9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000002a00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

[ 1259.235216][T16866] 9pnet: Could not find request transport: fd0x0000000000000003
[ 1259.268298][T16872] 9pnet: Could not find request transport: fd0x0000000000000003
[ 1259.328776][T16875] FAULT_INJECTION: forcing a failure.
[ 1259.328776][T16875] name failslab, interval 1, probability 0, space 0, times 0
[ 1259.341412][T16875] CPU: 1 PID: 16875 Comm: syz-executor.4 Not tainted 5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1259.351712][T16875] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1259.361745][T16875] Call Trace:
[ 1259.365018][T16875]  dump_stack_lvl+0x1e2/0x24b
[ 1259.369759][T16875]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1259.375206][T16875]  dump_stack+0x15/0x17
[ 1259.379338][T16875]  should_fail+0x3c0/0x510
[ 1259.383730][T16875]  ? blk_stat_alloc_callback+0x8e/0x210
[ 1259.389250][T16875]  __should_failslab+0x9f/0xe0
[ 1259.393992][T16875]  should_failslab+0x9/0x20
[ 1259.398483][T16875]  __kmalloc+0x60/0x360
[ 1259.402613][T16875]  ? kmem_cache_alloc_trace+0x1dd/0x330
[ 1259.408246][T16875]  ? blk_stat_alloc_callback+0x60/0x210
[ 1259.413782][T16875]  ? blk_mq_poll_stats_fn+0x130/0x130
[ 1259.419130][T16875]  blk_stat_alloc_callback+0x8e/0x210
[ 1259.424649][T16875]  ? blk_mq_free_tag_set+0x690/0x690
[ 1259.429918][T16875]  ? blk_mq_poll_stats_fn+0x130/0x130
[ 1259.435264][T16875]  blk_mq_init_allocated_queue+0x8f/0x1a30
[ 1259.441045][T16875]  ? blk_set_default_limits+0x17b/0x410
[ 1259.446568][T16875]  ? blk_alloc_queue+0x574/0x640
[ 1259.451482][T16875]  blk_mq_init_queue+0x6c/0xc0
[ 1259.456223][T16875]  loop_add+0x270/0x760
[ 1259.460354][T16875]  loop_control_ioctl+0x564/0x740
[ 1259.465359][T16875]  ? loop_remove+0xb0/0xb0
[ 1259.469750][T16875]  ? __fget_files+0x310/0x370
[ 1259.474404][T16875]  ? security_file_ioctl+0xb1/0xd0
[ 1259.479490][T16875]  ? loop_remove+0xb0/0xb0
[ 1259.483889][T16875]  __se_sys_ioctl+0x115/0x190
[ 1259.488542][T16875]  __x64_sys_ioctl+0x7b/0x90
[ 1259.493107][T16875]  do_syscall_64+0x34/0x70
[ 1259.497501][T16875]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1259.503366][T16875] RIP: 0033:0x7f6ee1968169
[ 1259.507761][T16875] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
02:00:36 executing program 3:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000002a00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:00:36 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x71, 0x0)

[ 1259.527813][T16875] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1259.536211][T16875] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1259.544161][T16875] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
[ 1259.552114][T16875] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
[ 1259.560075][T16875] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1259.568032][T16875] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
02:00:36 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
execveat(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000840)=[&(0x7f00000006c0)='\x00', 0x0], 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
setuid(0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff})
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000002a00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

[ 1259.709066][T16882] 9pnet: Could not find request transport: fd0x0000000000000003
02:00:36 executing program 5:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
execveat(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000840)=[&(0x7f00000006c0)='\x00', 0x0], 0x100)
socket$inet_udplite(0x2, 0x2, 0x88)
setuid(0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff})
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000002a00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:00:36 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x73, 0x0)

02:00:36 executing program 3:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfd', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000002a00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:00:36 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000))
connect$unix(0xffffffffffffffff, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000008c0)='net/mcfilter6\x00')
r0 = socket$key(0xf, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x176}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(0x0, 0x0, &(0x7f0000000480)=0x3008)
sched_setscheduler(r1, 0x1, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$loop_ctrl(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413e850000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
chdir(&(0x7f00000001c0)='./bus\x00')
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0) (fail_nth: 25)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
setfsuid(0x0)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)
r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
recvmmsg(r7, &(0x7f0000002e80)=[{{&(0x7f00000003c0)=@nl=@proc, 0x80, &(0x7f0000000340)=[{0x0}, {&(0x7f00000013c0)=""/78, 0x4e}], 0x2, &(0x7f0000001740)=""/229, 0xe5}, 0x5}, {{&(0x7f0000001440)=@caif=@util, 0x80, &(0x7f0000001d80)=[{&(0x7f0000001840)=""/236, 0xec}, {&(0x7f0000000440)=""/20, 0x14}, {&(0x7f00000014c0)=""/43, 0x2b}, {&(0x7f0000001b80)=""/197, 0xc5}, {&(0x7f0000001940)=""/101, 0x65}, {&(0x7f00000016c0)=""/55, 0x37}, {&(0x7f0000001c80)=""/229, 0xe5}], 0x7, &(0x7f0000001e00)=""/1, 0x1}, 0x24000}, {{&(0x7f0000001e40)=@in6={0xa, 0x0, 0x0, @private2}, 0x80, &(0x7f0000001f80)=[{&(0x7f0000001ec0)=""/151, 0x97}, {&(0x7f0000002480)=""/184, 0xb8}, {&(0x7f0000002540)=""/151, 0x97}, {&(0x7f0000002780)=""/248, 0xf8}], 0x4, &(0x7f0000002880)=""/127, 0x7f}, 0xa9}, {{&(0x7f0000002900)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x80, &(0x7f0000001fc0)=[{&(0x7f0000002980)=""/98, 0x62}], 0x1, &(0x7f0000002140)=""/1, 0x1}, 0x3}, {{&(0x7f0000002a00)=@nl=@proc, 0x80, &(0x7f0000002c80)=[{&(0x7f0000002a80)=""/88, 0x58}, {&(0x7f0000002b00)=""/198, 0xc6}, {&(0x7f0000002c00)=""/106, 0x6a}], 0x3, &(0x7f0000002cc0)=""/36, 0x24}, 0x7}], 0x5, 0x1, &(0x7f0000002e40)={0x77359400})
sendmsg$key(r0, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)

02:00:36 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x75, 0x0)

02:00:36 executing program 3:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfd', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000002a00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

[ 1260.155987][T16902] 9pnet: Insufficient options for proto=fd
[ 1260.213073][T16911] 9pnet: Insufficient options for proto=fd
[ 1260.274796][T16914] FAULT_INJECTION: forcing a failure.
[ 1260.274796][T16914] name failslab, interval 1, probability 0, space 0, times 0
[ 1260.287420][T16914] CPU: 0 PID: 16914 Comm: syz-executor.4 Not tainted 5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1260.298172][T16914] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1260.308204][T16914] Call Trace:
[ 1260.311500][T16914]  dump_stack_lvl+0x1e2/0x24b
[ 1260.316155][T16914]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1260.321591][T16914]  dump_stack+0x15/0x17
[ 1260.325727][T16914]  should_fail+0x3c0/0x510
[ 1260.330122][T16914]  ? blk_mq_init_allocated_queue+0xf8/0x1a30
[ 1260.336077][T16914]  __should_failslab+0x9f/0xe0
[ 1260.340818][T16914]  should_failslab+0x9/0x20
[ 1260.345298][T16914]  kmem_cache_alloc_trace+0x3a/0x330
[ 1260.350559][T16914]  ? blk_stat_alloc_callback+0x19b/0x210
[ 1260.356171][T16914]  ? blk_mq_free_tag_set+0x690/0x690
[ 1260.361431][T16914]  ? blk_mq_poll_stats_fn+0x130/0x130
[ 1260.366776][T16914]  blk_mq_init_allocated_queue+0xf8/0x1a30
[ 1260.372558][T16914]  ? blk_set_default_limits+0x17b/0x410
[ 1260.378082][T16914]  ? blk_alloc_queue+0x574/0x640
[ 1260.382994][T16914]  blk_mq_init_queue+0x6c/0xc0
[ 1260.387736][T16914]  loop_add+0x270/0x760
[ 1260.391871][T16914]  loop_control_ioctl+0x564/0x740
[ 1260.396894][T16914]  ? loop_remove+0xb0/0xb0
[ 1260.401289][T16914]  ? __fget_files+0x310/0x370
[ 1260.405950][T16914]  ? security_file_ioctl+0xb1/0xd0
[ 1260.411038][T16914]  ? loop_remove+0xb0/0xb0
[ 1260.415430][T16914]  __se_sys_ioctl+0x115/0x190
[ 1260.420083][T16914]  __x64_sys_ioctl+0x7b/0x90
[ 1260.424649][T16914]  do_syscall_64+0x34/0x70
[ 1260.429056][T16914]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1260.434926][T16914] RIP: 0033:0x7f6ee1968169
[ 1260.439343][T16914] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1260.458924][T16914] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1260.467315][T16914] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1260.475280][T16914] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
[ 1260.483241][T16914] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
[ 1260.491206][T16914] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1260.499181][T16914] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
02:00:37 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x3, 0x0)

02:00:37 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x77, 0x0)

02:00:37 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
execveat(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000840)=[&(0x7f00000006c0)='\x00', 0x0], 0x100)
socket$inet_udplite(0x2, 0x2, 0x88)
setuid(0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff})
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000002a00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:00:37 executing program 3:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfd', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000002a00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

[ 1261.026035][T16868] 9pnet: bogus RWRITE count (2 > 1)
02:00:37 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000))
connect$unix(0xffffffffffffffff, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000008c0)='net/mcfilter6\x00')
r0 = socket$key(0xf, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x176}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(0x0, 0x0, &(0x7f0000000480)=0x3008)
sched_setscheduler(r1, 0x1, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$loop_ctrl(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413e850000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
chdir(&(0x7f00000001c0)='./bus\x00')
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0) (fail_nth: 26)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
setfsuid(0x0)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)
r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
recvmmsg(r7, &(0x7f0000002e80)=[{{&(0x7f00000003c0)=@nl=@proc, 0x80, &(0x7f0000000340)=[{0x0}, {&(0x7f00000013c0)=""/78, 0x4e}], 0x2, &(0x7f0000001740)=""/229, 0xe5}, 0x5}, {{&(0x7f0000001440)=@caif=@util, 0x80, &(0x7f0000001d80)=[{&(0x7f0000001840)=""/236, 0xec}, {&(0x7f0000000440)=""/20, 0x14}, {&(0x7f00000014c0)=""/43, 0x2b}, {&(0x7f0000001b80)=""/197, 0xc5}, {&(0x7f0000001940)=""/101, 0x65}, {&(0x7f00000016c0)=""/55, 0x37}, {&(0x7f0000001c80)=""/229, 0xe5}], 0x7, &(0x7f0000001e00)=""/1, 0x1}, 0x24000}, {{&(0x7f0000001e40)=@in6={0xa, 0x0, 0x0, @private2}, 0x80, &(0x7f0000001f80)=[{&(0x7f0000001ec0)=""/151, 0x97}, {&(0x7f0000002480)=""/184, 0xb8}, {&(0x7f0000002540)=""/151, 0x97}, {&(0x7f0000002780)=""/248, 0xf8}], 0x4, &(0x7f0000002880)=""/127, 0x7f}, 0xa9}, {{&(0x7f0000002900)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x80, &(0x7f0000001fc0)=[{&(0x7f0000002980)=""/98, 0x62}], 0x1, &(0x7f0000002140)=""/1, 0x1}, 0x3}, {{&(0x7f0000002a00)=@nl=@proc, 0x80, &(0x7f0000002c80)=[{&(0x7f0000002a80)=""/88, 0x58}, {&(0x7f0000002b00)=""/198, 0xc6}, {&(0x7f0000002c00)=""/106, 0x6a}], 0x3, &(0x7f0000002cc0)=""/36, 0x24}, 0x7}], 0x5, 0x1, &(0x7f0000002e40)={0x77359400})
sendmsg$key(r0, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)

