d, r5}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r6}}]}}) (async) mount$fuseblk(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x80, &(0x7f0000000240)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x8000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, 0xffffffffffffffff}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x2}}, {@max_read={'max_read', 0x3d, 0x8000}}, {@allow_other}], [{@smackfsfloor={'smackfsfloor', 0x3d, '-'}}, {@mask={'mask', 0x3d, 'MAY_APPEND'}}, {@euid_gt={'euid>', r6}}, {@smackfstransmute={'smackfstransmute', 0x3d, '*%&'}}]}}) [ 2061.673593] FAULT_INJECTION: forcing a failure. [ 2061.673593] name failslab, interval 1, probability 0, space 0, times 0 [ 2061.686381] CPU: 0 PID: 25815 Comm: syz-executor.1 Not tainted 4.14.286-syzkaller #0 [ 2061.694273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2061.703613] Call Trace: [ 2061.706182] dump_stack+0x1b2/0x281 [ 2061.709806] should_fail.cold+0x10a/0x149 [ 2061.713962] should_failslab+0xd6/0x130 [ 2061.717916] kmem_cache_alloc+0x28e/0x3c0 [ 2061.722066] alloc_inode+0xa0/0x170 [ 2061.725726] new_inode+0x1d/0xf0 [ 2061.729601] fuse_ctl_add_dentry+0x8d/0x410 [ 2061.733917] ? __lockdep_init_map+0x100/0x560 [ 2061.738401] fuse_ctl_add_conn+0x148/0x250 [ 2061.742624] ? fuse_ctl_remove_conn+0x1a0/0x1a0 [ 2061.747326] ? SMBQueryInformation+0x165/0x910 [ 2061.751891] fuse_fill_super+0xe0c/0x15c0 [ 2061.756017] ? fuse_get_root_inode+0xc0/0xc0 [ 2061.760404] ? up_write+0x17/0x60 [ 2061.763850] ? register_shrinker+0x15f/0x220 [ 2061.768234] ? sget_userns+0x768/0xc10 [ 2061.772101] ? get_anon_bdev+0x1c0/0x1c0 [ 2061.776135] ? sget+0xd9/0x110 [ 2061.779342] ? fuse_get_root_inode+0xc0/0xc0 [ 2061.783724] mount_nodev+0x4c/0xf0 [ 2061.787253] mount_fs+0x92/0x2a0 [ 2061.790609] vfs_kern_mount.part.0+0x5b/0x470 [ 2061.795106] do_mount+0xe65/0x2a30 [ 2061.798628] ? check_preemption_disabled+0x35/0x240 [ 2061.803624] ? retint_kernel+0x2d/0x2d [ 2061.807490] ? copy_mount_string+0x40/0x40 [ 2061.811701] ? copy_mount_options+0x185/0x2f0 [ 2061.816171] ? copy_mount_options+0x19a/0x2f0 [ 2061.820641] ? copy_mount_options+0x1fa/0x2f0 [ 2061.825110] ? copy_mnt_ns+0xa30/0xa30 [ 2061.828980] SyS_mount+0xa8/0x120 [ 2061.832418] ? copy_mnt_ns+0xa30/0xa30 [ 2061.836282] do_syscall_64+0x1d5/0x640 [ 2061.840149] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2061.845313] RIP: 0033:0x7fc09e230109 [ 2061.849002] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2061.856686] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 [ 2061.863938] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 10:58:30 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 70) 10:58:30 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) prctl$PR_GET_FPEXC(0xb, &(0x7f0000000000)) 10:58:30 executing program 0: ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(0xffffffffffffffff, 0x80083313, &(0x7f0000000080)) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) 10:58:30 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x10, &(0x7f0000000100), &(0x7f0000000140)=0x4) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@updsa={0xf0, 0x1a, 0xf03, 0x0, 0x0, {{@in=@local, @in=@loopback}, {@in6=@empty}, @in=@remote}}, 0xf0}}, 0x0) r1 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000040)={0x0, 0x81, 0x10}, 0xc) bpf$BPF_MAP_FREEZE(0x16, &(0x7f00000000c0)=r1, 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) (async) getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x10, &(0x7f0000000100), &(0x7f0000000140)=0x4) (async) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@updsa={0xf0, 0x1a, 0xf03, 0x0, 0x0, {{@in=@local, @in=@loopback}, {@in6=@empty}, @in=@remote}}, 0xf0}}, 0x0) (async) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000040)={0x0, 0x81, 0x10}, 0xc) (async) bpf$BPF_MAP_FREEZE(0x16, &(0x7f00000000c0)=r1, 0x4) (async) 10:58:30 executing program 5: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000240)={0x2020, 0x0, 0x0, 0x0}, 0x2020) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r6 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r6}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r7}, 0x2c, {'group_id', 0x3d, r5}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) read$FUSE(r6, &(0x7f0000002440)={0x2020}, 0x2020) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000002280)=ANY=[]) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x800000, &(0x7f0000000080)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0xa000}, 0x2c, {'user_id', 0x3d, r0}, 0x2c, {'group_id', 0x3d, r4}, 0x2c, {[{@allow_other}, {@max_read={'max_read', 0x3d, 0x45}}, {@default_permissions}, {@allow_other}, {@max_read={'max_read', 0x3d, 0x6}}], [{@smackfsdef={'smackfsdef', 0x3d, '^-^'}}, {@smackfshat}, {@smackfsdef={'smackfsdef', 0x3d, '^}$'}}, {@obj_user={'obj_user', 0x3d, '@&!\xa4*--&%$,@'}}, {@dont_measure}, {@subj_role={'subj_role', 0x3d, '(+&&\\\xf9\'['}}]}}) 10:58:30 executing program 3: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) (async) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000000c0), 0x103441, 0x0) (async) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[{@blksize}, {@default_permissions}, {@default_permissions}]}}) (async) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) (async) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) (async, rerun: 32) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) (rerun: 32) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) (async) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r7}, 0x2c, {'group_id', 0x3d, r8}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x400}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r9}}]}}) (async) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) (async, rerun: 64) r11 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (rerun: 64) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000880)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r11, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=r12, @ANYBLOB="2c028790188b559d5f69643d", @ANYRESDEC=r10, @ANYBLOB=',blksize=0x0000000000000000,blksize=0x0000000000001400,default_permissions,dont_hash,\x00']) (async) mount$fuse(0x0, &(0x7f0000000680)='./file0\x00', &(0x7f00000006c0), 0x18440, &(0x7f0000000700)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@blksize={'blksize', 0x3d, 0x1c00}}, {@allow_other}, {@allow_other}, {@default_permissions}, {@max_read={'max_read', 0x3d, 0x9}}, {@blksize={'blksize', 0x3d, 0x400}}, {@default_permissions}, {@allow_other}], [{@euid_lt={'euid<', r7}}, {@seclabel}, {@hash}, {@audit}, {@euid_lt={'euid<', r12}}]}}) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r4}, 0x2c, {'group_id', 0x3d, r5}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@euid_lt={'euid<', r6}}]}}) mount$fuseblk(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x80, &(0x7f0000000240)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x8000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, 0xffffffffffffffff}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x2}}, {@max_read={'max_read', 0x3d, 0x8000}}, {@allow_other}], [{@smackfsfloor={'smackfsfloor', 0x3d, '-'}}, {@mask={'mask', 0x3d, 'MAY_APPEND'}}, {@euid_gt={'euid>', r6}}, {@smackfstransmute={'smackfstransmute', 0x3d, '*%&'}}]}}) [ 2061.871187] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 [ 2061.878441] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2061.885689] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 10:58:30 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) (async) prctl$PR_GET_FPEXC(0xb, &(0x7f0000000000)) 10:58:30 executing program 5: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) (async) read$FUSE(0xffffffffffffffff, &(0x7f0000000240)={0x2020, 0x0, 0x0, 0x0}, 0x2020) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) (async, rerun: 32) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (rerun: 32) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async, rerun: 64) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) (async, rerun: 64) openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async, rerun: 32) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) (async, rerun: 32) r6 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r6}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r7}, 0x2c, {'group_id', 0x3d, r5}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) read$FUSE(r6, &(0x7f0000002440)={0x2020}, 0x2020) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)) (async, rerun: 32) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000002280)=ANY=[]) (async, rerun: 32) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x800000, &(0x7f0000000080)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0xa000}, 0x2c, {'user_id', 0x3d, r0}, 0x2c, {'group_id', 0x3d, r4}, 0x2c, {[{@allow_other}, {@max_read={'max_read', 0x3d, 0x45}}, {@default_permissions}, {@allow_other}, {@max_read={'max_read', 0x3d, 0x6}}], [{@smackfsdef={'smackfsdef', 0x3d, '^-^'}}, {@smackfshat}, {@smackfsdef={'smackfsdef', 0x3d, '^}$'}}, {@obj_user={'obj_user', 0x3d, '@&!\xa4*--&%$,@'}}, {@dont_measure}, {@subj_role={'subj_role', 0x3d, '(+&&\\\xf9\'['}}]}}) 10:58:31 executing program 0: ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(0xffffffffffffffff, 0x80083313, &(0x7f0000000080)) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(0xffffffffffffffff, 0x80083313, &(0x7f0000000080)) (async) openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (async) 10:58:31 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) prctl$PR_GET_FPEXC(0xb, &(0x7f0000000000)) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) (async) prctl$PR_GET_FPEXC(0xb, &(0x7f0000000000)) (async) 10:58:31 executing program 3: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) write$FUSE_NOTIFY_INVAL_INODE(r1, &(0x7f0000000000)={0x28, 0x2, 0x0, {0x1, 0x8, 0x8}}, 0x28) 10:58:31 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) sendmsg$RDMA_NLDEV_CMD_DELLINK(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4008100a}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x50, 0x1404, 0x100, 0x70bd2a, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}]}, 0x50}, 0x1, 0x0, 0x0, 0x91}, 0x1) [ 2062.098445] FAULT_INJECTION: forcing a failure. [ 2062.098445] name failslab, interval 1, probability 0, space 0, times 0 [ 2062.109728] CPU: 1 PID: 25866 Comm: syz-executor.1 Not tainted 4.14.286-syzkaller #0 [ 2062.117596] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2062.126939] Call Trace: [ 2062.129509] dump_stack+0x1b2/0x281 [ 2062.133119] should_fail.cold+0x10a/0x149 [ 2062.137247] should_failslab+0xd6/0x130 [ 2062.141296] kmem_cache_alloc+0x28e/0x3c0 [ 2062.145422] alloc_inode+0xa0/0x170 [ 2062.149023] new_inode+0x1d/0xf0 [ 2062.152382] fuse_ctl_add_dentry+0x8d/0x410 [ 2062.156678] ? __lockdep_init_map+0x100/0x560 [ 2062.161151] fuse_ctl_add_conn+0x110/0x250 [ 2062.165362] ? fuse_ctl_remove_conn+0x1a0/0x1a0 [ 2062.170011] ? SMBQueryInformation+0x165/0x910 [ 2062.174575] fuse_fill_super+0xe0c/0x15c0 [ 2062.178710] ? fuse_get_root_inode+0xc0/0xc0 [ 2062.183103] ? up_write+0x17/0x60 [ 2062.186533] ? register_shrinker+0x15f/0x220 [ 2062.190915] ? sget_userns+0x768/0xc10 [ 2062.194792] ? get_anon_bdev+0x1c0/0x1c0 [ 2062.198825] ? sget+0xd9/0x110 [ 2062.201993] ? fuse_get_root_inode+0xc0/0xc0 [ 2062.206375] mount_nodev+0x4c/0xf0 [ 2062.209890] mount_fs+0x92/0x2a0 [ 2062.213235] vfs_kern_mount.part.0+0x5b/0x470 [ 2062.217708] do_mount+0xe65/0x2a30 [ 2062.221233] ? copy_mount_string+0x40/0x40 [ 2062.225444] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 2062.230436] ? copy_mnt_ns+0xa30/0xa30 [ 2062.234299] ? copy_mount_options+0x1fa/0x2f0 [ 2062.238769] ? copy_mnt_ns+0xa30/0xa30 [ 2062.242635] SyS_mount+0xa8/0x120 [ 2062.246062] ? copy_mnt_ns+0xa30/0xa30 [ 2062.249928] do_syscall_64+0x1d5/0x640 [ 2062.253804] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2062.258976] RIP: 0033:0x7fc09e230109 [ 2062.262660] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2062.270341] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 [ 2062.277584] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 [ 2062.284828] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 [ 2062.292078] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 10:58:31 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 71) 10:58:31 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) (async, rerun: 32) sendmsg$RDMA_NLDEV_CMD_DELLINK(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4008100a}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x50, 0x1404, 0x100, 0x70bd2a, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}]}, 0x50}, 0x1, 0x0, 0x0, 0x91}, 0x1) (rerun: 32) 10:58:31 executing program 3: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) (async) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) (async) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) write$FUSE_NOTIFY_INVAL_INODE(r1, &(0x7f0000000000)={0x28, 0x2, 0x0, {0x1, 0x8, 0x8}}, 0x28) 10:58:31 executing program 0: ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(0xffffffffffffffff, 0x80083313, &(0x7f0000000080)) (async) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) 10:58:31 executing program 5: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) (async, rerun: 32) read$FUSE(0xffffffffffffffff, &(0x7f0000000240)={0x2020, 0x0, 0x0, 0x0}, 0x2020) (async, rerun: 32) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) (async, rerun: 32) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async, rerun: 32) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r6 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r6}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r7}, 0x2c, {'group_id', 0x3d, r5}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async, rerun: 32) read$FUSE(r6, &(0x7f0000002440)={0x2020}, 0x2020) (async, rerun: 32) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)) (async) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000002280)=ANY=[]) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x800000, &(0x7f0000000080)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0xa000}, 0x2c, {'user_id', 0x3d, r0}, 0x2c, {'group_id', 0x3d, r4}, 0x2c, {[{@allow_other}, {@max_read={'max_read', 0x3d, 0x45}}, {@default_permissions}, {@allow_other}, {@max_read={'max_read', 0x3d, 0x6}}], [{@smackfsdef={'smackfsdef', 0x3d, '^-^'}}, {@smackfshat}, {@smackfsdef={'smackfsdef', 0x3d, '^}$'}}, {@obj_user={'obj_user', 0x3d, '@&!\xa4*--&%$,@'}}, {@dont_measure}, {@subj_role={'subj_role', 0x3d, '(+&&\\\xf9\'['}}]}}) 10:58:31 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x10, &(0x7f0000000100), &(0x7f0000000140)=0x4) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@updsa={0xf0, 0x1a, 0xf03, 0x0, 0x0, {{@in=@local, @in=@loopback}, {@in6=@empty}, @in=@remote}}, 0xf0}}, 0x0) r1 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000040)={0x0, 0x81, 0x10}, 0xc) bpf$BPF_MAP_FREEZE(0x16, &(0x7f00000000c0)=r1, 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) (async) getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x10, &(0x7f0000000100), &(0x7f0000000140)=0x4) (async) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@updsa={0xf0, 0x1a, 0xf03, 0x0, 0x0, {{@in=@local, @in=@loopback}, {@in6=@empty}, @in=@remote}}, 0xf0}}, 0x0) (async) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000040)={0x0, 0x81, 0x10}, 0xc) (async) bpf$BPF_MAP_FREEZE(0x16, &(0x7f00000000c0)=r1, 0x4) (async) 10:58:31 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) (async) sendmsg$RDMA_NLDEV_CMD_DELLINK(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4008100a}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x50, 0x1404, 0x100, 0x70bd2a, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}]}, 0x50}, 0x1, 0x0, 0x0, 0x91}, 0x1) [ 2062.299326] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 10:58:31 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0)=0x0, &(0x7f0000000500), &(0x7f0000000540)=0x0) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r5 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r5}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r6}, 0x2c, {'group_id', 0x3d, r4}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) read$FUSE(r1, &(0x7f0000000680)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x870052, &(0x7f0000000240)={{'fd', 0x3d, r5}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r7}, 0x2c, {[{@max_read={'max_read', 0x3d, 0xca40}}, {@blksize={'blksize', 0x3d, 0x1200}}], [{@smackfsfloor={'smackfsfloor', 0x3d, 'fd'}}, {@smackfsdef={'smackfsdef', 0x3d, '-}$,>&'}}, {@defcontext={'defcontext', 0x3d, 'unconfined_u'}}, {@obj_user}, {@fsmagic={'fsmagic', 0x3d, 0x1000}}, {@audit}]}}) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) write$FUSE_LSEEK(r1, &(0x7f0000000000)={0x18, 0x0, 0x0, {0x20}}, 0x18) [ 2062.373770] FAULT_INJECTION: forcing a failure. [ 2062.373770] name failslab, interval 1, probability 0, space 0, times 0 [ 2062.391701] CPU: 1 PID: 25881 Comm: syz-executor.1 Not tainted 4.14.286-syzkaller #0 [ 2062.399597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2062.408943] Call Trace: [ 2062.411528] dump_stack+0x1b2/0x281 [ 2062.415158] should_fail.cold+0x10a/0x149 [ 2062.419314] should_failslab+0xd6/0x130 10:58:31 executing program 5: ioctl$KVM_IRQ_LINE_STATUS(0xffffffffffffffff, 0xc008ae67, &(0x7f0000000000)={0xfffffffe, 0x7}) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) [ 2062.423283] kmem_cache_alloc+0x28e/0x3c0 [ 2062.427432] alloc_inode+0xa0/0x170 [ 2062.431059] new_inode+0x1d/0xf0 [ 2062.434434] fuse_ctl_add_dentry+0x8d/0x410 [ 2062.438745] ? __lockdep_init_map+0x100/0x560 [ 2062.443232] fuse_ctl_add_conn+0x17c/0x250 [ 2062.447463] ? fuse_ctl_remove_conn+0x1a0/0x1a0 [ 2062.452123] ? SMBQueryInformation+0x165/0x910 [ 2062.456708] fuse_fill_super+0xe0c/0x15c0 [ 2062.460853] ? fuse_get_root_inode+0xc0/0xc0 [ 2062.465259] ? up_write+0x17/0x60 [ 2062.468702] ? register_shrinker+0x15f/0x220 10:58:31 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="f00000001a4af9b4d3f2359cd4d6f8f300030f00a4000000000000ac1414aa0000000000000000000000007f0000010000000000000000000000ef01000000000000000000000000000000b539a118a6fd30ad2bd646aac0349c5f0e", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRESOCT=r0], 0xf0}}, 0x0) 10:58:31 executing program 5: ioctl$KVM_IRQ_LINE_STATUS(0xffffffffffffffff, 0xc008ae67, &(0x7f0000000000)={0xfffffffe, 0x7}) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) 10:58:31 executing program 5: ioctl$KVM_IRQ_LINE_STATUS(0xffffffffffffffff, 0xc008ae67, &(0x7f0000000000)={0xfffffffe, 0x7}) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) ioctl$KVM_IRQ_LINE_STATUS(0xffffffffffffffff, 0xc008ae67, &(0x7f0000000000)={0xfffffffe, 0x7}) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) (async) [ 2062.473106] ? sget_userns+0x768/0xc10 [ 2062.476995] ? get_anon_bdev+0x1c0/0x1c0 [ 2062.481047] ? sget+0xd9/0x110 [ 2062.484240] ? fuse_get_root_inode+0xc0/0xc0 [ 2062.488651] mount_nodev+0x4c/0xf0 [ 2062.492190] mount_fs+0x92/0x2a0 [ 2062.495563] vfs_kern_mount.part.0+0x5b/0x470 [ 2062.500055] do_mount+0xe65/0x2a30 [ 2062.503598] ? copy_mount_string+0x40/0x40 [ 2062.507833] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 2062.512845] ? copy_mnt_ns+0xa30/0xa30 [ 2062.516730] ? copy_mount_options+0x1fa/0x2f0 [ 2062.521220] ? copy_mnt_ns+0xa30/0xa30 [ 2062.525195] SyS_mount+0xa8/0x120 [ 2062.528642] ? copy_mnt_ns+0xa30/0xa30 [ 2062.532525] do_syscall_64+0x1d5/0x640 [ 2062.536412] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2062.541592] RIP: 0033:0x7fc09e230109 [ 2062.545296] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2062.553020] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 [ 2062.560282] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 [ 2062.567551] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 10:58:31 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 72) 10:58:31 executing program 5: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) ioctl$PPPIOCGNPMODE(0xffffffffffffffff, 0xc008744c, &(0x7f0000000000)={0xfb, 0x3}) 10:58:31 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="f00000001a4af9b4d3f2359cd4d6f8f300030f00a4000000000000ac1414aa0000000000000000000000007f0000010000000000000000000000ef01000000000000000000000000000000b539a118a6fd30ad2bd646aac0349c5f0e", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRESOCT=r0], 0xf0}}, 0x0) 10:58:31 executing program 3: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) write$FUSE_NOTIFY_INVAL_INODE(r1, &(0x7f0000000000)={0x28, 0x2, 0x0, {0x1, 0x8, 0x8}}, 0x28) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) (async) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)) (async) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async) write$FUSE_NOTIFY_INVAL_INODE(r1, &(0x7f0000000000)={0x28, 0x2, 0x0, {0x1, 0x8, 0x8}}, 0x28) (async) 10:58:31 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) (async) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) (async) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0)=0x0, &(0x7f0000000500), &(0x7f0000000540)=0x0) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r5 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r5}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r6}, 0x2c, {'group_id', 0x3d, r4}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async) read$FUSE(r1, &(0x7f0000000680)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x870052, &(0x7f0000000240)={{'fd', 0x3d, r5}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r7}, 0x2c, {[{@max_read={'max_read', 0x3d, 0xca40}}, {@blksize={'blksize', 0x3d, 0x1200}}], [{@smackfsfloor={'smackfsfloor', 0x3d, 'fd'}}, {@smackfsdef={'smackfsdef', 0x3d, '-}$,>&'}}, {@defcontext={'defcontext', 0x3d, 'unconfined_u'}}, {@obj_user}, {@fsmagic={'fsmagic', 0x3d, 0x1000}}, {@audit}]}}) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async) write$FUSE_LSEEK(r1, &(0x7f0000000000)={0x18, 0x0, 0x0, {0x20}}, 0x18) 10:58:31 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) getresgid(&(0x7f0000000080)=0x0, &(0x7f0000000100), &(0x7f0000000180)) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {'group_id', 0x3d, r1}}) [ 