02:00:37 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x79, 0x0)

[ 1261.086062][T16936] 9pnet: Insufficient options for proto=fd
[ 1261.198767][T16946] FAULT_INJECTION: forcing a failure.
[ 1261.198767][T16946] name failslab, interval 1, probability 0, space 0, times 0
[ 1261.211420][T16946] CPU: 1 PID: 16946 Comm: syz-executor.4 Not tainted 5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1261.221729][T16946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1261.231778][T16946] Call Trace:
[ 1261.235060][T16946]  dump_stack_lvl+0x1e2/0x24b
[ 1261.239721][T16946]  ? panic+0x7d7/0x7d7
[ 1261.243767][T16946]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1261.249218][T16946]  ? pcpu_block_update_hint_alloc+0x965/0xd00
[ 1261.255269][T16946]  dump_stack+0x15/0x17
[ 1261.259408][T16946]  should_fail+0x3c0/0x510
[ 1261.263834][T16946]  ? blk_mq_realloc_hw_ctxs+0xca/0x1840
[ 1261.269358][T16946]  __should_failslab+0x9f/0xe0
[ 1261.274116][T16946]  should_failslab+0x9/0x20
[ 1261.278597][T16946]  __kmalloc+0x60/0x360
[ 1261.282732][T16946]  ? trace_raw_output_percpu_destroy_chunk+0xc0/0xc0
[ 1261.289404][T16946]  blk_mq_realloc_hw_ctxs+0xca/0x1840
[ 1261.294756][T16946]  ? pcpu_alloc+0x13e8/0x1420
[ 1261.299411][T16946]  ? find_next_bit+0xd6/0x120
[ 1261.304071][T16946]  ? cpumask_next+0x11/0x30
[ 1261.308553][T16946]  ? blk_mq_sysfs_init+0x1c1/0x200
[ 1261.313641][T16946]  blk_mq_init_allocated_queue+0x41a/0x1a30
[ 1261.319512][T16946]  ? blk_set_default_limits+0x17b/0x410
[ 1261.325036][T16946]  ? blk_alloc_queue+0x574/0x640
[ 1261.329967][T16946]  blk_mq_init_queue+0x6c/0xc0
[ 1261.334724][T16946]  loop_add+0x270/0x760
[ 1261.338864][T16946]  loop_control_ioctl+0x564/0x740
[ 1261.343865][T16946]  ? loop_remove+0xb0/0xb0
[ 1261.348259][T16946]  ? __fget_files+0x310/0x370
[ 1261.352920][T16946]  ? security_file_ioctl+0xb1/0xd0
[ 1261.358014][T16946]  ? loop_remove+0xb0/0xb0
[ 1261.362415][T16946]  __se_sys_ioctl+0x115/0x190
[ 1261.367080][T16946]  __x64_sys_ioctl+0x7b/0x90
[ 1261.371647][T16946]  do_syscall_64+0x34/0x70
[ 1261.376040][T16946]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1261.381911][T16946] RIP: 0033:0x7f6ee1968169
[ 1261.386314][T16946] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1261.405897][T16946] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1261.414288][T16946] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1261.422238][T16946] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
[ 1261.430191][T16946] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
[ 1261.438139][T16946] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1261.446089][T16946] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
02:00:38 executing program 5:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
execveat(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000840)=[&(0x7f00000006c0)='\x00', 0x0], 0x100)
socket$inet_udplite(0x2, 0x2, 0x88)
setuid(0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff})
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:00:38 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x4, 0x0)

02:00:38 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x7b, 0x0)

02:00:38 executing program 3:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000002a00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:00:38 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x71, 0x0)

[ 1261.941937][T16912] 9pnet: bogus RWRITE count (2 > 1)
02:00:38 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000))
connect$unix(0xffffffffffffffff, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000008c0)='net/mcfilter6\x00')
r0 = socket$key(0xf, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x176}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(0x0, 0x0, &(0x7f0000000480)=0x3008)
sched_setscheduler(r1, 0x1, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$loop_ctrl(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413e850000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
chdir(&(0x7f00000001c0)='./bus\x00')
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0) (fail_nth: 27)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
setfsuid(0x0)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)
r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
recvmmsg(r7, &(0x7f0000002e80)=[{{&(0x7f00000003c0)=@nl=@proc, 0x80, &(0x7f0000000340)=[{0x0}, {&(0x7f00000013c0)=""/78, 0x4e}], 0x2, &(0x7f0000001740)=""/229, 0xe5}, 0x5}, {{&(0x7f0000001440)=@caif=@util, 0x80, &(0x7f0000001d80)=[{&(0x7f0000001840)=""/236, 0xec}, {&(0x7f0000000440)=""/20, 0x14}, {&(0x7f00000014c0)=""/43, 0x2b}, {&(0x7f0000001b80)=""/197, 0xc5}, {&(0x7f0000001940)=""/101, 0x65}, {&(0x7f00000016c0)=""/55, 0x37}, {&(0x7f0000001c80)=""/229, 0xe5}], 0x7, &(0x7f0000001e00)=""/1, 0x1}, 0x24000}, {{&(0x7f0000001e40)=@in6={0xa, 0x0, 0x0, @private2}, 0x80, &(0x7f0000001f80)=[{&(0x7f0000001ec0)=""/151, 0x97}, {&(0x7f0000002480)=""/184, 0xb8}, {&(0x7f0000002540)=""/151, 0x97}, {&(0x7f0000002780)=""/248, 0xf8}], 0x4, &(0x7f0000002880)=""/127, 0x7f}, 0xa9}, {{&(0x7f0000002900)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x80, &(0x7f0000001fc0)=[{&(0x7f0000002980)=""/98, 0x62}], 0x1, &(0x7f0000002140)=""/1, 0x1}, 0x3}, {{&(0x7f0000002a00)=@nl=@proc, 0x80, &(0x7f0000002c80)=[{&(0x7f0000002a80)=""/88, 0x58}, {&(0x7f0000002b00)=""/198, 0xc6}, {&(0x7f0000002c00)=""/106, 0x6a}], 0x3, &(0x7f0000002cc0)=""/36, 0x24}, 0x7}], 0x5, 0x1, &(0x7f0000002e40)={0x77359400})
sendmsg$key(r0, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)

02:00:38 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x5, 0x0)

02:00:38 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x6f, 0x0)

02:00:38 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x7, 0x0)

02:00:38 executing program 3:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000002a00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:00:38 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x7d, 0x0)

[ 1261.983601][T16967] 9pnet: bogus RWRITE count (2 > 1)
[ 1262.005246][T16970] 9pnet: Insufficient options for proto=fd
02:00:38 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x9, 0x0)

[ 1262.051024][T16981] 9pnet: Insufficient options for proto=fd
[ 1262.135906][T16989] FAULT_INJECTION: forcing a failure.
[ 1262.135906][T16989] name failslab, interval 1, probability 0, space 0, times 0
[ 1262.148544][T16989] CPU: 0 PID: 16989 Comm: syz-executor.4 Not tainted 5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1262.158856][T16989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1262.168895][T16989] Call Trace:
[ 1262.172169][T16989]  dump_stack_lvl+0x1e2/0x24b
[ 1262.176840][T16989]  ? panic+0x7d7/0x7d7
[ 1262.180887][T16989]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1262.186325][T16989]  dump_stack+0x15/0x17
[ 1262.190463][T16989]  should_fail+0x3c0/0x510
[ 1262.194862][T16989]  ? blk_mq_realloc_hw_ctxs+0x4bb/0x1840
[ 1262.200479][T16989]  __should_failslab+0x9f/0xe0
[ 1262.205230][T16989]  should_failslab+0x9/0x20
[ 1262.209722][T16989]  __kmalloc+0x60/0x360
[ 1262.213864][T16989]  ? blk_mq_hw_queue_to_node+0x101/0x120
[ 1262.219475][T16989]  blk_mq_realloc_hw_ctxs+0x4bb/0x1840
[ 1262.224918][T16989]  ? cpumask_next+0x11/0x30
[ 1262.229398][T16989]  ? blk_mq_sysfs_init+0x1c1/0x200
[ 1262.234487][T16989]  blk_mq_init_allocated_queue+0x41a/0x1a30
[ 1262.240360][T16989]  ? blk_set_default_limits+0x17b/0x410
[ 1262.245912][T16989]  ? blk_alloc_queue+0x574/0x640
[ 1262.250844][T16989]  blk_mq_init_queue+0x6c/0xc0
[ 1262.255605][T16989]  loop_add+0x270/0x760
[ 1262.259745][T16989]  loop_control_ioctl+0x564/0x740
[ 1262.264748][T16989]  ? loop_remove+0xb0/0xb0
[ 1262.269161][T16989]  ? __fget_files+0x310/0x370
[ 1262.273834][T16989]  ? security_file_ioctl+0xb1/0xd0
[ 1262.278961][T16989]  ? loop_remove+0xb0/0xb0
[ 1262.283357][T16989]  __se_sys_ioctl+0x115/0x190
[ 1262.288015][T16989]  __x64_sys_ioctl+0x7b/0x90
[ 1262.292586][T16989]  do_syscall_64+0x34/0x70
[ 1262.296995][T16989]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1262.302883][T16989] RIP: 0033:0x7f6ee1968169
[ 1262.307289][T16989] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1262.326878][T16989] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1262.335287][T16989] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1262.343323][T16989] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
[ 1262.351287][T16989] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
[ 1262.359239][T16989] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1262.367190][T16989] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
02:00:39 executing program 3:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000002a00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:00:39 executing program 5:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
execveat(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000840)=[&(0x7f00000006c0)='\x00', 0x0], 0x100)
socket$inet_udplite(0x2, 0x2, 0x88)
setuid(0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff})
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:00:39 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0) (fail_nth: 1)

02:00:39 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x83, 0x0)

02:00:39 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xb, 0x0)