2062.574813] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2062.582080] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 10:58:31 executing program 5: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) (async) ioctl$PPPIOCGNPMODE(0xffffffffffffffff, 0xc008744c, &(0x7f0000000000)={0xfb, 0x3}) 10:58:31 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) (async, rerun: 64) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) (rerun: 64) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0)=0x0, &(0x7f0000000500), &(0x7f0000000540)=0x0) (async) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) (async) r5 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async, rerun: 32) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) (rerun: 32) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r5}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r6}, 0x2c, {'group_id', 0x3d, r4}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async) read$FUSE(r1, &(0x7f0000000680)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x870052, &(0x7f0000000240)={{'fd', 0x3d, r5}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r7}, 0x2c, {[{@max_read={'max_read', 0x3d, 0xca40}}, {@blksize={'blksize', 0x3d, 0x1200}}], [{@smackfsfloor={'smackfsfloor', 0x3d, 'fd'}}, {@smackfsdef={'smackfsdef', 0x3d, '-}$,>&'}}, {@defcontext={'defcontext', 0x3d, 'unconfined_u'}}, {@obj_user}, {@fsmagic={'fsmagic', 0x3d, 0x1000}}, {@audit}]}}) (async) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async) write$FUSE_LSEEK(r1, &(0x7f0000000000)={0x18, 0x0, 0x0, {0x20}}, 0x18) 10:58:31 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) (async) getresgid(&(0x7f0000000080)=0x0, &(0x7f0000000100), &(0x7f0000000180)) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {'group_id', 0x3d, r1}}) 10:58:31 executing program 3: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8) r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000040)={r0}, 0x8) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r4}, 0x2c, {'group_id', 0x3d, r2}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) write$FUSE_ENTRY(r1, &(0x7f0000000080)={0x90, 0x0, 0x0, {0x1, 0x1, 0x23a, 0x5, 0x800, 0x800, {0x4, 0xfffffffffffffffa, 0x1, 0x2, 0x4, 0x3, 0x101, 0x1f, 0x72a1, 0x1000, 0x0, 0xffffffffffffffff, r2, 0x50, 0x1ff}}}, 0x90) 10:58:31 executing program 2: mount$fuse(0x0, &(0x7f0000000000)='.\x00', 0x0, 0x64888, 0x0) 10:58:31 executing program 2: mount$fuse(0x0, &(0x7f0000000000)='.\x00', 0x0, 0x64888, 0x0) [ 2062.731209] FAULT_INJECTION: forcing a failure. [ 2062.731209] name failslab, interval 1, probability 0, space 0, times 0 [ 2062.742939] CPU: 1 PID: 25947 Comm: syz-executor.1 Not tainted 4.14.286-syzkaller #0 [ 2062.750827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2062.760182] Call Trace: [ 2062.762772] dump_stack+0x1b2/0x281 [ 2062.766404] should_fail.cold+0x10a/0x149 [ 2062.770569] should_failslab+0xd6/0x130 [ 2062.774541] kmem_cache_alloc+0x28e/0x3c0 [ 2062.778690] __d_alloc+0x2a/0xa20 [ 2062.782144] ? lock_acquire+0x170/0x3f0 [ 2062.786118] d_alloc+0x46/0x240 [ 2062.789392] d_alloc_name+0x70/0x80 [ 2062.793011] ? d_alloc+0x240/0x240 [ 2062.796555] fuse_ctl_add_dentry+0x70/0x410 [ 2062.800874] ? __lockdep_init_map+0x100/0x560 [ 2062.805362] fuse_ctl_add_conn+0x17c/0x250 [ 2062.809675] ? fuse_ctl_remove_conn+0x1a0/0x1a0 [ 2062.814330] ? SMBQueryInformation+0x165/0x910 [ 2062.818895] fuse_fill_super+0xe0c/0x15c0 [ 2062.823024] ? fuse_get_root_inode+0xc0/0xc0 [ 2062.827418] ? up_write+0x17/0x60 [ 2062.830860] ? register_shrinker+0x15f/0x220 [ 2062.835254] ? sget_userns+0x768/0xc10 [ 2062.839127] ? get_anon_bdev+0x1c0/0x1c0 [ 2062.843166] ? sget+0xd9/0x110 [ 2062.846339] ? fuse_get_root_inode+0xc0/0xc0 [ 2062.850733] mount_nodev+0x4c/0xf0 [ 2062.854264] mount_fs+0x92/0x2a0 [ 2062.857630] vfs_kern_mount.part.0+0x5b/0x470 [ 2062.862107] do_mount+0xe65/0x2a30 [ 2062.865626] ? copy_mount_string+0x40/0x40 [ 2062.869842] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 2062.874835] ? copy_mnt_ns+0xa30/0xa30 [ 2062.878709] ? copy_mount_options+0x1fa/0x2f0 [ 2062.883188] ? copy_mnt_ns+0xa30/0xa30 [ 2062.887057] SyS_mount+0xa8/0x120 [ 2062.890489] ? copy_mnt_ns+0xa30/0xa30 [ 2062.894371] do_syscall_64+0x1d5/0x640 [ 2062.898242] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2062.903406] RIP: 0033:0x7fc09e230109 [ 2062.907093] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2062.914779] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 [ 2062.922039] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 10:58:31 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 73) 10:58:31 executing program 2: mount$fuse(0x0, &(0x7f0000000000)='.\x00', 0x0, 0x64888, 0x0) mount$fuse(0x0, &(0x7f0000000000)='.\x00', 0x0, 0x64888, 0x0) (async) 10:58:31 executing program 5: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) ioctl$PPPIOCGNPMODE(0xffffffffffffffff, 0xc008744c, &(0x7f0000000000)={0xfb, 0x3}) 10:58:31 executing program 3: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8) r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000040)={r0}, 0x8) (async) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) (async) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r4}, 0x2c, {'group_id', 0x3d, r2}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async) write$FUSE_ENTRY(r1, &(0x7f0000000080)={0x90, 0x0, 0x0, {0x1, 0x1, 0x23a, 0x5, 0x800, 0x800, {0x4, 0xfffffffffffffffa, 0x1, 0x2, 0x4, 0x3, 0x101, 0x1f, 0x72a1, 0x1000, 0x0, 0xffffffffffffffff, r2, 0x50, 0x1ff}}}, 0x90) 10:58:31 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) getresgid(&(0x7f0000000080)=0x0, &(0x7f0000000100), &(0x7f0000000180)) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {'group_id', 0x3d, r1}}) 10:58:31 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="f00000001a4af9b4d3f2359cd4d6f8f300030f00a4000000000000ac1414aa0000000000000000000000007f0000010000000000000000000000ef01000000000000000000000000000000b539a118a6fd30ad2bd646aac0349c5f0e", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRESOCT=r0], 0xf0}}, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) (async) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="f00000001a4af9b4d3f2359cd4d6f8f300030f00a4000000000000ac1414aa0000000000000000000000007f0000010000000000000000000000ef01000000000000000000000000000000b539a118a6fd30ad2bd646aac0349c5f0e", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRESOCT=r0], 0xf0}}, 0x0) (async) [ 2062.929306] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 [ 2062.936551] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2062.943797] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 10:58:32 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) socket$nl_rdma(0x10, 0x3, 0x14) 10:58:32 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@updsa={0xf0, 0x1a, 0xf03, 0x0, 0x0, {{@in=@local, @in=@loopback}, {@in6=@empty}, @in=@remote}}, 0xf0}}, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000200), 0x88a0, 0x0) r2 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000280)={&(0x7f0000000240)='./file0\x00', 0x0, 0x10}, 0x10) r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r3, 0x6, 0x23, 0x0, 0x0) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r4, 0x6, 0x23, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0xe, &(0x7f00000003c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x800}, [@call={0x85, 0x0, 0x0, 0x21}, @map_val={0x18, 0x1, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x1}, @call={0x85, 0x0, 0x0, 0xb5}, @btf_id={0x18, 0x1, 0x3, 0x0, 0x5}, @map_fd={0x18, 0x4, 0x1, 0x0, r2}, @call={0x85, 0x0, 0x0, 0x6a}, @call={0x85, 0x0, 0x0, 0xc0}, @call={0x85, 0x0, 0x0, 0x36}]}, &(0x7f0000000440)='syzkaller\x00', 0x10000, 0x0, 0x0, 0x41100, 0x1, '\x00', 0x0, 0x0, r3, 0x8, &(0x7f0000000480)={0x9, 0x1}, 0x8, 0x10, &(0x7f00000004c0)={0x4, 0xa, 0x3, 0x20}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000500)=[r4]}, 0x80) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000001c0)={0x1, &(0x7f0000000040)="4fb5ad9e36349b96c4d07c3203b60815a6", &(0x7f00000000c0)=""/213, 0x4}, 0x20) 10:58:32 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) (async) socket$nl_rdma(0x10, 0x3, 0x14) 10:58:32 executing program 3: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) (async, rerun: 32) r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8) (rerun: 32) r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000040)={r0}, 0x8) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) (async) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r4}, 0x2c, {'group_id', 0x3d, r2}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async, rerun: 32) write$FUSE_ENTRY(r1, &(0x7f0000000080)={0x90, 0x0, 0x0, {0x1, 0x1, 0x23a, 0x5, 0x800, 0x800, {0x4, 0xfffffffffffffffa, 0x1, 0x2, 0x4, 0x3, 0x101, 0x1f, 0x72a1, 0x1000, 0x0, 0xffffffffffffffff, r2, 0x50, 0x1ff}}}, 0x90) (rerun: 32) 10:58:32 executing program 5: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r4 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r6 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0)=0x0, &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r6}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r8}, 0x2c, {'group_id', 0x3d, r5}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) getresuid(&(0x7f00000002c0), &(0x7f0000000300)=0x0, &(0x7f0000000340)) mount$fuse(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x810004, &(0x7f0000000680)={{'fd', 0x3d, r6}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r9}, 0x2c, {'group_id', 0x3d, r3}, 0x2c, {[{@default_permissions}, {@allow_other}, {@allow_other}, {@default_permissions}, {@blksize={'blksize', 0x3d, 0x1200}}, {@default_permissions}, {@default_permissions}], [{@obj_role={'obj_role', 0x3d, ']}+^:@)\':,}&.\xdc}'}}, {@subj_user={'subj_user', 0x3d, '\r&'}}]}}) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000840)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB="2c726f6f746d6f6465033030303030303030303030303030303030303630510ee42c757365725f69643d88085c774ab55d319c6a2c69ef56a5e31dfe1fdec6fb9b093a74c2c8711e7c573ff0766822eb01623f46a541bb2890a5fab4b755c06b8b4f6de007687ce9de27c5fb550da32f0ff651ab8f189f7a156e2b0a9210956b09f6f1d1bd598c30330411a71ee7ea0b0dc6fced39f85329f236", @ANYRESDEC=r10, @ANYBLOB=',group_id=', @ANYRESDEC=r3, @ANYBLOB=',blksize=0x0000000000000000,blksize=0x0000000000001400,default_permissions,dont_hash,\x00']) r11 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r11}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r12}, 0x2c, {}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f00000007c0)={0x78, 0x24, 0x0, {0x9, 0x1ff, 0x0, {0x4, 0xc99, 0x4c, 0x1a10, 0x7ff, 0x8f6b, 0x5, 0x7, 0x101, 0x4000, 0x10000, r7, 0x0, 0x1, 0x1}}}, 0x78) mount$fuseblk(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x21043, &(0x7f0000000b00)={{}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r3}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x3}}, {@default_permissions}, {@default_permissions}, {@default_permissions}], [{@fsmagic={'fsmagic', 0x3d, 0x7}}, {@obj_role={'obj_role', 0x3d, ']\\'}}, {@subj_role}, {@fowner_lt={'fowner<', 0xee01}}, {@smackfstransmute={'smackfstransmute', 0x3d, 'Y\xb7@\x81?\xba\x02\x8c:\xfe\x0e\\w.2\xabLw\xe7\xc9\xc0\x0fJ\xbc\xe1\xc9\x16\xad\'\x87_'}}, {@obj_user={'obj_user', 0x3d, '\r&'}}]}}) 10:58:32 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) (async) socket$nl_rdma(0x10, 0x3, 0x14) [ 2063.140824] FAULT_INJECTION: forcing a failure. [ 2063.140824] name failslab, interval 1, probability 0, space 0, times 0 [ 2063.152211] CPU: 0 PID: 25999 Comm: syz-executor.1 Not tainted 4.14.286-syzkaller #0 [ 2063.160081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2063.169419] Call Trace: [ 2063.171985] dump_stack+0x1b2/0x281 [ 2063.175597] should_fail.cold+0x10a/0x149 [ 2063.179732] should_failslab+0xd6/0x130 [ 2063.183697] kmem_cache_alloc+0x28e/0x3c0 [ 2063.187833] __d_alloc+0x2a/0xa20 [ 2063.191270] ? lock_acquire+0x170/0x3f0 [ 2063.195227] d_alloc+0x46/0x240 [ 2063.198488] d_alloc_name+0x70/0x80 [ 2063.202092] ? d_alloc+0x240/0x240 [ 2063.205649] fuse_ctl_add_dentry+0x70/0x410 [ 2063.209953] ? __lockdep_init_map+0x100/0x560 [ 2063.214429] fuse_ctl_add_conn+0x1e0/0x250 [ 2063.218780] ? fuse_ctl_remove_conn+0x1a0/0x1a0 [ 2063.223434] ? SMBQueryInformation+0x165/0x910 [ 2063.228004] fuse_fill_super+0xe0c/0x15c0 [ 2063.232138] ? fuse_get_root_inode+0xc0/0xc0 [ 2063.236570] ? up_write+0x17/0x60 [ 2063.240005] ? register_shrinker+0x15f/0x220 [ 2063.244394] ? sget_userns+0x768/0xc10 [ 2063.248269] ? get_anon_bdev+0x1c0/0x1c0 [ 2063.252306] ? sget+0xd9/0x110 [ 2063.255477] ? fuse_get_root_inode+0xc0/0xc0 [ 2063.259866] mount_nodev+0x4c/0xf0 [ 2063.263384] mount_fs+0x92/0x2a0 [ 2063.266733] vfs_kern_mount.part.0+0x5b/0x470 [ 2063.271205] do_mount+0xe65/0x2a30 [ 2063.274725] ? copy_mount_string+0x40/0x40 [ 2063.278941] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 2063.283950] ? copy_mnt_ns+0xa30/0xa30 [ 2063.287816] ? copy_mount_options+0x1fa/0x2f0 [ 2063.292300] ? copy_mnt_ns+0xa30/0xa30 [ 2063.296177] SyS_mount+0xa8/0x120 [ 2063.299606] ? copy_mnt_ns+0xa30/0xa30 [ 2063.303473] do_syscall_64+0x1d5/0x640 [ 2063.307358] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2063.312524] RIP: 0033:0x7fc09e230109 [ 2063.316213] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2063.323896] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 [ 2063.331141] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 10:58:32 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 74) 10:58:32 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {}, 0x2c, {'group_id', 0x3d, r1}}) 10:58:32 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) write$6lowpan_control(0xffffffffffffffff, &(0x7f0000000000)='disconnect aa:aa:aa:aa:aa:11 2', 0x1e) write$FUSE_WRITE(0xffffffffffffffff, &(0x7f0000000240)={0x18, 0x0, 0x0, {0x5}}, 0x18) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000001c0)={0xffffffffffffffff, &(0x7f0000000040)="e41b4e169284e8114a886a7b5e1ab90e34ff246c08b87e84bea665ffbb32fe374e9e029acd804ad3751d69e0a970d12c28e598d012df1cc14d5175cec22bfcdadf2044c7686185460d234a077417a0c81f11df41735ec5bff7412d54a3dfac9449e145449f44f98dd37f042757222f1e1b382598ba36bf50adb952ac31f44f49f8ce1cb26139e6b3efbec672d463a31a192bbe281c48f47267f9336f23626c0e92f7b44f4c533ed83ad4825d8f2a2248e1cedded1270098aa071ed02d4a8c4848b5a9232f84bf7b456552a997519b1d29856506277522e28bf2e75663f8935cdafb1d267ca6f522396dc43650a35e7764e8e86", &(0x7f0000000140)=""/66}, 0x20) write$FUSE_LSEEK(0xffffffffffffffff, &(0x7f0000000280)={0x18, 0x24, 0x0, {0x8000000000000001}}, 0x18) 10:58:32 executing program 5: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r4 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r6 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0)=0x0, &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r6}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r8}, 0x2c, {'group_id', 0x3d, r5}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) getresuid(&(0x7f00000002c0), &(0x7f0000000300)=0x0, &(0x7f0000000340)) mount$fuse(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x810004, &(0x7f0000000680)={{'fd', 0x3d, r6}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r9}, 0x2c, {'group_id', 0x3d, r3}, 0x2c, {[{@default_permissions}, {@allow_other}, {@allow_other}, {@default_permissions}, {@blksize={'blksize', 0x3d, 0x1200}}, {@default_permissions}, {@default_permissions}], [{@obj_role={'obj_role', 0x3d, ']}+^:@)\':,}&.\xdc}'}}, {@subj_user={'subj_user', 0x3d, '\r&'}}]}}) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000840)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB="2c726f6f746d6f6465033030303030303030303030303030303030303630510ee42c757365725f69643d88085c774ab55d319c6a2c69ef56a5e31dfe1fdec6fb9b093a74c2c8711e7c573ff0766822eb01623f46a541bb2890a5fab4b755c06b8b4f6de007687ce9de27c5fb550da32f0ff651ab8f189f7a156e2b0a9210956b09f6f1d1bd598c30330411a71ee7ea0b0dc6fced39f85329f236", @ANYRESDEC=r10, @ANYBLOB=',group_id=', @ANYRESDEC=r3, @ANYBLOB=',blksize=0x0000000000000000,blksize=0x0000000000001400,default_permissions,dont_hash,\x00']) r11 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r11}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r12}, 0x2c, {}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f00000007c0)={0x78, 0x24, 0x0, {0x9, 0x1ff, 0x0, {0x4, 0xc99, 0x4c, 0x1a10, 0x7ff, 0x8f6b, 0x5, 0x7, 0x101, 0x4000, 0x10000, r7, 0x0, 0x1, 0x1}}}, 0x78) mount$fuseblk(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x21043, &(0x7f0000000b00)={{}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r3}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x3}}, {@default_permissions}, {@default_permissions}, {@default_permissions}], [{@fsmagic={'fsmagic', 0x3d, 0x7}}, {@obj_role={'obj_role', 0x3d, ']\\'}}, {@subj_role}, {@fowner_lt={'fowner<', 0xee01}}, {@smackfstransmute={'smackfstransmute', 0x3d, 'Y\xb7@\x81?\xba\x02\x8c:\xfe\x0e\\w.2\xabLw\xe7\xc9\xc0\x0fJ\xbc\xe1\xc9\x16\xad\'\x87_'}}, {@obj_user={'obj_user', 0x3d, '\r&'}}]}}) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) (async) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)) (async) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)) (async) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r6}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r8}, 0x2c, {'group_id', 0x3d, r5}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async) getresuid(&(0x7f00000002c0), &(0x7f0000000300), &(0x7f0000000340)) (async) mount$fuse(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x810004, &(0x7f0000000680)={{'fd', 0x3d, r6}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r9}, 0x2c, {'group_id', 0x3d, r3}, 0x2c, {[{@default_permissions}, {@allow_other}, {@allow_other}, {@default_permissions}, {@blksize={'blksize', 0x3d, 0x1200}}, {@default_permissions}, {@default_permissions}], [{@obj_role={'obj_role', 0x3d, ']}+^:@)\':,}&.\xdc}'}}, {@subj_user={'subj_user', 0x3d, '\r&'}}]}}) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)) (async) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000840)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB="2c726f6f746d6f6465033030303030303030303030303030303030303630510ee42c757365725f69643d88085c774ab55d319c6a2c69ef56a5e31dfe1fdec6fb9b093a74c2c8711e7c573ff0766822eb01623f46a541bb2890a5fab4b755c06b8b4f6de007687ce9de27c5fb550da32f0ff651ab8f189f7a156e2b0a9210956b09f6f1d1bd598c30330411a71ee7ea0b0dc6fced39f85329f236", @ANYRESDEC=r10, @ANYBLOB=',group_id=', @ANYRESDEC=r3, @ANYBLOB=',blksize=0x0000000000000000,blksize=0x0000000000001400,default_permissions,dont_hash,\x00']) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)) (async) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r11}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r12}, 0x2c, {}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f00000007c0)={0x78, 0x24, 0x0, {0x9, 0x1ff, 0x0, {0x4, 0xc99, 0x4c, 0x1a10, 0x7ff, 0x8f6b, 0x5, 0x7, 0x101, 0x4000, 0x10000, r7, 0x0, 0x1, 0x1}}}, 0x78) (async) mount$fuseblk(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x21043, &(0x7f0000000b00)={{}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r3}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x3}}, {@default_permissions}, {@default_permissions}, {@default_permissions}], [{@fsmagic={'fsmagic', 0x3d, 0x7}}, {@obj_role={'obj_role', 0x3d, ']\\'}}, {@subj_role}, {@fowner_lt={'fowner<', 0xee01}}, {@smackfstransmute={'smackfstransmute', 0x3d, 'Y\xb7@\x81?\xba\x02\x8c:\xfe\x0e\\w.2\xabLw\xe7\xc9\xc0\x0fJ\xbc\xe1\xc9\x16\xad\'\x87_'}}, {@obj_user={'obj_user', 0x3d, '\r&'}}]}}) (async) 10:58:32 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@updsa={0xf0, 0x1a, 0xf03, 0x0, 0x0, {{@in=@local, @in=@loopback}, {@in6=@empty}, @in=@remote}}, 0xf0}}, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000200), 0x88a0, 0x0) (async) r2 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000280)={&(0x7f0000000240)='./file0\x00', 0x0, 0x10}, 0x10) (async) r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r3, 0x6, 0x23, 0x0, 0x0) (async, rerun: 32) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (rerun: 32) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r4, 0x6, 0x23, 0x0, 0x0) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0xe, &(0x7f00000003c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x800}, [@call={0x85, 0x0, 0x0, 0x21}, @map_val={0x18, 0x1, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x1}, @call={0x85, 0x0, 0x0, 0xb5}, @btf_id={0x18, 0x1, 0x3, 0x0, 0x5}, @map_fd={0x18, 0x4, 0x1, 0x0, r2}, @call={0x85, 0x0, 0x0, 0x6a}, @call={0x85, 0x0, 0x0, 0xc0}, @call={0x85, 0x0, 0x0, 0x36}]}, &(0x7f0000000440)='syzkaller\x00', 0x10000, 0x0, 0x0, 0x41100, 0x1, '\x00', 0x0, 0x0, r3, 0x8, &(0x7f0000000480)={0x9, 0x1}, 0x8, 0x10, &(0x7f00000004c0)={0x4, 0xa, 0x3, 0x20}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000500)=[r4]}, 0x80) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000001c0)={0x1, &(0x7f0000000040)="4fb5ad9e36349b96c4d07c3203b60815a6", &(0x7f00000000c0)=""/213, 0x4}, 0x20) 10:58:32 executing program 3: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000240)={0x2020, 0x0, 0x0}, 0x2020) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) write$FUSE_STATFS(0xffffffffffffffff, &(0x7f0000000000)={0x60, 0x0, r0, {{0x152a, 0xfffffffffffffffa, 0x8000, 0xfa, 0x9, 0x9, 0x1f, 0x734}}}, 0x60) write$FUSE_STATFS(0xffffffffffffffff, &(0x7f0000000080)={0x60, 0xffffffffffffffda, 0x0, {{0x58, 0x0, 0x3, 0x0, 0x2, 0x22, 0xdc, 0xfffffff9}}}, 0x60) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r4}, 0x2c, {'group_id', 0x3d, r2}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r6 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000002400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r6, @ANYBLOB="2c726f6f746d6f64653d3030531b30303004b7303036303f00000000000000000000000000000000fb2453ceab987ce03a88ca11aaed727fad4e1788dd83d01bf71eee5e657c1d6730e972d699d61647664c0f60ba711218693e5e4dc0090ab7248f79814b2cfc964e654dd01755edfb9666eaf509f14b56fd04d97da14d919a2d410dfac7951d76d9f9a2aaa38a8c45eb67954dbba37eac67952128a1a965778ea815437e7811028d162917fb7eb849ac6908798ef4eef27f022b434390574b22f742c30c58b451ba0bcfe831a4b8972599264b88be18cc07dc1c8e04559d6c97bcde5a163fedd4fc", @ANYRESDEC=r7, @ANYBLOB=',group_id=', @ANYRESDEC=r5, @ANYBLOB=',blksize=0x0000000000000000,blksize=0x0000000000001400,default_permissions,dont_hash,\x00']) read$FUSE(r6, &(0x7f00000044c0)={0x2020, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_ENTRY(r1, &(0x7f0000004400)={0x90, 