02:00:39 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000))
connect$unix(0xffffffffffffffff, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000008c0)='net/mcfilter6\x00')
r0 = socket$key(0xf, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x176}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(0x0, 0x0, &(0x7f0000000480)=0x3008)
sched_setscheduler(r1, 0x1, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$loop_ctrl(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413e850000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
chdir(&(0x7f00000001c0)='./bus\x00')
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0) (fail_nth: 28)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
setfsuid(0x0)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)
r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
recvmmsg(r7, &(0x7f0000002e80)=[{{&(0x7f00000003c0)=@nl=@proc, 0x80, &(0x7f0000000340)=[{0x0}, {&(0x7f00000013c0)=""/78, 0x4e}], 0x2, &(0x7f0000001740)=""/229, 0xe5}, 0x5}, {{&(0x7f0000001440)=@caif=@util, 0x80, &(0x7f0000001d80)=[{&(0x7f0000001840)=""/236, 0xec}, {&(0x7f0000000440)=""/20, 0x14}, {&(0x7f00000014c0)=""/43, 0x2b}, {&(0x7f0000001b80)=""/197, 0xc5}, {&(0x7f0000001940)=""/101, 0x65}, {&(0x7f00000016c0)=""/55, 0x37}, {&(0x7f0000001c80)=""/229, 0xe5}], 0x7, &(0x7f0000001e00)=""/1, 0x1}, 0x24000}, {{&(0x7f0000001e40)=@in6={0xa, 0x0, 0x0, @private2}, 0x80, &(0x7f0000001f80)=[{&(0x7f0000001ec0)=""/151, 0x97}, {&(0x7f0000002480)=""/184, 0xb8}, {&(0x7f0000002540)=""/151, 0x97}, {&(0x7f0000002780)=""/248, 0xf8}], 0x4, &(0x7f0000002880)=""/127, 0x7f}, 0xa9}, {{&(0x7f0000002900)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x80, &(0x7f0000001fc0)=[{&(0x7f0000002980)=""/98, 0x62}], 0x1, &(0x7f0000002140)=""/1, 0x1}, 0x3}, {{&(0x7f0000002a00)=@nl=@proc, 0x80, &(0x7f0000002c80)=[{&(0x7f0000002a80)=""/88, 0x58}, {&(0x7f0000002b00)=""/198, 0xc6}, {&(0x7f0000002c00)=""/106, 0x6a}], 0x3, &(0x7f0000002cc0)=""/36, 0x24}, 0x7}], 0x5, 0x1, &(0x7f0000002e40)={0x77359400})
sendmsg$key(r0, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)

02:00:39 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xd, 0x0)

02:00:39 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:00:39 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x85, 0x0)

[ 1262.992576][T16986] 9pnet: bogus RWRITE count (2 > 1)
[ 1263.010256][T17014] 9pnet: Insufficient options for proto=fd
02:00:39 executing program 3:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000002a00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:00:39 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xf, 0x0)

[ 1263.119639][T17028] FAULT_INJECTION: forcing a failure.
[ 1263.119639][T17028] name failslab, interval 1, probability 0, space 0, times 0
[ 1263.132545][T17028] CPU: 0 PID: 17028 Comm: syz-executor.4 Not tainted 5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1263.142850][T17028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1263.152884][T17028] Call Trace:
[ 1263.156158][T17028]  dump_stack_lvl+0x1e2/0x24b
[ 1263.160814][T17028]  ? panic+0x7d7/0x7d7
[ 1263.164878][T17028]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1263.170313][T17028]  dump_stack+0x15/0x17
[ 1263.174450][T17028]  should_fail+0x3c0/0x510
[ 1263.178857][T17028]  ? blk_mq_realloc_hw_ctxs+0x802/0x1840
[ 1263.184467][T17028]  __should_failslab+0x9f/0xe0
[ 1263.189211][T17028]  should_failslab+0x9/0x20
[ 1263.193691][T17028]  __kmalloc+0x60/0x360
[ 1263.197827][T17028]  ? blk_mq_realloc_hw_ctxs+0x4bb/0x1840
[ 1263.203434][T17028]  blk_mq_realloc_hw_ctxs+0x802/0x1840
[ 1263.208875][T17028]  blk_mq_init_allocated_queue+0x41a/0x1a30
[ 1263.214832][T17028]  ? blk_set_default_limits+0x17b/0x410
[ 1263.220359][T17028]  ? blk_alloc_queue+0x574/0x640
[ 1263.225276][T17028]  blk_mq_init_queue+0x6c/0xc0
[ 1263.230019][T17028]  loop_add+0x270/0x760
[ 1263.234153][T17028]  loop_control_ioctl+0x564/0x740
[ 1263.239174][T17028]  ? loop_remove+0xb0/0xb0
[ 1263.243594][T17028]  ? __fget_files+0x310/0x370
[ 1263.248248][T17028]  ? security_file_ioctl+0xb1/0xd0
[ 1263.253334][T17028]  ? loop_remove+0xb0/0xb0
[ 1263.257731][T17028]  __se_sys_ioctl+0x115/0x190
[ 1263.262386][T17028]  __x64_sys_ioctl+0x7b/0x90
[ 1263.266955][T17028]  do_syscall_64+0x34/0x70
[ 1263.271353][T17028]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1263.277219][T17028] RIP: 0033:0x7f6ee1968169
[ 1263.281624][T17028] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1263.301217][T17028] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1263.309611][T17028] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
02:00:39 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x87, 0x0)

[ 1263.317562][T17028] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
[ 1263.325511][T17028] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
[ 1263.333459][T17028] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1263.341509][T17028] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
02:00:39 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x1001, 0x0)

02:00:40 executing program 5:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
execveat(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000840)=[&(0x7f00000006c0)='\x00', 0x0], 0x100)
socket$inet_udplite(0x2, 0x2, 0x88)
setuid(0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff})
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:00:40 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x11, 0x0)

02:00:40 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x1e00, 0x0)

02:00:40 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x89, 0x0)

02:00:40 executing program 3:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000002a00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:00:40 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000))
connect$unix(0xffffffffffffffff, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000008c0)='net/mcfilter6\x00')
r0 = socket$key(0xf, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x176}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(0x0, 0x0, &(0x7f0000000480)=0x3008)
sched_setscheduler(r1, 0x1, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$loop_ctrl(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413e850000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
chdir(&(0x7f00000001c0)='./bus\x00')
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0) (fail_nth: 29)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
setfsuid(0x0)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)
r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
recvmmsg(r7, &(0x7f0000002e80)=[{{&(0x7f00000003c0)=@nl=@proc, 0x80, &(0x7f0000000340)=[{0x0}, {&(0x7f00000013c0)=""/78, 0x4e}], 0x2, &(0x7f0000001740)=""/229, 0xe5}, 0x5}, {{&(0x7f0000001440)=@caif=@util, 0x80, &(0x7f0000001d80)=[{&(0x7f0000001840)=""/236, 0xec}, {&(0x7f0000000440)=""/20, 0x14}, {&(0x7f00000014c0)=""/43, 0x2b}, {&(0x7f0000001b80)=""/197, 0xc5}, {&(0x7f0000001940)=""/101, 0x65}, {&(0x7f00000016c0)=""/55, 0x37}, {&(0x7f0000001c80)=""/229, 0xe5}], 0x7, &(0x7f0000001e00)=""/1, 0x1}, 0x24000}, {{&(0x7f0000001e40)=@in6={0xa, 0x0, 0x0, @private2}, 0x80, &(0x7f0000001f80)=[{&(0x7f0000001ec0)=""/151, 0x97}, {&(0x7f0000002480)=""/184, 0xb8}, {&(0x7f0000002540)=""/151, 0x97}, {&(0x7f0000002780)=""/248, 0xf8}], 0x4, &(0x7f0000002880)=""/127, 0x7f}, 0xa9}, {{&(0x7f0000002900)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x80, &(0x7f0000001fc0)=[{&(0x7f0000002980)=""/98, 0x62}], 0x1, &(0x7f0000002140)=""/1, 0x1}, 0x3}, {{&(0x7f0000002a00)=@nl=@proc, 0x80, &(0x7f0000002c80)=[{&(0x7f0000002a80)=""/88, 0x58}, {&(0x7f0000002b00)=""/198, 0xc6}, {&(0x7f0000002c00)=""/106, 0x6a}], 0x3, &(0x7f0000002cc0)=""/36, 0x24}, 0x7}], 0x5, 0x1, &(0x7f0000002e40)={0x77359400})
sendmsg$key(r0, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)

02:00:40 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x13, 0x0)

02:00:40 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x8b, 0x0)

02:00:40 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2002, 0x0)

02:00:40 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x15, 0x0)

[ 1264.077702][T17075] FAULT_INJECTION: forcing a failure.
[ 1264.077702][T17075] name failslab, interval 1, probability 0, space 0, times 0
[ 1264.090335][T17075] CPU: 1 PID: 17075 Comm: syz-executor.4 Not tainted 5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1264.100641][T17075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1264.110676][T17075] Call Trace:
[ 1264.113945][T17075]  dump_stack_lvl+0x1e2/0x24b
[ 1264.118597][T17075]  ? panic+0x7d7/0x7d7
[ 1264.122733][T17075]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1264.128166][T17075]  dump_stack+0x15/0x17
[ 1264.132300][T17075]  should_fail+0x3c0/0x510
[ 1264.136692][T17075]  ? sbitmap_init_node+0x148/0x3d0
[ 1264.141798][T17075]  __should_failslab+0x9f/0xe0
[ 1264.146539][T17075]  should_failslab+0x9/0x20
[ 1264.151035][T17075]  __kmalloc+0x60/0x360
[ 1264.155168][T17075]  sbitmap_init_node+0x148/0x3d0
[ 1264.160082][T17075]  blk_mq_realloc_hw_ctxs+0x896/0x1840
[ 1264.165545][T17075]  blk_mq_init_allocated_queue+0x41a/0x1a30
[ 1264.171428][T17075]  ? blk_set_default_limits+0x17b/0x410
[ 1264.176952][T17075]  ? blk_alloc_queue+0x574/0x640
[ 1264.181865][T17075]  blk_mq_init_queue+0x6c/0xc0
[ 1264.186619][T17075]  loop_add+0x270/0x760
[ 1264.190751][T17075]  loop_control_ioctl+0x564/0x740
[ 1264.195757][T17075]  ? loop_remove+0xb0/0xb0
[ 1264.200165][T17075]  ? __fget_files+0x310/0x370
[ 1264.204821][T17075]  ? security_file_ioctl+0xb1/0xd0
[ 1264.209921][T17075]  ? loop_remove+0xb0/0xb0
[ 1264.214328][T17075]  __se_sys_ioctl+0x115/0x190
[ 1264.219006][T17075]  __x64_sys_ioctl+0x7b/0x90
[ 1264.223575][T17075]  do_syscall_64+0x34/0x70
[ 1264.227994][T17075]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1264.233879][T17075] RIP: 0033:0x7f6ee1968169
[ 1264.238284][T17075] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1264.257874][T17075] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1264.266282][T17075] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1264.274319][T17075] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
[ 1264.282271][T17075] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
[ 1264.290218][T17075] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1264.298168][T17075] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
02:00:40 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2004, 0x0)

02:00:40 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x17, 0x0)

02:00:41 executing program 5:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
execveat(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000840)=[&(0x7f00000006c0)='\x00', 0x0], 0x100)
socket$inet_udplite(0x2, 0x2, 0x88)
setuid(0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff})
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:00:41 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x8d, 0x0)

02:00:41 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2008, 0x0)

02:00:41 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x19, 0x0)