0x0, r0, {0x5, 0x1, 0x1ff, 0x2, 0x1, 0x0, {0x2, 0x4, 0x3ff, 0xba5, 0x1ff, 0x1, 0x7fffffff, 0xda54, 0xfffffffb, 0x4000, 0x5, r8, 0xffffffffffffffff, 0xe795, 0x993}}}, 0x90) bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff, 0x2}, 0x10) write$FUSE_DIRENT(0xffffffffffffffff, &(0x7f0000002280)=ANY=[@ANYBLOB="1001000000000000", @ANYRES64=r0, @ANYBLOB="060000000000000000800000000000000b000000000200007d285b2d27292b3a262f7d00000000000400000000000000ab000000000000000100000009000000400000000000000000000000000000000900000000000000010000005d090000000000000000000000000000000000000700000000000000010000000000f8032d0000000000000005000000000000000600000000000000010000000000000000000000000000000600000000000000fd0000000000000000000000ff0000000400000000000000090000000000000007000000010000805c212a21242e28000000000000000000323e0000000000000200000002000000bf28000000000000"], 0x110) r9 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r9, 0x6, 0x23, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@bloom_filter={0x1e, 0x0, 0x5, 0x0, 0x1104, 0x1, 0x4, '\x00', 0x0, r9, 0x4, 0x0, 0x4, 0xd}, 0x48) [ 2063.338387] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 [ 2063.345641] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2063.352886] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 10:58:32 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) write$6lowpan_control(0xffffffffffffffff, &(0x7f0000000000)='disconnect aa:aa:aa:aa:aa:11 2', 0x1e) write$FUSE_WRITE(0xffffffffffffffff, &(0x7f0000000240)={0x18, 0x0, 0x0, {0x5}}, 0x18) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000001c0)={0xffffffffffffffff, &(0x7f0000000040)="e41b4e169284e8114a886a7b5e1ab90e34ff246c08b87e84bea665ffbb32fe374e9e029acd804ad3751d69e0a970d12c28e598d012df1cc14d5175cec22bfcdadf2044c7686185460d234a077417a0c81f11df41735ec5bff7412d54a3dfac9449e145449f44f98dd37f042757222f1e1b382598ba36bf50adb952ac31f44f49f8ce1cb26139e6b3efbec672d463a31a192bbe281c48f47267f9336f23626c0e92f7b44f4c533ed83ad4825d8f2a2248e1cedded1270098aa071ed02d4a8c4848b5a9232f84bf7b456552a997519b1d29856506277522e28bf2e75663f8935cdafb1d267ca6f522396dc43650a35e7764e8e86", &(0x7f0000000140)=""/66}, 0x20) write$FUSE_LSEEK(0xffffffffffffffff, &(0x7f0000000280)={0x18, 0x24, 0x0, {0x8000000000000001}}, 0x18) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) (async) write$6lowpan_control(0xffffffffffffffff, &(0x7f0000000000)='disconnect aa:aa:aa:aa:aa:11 2', 0x1e) (async) write$FUSE_WRITE(0xffffffffffffffff, &(0x7f0000000240)={0x18, 0x0, 0x0, {0x5}}, 0x18) (async) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000001c0)={0xffffffffffffffff, &(0x7f0000000040)="e41b4e169284e8114a886a7b5e1ab90e34ff246c08b87e84bea665ffbb32fe374e9e029acd804ad3751d69e0a970d12c28e598d012df1cc14d5175cec22bfcdadf2044c7686185460d234a077417a0c81f11df41735ec5bff7412d54a3dfac9449e145449f44f98dd37f042757222f1e1b382598ba36bf50adb952ac31f44f49f8ce1cb26139e6b3efbec672d463a31a192bbe281c48f47267f9336f23626c0e92f7b44f4c533ed83ad4825d8f2a2248e1cedded1270098aa071ed02d4a8c4848b5a9232f84bf7b456552a997519b1d29856506277522e28bf2e75663f8935cdafb1d267ca6f522396dc43650a35e7764e8e86", &(0x7f0000000140)=""/66}, 0x20) (async) write$FUSE_LSEEK(0xffffffffffffffff, &(0x7f0000000280)={0x18, 0x24, 0x0, {0x8000000000000001}}, 0x18) (async) 10:58:32 executing program 3: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000240)={0x2020, 0x0, 0x0}, 0x2020) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) write$FUSE_STATFS(0xffffffffffffffff, &(0x7f0000000000)={0x60, 0x0, r0, {{0x152a, 0xfffffffffffffffa, 0x8000, 0xfa, 0x9, 0x9, 0x1f, 0x734}}}, 0x60) write$FUSE_STATFS(0xffffffffffffffff, &(0x7f0000000080)={0x60, 0xffffffffffffffda, 0x0, {{0x58, 0x0, 0x3, 0x0, 0x2, 0x22, 0xdc, 0xfffffff9}}}, 0x60) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r4}, 0x2c, {'group_id', 0x3d, r2}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r6 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000002400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r6, @ANYBLOB="2c726f6f746d6f64653d3030531b30303004b7303036303f00000000000000000000000000000000fb2453ceab987ce03a88ca11aaed727fad4e1788dd83d01bf71eee5e657c1d6730e972d699d61647664c0f60ba711218693e5e4dc0090ab7248f79814b2cfc964e654dd01755edfb9666eaf509f14b56fd04d97da14d919a2d410dfac7951d76d9f9a2aaa38a8c45eb67954dbba37eac67952128a1a965778ea815437e7811028d162917fb7eb849ac6908798ef4eef27f022b434390574b22f742c30c58b451ba0bcfe831a4b8972599264b88be18cc07dc1c8e04559d6c97bcde5a163fedd4fc", @ANYRESDEC=r7, @ANYBLOB=',group_id=', @ANYRESDEC=r5, @ANYBLOB=',blksize=0x0000000000000000,blksize=0x0000000000001400,default_permissions,dont_hash,\x00']) read$FUSE(r6, &(0x7f00000044c0)={0x2020, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_ENTRY(r1, &(0x7f0000004400)={0x90, 0x0, r0, {0x5, 0x1, 0x1ff, 0x2, 0x1, 0x0, {0x2, 0x4, 0x3ff, 0xba5, 0x1ff, 0x1, 0x7fffffff, 0xda54, 0xfffffffb, 0x4000, 0x5, r8, 0xffffffffffffffff, 0xe795, 0x993}}}, 0x90) bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff, 0x2}, 0x10) write$FUSE_DIRENT(0xffffffffffffffff, &(0x7f0000002280)=ANY=[@ANYBLOB="1001000000000000", @ANYRES64=r0, @ANYBLOB="060000000000000000800000000000000b000000000200007d285b2d27292b3a262f7d00000000000400000000000000ab000000000000000100000009000000400000000000000000000000000000000900000000000000010000005d090000000000000000000000000000000000000700000000000000010000000000f8032d0000000000000005000000000000000600000000000000010000000000000000000000000000000600000000000000fd0000000000000000000000ff0000000400000000000000090000000000000007000000010000805c212a21242e28000000000000000000323e0000000000000200000002000000bf28000000000000"], 0x110) r9 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r9, 0x6, 0x23, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@bloom_filter={0x1e, 0x0, 0x5, 0x0, 0x1104, 0x1, 0x4, '\x00', 0x0, r9, 0x4, 0x0, 0x4, 0xd}, 0x48) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) (async) read$FUSE(0xffffffffffffffff, &(0x7f0000000240)={0x2020}, 0x2020) (async) openat$fuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) (async) write$FUSE_STATFS(0xffffffffffffffff, &(0x7f0000000000)={0x60, 0x0, r0, {{0x152a, 0xfffffffffffffffa, 0x8000, 0xfa, 0x9, 0x9, 0x1f, 0x734}}}, 0x60) (async) write$FUSE_STATFS(0xffffffffffffffff, &(0x7f0000000080)={0x60, 0xffffffffffffffda, 0x0, {{0x58, 0x0, 0x3, 0x0, 0x2, 0x22, 0xdc, 0xfffffff9}}}, 0x60) (async) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)) (async) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r4}, 0x2c, {'group_id', 0x3d, r2}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)) (async) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000002400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r6, @ANYBLOB="2c726f6f746d6f64653d3030531b30303004b7303036303f00000000000000000000000000000000fb2453ceab987ce03a88ca11aaed727fad4e1788dd83d01bf71eee5e657c1d6730e972d699d61647664c0f60ba711218693e5e4dc0090ab7248f79814b2cfc964e654dd01755edfb9666eaf509f14b56fd04d97da14d919a2d410dfac7951d76d9f9a2aaa38a8c45eb67954dbba37eac67952128a1a965778ea815437e7811028d162917fb7eb849ac6908798ef4eef27f022b434390574b22f742c30c58b451ba0bcfe831a4b8972599264b88be18cc07dc1c8e04559d6c97bcde5a163fedd4fc", @ANYRESDEC=r7, @ANYBLOB=',group_id=', @ANYRESDEC=r5, @ANYBLOB=',blksize=0x0000000000000000,blksize=0x0000000000001400,default_permissions,dont_hash,\x00']) (async) read$FUSE(r6, &(0x7f00000044c0)={0x2020}, 0x2020) (async) write$FUSE_ENTRY(r1, &(0x7f0000004400)={0x90, 0x0, r0, {0x5, 0x1, 0x1ff, 0x2, 0x1, 0x0, {0x2, 0x4, 0x3ff, 0xba5, 0x1ff, 0x1, 0x7fffffff, 0xda54, 0xfffffffb, 0x4000, 0x5, r8, 0xffffffffffffffff, 0xe795, 0x993}}}, 0x90) (async) bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff, 0x2}, 0x10) (async) write$FUSE_DIRENT(0xffffffffffffffff, &(0x7f0000002280)=ANY=[@ANYBLOB="1001000000000000", @ANYRES64=r0, @ANYBLOB="060000000000000000800000000000000b000000000200007d285b2d27292b3a262f7d00000000000400000000000000ab000000000000000100000009000000400000000000000000000000000000000900000000000000010000005d090000000000000000000000000000000000000700000000000000010000000000f8032d0000000000000005000000000000000600000000000000010000000000000000000000000000000600000000000000fd0000000000000000000000ff0000000400000000000000090000000000000007000000010000805c212a21242e28000000000000000000323e0000000000000200000002000000bf28000000000000"], 0x110) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (async) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r9, 0x6, 0x23, 0x0, 0x0) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@bloom_filter={0x1e, 0x0, 0x5, 0x0, 0x1104, 0x1, 0x4, '\x00', 0x0, r9, 0x4, 0x0, 0x4, 0xd}, 0x48) (async) 10:58:32 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) (async) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) (async) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {}, 0x2c, {'group_id', 0x3d, r1}}) 10:58:32 executing program 2: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x24888, 0x0) (async) write$6lowpan_control(0xffffffffffffffff, &(0x7f0000000000)='disconnect aa:aa:aa:aa:aa:11 2', 0x1e) (async, rerun: 64) write$FUSE_WRITE(0xffffffffffffffff, &(0x7f0000000240)={0x18, 0x0, 0x0, {0x5}}, 0x18) (async, rerun: 64) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000001c0)={0xffffffffffffffff, &(0x7f0000000040)="e41b4e169284e8114a886a7b5e1ab90e34ff246c08b87e84bea665ffbb32fe374e9e029acd804ad3751d69e0a970d12c28e598d012df1cc14d5175cec22bfcdadf2044c7686185460d234a077417a0c81f11df41735ec5bff7412d54a3dfac9449e145449f44f98dd37f042757222f1e1b382598ba36bf50adb952ac31f44f49f8ce1cb26139e6b3efbec672d463a31a192bbe281c48f47267f9336f23626c0e92f7b44f4c533ed83ad4825d8f2a2248e1cedded1270098aa071ed02d4a8c4848b5a9232f84bf7b456552a997519b1d29856506277522e28bf2e75663f8935cdafb1d267ca6f522396dc43650a35e7764e8e86", &(0x7f0000000140)=""/66}, 0x20) (async) write$FUSE_LSEEK(0xffffffffffffffff, &(0x7f0000000280)={0x18, 0x24, 0x0, {0x8000000000000001}}, 0x18) 10:58:32 executing program 2: mount$fuse(0x0, &(0x7f0000000000)='.\x00', 0x0, 0x24888, 0x0) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(0xffffffffffffffff, 0x8008ae9d, &(0x7f0000000040)=""/4096) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) r3 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(r3, 0x0, 0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000001280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYRES8, @ANYRESDEC=r2, @ANYBLOB=',group_id=', @ANYRESHEX=r3, @ANYBLOB="2c626c6b73697a653d3078303030303030303030303030303030302c85029f31697a653d3078303030303030303030303030313430302c64656661756c545f7065526d69733d6430c6cbc7b3c36e745f686173682c00"]) mount$fuseblk(&(0x7f0000001040), &(0x7f0000001080)='./file0\x00', &(0x7f00000010c0), 0x1009a, &(0x7f0000001100)={{}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, 0xee00}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{}, {@allow_other}, {@blksize={'blksize', 0x3d, 0x800}}, {@allow_other}, {@allow_other}, {@max_read={'max_read', 0x3d, 0x9}}], [{@seclabel}, {@smackfsdef={'smackfsdef', 0x3d, '-\\(.