02:00:41 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000))
connect$unix(0xffffffffffffffff, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000008c0)='net/mcfilter6\x00')
r0 = socket$key(0xf, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x176}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(0x0, 0x0, &(0x7f0000000480)=0x3008)
sched_setscheduler(r1, 0x1, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$loop_ctrl(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413e850000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
chdir(&(0x7f00000001c0)='./bus\x00')
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0) (fail_nth: 30)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
setfsuid(0x0)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)
r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
recvmmsg(r7, &(0x7f0000002e80)=[{{&(0x7f00000003c0)=@nl=@proc, 0x80, &(0x7f0000000340)=[{0x0}, {&(0x7f00000013c0)=""/78, 0x4e}], 0x2, &(0x7f0000001740)=""/229, 0xe5}, 0x5}, {{&(0x7f0000001440)=@caif=@util, 0x80, &(0x7f0000001d80)=[{&(0x7f0000001840)=""/236, 0xec}, {&(0x7f0000000440)=""/20, 0x14}, {&(0x7f00000014c0)=""/43, 0x2b}, {&(0x7f0000001b80)=""/197, 0xc5}, {&(0x7f0000001940)=""/101, 0x65}, {&(0x7f00000016c0)=""/55, 0x37}, {&(0x7f0000001c80)=""/229, 0xe5}], 0x7, &(0x7f0000001e00)=""/1, 0x1}, 0x24000}, {{&(0x7f0000001e40)=@in6={0xa, 0x0, 0x0, @private2}, 0x80, &(0x7f0000001f80)=[{&(0x7f0000001ec0)=""/151, 0x97}, {&(0x7f0000002480)=""/184, 0xb8}, {&(0x7f0000002540)=""/151, 0x97}, {&(0x7f0000002780)=""/248, 0xf8}], 0x4, &(0x7f0000002880)=""/127, 0x7f}, 0xa9}, {{&(0x7f0000002900)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x80, &(0x7f0000001fc0)=[{&(0x7f0000002980)=""/98, 0x62}], 0x1, &(0x7f0000002140)=""/1, 0x1}, 0x3}, {{&(0x7f0000002a00)=@nl=@proc, 0x80, &(0x7f0000002c80)=[{&(0x7f0000002a80)=""/88, 0x58}, {&(0x7f0000002b00)=""/198, 0xc6}, {&(0x7f0000002c00)=""/106, 0x6a}], 0x3, &(0x7f0000002cc0)=""/36, 0x24}, 0x7}], 0x5, 0x1, &(0x7f0000002e40)={0x77359400})
sendmsg$key(r0, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)

02:00:41 executing program 3:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000002a00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:00:41 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x8f, 0x0)

02:00:41 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x1b, 0x0)

[ 1264.989601][T17074] 9pnet: bogus RWRITE count (2 > 1)
02:00:41 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x200a, 0x0)

02:00:41 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x1d, 0x0)

[ 1265.117862][T17117] FAULT_INJECTION: forcing a failure.
[ 1265.117862][T17117] name failslab, interval 1, probability 0, space 0, times 0
[ 1265.130608][T17117] CPU: 0 PID: 17117 Comm: syz-executor.4 Not tainted 5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1265.140911][T17117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1265.150943][T17117] Call Trace:
[ 1265.154216][T17117]  dump_stack_lvl+0x1e2/0x24b
[ 1265.158899][T17117]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1265.164345][T17117]  dump_stack+0x15/0x17
[ 1265.168479][T17117]  should_fail+0x3c0/0x510
[ 1265.172872][T17117]  ? blk_alloc_flush_queue+0x7a/0x250
[ 1265.178248][T17117]  __should_failslab+0x9f/0xe0
[ 1265.183008][T17117]  should_failslab+0x9/0x20
[ 1265.187492][T17117]  kmem_cache_alloc_trace+0x3a/0x330
[ 1265.192757][T17117]  blk_alloc_flush_queue+0x7a/0x250
[ 1265.197950][T17117]  blk_mq_realloc_hw_ctxs+0xa81/0x1840
[ 1265.203395][T17117]  blk_mq_init_allocated_queue+0x41a/0x1a30
[ 1265.209261][T17117]  ? blk_set_default_limits+0x17b/0x410
[ 1265.214873][T17117]  ? blk_alloc_queue+0x574/0x640
[ 1265.219787][T17117]  blk_mq_init_queue+0x6c/0xc0
[ 1265.224548][T17117]  loop_add+0x270/0x760
[ 1265.228787][T17117]  loop_control_ioctl+0x564/0x740
[ 1265.233805][T17117]  ? loop_remove+0xb0/0xb0
[ 1265.238213][T17117]  ? __fget_files+0x310/0x370
[ 1265.242957][T17117]  ? security_file_ioctl+0xb1/0xd0
[ 1265.248043][T17117]  ? loop_remove+0xb0/0xb0
[ 1265.252436][T17117]  __se_sys_ioctl+0x115/0x190
[ 1265.257108][T17117]  __x64_sys_ioctl+0x7b/0x90
[ 1265.261678][T17117]  do_syscall_64+0x34/0x70
[ 1265.266073][T17117]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1265.271967][T17117] RIP: 0033:0x7f6ee1968169
[ 1265.276363][T17117] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1265.295960][T17117] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1265.304352][T17117] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1265.312300][T17117] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
[ 1265.320250][T17117] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
[ 1265.328217][T17117] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1265.336340][T17117] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
02:00:41 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x6000, 0x0)

02:00:41 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x91, 0x0)

02:00:42 executing program 5:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
execveat(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000840)=[&(0x7f00000006c0)='\x00', 0x0], 0x100)
socket$inet_udplite(0x2, 0x2, 0x88)
setuid(0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff})
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:00:42 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x93, 0x0)

02:00:42 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x20004700, 0x0)

02:00:42 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000))
connect$unix(0xffffffffffffffff, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000008c0)='net/mcfilter6\x00')
r0 = socket$key(0xf, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x176}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(0x0, 0x0, &(0x7f0000000480)=0x3008)
sched_setscheduler(r1, 0x1, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$loop_ctrl(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413e850000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
chdir(&(0x7f00000001c0)='./bus\x00')
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0) (fail_nth: 31)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
setfsuid(0x0)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)
r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
recvmmsg(r7, &(0x7f0000002e80)=[{{&(0x7f00000003c0)=@nl=@proc, 0x80, &(0x7f0000000340)=[{0x0}, {&(0x7f00000013c0)=""/78, 0x4e}], 0x2, &(0x7f0000001740)=""/229, 0xe5}, 0x5}, {{&(0x7f0000001440)=@caif=@util, 0x80, &(0x7f0000001d80)=[{&(0x7f0000001840)=""/236, 0xec}, {&(0x7f0000000440)=""/20, 0x14}, {&(0x7f00000014c0)=""/43, 0x2b}, {&(0x7f0000001b80)=""/197, 0xc5}, {&(0x7f0000001940)=""/101, 0x65}, {&(0x7f00000016c0)=""/55, 0x37}, {&(0x7f0000001c80)=""/229, 0xe5}], 0x7, &(0x7f0000001e00)=""/1, 0x1}, 0x24000}, {{&(0x7f0000001e40)=@in6={0xa, 0x0, 0x0, @private2}, 0x80, &(0x7f0000001f80)=[{&(0x7f0000001ec0)=""/151, 0x97}, {&(0x7f0000002480)=""/184, 0xb8}, {&(0x7f0000002540)=""/151, 0x97}, {&(0x7f0000002780)=""/248, 0xf8}], 0x4, &(0x7f0000002880)=""/127, 0x7f}, 0xa9}, {{&(0x7f0000002900)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x80, &(0x7f0000001fc0)=[{&(0x7f0000002980)=""/98, 0x62}], 0x1, &(0x7f0000002140)=""/1, 0x1}, 0x3}, {{&(0x7f0000002a00)=@nl=@proc, 0x80, &(0x7f0000002c80)=[{&(0x7f0000002a80)=""/88, 0x58}, {&(0x7f0000002b00)=""/198, 0xc6}, {&(0x7f0000002c00)=""/106, 0x6a}], 0x3, &(0x7f0000002cc0)=""/36, 0x24}, 0x7}], 0x5, 0x1, &(0x7f0000002e40)={0x77359400})
sendmsg$key(r0, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)

02:00:42 executing program 3:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:00:42 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x21, 0x0)

02:00:42 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x2)

02:00:42 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x95, 0x0)

02:00:42 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x23, 0x0)

[ 1266.016206][T17162] FAULT_INJECTION: forcing a failure.
[ 1266.016206][T17162] name failslab, interval 1, probability 0, space 0, times 0
[ 1266.029016][T17162] CPU: 1 PID: 17162 Comm: syz-executor.4 Not tainted 5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1266.039323][T17162] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1266.049355][T17162] Call Trace:
[ 1266.052628][T17162]  dump_stack_lvl+0x1e2/0x24b
[ 1266.057284][T17162]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1266.062725][T17162]  dump_stack+0x15/0x17
[ 1266.066859][T17162]  should_fail+0x3c0/0x510
[ 1266.071263][T17162]  ? blk_alloc_flush_queue+0xe0/0x250
[ 1266.076612][T17162]  __should_failslab+0x9f/0xe0
[ 1266.081350][T17162]  should_failslab+0x9/0x20
[ 1266.085838][T17162]  __kmalloc+0x60/0x360
[ 1266.089978][T17162]  ? kmem_cache_alloc_trace+0x1dd/0x330
[ 1266.095500][T17162]  ? blk_alloc_flush_queue+0x7a/0x250
[ 1266.100863][T17162]  blk_alloc_flush_queue+0xe0/0x250
[ 1266.106039][T17162]  blk_mq_realloc_hw_ctxs+0xa81/0x1840
[ 1266.111498][T17162]  blk_mq_init_allocated_queue+0x41a/0x1a30
[ 1266.117376][T17162]  ? blk_set_default_limits+0x17b/0x410
[ 1266.122899][T17162]  ? blk_alloc_queue+0x574/0x640
[ 1266.127812][T17162]  blk_mq_init_queue+0x6c/0xc0
[ 1266.132827][T17162]  loop_add+0x270/0x760
[ 1266.136964][T17162]  loop_control_ioctl+0x564/0x740
[ 1266.141970][T17162]  ? loop_remove+0xb0/0xb0
[ 1266.146366][T17162]  ? __fget_files+0x310/0x370
[ 1266.151023][T17162]  ? security_file_ioctl+0xb1/0xd0
[ 1266.156127][T17162]  ? loop_remove+0xb0/0xb0
[ 1266.160610][T17162]  __se_sys_ioctl+0x115/0x190
[ 1266.165265][T17162]  __x64_sys_ioctl+0x7b/0x90
[ 1266.169845][T17162]  do_syscall_64+0x34/0x70
[ 1266.174239][T17162]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1266.180121][T17162] RIP: 0033:0x7f6ee1968169
[ 1266.184515][T17162] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1266.204097][T17162] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
02:00:42 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x4)

[ 1266.212489][T17162] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1266.220440][T17162] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
[ 1266.228411][T17162] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
[ 1266.236364][T17162] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1266.244325][T17162] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
02:00:42 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x25, 0x0)

02:00:42 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x97, 0x0)

02:00:43 executing program 5:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
execveat(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000840)=[&(0x7f00000006c0)='\x00', 0x0], 0x100)
socket$inet_udplite(0x2, 0x2, 0x88)
setuid(0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff})
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:00:43 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x8)

02:00:43 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x27, 0x0)

02:00:43 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x99, 0x0)