\'.%{'}}, {@seclabel}, {@defcontext={'defcontext', 0x3d, 'unconfined_u'}}, {@fsuuid={'fsuuid', 0x3d, {[0x65, 0x35, 0x38, 0x30, 0x30, 0x66, 0x62, 0xd], 0x2d, [0x37, 0x38, 0x30, 0x66], 0x2d, [0x31, 0x66, 0x6e, 0x62], 0x2d, [0x34, 0x62, 0x32, 0x33], 0x2d, [0x38, 0x37, 0x63, 0x65, 0x33, 0x61, 0x37, 0x65]}}}]}}) 10:58:32 executing program 5: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r4 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r6 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0)=0x0, &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r6}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r8}, 0x2c, {'group_id', 0x3d, r5}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) getresuid(&(0x7f00000002c0), &(0x7f0000000300)=0x0, &(0x7f0000000340)) mount$fuse(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x810004, &(0x7f0000000680)={{'fd', 0x3d, r6}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r9}, 0x2c, {'group_id', 0x3d, r3}, 0x2c, {[{@default_permissions}, {@allow_other}, {@allow_other}, {@default_permissions}, {@blksize={'blksize', 0x3d, 0x1200}}, {@default_permissions}, {@default_permissions}], [{@obj_role={'obj_role', 0x3d, ']}+^:@)\':,}&.\xdc}'}}, {@subj_user={'subj_user', 0x3d, '\r&'}}]}}) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000840)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB="2c726f6f746d6f6465033030303030303030303030303030303030303630510ee42c757365725f69643d88085c774ab55d319c6a2c69ef56a5e31dfe1fdec6fb9b093a74c2c8711e7c573ff0766822eb01623f46a541bb2890a5fab4b755c06b8b4f6de007687ce9de27c5fb550da32f0ff651ab8f189f7a156e2b0a9210956b09f6f1d1bd598c30330411a71ee7ea0b0dc6fced39f85329f236", @ANYRESDEC=r10, @ANYBLOB=',group_id=', @ANYRESDEC=r3, @ANYBLOB=',blksize=0x0000000000000000,blksize=0x0000000000001400,default_permissions,dont_hash,\x00']) r11 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r11}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r12}, 0x2c, {}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f00000007c0)={0x78, 0x24, 0x0, {0x9, 0x1ff, 0x0, {0x4, 0xc99, 0x4c, 0x1a10, 0x7ff, 0x8f6b, 0x5, 0x7, 0x101, 0x4000, 0x10000, r7, 0x0, 0x1, 0x1}}}, 0x78) mount$fuseblk(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x21043, &(0x7f0000000b00)={{}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r3}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x3}}, {@default_permissions}, {@default_permissions}, {@default_permissions}], [{@fsmagic={'fsmagic', 0x3d, 0x7}}, {@obj_role={'obj_role', 0x3d, ']\\'}}, {@subj_role}, {@fowner_lt={'fowner<', 0xee01}}, {@smackfstransmute={'smackfstransmute', 0x3d, 'Y\xb7@\x81?\xba\x02\x8c:\xfe\x0e\\w.2\xabLw\xe7\xc9\xc0\x0fJ\xbc\xe1\xc9\x16\xad\'\x87_'}}, {@obj_user={'obj_user', 0x3d, '\r&'}}]}}) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) (async) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)) (async) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)) (async) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r6}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r8}, 0x2c, {'group_id', 0x3d, r5}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async) getresuid(&(0x7f00000002c0), &(0x7f0000000300), &(0x7f0000000340)) (async) mount$fuse(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x810004, &(0x7f0000000680)={{'fd', 0x3d, r6}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r9}, 0x2c, {'group_id', 0x3d, r3}, 0x2c, {[{@default_permissions}, {@allow_other}, {@allow_other}, {@default_permissions}, {@blksize={'blksize', 0x3d, 0x1200}}, {@default_permissions}, {@default_permissions}], [{@obj_role={'obj_role', 0x3d, ']}+^:@)\':,}&.\xdc}'}}, {@subj_user={'subj_user', 0x3d, '\r&'}}]}}) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)) (async) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000840)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB="2c726f6f746d6f6465033030303030303030303030303030303030303630510ee42c757365725f69643d88085c774ab55d319c6a2c69ef56a5e31dfe1fdec6fb9b093a74c2c8711e7c573ff0766822eb01623f46a541bb2890a5fab4b755c06b8b4f6de007687ce9de27c5fb550da32f0ff651ab8f189f7a156e2b0a9210956b09f6f1d1bd598c30330411a71ee7ea0b0dc6fced39f85329f236", @ANYRESDEC=r10, @ANYBLOB=',group_id=', @ANYRESDEC=r3, @ANYBLOB=',blksize=0x0000000000000000,blksize=0x0000000000001400,default_permissions,dont_hash,\x00']) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)) (async) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r11}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r12}, 0x2c, {}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f00000007c0)={0x78, 0x24, 0x0, {0x9, 0x1ff, 0x0, {0x4, 0xc99, 0x4c, 0x1a10, 0x7ff, 0x8f6b, 0x5, 0x7, 0x101, 0x4000, 0x10000, r7, 0x0, 0x1, 0x1}}}, 0x78) (async) mount$fuseblk(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x21043, &(0x7f0000000b00)={{}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r3}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x3}}, {@default_permissions}, {@default_permissions}, {@default_permissions}], [{@fsmagic={'fsmagic', 0x3d, 0x7}}, {@obj_role={'obj_role', 0x3d, ']\\'}}, {@subj_role}, {@fowner_lt={'fowner<', 0xee01}}, {@smackfstransmute={'smackfstransmute', 0x3d, 'Y\xb7@\x81?\xba\x02\x8c:\xfe\x0e\\w.2\xabLw\xe7\xc9\xc0\x0fJ\xbc\xe1\xc9\x16\xad\'\x87_'}}, {@obj_user={'obj_user', 0x3d, '\r&'}}]}}) (async) [ 2063.514020] FAULT_INJECTION: forcing a failure. [ 2063.514020] name failslab, interval 1, probability 0, space 0, times 0 [ 2063.558155] CPU: 1 PID: 26023 Comm: syz-executor.1 Not tainted 4.14.286-syzkaller #0 [ 2063.566064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2063.575416] Call Trace: [ 2063.578005] dump_stack+0x1b2/0x281 [ 2063.581612] should_fail.cold+0x10a/0x149 [ 2063.585745] should_failslab+0xd6/0x130 [ 2063.589701] kmem_cache_alloc+0x28e/0x3c0 [ 2063.593827] __d_alloc+0x2a/0xa20 [ 2063.597259] ? lock_acquire+0x170/0x3f0 [ 2063.601211] d_alloc+0x46/0x240 [ 2063.604486] d_alloc_name+0x70/0x80 [ 2063.608089] ? d_alloc+0x240/0x240 [ 2063.611617] fuse_ctl_add_dentry+0x70/0x410 [ 2063.615929] ? __lockdep_init_map+0x100/0x560 [ 2063.620402] fuse_ctl_add_conn+0x1e0/0x250 [ 2063.624623] ? fuse_ctl_remove_conn+0x1a0/0x1a0 [ 2063.629274] ? SMBQueryInformation+0x165/0x910 [ 2063.633834] fuse_fill_super+0xe0c/0x15c0 [ 2063.637960] ? fuse_get_root_inode+0xc0/0xc0 [ 2063.642358] ? up_write+0x17/0x60 [ 2063.645802] ? register_shrinker+0x15f/0x220 [ 2063.650198] ? sget_userns+0x768/0xc10 [ 2063.654080] ? get_anon_bdev+0x1c0/0x1c0 [ 2063.658129] ? sget+0xd9/0x110 [ 2063.661302] ? fuse_get_root_inode+0xc0/0xc0 [ 2063.665697] mount_nodev+0x4c/0xf0 [ 2063.669232] mount_fs+0x92/0x2a0 [ 2063.672576] vfs_kern_mount.part.0+0x5b/0x470 [ 2063.677057] do_mount+0xe65/0x2a30 [ 2063.680590] ? copy_mount_string+0x40/0x40 [ 2063.684816] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 2063.689808] ? copy_mnt_ns+0xa30/0xa30 [ 2063.693689] ? copy_mount_options+0x1fa/0x2f0 [ 2063.698169] ? copy_mnt_ns+0xa30/0xa30 [ 2063.702042] SyS_mount+0xa8/0x120 [ 2063.705478] ? copy_mnt_ns+0xa30/0xa30 [ 2063.709347] do_syscall_64+0x1d5/0x640 [ 2063.713218] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2063.718386] RIP: 0033:0x7fc09e230109 [ 2063.722081] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2063.729787] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 [ 2063.737032] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 [ 2063.744278] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 [ 2063.751522] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 10:58:32 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 75) 10:58:32 executing program 3: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) (async) read$FUSE(0xffffffffffffffff, &(0x7f0000000240)={0x2020, 0x0, 0x0}, 0x2020) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) (async) write$FUSE_STATFS(0xffffffffffffffff, &(0x7f0000000000)={0x60, 0x0, r0, {{0x152a, 0xfffffffffffffffa, 0x8000, 0xfa, 0x9, 0x9, 0x1f, 0x734}}}, 0x60) write$FUSE_STATFS(0xffffffffffffffff, &(0x7f0000000080)={0x60, 0xffffffffffffffda, 0x0, {{0x58, 0x0, 0x3, 0x0, 0x2, 0x22, 0xdc, 0xfffffff9}}}, 0x60) (async) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) (async) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r4}, 0x2c, {'group_id', 0x3d, r2}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r6 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000002400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r6, @ANYBLOB="2c726f6f746d6f64653d3030531b30303004b7303036303f00000000000000000000000000000000fb2453ceab987ce03a88ca11aaed727fad4e1788dd83d01bf71eee5e657c1d6730e972d699d61647664c0f60ba711218693e5e4dc0090ab7248f79814b2cfc964e654dd01755edfb9666eaf509f14b56fd04d97da14d919a2d410dfac7951d76d9f9a2aaa38a8c45eb67954dbba37eac67952128a1a965778ea815437e7811028d162917fb7eb849ac6908798ef4eef27f022b434390574b22f742c30c58b451ba0bcfe831a4b8972599264b88be18cc07dc1c8e04559d6c97bcde5a163fedd4fc", @ANYRESDEC=r7, @ANYBLOB=',group_id=', @ANYRESDEC=r5, @ANYBLOB=',blksize=0x0000000000000000,blksize=0x0000000000001400,default_permissions,dont_hash,\x00']) (async) read$FUSE(r6, &(0x7f00000044c0)={0x2020, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_ENTRY(r1, &(0x7f0000004400)={0x90, 0x0, r0, {0x5, 0x1, 0x1ff, 0x2, 0x1, 0x0, {0x2, 0x4, 0x3ff, 0xba5, 0x1ff, 0x1, 0x7fffffff, 0xda54, 0xfffffffb, 0x4000, 0x5, r8, 0xffffffffffffffff, 0xe795, 0x993}}}, 0x90) (async) bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff, 0x2}, 0x10) (async) write$FUSE_DIRENT(0xffffffffffffffff, &(0x7f0000002280)=ANY=[@ANYBLOB="1001000000000000", @ANYRES64=r0, @ANYBLOB="060000000000000000800000000000000b000000000200007d285b2d27292b3a262f7d00000000000400000000000000ab000000000000000100000009000000400000000000000000000000000000000900000000000000010000005d090000000000000000000000000000000000000700000000000000010000000000f8032d0000000000000005000000000000000600000000000000010000000000000000000000000000000600000000000000fd0000000000000000000000ff0000000400000000000000090000000000000007000000010000805c212a21242e28000000000000000000323e0000000000000200000002000000bf28000000000000"], 0x110) (async) r9 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r9, 0x6, 0x23, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@bloom_filter={0x1e, 0x0, 0x5, 0x0, 0x1104, 0x1, 0x4, '\x00', 0x0, r9, 0x4, 0x0, 0x4, 0xd}, 0x48) 10:58:32 executing program 2: mount$fuse(0x0, &(0x7f0000000000)='.\x00', 0x0, 0x24888, 0x0) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(0xffffffffffffffff, 0x8008ae9d, &(0x7f0000000040)=""/4096) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) r3 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(r3, 0x0, 0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000001280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYRES8, @ANYRESDEC=r2, @ANYBLOB=',group_id=', @ANYRESHEX=r3, @ANYBLOB="2c626c6b73697a653d3078303030303030303030303030303030302c85029f31697a653d3078303030303030303030303030313430302c64656661756c545f7065526d69733d6430c6cbc7b3c36e745f686173682c00"]) mount$fuseblk(&(0x7f0000001040), &(0x7f0000001080)='./file0\x00', &(0x7f00000010c0), 0x1009a, &(0x7f0000001100)={{}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, 0xee00}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{}, {@allow_other}, {@blksize={'blksize', 0x3d, 0x800}}, {@allow_other}, {@allow_other}, {@max_read={'max_read', 0x3d, 0x9}}], [{@seclabel}, {@smackfsdef={'smackfsdef', 0x3d, '-\\(.