02:00:43 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000))
connect$unix(0xffffffffffffffff, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000008c0)='net/mcfilter6\x00')
r0 = socket$key(0xf, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x176}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(0x0, 0x0, &(0x7f0000000480)=0x3008)
sched_setscheduler(r1, 0x1, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$loop_ctrl(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413e850000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
chdir(&(0x7f00000001c0)='./bus\x00')
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0) (fail_nth: 32)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
setfsuid(0x0)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)
r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
recvmmsg(r7, &(0x7f0000002e80)=[{{&(0x7f00000003c0)=@nl=@proc, 0x80, &(0x7f0000000340)=[{0x0}, {&(0x7f00000013c0)=""/78, 0x4e}], 0x2, &(0x7f0000001740)=""/229, 0xe5}, 0x5}, {{&(0x7f0000001440)=@caif=@util, 0x80, &(0x7f0000001d80)=[{&(0x7f0000001840)=""/236, 0xec}, {&(0x7f0000000440)=""/20, 0x14}, {&(0x7f00000014c0)=""/43, 0x2b}, {&(0x7f0000001b80)=""/197, 0xc5}, {&(0x7f0000001940)=""/101, 0x65}, {&(0x7f00000016c0)=""/55, 0x37}, {&(0x7f0000001c80)=""/229, 0xe5}], 0x7, &(0x7f0000001e00)=""/1, 0x1}, 0x24000}, {{&(0x7f0000001e40)=@in6={0xa, 0x0, 0x0, @private2}, 0x80, &(0x7f0000001f80)=[{&(0x7f0000001ec0)=""/151, 0x97}, {&(0x7f0000002480)=""/184, 0xb8}, {&(0x7f0000002540)=""/151, 0x97}, {&(0x7f0000002780)=""/248, 0xf8}], 0x4, &(0x7f0000002880)=""/127, 0x7f}, 0xa9}, {{&(0x7f0000002900)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x80, &(0x7f0000001fc0)=[{&(0x7f0000002980)=""/98, 0x62}], 0x1, &(0x7f0000002140)=""/1, 0x1}, 0x3}, {{&(0x7f0000002a00)=@nl=@proc, 0x80, &(0x7f0000002c80)=[{&(0x7f0000002a80)=""/88, 0x58}, {&(0x7f0000002b00)=""/198, 0xc6}, {&(0x7f0000002c00)=""/106, 0x6a}], 0x3, &(0x7f0000002cc0)=""/36, 0x24}, 0x7}], 0x5, 0x1, &(0x7f0000002e40)={0x77359400})
sendmsg$key(r0, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)

02:00:43 executing program 3:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:00:43 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x29, 0x0)

02:00:43 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0xa)

02:00:43 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x9b, 0x0)

02:00:43 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2b, 0x0)

[ 1266.930305][T17206] FAULT_INJECTION: forcing a failure.
[ 1266.930305][T17206] name failslab, interval 1, probability 0, space 0, times 0
[ 1266.943118][T17206] CPU: 1 PID: 17206 Comm: syz-executor.4 Not tainted 5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1266.953423][T17206] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1266.963457][T17206] Call Trace:
[ 1266.966743][T17206]  dump_stack_lvl+0x1e2/0x24b
[ 1266.971401][T17206]  ? panic+0x7d7/0x7d7
[ 1266.975448][T17206]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1266.980880][T17206]  dump_stack+0x15/0x17
[ 1266.985020][T17206]  should_fail+0x3c0/0x510
[ 1266.989415][T17206]  ? __alloc_disk_node+0x75/0x330
[ 1266.994415][T17206]  __should_failslab+0x9f/0xe0
[ 1266.999155][T17206]  should_failslab+0x9/0x20
[ 1267.003634][T17206]  kmem_cache_alloc_trace+0x3a/0x330
[ 1267.008905][T17206]  __alloc_disk_node+0x75/0x330
[ 1267.013753][T17206]  loop_add+0x341/0x760
[ 1267.017888][T17206]  loop_control_ioctl+0x564/0x740
[ 1267.022897][T17206]  ? loop_remove+0xb0/0xb0
[ 1267.027290][T17206]  ? __fget_files+0x310/0x370
[ 1267.031943][T17206]  ? security_file_ioctl+0xb1/0xd0
[ 1267.037031][T17206]  ? loop_remove+0xb0/0xb0
[ 1267.041440][T17206]  __se_sys_ioctl+0x115/0x190
[ 1267.046103][T17206]  __x64_sys_ioctl+0x7b/0x90
[ 1267.050671][T17206]  do_syscall_64+0x34/0x70
[ 1267.055068][T17206]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1267.060936][T17206] RIP: 0033:0x7f6ee1968169
[ 1267.065329][T17206] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1267.084907][T17206] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1267.093294][T17206] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1267.101242][T17206] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
[ 1267.109189][T17206] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
[ 1267.117135][T17206] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
02:00:43 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x9d, 0x0)

[ 1267.125079][T17206] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
02:00:43 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0xa00)

02:00:44 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x9f, 0x0)

02:00:44 executing program 5:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
execveat(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000840)=[&(0x7f00000006c0)='\x00', 0x0], 0x100)
socket$inet_udplite(0x2, 0x2, 0x88)
setuid(0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff})
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:00:44 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2d, 0x0)

02:00:44 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x2000)

02:00:44 executing program 3:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:00:44 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000))
connect$unix(0xffffffffffffffff, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000008c0)='net/mcfilter6\x00')
r0 = socket$key(0xf, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x176}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(0x0, 0x0, &(0x7f0000000480)=0x3008)
sched_setscheduler(r1, 0x1, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$loop_ctrl(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413e850000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
chdir(&(0x7f00000001c0)='./bus\x00')
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0) (fail_nth: 33)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
setfsuid(0x0)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)
r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
recvmmsg(r7, &(0x7f0000002e80)=[{{&(0x7f00000003c0)=@nl=@proc, 0x80, &(0x7f0000000340)=[{0x0}, {&(0x7f00000013c0)=""/78, 0x4e}], 0x2, &(0x7f0000001740)=""/229, 0xe5}, 0x5}, {{&(0x7f0000001440)=@caif=@util, 0x80, &(0x7f0000001d80)=[{&(0x7f0000001840)=""/236, 0xec}, {&(0x7f0000000440)=""/20, 0x14}, {&(0x7f00000014c0)=""/43, 0x2b}, {&(0x7f0000001b80)=""/197, 0xc5}, {&(0x7f0000001940)=""/101, 0x65}, {&(0x7f00000016c0)=""/55, 0x37}, {&(0x7f0000001c80)=""/229, 0xe5}], 0x7, &(0x7f0000001e00)=""/1, 0x1}, 0x24000}, {{&(0x7f0000001e40)=@in6={0xa, 0x0, 0x0, @private2}, 0x80, &(0x7f0000001f80)=[{&(0x7f0000001ec0)=""/151, 0x97}, {&(0x7f0000002480)=""/184, 0xb8}, {&(0x7f0000002540)=""/151, 0x97}, {&(0x7f0000002780)=""/248, 0xf8}], 0x4, &(0x7f0000002880)=""/127, 0x7f}, 0xa9}, {{&(0x7f0000002900)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x80, &(0x7f0000001fc0)=[{&(0x7f0000002980)=""/98, 0x62}], 0x1, &(0x7f0000002140)=""/1, 0x1}, 0x3}, {{&(0x7f0000002a00)=@nl=@proc, 0x80, &(0x7f0000002c80)=[{&(0x7f0000002a80)=""/88, 0x58}, {&(0x7f0000002b00)=""/198, 0xc6}, {&(0x7f0000002c00)=""/106, 0x6a}], 0x3, &(0x7f0000002cc0)=""/36, 0x24}, 0x7}], 0x5, 0x1, &(0x7f0000002e40)={0x77359400})
sendmsg$key(r0, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)

02:00:44 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xa1, 0x0)

02:00:44 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x40000)

02:00:44 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2e, 0x0)

[ 1267.807587][T17246] 9pnet: bogus RWRITE count (2 > 1)
[ 1267.840091][T17251] FAULT_INJECTION: forcing a failure.
[ 1267.840091][T17251] name failslab, interval 1, probability 0, space 0, times 0
[ 1267.852858][T17251] CPU: 1 PID: 17251 Comm: syz-executor.4 Not tainted 5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1267.863163][T17251] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1267.873218][T17251] Call Trace:
[ 1267.876487][T17251]  dump_stack_lvl+0x1e2/0x24b
[ 1267.881137][T17251]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1267.886574][T17251]  ? pcpu_memcg_post_alloc_hook+0x1c8/0x340
[ 1267.892445][T17251]  dump_stack+0x15/0x17
[ 1267.896578][T17251]  should_fail+0x3c0/0x510
[ 1267.900970][T17251]  ? disk_expand_part_tbl+0x1b9/0x3f0
[ 1267.906314][T17251]  __should_failslab+0x9f/0xe0
[ 1267.911057][T17251]  should_failslab+0x9/0x20
[ 1267.915533][T17251]  __kmalloc+0x60/0x360
[ 1267.919666][T17251]  disk_expand_part_tbl+0x1b9/0x3f0
[ 1267.924844][T17251]  __alloc_disk_node+0x112/0x330
[ 1267.929758][T17251]  loop_add+0x341/0x760
[ 1267.934240][T17251]  loop_control_ioctl+0x564/0x740
[ 1267.939240][T17251]  ? loop_remove+0xb0/0xb0
[ 1267.943628][T17251]  ? __fget_files+0x310/0x370
[ 1267.948282][T17251]  ? security_file_ioctl+0xb1/0xd0
[ 1267.953367][T17251]  ? loop_remove+0xb0/0xb0
[ 1267.957757][T17251]  __se_sys_ioctl+0x115/0x190
[ 1267.962410][T17251]  __x64_sys_ioctl+0x7b/0x90
[ 1267.966986][T17251]  do_syscall_64+0x34/0x70
[ 1267.971383][T17251]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1267.977509][T17251] RIP: 0033:0x7f6ee1968169
[ 1267.981902][T17251] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1268.001921][T17251] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1268.010313][T17251] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1268.018261][T17251] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
[ 1268.026208][T17251] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
02:00:44 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x200000)

[ 1268.034169][T17251] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1268.042118][T17251] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
02:00:44 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2f, 0x0)

02:00:44 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xa3, 0x0)

02:00:44 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x1000000)

02:00:45 executing program 5:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
execveat(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000840)=[&(0x7f00000006c0)='\x00', 0x0], 0x100)
socket$inet_udplite(0x2, 0x2, 0x88)
setuid(0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff})
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:00:45 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x31, 0x0)

02:00:45 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x2000000)

02:00:45 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xa5, 0x0)

02:00:45 executing program 3:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000002a00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:00:45 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000))
connect$unix(0xffffffffffffffff, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000008c0)='net/mcfilter6\x00')
r0 = socket$key(0xf, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x176}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(0x0, 0x0, &(0x7f0000000480)=0x3008)
sched_setscheduler(r1, 0x1, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$loop_ctrl(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413e850000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
chdir(&(0x7f00000001c0)='./bus\x00')
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0) (fail_nth: 34)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
setfsuid(0x0)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)
r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
recvmmsg(r7, &(0x7f0000002e80)=[{{&(0x7f00000003c0)=@nl=@proc, 0x80, &(0x7f0000000340)=[{0x0}, {&(0x7f00000013c0)=""/78, 0x4e}], 0x2, &(0x7f0000001740)=""/229, 0xe5}, 0x5}, {{&(0x7f0000001440)=@caif=@util, 0x80, &(0x7f0000001d80)=[{&(0x7f0000001840)=""/236, 0xec}, {&(0x7f0000000440)=""/20, 0x14}, {&(0x7f00000014c0)=""/43, 0x2b}, {&(0x7f0000001b80)=""/197, 0xc5}, {&(0x7f0000001940)=""/101, 0x65}, {&(0x7f00000016c0)=""/55, 0x37}, {&(0x7f0000001c80)=""/229, 0xe5}], 0x7, &(0x7f0000001e00)=""/1, 0x1}, 0x24000}, {{&(0x7f0000001e40)=@in6={0xa, 0x0, 0x0, @private2}, 0x80, &(0x7f0000001f80)=[{&(0x7f0000001ec0)=""/151, 0x97}, {&(0x7f0000002480)=""/184, 0xb8}, {&(0x7f0000002540)=""/151, 0x97}, {&(0x7f0000002780)=""/248, 0xf8}], 0x4, &(0x7f0000002880)=""/127, 0x7f}, 0xa9}, {{&(0x7f0000002900)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x80, &(0x7f0000001fc0)=[{&(0x7f0000002980)=""/98, 0x62}], 0x1, &(0x7f0000002140)=""/1, 0x1}, 0x3}, {{&(0x7f0000002a00)=@nl=@proc, 0x80, &(0x7f0000002c80)=[{&(0x7f0000002a80)=""/88, 0x58}, {&(0x7f0000002b00)=""/198, 0xc6}, {&(0x7f0000002c00)=""/106, 0x6a}], 0x3, &(0x7f0000002cc0)=""/36, 0x24}, 0x7}], 0x5, 0x1, &(0x7f0000002e40)={0x77359400})
sendmsg$key(r0, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)

[ 1268.772522][T17250] 9pnet: bogus RWRITE count (2 > 1)
02:00:45 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x33, 0x0)

02:00:45 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x4000000)

02:00:45 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xa7, 0x0)

02:00:45 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x35, 0x0)

02:00:45 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x8000000)

[ 1268.905227][T17298] FAULT_INJECTION: forcing a failure.
[ 1268.905227][T17298] name failslab, interval 1, probability 0, space 0, times 0
[ 1268.918028][T17298] CPU: 1 PID: 17298 Comm: syz-executor.4 Not tainted 5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1268.928337][T17298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1268.938367][T17298] Call Trace:
[ 1268.941639][T17298]  dump_stack_lvl+0x1e2/0x24b
[ 1268.946293][T17298]  ? panic+0x7d7/0x7d7
[ 1268.950339][T17298]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1268.955772][T17298]  ? find_next_bit+0xd6/0x120
[ 1268.960429][T17298]  ? cpumask_next+0x11/0x30
[ 1268.964911][T17298]  dump_stack+0x15/0x17
[ 1268.969040][T17298]  should_fail+0x3c0/0x510
[ 1268.973430][T17298]  ? percpu_ref_init+0xd0/0x340
[ 1268.978253][T17298]  __should_failslab+0x9f/0xe0
[ 1268.982992][T17298]  should_failslab+0x9/0x20
[ 1268.987485][T17298]  kmem_cache_alloc_trace+0x3a/0x330
[ 1268.992747][T17298]  percpu_ref_init+0xd0/0x340
[ 1268.997414][T17298]  ? hd_ref_init+0x50/0x50
[ 1269.001808][T17298]  hd_ref_init+0x27/0x50
[ 1269.006025][T17298]  __alloc_disk_node+0x1be/0x330
[ 1269.010945][T17298]  loop_add+0x341/0x760
[ 1269.015078][T17298]  loop_control_ioctl+0x564/0x740
[ 1269.020079][T17298]  ? loop_remove+0xb0/0xb0
[ 1269.024578][T17298]  ? __fget_files+0x310/0x370
[ 1269.029232][T17298]  ? security_file_ioctl+0xb1/0xd0
[ 1269.034315][T17298]  ? loop_remove+0xb0/0xb0
[ 1269.038705][T17298]  __se_sys_ioctl+0x115/0x190
[ 1269.043356][T17298]  __x64_sys_ioctl+0x7b/0x90
[ 1269.047919][T17298]  do_syscall_64+0x34/0x70
[ 1269.052313][T17298]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1269.058176][T17298] RIP: 0033:0x7f6ee1968169
[ 1269.062570][T17298] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1269.082147][T17298] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1269.090534][T17298] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1269.098480][T17298] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
[ 1269.106426][T17298] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
[ 1269.114375][T17298] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1269.122324][T17298] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
02:00:45 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xa9, 0x0)

02:00:46 executing program 5:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
execveat(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000840)=[&(0x7f00000006c0)='\x00', 0x0], 0x100)
socket$inet_udplite(0x2, 0x2, 0x88)
setuid(0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff})
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:00:46 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x37, 0x0)

02:00:46 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0xa000000)

02:00:46 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xab, 0x0)

02:00:46 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000))
connect$unix(0xffffffffffffffff, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000008c0)='net/mcfilter6\x00')
r0 = socket$key(0xf, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x176}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(0x0, 0x0, &(0x7f0000000480)=0x3008)
sched_setscheduler(r1, 0x1, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$loop_ctrl(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413e850000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
chdir(&(0x7f00000001c0)='./bus\x00')
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0) (fail_nth: 35)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
setfsuid(0x0)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)
r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
recvmmsg(r7, &(0x7f0000002e80)=[{{&(0x7f00000003c0)=@nl=@proc, 0x80, &(0x7f0000000340)=[{0x0}, {&(0x7f00000013c0)=""/78, 0x4e}], 0x2, &(0x7f0000001740)=""/229, 0xe5}, 0x5}, {{&(0x7f0000001440)=@caif=@util, 0x80, &(0x7f0000001d80)=[{&(0x7f0000001840)=""/236, 0xec}, {&(0x7f0000000440)=""/20, 0x14}, {&(0x7f00000014c0)=""/43, 0x2b}, {&(0x7f0000001b80)=""/197, 0xc5}, {&(0x7f0000001940)=""/101, 0x65}, {&(0x7f00000016c0)=""/55, 0x37}, {&(0x7f0000001c80)=""/229, 0xe5}], 0x7, &(0x7f0000001e00)=""/1, 0x1}, 0x24000}, {{&(0x7f0000001e40)=@in6={0xa, 0x0, 0x0, @private2}, 0x80, &(0x7f0000001f80)=[{&(0x7f0000001ec0)=""/151, 0x97}, {&(0x7f0000002480)=""/184, 0xb8}, {&(0x7f0000002540)=""/151, 0x97}, {&(0x7f0000002780)=""/248, 0xf8}], 0x4, &(0x7f0000002880)=""/127, 0x7f}, 0xa9}, {{&(0x7f0000002900)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x80, &(0x7f0000001fc0)=[{&(0x7f0000002980)=""/98, 0x62}], 0x1, &(0x7f0000002140)=""/1, 0x1}, 0x3}, {{&(0x7f0000002a00)=@nl=@proc, 0x80, &(0x7f0000002c80)=[{&(0x7f0000002a80)=""/88, 0x58}, {&(0x7f0000002b00)=""/198, 0xc6}, {&(0x7f0000002c00)=""/106, 0x6a}], 0x3, &(0x7f0000002cc0)=""/36, 0x24}, 0x7}], 0x5, 0x1, &(0x7f0000002e40)={0x77359400})
sendmsg$key(r0, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)

02:00:46 executing program 3:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000002a00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:00:46 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x1c8001a0)

02:00:46 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x39, 0x0)

02:00:46 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xad, 0x0)

02:00:46 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x8cffffff)

[ 1269.817088][T17344] FAULT_INJECTION: forcing a failure.
[ 1269.817088][T17344] name failslab, interval 1, probability 0, space 0, times 0
[ 1269.830032][T17344] CPU: 0 PID: 17344 Comm: syz-executor.4 Not tainted 5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1269.840351][T17344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1269.850383][T17344] Call Trace:
[ 1269.853671][T17344]  dump_stack_lvl+0x1e2/0x24b
[ 1269.858329][T17344]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1269.863765][T17344]  dump_stack+0x15/0x17
[ 1269.867896][T17344]  should_fail+0x3c0/0x510
[ 1269.872286][T17344]  ? rand_initialize_disk+0x4f/0xa8
[ 1269.877466][T17344]  __should_failslab+0x9f/0xe0
[ 1269.882227][T17344]  should_failslab+0x9/0x20
[ 1269.886710][T17344]  kmem_cache_alloc_trace+0x3a/0x330
[ 1269.891972][T17344]  ? __kasan_check_write+0x14/0x20
[ 1269.897073][T17344]  ? percpu_ref_init+0x237/0x340
[ 1269.901987][T17344]  ? hd_ref_init+0x50/0x50
[ 1269.906385][T17344]  rand_initialize_disk+0x4f/0xa8
[ 1269.911386][T17344]  __alloc_disk_node+0x29a/0x330
[ 1269.916387][T17344]  loop_add+0x341/0x760
[ 1269.920696][T17344]  loop_control_ioctl+0x564/0x740
[ 1269.925701][T17344]  ? loop_remove+0xb0/0xb0
[ 1269.930096][T17344]  ? __fget_files+0x310/0x370
[ 1269.934748][T17344]  ? security_file_ioctl+0xb1/0xd0
[ 1269.939837][T17344]  ? loop_remove+0xb0/0xb0
[ 1269.944231][T17344]  __se_sys_ioctl+0x115/0x190
[ 1269.948884][T17344]  __x64_sys_ioctl+0x7b/0x90
[ 1269.953464][T17344]  do_syscall_64+0x34/0x70
[ 1269.957856][T17344]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1269.963735][T17344] RIP: 0033:0x7f6ee1968169
[ 1269.968129][T17344] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1269.987724][T17344] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1269.996126][T17344] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1270.004072][T17344] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
02:00:46 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x3b, 0x0)

[ 1270.012033][T17344] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
[ 1270.019982][T17344] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1270.027929][T17344] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
02:00:46 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0xa00029d8)

[ 1270.785496][T17331] 9pnet: bogus RWRITE count (2 > 1)
02:00:47 executing program 5:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
execveat(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000840)=[&(0x7f00000006c0)='\x00', 0x0], 0x100)
socket$inet_udplite(0x2, 0x2, 0x88)
setuid(0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff})
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000085"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:00:47 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xaf, 0x0)

02:00:47 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x3d, 0x0)

02:00:47 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0xa001801c)

02:00:47 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000))
connect$unix(0xffffffffffffffff, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000008c0)='net/mcfilter6\x00')
r0 = socket$key(0xf, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x176}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(0x0, 0x0, &(0x7f0000000480)=0x3008)
sched_setscheduler(r1, 0x1, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$loop_ctrl(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413e850000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
chdir(&(0x7f00000001c0)='./bus\x00')
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0) (fail_nth: 36)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
setfsuid(0x0)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)
r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
recvmmsg(r7, &(0x7f0000002e80)=[{{&(0x7f00000003c0)=@nl=@proc, 0x80, &(0x7f0000000340)=[{0x0}, {&(0x7f00000013c0)=""/78, 0x4e}], 0x2, &(0x7f0000001740)=""/229, 0xe5}, 0x5}, {{&(0x7f0000001440)=@caif=@util, 0x80, &(0x7f0000001d80)=[{&(0x7f0000001840)=""/236, 0xec}, {&(0x7f0000000440)=""/20, 0x14}, {&(0x7f00000014c0)=""/43, 0x2b}, {&(0x7f0000001b80)=""/197, 0xc5}, {&(0x7f0000001940)=""/101, 0x65}, {&(0x7f00000016c0)=""/55, 0x37}, {&(0x7f0000001c80)=""/229, 0xe5}], 0x7, &(0x7f0000001e00)=""/1, 0x1}, 0x24000}, {{&(0x7f0000001e40)=@in6={0xa, 0x0, 0x0, @private2}, 0x80, &(0x7f0000001f80)=[{&(0x7f0000001ec0)=""/151, 0x97}, {&(0x7f0000002480)=""/184, 0xb8}, {&(0x7f0000002540)=""/151, 0x97}, {&(0x7f0000002780)=""/248, 0xf8}], 0x4, &(0x7f0000002880)=""/127, 0x7f}, 0xa9}, {{&(0x7f0000002900)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x80, &(0x7f0000001fc0)=[{&(0x7f0000002980)=""/98, 0x62}], 0x1, &(0x7f0000002140)=""/1, 0x1}, 0x3}, {{&(0x7f0000002a00)=@nl=@proc, 0x80, &(0x7f0000002c80)=[{&(0x7f0000002a80)=""/88, 0x58}, {&(0x7f0000002b00)=""/198, 0xc6}, {&(0x7f0000002c00)=""/106, 0x6a}], 0x3, &(0x7f0000002cc0)=""/36, 0x24}, 0x7}], 0x5, 0x1, &(0x7f0000002e40)={0x77359400})
sendmsg$key(r0, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)