\'.%{'}}, {@seclabel}, {@defcontext={'defcontext', 0x3d, 'unconfined_u'}}, {@fsuuid={'fsuuid', 0x3d, {[0x65, 0x35, 0x38, 0x30, 0x30, 0x66, 0x62, 0xd], 0x2d, [0x37, 0x38, 0x30, 0x66], 0x2d, [0x31, 0x66, 0x6e, 0x62], 0x2d, [0x34, 0x62, 0x32, 0x33], 0x2d, [0x38, 0x37, 0x63, 0x65, 0x33, 0x61, 0x37, 0x65]}}}]}}) mount$fuse(0x0, &(0x7f0000000000)='.\x00', 0x0, 0x24888, 0x0) (async) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(0xffffffffffffffff, 0x8008ae9d, &(0x7f0000000040)=""/4096) (async) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)) (async) socket$nl_rdma(0x10, 0x3, 0x14) (async) sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(r3, 0x0, 0x0) (async) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000001280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYRES8, @ANYRESDEC=r2, @ANYBLOB=',group_id=', @ANYRESHEX=r3, @ANYBLOB="2c626c6b73697a653d3078303030303030303030303030303030302c85029f31697a653d3078303030303030303030303030313430302c64656661756c545f7065526d69733d6430c6cbc7b3c36e745f686173682c00"]) (async) mount$fuseblk(&(0x7f0000001040), &(0x7f0000001080)='./file0\x00', &(0x7f00000010c0), 0x1009a, &(0x7f0000001100)={{}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, 0xee00}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{}, {@allow_other}, {@blksize={'blksize', 0x3d, 0x800}}, {@allow_other}, {@allow_other}, {@max_read={'max_read', 0x3d, 0x9}}], [{@seclabel}, {@smackfsdef={'smackfsdef', 0x3d, '-\\(.\'.%{'}}, {@seclabel}, {@defcontext={'defcontext', 0x3d, 'unconfined_u'}}, {@fsuuid={'fsuuid', 0x3d, {[0x65, 0x35, 0x38, 0x30, 0x30, 0x66, 0x62, 0xd], 0x2d, [0x37, 0x38, 0x30, 0x66], 0x2d, [0x31, 0x66, 0x6e, 0x62], 0x2d, [0x34, 0x62, 0x32, 0x33], 0x2d, [0x38, 0x37, 0x63, 0x65, 0x33, 0x61, 0x37, 0x65]}}}]}}) (async) 10:58:32 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@updsa={0xf0, 0x1a, 0xf03, 0x0, 0x0, {{@in=@local, @in=@loopback}, {@in6=@empty}, @in=@remote}}, 0xf0}}, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000200), 0x88a0, 0x0) r2 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000280)={&(0x7f0000000240)='./file0\x00', 0x0, 0x10}, 0x10) r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r3, 0x6, 0x23, 0x0, 0x0) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r4, 0x6, 0x23, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0xe, &(0x7f00000003c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x800}, [@call={0x85, 0x0, 0x0, 0x21}, @map_val={0x18, 0x1, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x1}, @call={0x85, 0x0, 0x0, 0xb5}, @btf_id={0x18, 0x1, 0x3, 0x0, 0x5}, @map_fd={0x18, 0x4, 0x1, 0x0, r2}, @call={0x85, 0x0, 0x0, 0x6a}, @call={0x85, 0x0, 0x0, 0xc0}, @call={0x85, 0x0, 0x0, 0x36}]}, &(0x7f0000000440)='syzkaller\x00', 0x10000, 0x0, 0x0, 0x41100, 0x1, '\x00', 0x0, 0x0, r3, 0x8, &(0x7f0000000480)={0x9, 0x1}, 0x8, 0x10, &(0x7f00000004c0)={0x4, 0xa, 0x3, 0x20}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000500)=[r4]}, 0x80) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000001c0)={0x1, &(0x7f0000000040)="4fb5ad9e36349b96c4d07c3203b60815a6", &(0x7f00000000c0)=""/213, 0x4}, 0x20) socket$nl_xfrm(0x10, 0x3, 0x6) (async) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@updsa={0xf0, 0x1a, 0xf03, 0x0, 0x0, {{@in=@local, @in=@loopback}, {@in6=@empty}, @in=@remote}}, 0xf0}}, 0x0) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000200), 0x88a0, 0x0) (async) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000280)={&(0x7f0000000240)='./file0\x00', 0x0, 0x10}, 0x10) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (async) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r3, 0x6, 0x23, 0x0, 0x0) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (async) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r4, 0x6, 0x23, 0x0, 0x0) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0xe, &(0x7f00000003c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x800}, [@call={0x85, 0x0, 0x0, 0x21}, @map_val={0x18, 0x1, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x1}, @call={0x85, 0x0, 0x0, 0xb5}, @btf_id={0x18, 0x1, 0x3, 0x0, 0x5}, @map_fd={0x18, 0x4, 0x1, 0x0, r2}, @call={0x85, 0x0, 0x0, 0x6a}, @call={0x85, 0x0, 0x0, 0xc0}, @call={0x85, 0x0, 0x0, 0x36}]}, &(0x7f0000000440)='syzkaller\x00', 0x10000, 0x0, 0x0, 0x41100, 0x1, '\x00', 0x0, 0x0, r3, 0x8, &(0x7f0000000480)={0x9, 0x1}, 0x8, 0x10, &(0x7f00000004c0)={0x4, 0xa, 0x3, 0x20}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000500)=[r4]}, 0x80) (async) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000001c0)={0x1, &(0x7f0000000040)="4fb5ad9e36349b96c4d07c3203b60815a6", &(0x7f00000000c0)=""/213, 0x4}, 0x20) (async) 10:58:32 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {}, 0x2c, {'group_id', 0x3d, r1}}) openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) (async) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)) (async) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {}, 0x2c, {'group_id', 0x3d, r1}}) (async) 10:58:32 executing program 5: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) write$FUSE_NOTIFY_DELETE(r1, &(0x7f0000000000)={0x32, 0x6, 0x0, {0x4, 0x1, 0x9, 0x0, '}^\xd6\xb6$@\x06#\\'}}, 0x32) [ 2063.758780] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 10:58:32 executing program 2: mount$fuse(0x0, &(0x7f0000000000)='.\x00', 0x0, 0x24888, 0x0) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(0xffffffffffffffff, 0x8008ae9d, &(0x7f0000000040)=""/4096) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) (async, rerun: 64) r3 = socket$nl_rdma(0x10, 0x3, 0x14) (rerun: 64) sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(r3, 0x0, 0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000001280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYRES8, @ANYRESDEC=r2, @ANYBLOB=',group_id=', @ANYRESHEX=r3, @ANYBLOB="2c626c6b73697a653d3078303030303030303030303030303030302c85029f31697a653d3078303030303030303030303030313430302c64656661756c545f7065526d69733d6430c6cbc7b3c36e745f686173682c00"]) (async) mount$fuseblk(&(0x7f0000001040), &(0x7f0000001080)='./file0\x00', &(0x7f00000010c0), 0x1009a, &(0x7f0000001100)={{}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, 0xee00}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{}, {@allow_other}, {@blksize={'blksize', 0x3d, 0x800}}, {@allow_other}, {@allow_other}, {@max_read={'max_read', 0x3d, 0x9}}], [{@seclabel}, {@smackfsdef={'smackfsdef', 0x3d, '-\\(.\'.%{'}}, {@seclabel}, {@defcontext={'defcontext', 0x3d, 'unconfined_u'}}, {@fsuuid={'fsuuid', 0x3d, {[0x65, 0x35, 0x38, 0x30, 0x30, 0x66, 0x62, 0xd], 0x2d, [0x37, 0x38, 0x30, 0x66], 0x2d, [0x31, 0x66, 0x6e, 0x62], 0x2d, [0x34, 0x62, 0x32, 0x33], 0x2d, [0x38, 0x37, 0x63, 0x65, 0x33, 0x61, 0x37, 0x65]}}}]}}) 10:58:32 executing program 5: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) (async) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) (async) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async) write$FUSE_NOTIFY_DELETE(r1, &(0x7f0000000000)={0x32, 0x6, 0x0, {0x4, 0x1, 0x9, 0x0, '}^\xd6\xb6$@\x06#\\'}}, 0x32) [ 2063.840769] FAULT_INJECTION: forcing a failure. [ 2063.840769] name failslab, interval 1, probability 0, space 0, times 0 [ 2063.857870] CPU: 1 PID: 26102 Comm: syz-executor.1 Not tainted 4.14.286-syzkaller #0 [ 2063.866057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 10:58:32 executing program 2: mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x1c004, 0x0) socket$inet_dccp(0x2, 0x6, 0x0) 10:58:32 executing program 5: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180), &(0x7f00000001c0)) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) write$FUSE_NOTIFY_DELETE(r1, &(0x7f0000000000)={0x32, 0x6, 0x0, {0x4, 0x1, 0x9, 0x0, '}^\xd6\xb6$@\x06#\\'}}, 0x32) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x22dc886, 0x0) (async) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)) (async) mount$fuseblk(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x20001, &(0x7f0000000580)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@blksize}, {@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}], [{@dont_hash}]}}) (async) write$FUSE_NOTIFY_DELETE(r1, &(0x7f0000000000)={0x32, 0x6, 0x0, {0x4, 0x1, 0x9, 0x0, '}^\xd6\xb6$@\x06#\\'}}, 0x32) (async) 10:58:32 executing program 2: mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x1c004, 0x0) socket$inet_dccp(0x2, 0x6, 0x0) [ 2063.866075] Call Trace: [ 2063.866091] dump_stack+0x1b2/0x281 [ 2063.866106] should_fail.cold+0x10a/0x149 [ 2063.866120] should_failslab+0xd6/0x130 [ 2063.866133] kmem_cache_alloc_trace+0x29a/0x3d0 [ 2063.866147] get_mountpoint+0xc3/0x320 10:58:32 executing program 0: openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x400, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) [ 2063.866157] lock_mount+0x106/0x450 [ 2063.866168] ? lookup_mnt+0x3b0/0x3b0 [ 2063.866177] ? do_mount+0x1693/0x2a30 [ 2063.866188] do_add_mount+0x63/0x4f0 [ 2063.866199] ? graft_tree+0x1c0/0x1c0 [ 2063.866212] do_mount+0x1540/0x2a30 10:58:33 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 76) [ 2063.866228] ? copy_mount_string+0x40/0x40 [ 2063.866240] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 2063.866250] ? copy_mnt_ns+0xa30/0xa30 [ 2063.866260] ? copy_mount_options+0x1fa/0x2f0 [ 2063.866268] ? copy_mnt_ns+0xa30/0xa30 [ 2063.866278] SyS_mount+0xa8/0x120 [ 2063.866286] ? copy_mnt_ns+0xa30/0xa30 [ 2063.866297] do_syscall_64+0x1d5/0x640 [ 2063.866312] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2063.866320] RIP: 0033:0x7fc09e230109 [ 2063.866325] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2063.866335] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 [ 2063.866341] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 [ 2063.866347] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 [ 2063.866352] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2063.866357] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 [ 2064.052854] FAULT_INJECTION: forcing a failure. [ 2064.052854] name failslab, interval 1, probability 0, space 0, times 0 [ 2064.052870] CPU: 1 PID: 26149 Comm: syz-executor.1 Not tainted 4.14.286-syzkaller #0 [ 2064.052876] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2064.052879] Call Trace: [ 2064.052892] dump_stack+0x1b2/0x281 [ 2064.052907] should_fail.cold+0x10a/0x149 [ 2064.052921] should_failslab+0xd6/0x130 [ 2064.052934] kmem_cache_alloc+0x28e/0x3c0 [ 2064.052946] alloc_inode+0xa0/0x170 [ 2064.052955] new_inode+0x1d/0xf0 [ 2064.052966] fuse_ctl_add_dentry+0x8d/0x410 [ 2064.052976] ? __lockdep_init_map+0x100/0x560 [ 2064.052985] fuse_ctl_add_conn+0x1e0/0x250 [ 2064.052994] ? fuse_ctl_remove_conn+0x1a0/0x1a0 [ 2064.053002] ? SMBQueryInformation+0x165/0x910 [ 2064.053016] fuse_fill_super+0xe0c/0x15c0 [ 2064.053033] ? fuse_get_root_inode+0xc0/0xc0 [ 