02:00:47 executing program 3:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000002a00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

[ 1270.851482][T17341] 9pnet: bogus RWRITE count (2 > 1)
02:00:47 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0xd82900a0)

02:00:47 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x41, 0x0)

02:00:47 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xb1, 0x0)

02:00:47 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x43, 0x0)

[ 1270.979032][T17388] FAULT_INJECTION: forcing a failure.
[ 1270.979032][T17388] name failslab, interval 1, probability 0, space 0, times 0
[ 1270.991666][T17388] CPU: 1 PID: 17388 Comm: syz-executor.4 Not tainted 5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1271.001969][T17388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1271.012007][T17388] Call Trace:
[ 1271.015302][T17388]  dump_stack_lvl+0x1e2/0x24b
[ 1271.019951][T17388]  ? panic+0x7d7/0x7d7
[ 1271.023995][T17388]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1271.029430][T17388]  ? memset+0x35/0x40
[ 1271.033405][T17388]  dump_stack+0x15/0x17
[ 1271.037535][T17388]  should_fail+0x3c0/0x510
[ 1271.041926][T17388]  ? device_create+0x11d/0x2e0
[ 1271.046667][T17388]  __should_failslab+0x9f/0xe0
[ 1271.051405][T17388]  should_failslab+0x9/0x20
[ 1271.055885][T17388]  kmem_cache_alloc_trace+0x3a/0x330
[ 1271.061146][T17388]  ? vsnprintf+0x1fa/0x1cd0
[ 1271.065623][T17388]  device_create+0x11d/0x2e0
[ 1271.070192][T17388]  ? root_device_unregister+0x80/0x80
[ 1271.075541][T17388]  ? number+0xd9b/0x1040
[ 1271.079760][T17388]  bdi_register_va+0x94/0x600
[ 1271.084410][T17388]  bdi_register+0xd1/0x120
[ 1271.088805][T17388]  ? __device_add_disk+0x536/0x11d0
[ 1271.093974][T17388]  ? bdi_register_va+0x600/0x600
[ 1271.098887][T17388]  ? vsnprintf+0x1bfd/0x1cd0
[ 1271.103454][T17388]  ? __kasan_check_read+0x11/0x20
[ 1271.108450][T17388]  ? blk_alloc_devt+0xd4/0x320
[ 1271.113211][T17388]  __device_add_disk+0x5cb/0x11d0
[ 1271.118211][T17388]  ? device_add_disk+0x40/0x40
[ 1271.122949][T17388]  ? loop_add+0x400/0x760
[ 1271.127252][T17388]  ? vsprintf+0x40/0x40
[ 1271.131385][T17388]  device_add_disk+0x2a/0x40
[ 1271.135950][T17388]  loop_add+0x58f/0x760
[ 1271.140094][T17388]  loop_control_ioctl+0x564/0x740
[ 1271.145095][T17388]  ? loop_remove+0xb0/0xb0
[ 1271.149485][T17388]  ? __fget_files+0x310/0x370
[ 1271.154162][T17388]  ? security_file_ioctl+0xb1/0xd0
[ 1271.159252][T17388]  ? loop_remove+0xb0/0xb0
[ 1271.163646][T17388]  __se_sys_ioctl+0x115/0x190
[ 1271.168299][T17388]  __x64_sys_ioctl+0x7b/0x90
[ 1271.172864][T17388]  do_syscall_64+0x34/0x70
[ 1271.177256][T17388]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1271.183122][T17388] RIP: 0033:0x7f6ee1968169
[ 1271.187517][T17388] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1271.207110][T17388] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1271.215501][T17388] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1271.223448][T17388] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
[ 1271.231396][T17388] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
[ 1271.239346][T17388] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1271.247291][T17388] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
[ 1271.255454][T17388] ------------[ cut here ]------------
[ 1271.260921][T17388] WARNING: CPU: 1 PID: 17388 at block/genhd.c:821 __device_add_disk+0xe7c/0x11d0
[ 1271.270039][T17388] Modules linked in:
[ 1271.273958][T17388] CPU: 1 PID: 17388 Comm: syz-executor.4 Not tainted 5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1271.284282][T17388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1271.294371][T17388] RIP: 0010:__device_add_disk+0xe7c/0x11d0
[ 1271.300172][T17388] Code: ff ff e8 b7 ee 2b ff 0f 0b e9 28 f3 ff ff e8 ab ee 2b ff 0f 0b 42 80 3c 33 00 0f 85 db f8 ff ff e9 de f8 ff ff e8 94 ee 2b ff <0f> 0b e9 60 f7 ff ff e8 88 ee 2b ff e9 13 ff ff ff 44 89 f1 80 e1
[ 1271.319816][T17388] RSP: 0018:ffffc90002d97bc0 EFLAGS: 00010283
[ 1271.325902][T17388] RAX: ffffffff8241331c RBX: 00000000fffffff4 RCX: 0000000000040000
[ 1271.333885][T17388] RDX: ffffc90004706000 RSI: 0000000000025248 RDI: 0000000000025249
[ 1271.341867][T17388] RBP: ffffc90002d97d08 R08: ffffffff82412a76 R09: fffffbfff0c859bf
[ 1271.349857][T17388] R10: fffffbfff0c859bf R11: 1ffffffff0c859be R12: 0000000000000007
[ 1271.357841][T17388] R13: ffff8881069f9000 R14: ffff8881069fa338 R15: ffff8881069fa000
[ 1271.365824][T17388] FS:  00007f6ee0699700(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[ 1271.374837][T17388] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1271.381427][T17388] CR2: 00007f6ee0698ff8 CR3: 0000000157f55000 CR4: 00000000003506a0
[ 1271.389432][T17388] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1271.397419][T17388] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1271.405422][T17388] Call Trace:
[ 1271.408715][T17388]  ? device_add_disk+0x40/0x40
[ 1271.413499][T17388]  ? loop_add+0x400/0x760
[ 1271.417827][T17388]  ? vsprintf+0x40/0x40
[ 1271.422000][T17388]  device_add_disk+0x2a/0x40
[ 1271.426588][T17388]  loop_add+0x58f/0x760
[ 1271.430739][T17388]  loop_control_ioctl+0x564/0x740
[ 1271.435781][T17388]  ? loop_remove+0xb0/0xb0
[ 1271.440194][T17388]  ? __fget_files+0x310/0x370
[ 1271.444883][T17388]  ? security_file_ioctl+0xb1/0xd0
[ 1271.449992][T17388]  ? loop_remove+0xb0/0xb0
[ 1271.454424][T17388]  __se_sys_ioctl+0x115/0x190
[ 1271.459098][T17388]  __x64_sys_ioctl+0x7b/0x90
[ 1271.463723][T17388]  do_syscall_64+0x34/0x70
[ 1271.468150][T17388]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1271.474053][T17388] RIP: 0033:0x7f6ee1968169
[ 1271.478481][T17388] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1271.498095][T17388] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1271.506523][T17388] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1271.514504][T17388] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
[ 1271.522499][T17388] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
02:00:47 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0xf6ffffff)

[ 1271.530467][T17388] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1271.538443][T17388] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
[ 1271.546457][T17388] ---[ end trace c3340b11af948362 ]---
[ 1271.574444][T22520] udevd[22520]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory
02:00:48 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xb3, 0x0)

02:00:48 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x45, 0x0)

02:00:48 executing program 3:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:00:48 executing program 5:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
execveat(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000840)=[&(0x7f00000006c0)='\x00', 0x0], 0x100)
socket$inet_udplite(0x2, 0x2, 0x88)
setuid(0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff})
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000085"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:00:48 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0xfbffffff)

02:00:48 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000))
connect$unix(0xffffffffffffffff, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000008c0)='net/mcfilter6\x00')
r0 = socket$key(0xf, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x176}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(0x0, 0x0, &(0x7f0000000480)=0x3008)
sched_setscheduler(r1, 0x1, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$loop_ctrl(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413e850000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
chdir(&(0x7f00000001c0)='./bus\x00')
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0) (fail_nth: 37)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
setfsuid(0x0)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)
r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
recvmmsg(r7, &(0x7f0000002e80)=[{{&(0x7f00000003c0)=@nl=@proc, 0x80, &(0x7f0000000340)=[{0x0}, {&(0x7f00000013c0)=""/78, 0x4e}], 0x2, &(0x7f0000001740)=""/229, 0xe5}, 0x5}, {{&(0x7f0000001440)=@caif=@util, 0x80, &(0x7f0000001d80)=[{&(0x7f0000001840)=""/236, 0xec}, {&(0x7f0000000440)=""/20, 0x14}, {&(0x7f00000014c0)=""/43, 0x2b}, {&(0x7f0000001b80)=""/197, 0xc5}, {&(0x7f0000001940)=""/101, 0x65}, {&(0x7f00000016c0)=""/55, 0x37}, {&(0x7f0000001c80)=""/229, 0xe5}], 0x7, &(0x7f0000001e00)=""/1, 0x1}, 0x24000}, {{&(0x7f0000001e40)=@in6={0xa, 0x0, 0x0, @private2}, 0x80, &(0x7f0000001f80)=[{&(0x7f0000001ec0)=""/151, 0x97}, {&(0x7f0000002480)=""/184, 0xb8}, {&(0x7f0000002540)=""/151, 0x97}, {&(0x7f0000002780)=""/248, 0xf8}], 0x4, &(0x7f0000002880)=""/127, 0x7f}, 0xa9}, {{&(0x7f0000002900)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x80, &(0x7f0000001fc0)=[{&(0x7f0000002980)=""/98, 0x62}], 0x1, &(0x7f0000002140)=""/1, 0x1}, 0x3}, {{&(0x7f0000002a00)=@nl=@proc, 0x80, &(0x7f0000002c80)=[{&(0x7f0000002a80)=""/88, 0x58}, {&(0x7f0000002b00)=""/198, 0xc6}, {&(0x7f0000002c00)=""/106, 0x6a}], 0x3, &(0x7f0000002cc0)=""/36, 0x24}, 0x7}], 0x5, 0x1, &(0x7f0000002e40)={0x77359400})
sendmsg$key(r0, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)

02:00:48 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x47, 0x0)

02:00:48 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0xffffff8c)

02:00:48 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xb5, 0x0)

02:00:48 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x49, 0x0)

02:00:48 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0xfffffff6)