2064.053043] ? up_write+0x17/0x60 [ 2064.053051] ? register_shrinker+0x15f/0x220 [ 2064.053060] ? sget_userns+0x768/0xc10 [ 2064.053075] ? get_anon_bdev+0x1c0/0x1c0 [ 2064.053082] ? sget+0xd9/0x110 [ 2064.053092] ? fuse_get_root_inode+0xc0/0xc0 [ 2064.053100] mount_nodev+0x4c/0xf0 [ 2064.053109] mount_fs+0x92/0x2a0 [ 2064.053122] vfs_kern_mount.part.0+0x5b/0x470 [ 2064.053134] do_mount+0xe65/0x2a30 [ 2064.053143] ? do_raw_spin_unlock+0x164/0x220 [ 2064.053157] ? copy_mount_string+0x40/0x40 [ 2064.053167] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 2064.053178] ? copy_mnt_ns+0xa30/0xa30 [ 2064.053188] ? copy_mount_options+0x1fa/0x2f0 [ 2064.053196] ? copy_mnt_ns+0xa30/0xa30 [ 2064.053206] SyS_mount+0xa8/0x120 [ 2064.053214] ? copy_mnt_ns+0xa30/0xa30 [ 2064.053224] do_syscall_64+0x1d5/0x640 [ 2064.053238] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2064.053247] RIP: 0033:0x7fc09e230109 [ 2064.053252] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2064.053262] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 10:58:33 executing program 5: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080), 0x7a65df6f2b4876fa, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r0, 0x4008ae73, &(0x7f0000000040)={0x3, 0x1f}) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x20fc804, 0x0) 10:58:33 executing program 2: mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x1c004, 0x0) (async) socket$inet_dccp(0x2, 0x6, 0x0) 10:58:33 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (fail_nth: 77) 10:58:33 executing program 0: openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x400, 0x0) (async) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) 10:58:33 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@updsa={0xf0, 0x1a, 0xf03, 0x0, 0x25dfdbff, {{@in=@local, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x2}, {@in6=@empty}, @in=@remote, {0x0, 0x0, 0x0, 0xffffffffffffff80}, {0x0, 0x0, 0x5}}}, 0xf0}}, 0x0) 10:58:33 executing program 3: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) write$FUSE_DIRENT(0xffffffffffffffff, &(0x7f0000000240)=ANY=[@ANYBLOB="8801001ef5fff54f", @ANYRES64=0x0, @ANYBLOB="04000000000000000010000000000000d0000000e40000000000aa6c6a4787b25020063ecb6e53101e96e5b998af808d9c100b376ddd2cb2bf3b9395f82a8a0a30be78c1db2bd29ee2e1d192493aa8b09fa755ee342348b931cb4212627f10f92dfb690c1894fa7258428bf4571828e9c2f56c3fe7b1c780260559bcb4c56009305c87a4b9a763c7ad164ea404b9547ebacfb4b341ee80dbb43480dcf7e2d5a81a9c8877a0d2c0c62fffba94cd22f94415296019143cdd592b5967327ff9af6f519d208e1c115369e23ad5658aa8103f405e7d529e9b1572f539a0f60a610ef89213a50d0b47849a0000000000000000230000000000000003000000eaffffff3a26230000000000010000000000000005000000000000000000000000000000000000000000000040000000000000000200000040000000a92b00000000000005000000000000007f000000000000000200000000100000232e000000000000050000000000000009000000000000000000000003000000"], 0x188) [ 2064.053268] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 [ 2064.053273] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 [ 2064.053278] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2064.053284] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 10:58:33 executing program 2: mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x15888, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(r0, 0x4068aea3, &(0x7f0000000040)) 10:58:33 executing program 0: openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x400, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) 10:58:33 executing program 3: mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) write$FUSE_DIRENT(0xffffffffffffffff, &(0x7f0000000240)=ANY=[@ANYBLOB="8801001ef5fff54f", @ANYRES64=0x0, @ANYBLOB="04000000000000000010000000000000d0000000e40000000000aa6c6a4787b25020063ecb6e53101e96e5b998af808d9c100b376ddd2cb2bf3b9395f82a8a0a30be78c1db2bd29ee2e1d192493aa8b09fa755ee342348b931cb4212627f10f92dfb690c1894fa7258428bf4571828e9c2f56c3fe7b1c780260559bcb4c56009305c87a4b9a763c7ad164ea404b9547ebacfb4b341ee80dbb43480dcf7e2d5a81a9c8877a0d2c0c62fffba94cd22f94415296019143cdd592b5967327ff9af6f519d208e1c115369e23ad5658aa8103f405e7d529e9b1572f539a0f60a610ef89213a50d0b47849a0000000000000000230000000000000003000000eaffffff3a26230000000000010000000000000005000000000000000000000000000000000000000000000040000000000000000200000040000000a92b00000000000005000000000000007f000000000000000200000000100000232e000000000000050000000000000009000000000000000000000003000000"], 0x188) mount$fuse(0x0, &(0x7f0000000200)='.\x00', 0x0, 0x81048a, 0x0) (async) write$FUSE_DIRENT(0xffffffffffffffff, &(0x7f0000000240)=ANY=[@ANYBLOB="8801001ef5fff54f", @ANYRES64=0x0, @ANYBLOB="04000000000000000010000000000000d0000000e40000000000aa6c6a4787b25020063ecb6e53101e96e5b998af808d9c100b376ddd2cb2bf3b9395f82a8a0a30be78c1db2bd29ee2e1d192493aa8b09fa755ee342348b931cb4212627f10f92dfb690c1894fa7258428bf4571828e9c2f56c3fe7b1c780260559bcb4c56009305c87a4b9a763c7ad164ea404b9547ebacfb4b341ee80dbb43480dcf7e2d5a81a9c8877a0d2c0c62fffba94cd22f94415296019143cdd592b5967327ff9af6f519d208e1c115369e23ad5658aa8103f405e7d529e9b1572f539a0f60a610ef89213a50d0b47849a0000000000000000230000000000000003000000eaffffff3a26230000000000010000000000000005000000000000000000000000000000000000000000000040000000000000000200000040000000a92b00000000000005000000000000007f000000000000000200000000100000232e000000000000050000000000000009000000000000000000000003000000"], 0x188) (async) 10:58:33 executing program 2: mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x15888, 0x0) (async) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(r0, 0x4068aea3, &(0x7f0000000040)) 10:58:33 executing program 5: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080), 0x7a65df6f2b4876fa, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) (async) ioctl$KVM_ASSIGN_SET_MSIX_NR(r0, 0x4008ae73, &(0x7f0000000040)={0x3, 0x1f}) (async) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x20fc804, 0x0) 10:58:33 executing program 2: mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x15888, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(r0, 0x4068aea3, &(0x7f0000000040)) 10:58:33 executing program 5: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080), 0x7a65df6f2b4876fa, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r0, 0x4008ae73, &(0x7f0000000040)={0x3, 0x1f}) (async) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x20fc804, 0x0) 10:58:33 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) (async, rerun: 32) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@updsa={0xf0, 0x1a, 0xf03, 0x0, 0x25dfdbff, {{@in=@local, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x2}, {@in6=@empty}, @in=@remote, {0x0, 0x0, 0x0, 0xffffffffffffff80}, {0x0, 0x0, 0x5}}}, 0xf0}}, 0x0) (rerun: 32) [ 2064.560208] FAULT_INJECTION: forcing a failure. [ 2064.560208] name failslab, interval 1, probability 0, space 0, times 0 [ 2064.571774] CPU: 0 PID: 26208 Comm: syz-executor.1 Not tainted 4.14.286-syzkaller #0 [ 2064.579638] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2064.588972] Call Trace: [ 2064.591543] dump_stack+0x1b2/0x281 [ 2064.595149] should_fail.cold+0x10a/0x149 [ 2064.599278] should_failslab+0xd6/0x130 [ 2064.603229] __kmalloc_track_caller+0x2bc/0x400 [ 2064.607872] ? do_mount+0x1e41/0x2a30 [ 2064.611649] kstrdup+0x36/0x70 [ 2064.614820] do_mount+0x1e41/0x2a30 [ 2064.618425] ? do_raw_spin_unlock+0x164/0x220 [ 2064.622901] ? copy_mount_string+0x40/0x40 [ 2064.627114] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 2064.632104] ? copy_mnt_ns+0xa30/0xa30 [ 2064.635967] ? copy_mount_options+0x1fa/0x2f0 [ 2064.640453] ? copy_mnt_ns+0xa30/0xa30 [ 2064.644319] SyS_mount+0xa8/0x120 [ 2064.647754] ? copy_mnt_ns+0xa30/0xa30 [ 2064.651621] do_syscall_64+0x1d5/0x640 [ 2064.655487] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2064.660652] RIP: 0033:0x7fc09e230109 [ 2064.664338] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2064.672018] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 [ 2064.679272] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 [ 2064.686519] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 [ 2064.693762] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2064.701012] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 [ 2064.712402] BUG: unable to handle kernel paging request at fffffffffffffffc [ 2064.719523] IP: do_mount+0x1ef2/0x2a30 [ 2064.723384] PGD 8e6b067 P4D 8e6b067 PUD 8e6d067 PMD 0 [ 2064.728640] Oops: 0000 [#1] PREEMPT SMP KASAN [ 2064.733123] Modules linked in: [ 2064.736293] CPU: 1 PID: 26208 Comm: syz-executor.1 Not tainted 4.14.286-syzkaller #0 [ 2064.744142] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 2064.753479] task: ffff88809c1784c0 task.stack: ffff88808d440000 [ 2064.759514] RIP: 0010:do_mount+0x1ef2/0x2a30 [ 2064.763891] RSP: 0018:ffff88808d447d90 EFLAGS: 00010246 [ 2064.769230] RAX: dffffc0000000000 RBX: 00000000fffffff4 RCX: ffffc900067d4000 [ 2064.776473] RDX: 1fffffffffffffff RSI: ffffffff818e9484 RDI: fffffffffffffffc [ 2064.783726] RBP: fffffffffffffff4 R08: ffffffff8b9fb01c R09: 0000000000000001 [ 2064.790973] R10: 0000000000000000 R11: ffff88809c1784c0 R12: ffff8880abdada28 [ 2064.798216] R13: ffffffff891ea400 R14: 0000000000000000 R15: 0000000000000020 [ 2064.805462] FS: 00007fc09cba5700(0000) GS:ffff8880ba500000(0000) knlGS:0000000000000000 [ 2064.813663] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 2064.819520] CR2: fffffffffffffffc CR3: 00000000a28f5000 CR4: 00000000003406e0 [ 2064.826767] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 2064.834013] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 2064.841257] Call Trace: [ 2064.843824] ? do_raw_spin_unlock+0x164/0x220 [ 2064.848299] ? copy_mount_string+0x40/0x40 [ 2064.852519] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 2064.857510] ? copy_mnt_ns+0xa30/0xa30 [ 2064.861386] ? copy_mount_options+0x1fa/0x2f0 [ 2064.865869] ? copy_mnt_ns+0xa30/0xa30 [ 2064.869749] SyS_mount+0xa8/0x120 [ 2064.873187] ? copy_mnt_ns+0xa30/0xa30 [ 2064.877052] do_syscall_64+0x1d5/0x640 [ 2064.880928] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2064.886092] RIP: 0033:0x7fc09e230109 [ 2064.889776] RSP: 002b:00007fc09cba5168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2064.897470] RAX: ffffffffffffffda RBX: 00007fc09e342f60 RCX: 00007fc09e230109 [ 2064.904714] RDX: 0000000020000140 RSI: 0000000020000200 RDI: 0000000000000000 [ 2064.911959] RBP: 00007fc09cba51d0 R08: 0000000020000000 R09: 0000000000000000 [ 2064.919203] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2064.926451] R13: 00007ffe1e07079f R14: 00007fc09cba5300 R15: 0000000000022000 [ 2064.933713] Code: c6 ff 48 89 ef 48 63 eb e8 7c 61 ff ff 48 8d 7d 08 b8 ff ff 37 00 48 89 fa 48 c1 e0 2a 48 c1 ea 03 80 3c 02 00 0f 85 4b 08 00 00 <48> 8b 5d 08 e8 35 b2 c6 ff 48 8d 7b 70 e8 0c 4a b2 ff 4c 89 ef [ 2064.952883] RIP: do_mount+0x1ef2/0x2a30 RSP: ffff88808d447d90 [ 2064.958750] CR2: fffffffffffffffc [ 2064.962180] ---[ end trace 0e2eaaeaed6b5c1c ]--- [ 2064.966908] Kernel panic - not syncing: Fatal exception [ 2064.972423] Kernel Offset: disabled [ 2064.976047] Rebooting in 86400 seconds..