02:00:48 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xb7, 0x0)

02:00:48 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0xfffffffb)

02:00:48 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x4b, 0x0)

[ 1272.167395][T17433] FAULT_INJECTION: forcing a failure.
[ 1272.167395][T17433] name failslab, interval 1, probability 0, space 0, times 0
[ 1272.180026][T17433] CPU: 1 PID: 17433 Comm: syz-executor.4 Tainted: G        W         5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1272.191720][T17433] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1272.201753][T17433] Call Trace:
[ 1272.205023][T17433]  dump_stack_lvl+0x1e2/0x24b
[ 1272.209676][T17433]  ? panic+0x7d7/0x7d7
[ 1272.213725][T17433]  ? entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1272.219764][T17433]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1272.225205][T17433]  dump_stack+0x15/0x17
[ 1272.229338][T17433]  should_fail+0x3c0/0x510
[ 1272.233731][T17433]  ? kvasprintf_const+0x139/0x180
[ 1272.238743][T17433]  __should_failslab+0x9f/0xe0
[ 1272.243480][T17433]  should_failslab+0x9/0x20
[ 1272.247958][T17433]  __kmalloc_track_caller+0x5f/0x350
[ 1272.253223][T17433]  ? __hrtimer_init+0x17b/0x260
[ 1272.258047][T17433]  kstrdup_const+0x55/0x90
[ 1272.262440][T17433]  kvasprintf_const+0x139/0x180
[ 1272.267268][T17433]  kobject_set_name_vargs+0x61/0x120
[ 1272.272529][T17433]  device_create+0x222/0x2e0
[ 1272.277093][T17433]  ? root_device_unregister+0x80/0x80
[ 1272.282440][T17433]  ? number+0xd9b/0x1040
[ 1272.286657][T17433]  bdi_register_va+0x94/0x600
[ 1272.291307][T17433]  bdi_register+0xd1/0x120
[ 1272.295697][T17433]  ? __device_add_disk+0x536/0x11d0
[ 1272.300872][T17433]  ? bdi_register_va+0x600/0x600
[ 1272.305785][T17433]  ? vsnprintf+0x1bfd/0x1cd0
[ 1272.310352][T17433]  ? __kasan_check_read+0x11/0x20
[ 1272.315347][T17433]  ? blk_alloc_devt+0xd4/0x320
[ 1272.320085][T17433]  __device_add_disk+0x5cb/0x11d0
[ 1272.325087][T17433]  ? device_add_disk+0x40/0x40
[ 1272.329834][T17433]  ? loop_add+0x400/0x760
[ 1272.334138][T17433]  ? vsprintf+0x40/0x40
[ 1272.338273][T17433]  device_add_disk+0x2a/0x40
[ 1272.342840][T17433]  loop_add+0x58f/0x760
[ 1272.346971][T17433]  loop_control_ioctl+0x564/0x740
[ 1272.351983][T17433]  ? loop_remove+0xb0/0xb0
[ 1272.356374][T17433]  ? __fget_files+0x310/0x370
[ 1272.361041][T17433]  ? security_file_ioctl+0xb1/0xd0
[ 1272.366136][T17433]  ? loop_remove+0xb0/0xb0
[ 1272.370541][T17433]  __se_sys_ioctl+0x115/0x190
[ 1272.375193][T17433]  __x64_sys_ioctl+0x7b/0x90
[ 1272.379765][T17433]  do_syscall_64+0x34/0x70
[ 1272.384162][T17433]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1272.390036][T17433] RIP: 0033:0x7f6ee1968169
[ 1272.394429][T17433] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1272.414007][T17433] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1272.422394][T17433] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1272.430342][T17433] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
[ 1272.438287][T17433] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
[ 1272.446242][T17433] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1272.454189][T17433] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
[ 1272.462370][T17433] ------------[ cut here ]------------
[ 1272.467841][T17433] WARNING: CPU: 1 PID: 17433 at block/genhd.c:821 __device_add_disk+0xe7c/0x11d0
[ 1272.476955][T17433] Modules linked in:
[ 1272.480854][T17433] CPU: 1 PID: 17433 Comm: syz-executor.4 Tainted: G        W         5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1272.492576][T17433] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1272.502681][T17433] RIP: 0010:__device_add_disk+0xe7c/0x11d0
[ 1272.508489][T17433] Code: ff ff e8 b7 ee 2b ff 0f 0b e9 28 f3 ff ff e8 ab ee 2b ff 0f 0b 42 80 3c 33 00 0f 85 db f8 ff ff e9 de f8 ff ff e8 94 ee 2b ff <0f> 0b e9 60 f7 ff ff e8 88 ee 2b ff e9 13 ff ff ff 44 89 f1 80 e1
[ 1272.528151][T17433] RSP: 0018:ffffc90002e87bc0 EFLAGS: 00010287
[ 1272.534240][T17433] RAX: ffffffff8241331c RBX: 00000000fffffff4 RCX: 0000000000040000
[ 1272.542223][T17433] RDX: ffffc90004706000 RSI: 0000000000027992 RDI: 0000000000027993
[ 1272.550193][T17433] RBP: ffffc90002e87d08 R08: ffffffff82412a76 R09: 0000000000000003
[ 1272.558173][T17433] R10: fffff520005d0e85 R11: 1ffff920005d0e84 R12: 0000000000000007
[ 1272.566163][T17433] R13: ffff8881069fa000 R14: ffff8881069f9338 R15: ffff8881069f9000
[ 1272.574196][T17433] FS:  00007f6ee0699700(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[ 1272.583212][T17433] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1272.589798][T17433] CR2: 00007f6ee0698ff8 CR3: 000000016f03c000 CR4: 00000000003506a0
[ 1272.597873][T17433] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1272.605882][T17433] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1272.613903][T17433] Call Trace:
[ 1272.617193][T17433]  ? device_add_disk+0x40/0x40
[ 1272.621975][T17433]  ? loop_add+0x400/0x760
[ 1272.626312][T17433]  ? vsprintf+0x40/0x40
[ 1272.630469][T17433]  device_add_disk+0x2a/0x40
[ 1272.635075][T17433]  loop_add+0x58f/0x760
[ 1272.639240][T17433]  loop_control_ioctl+0x564/0x740
[ 1272.644296][T17433]  ? loop_remove+0xb0/0xb0
[ 1272.648712][T17433]  ? __fget_files+0x310/0x370
[ 1272.653427][T17433]  ? security_file_ioctl+0xb1/0xd0
[ 1272.658537][T17433]  ? loop_remove+0xb0/0xb0
[ 1272.662964][T17433]  __se_sys_ioctl+0x115/0x190
[ 1272.667643][T17433]  __x64_sys_ioctl+0x7b/0x90
[ 1272.672299][T17433]  do_syscall_64+0x34/0x70
[ 1272.676747][T17433]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1272.682762][T17433] RIP: 0033:0x7f6ee1968169
[ 1272.687203][T17433] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1272.706881][T17433] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1272.715315][T17433] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1272.723321][T17433] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
[ 1272.731298][T17433] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
[ 1272.739303][T17433] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1272.747292][T17433] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
[ 1272.755286][T17433] ---[ end trace c3340b11af948363 ]---
02:00:49 executing program 3:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:00:49 executing program 5:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
execveat(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000840)=[&(0x7f00000006c0)='\x00', 0x0], 0x100)
socket$inet_udplite(0x2, 0x2, 0x88)
setuid(0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff})
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000085"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:00:49 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x4000000000000)

02:00:49 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000))
connect$unix(0xffffffffffffffff, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000008c0)='net/mcfilter6\x00')
r0 = socket$key(0xf, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x176}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(0x0, 0x0, &(0x7f0000000480)=0x3008)
sched_setscheduler(r1, 0x1, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$loop_ctrl(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413e850000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
chdir(&(0x7f00000001c0)='./bus\x00')
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0) (fail_nth: 38)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
setfsuid(0x0)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)
r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
recvmmsg(r7, &(0x7f0000002e80)=[{{&(0x7f00000003c0)=@nl=@proc, 0x80, &(0x7f0000000340)=[{0x0}, {&(0x7f00000013c0)=""/78, 0x4e}], 0x2, &(0x7f0000001740)=""/229, 0xe5}, 0x5}, {{&(0x7f0000001440)=@caif=@util, 0x80, &(0x7f0000001d80)=[{&(0x7f0000001840)=""/236, 0xec}, {&(0x7f0000000440)=""/20, 0x14}, {&(0x7f00000014c0)=""/43, 0x2b}, {&(0x7f0000001b80)=""/197, 0xc5}, {&(0x7f0000001940)=""/101, 0x65}, {&(0x7f00000016c0)=""/55, 0x37}, {&(0x7f0000001c80)=""/229, 0xe5}], 0x7, &(0x7f0000001e00)=""/1, 0x1}, 0x24000}, {{&(0x7f0000001e40)=@in6={0xa, 0x0, 0x0, @private2}, 0x80, &(0x7f0000001f80)=[{&(0x7f0000001ec0)=""/151, 0x97}, {&(0x7f0000002480)=""/184, 0xb8}, {&(0x7f0000002540)=""/151, 0x97}, {&(0x7f0000002780)=""/248, 0xf8}], 0x4, &(0x7f0000002880)=""/127, 0x7f}, 0xa9}, {{&(0x7f0000002900)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x80, &(0x7f0000001fc0)=[{&(0x7f0000002980)=""/98, 0x62}], 0x1, &(0x7f0000002140)=""/1, 0x1}, 0x3}, {{&(0x7f0000002a00)=@nl=@proc, 0x80, &(0x7f0000002c80)=[{&(0x7f0000002a80)=""/88, 0x58}, {&(0x7f0000002b00)=""/198, 0xc6}, {&(0x7f0000002c00)=""/106, 0x6a}], 0x3, &(0x7f0000002cc0)=""/36, 0x24}, 0x7}], 0x5, 0x1, &(0x7f0000002e40)={0x77359400})
sendmsg$key(r0, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)

02:00:49 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x4d, 0x0)

02:00:49 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xb9, 0x0)

02:00:49 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x20000000000000)

02:00:49 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x4f, 0x0)

02:00:49 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x100000000000000)

02:00:49 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xbb, 0x0)

02:00:49 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x200000000000000)

[ 1273.295943][T17483] FAULT_INJECTION: forcing a failure.
[ 1273.295943][T17483] name failslab, interval 1, probability 0, space 0, times 0
[ 1273.308586][T17483] CPU: 0 PID: 17483 Comm: syz-executor.4 Tainted: G        W         5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1273.320281][T17483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1273.330311][T17483] Call Trace:
[ 1273.333581][T17483]  dump_stack_lvl+0x1e2/0x24b
[ 1273.338235][T17483]  ? panic+0x7d7/0x7d7
[ 1273.342282][T17483]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1273.347714][T17483]  dump_stack+0x15/0x17
[ 1273.351847][T17483]  should_fail+0x3c0/0x510
[ 1273.356237][T17483]  ? device_add+0xbe/0xbd0
[ 1273.360629][T17483]  __should_failslab+0x9f/0xe0
[ 1273.365372][T17483]  should_failslab+0x9/0x20
[ 1273.369851][T17483]  kmem_cache_alloc_trace+0x3a/0x330
[ 1273.375113][T17483]  ? __kasan_check_write+0x14/0x20
[ 1273.380199][T17483]  device_add+0xbe/0xbd0
[ 1273.384417][T17483]  ? kfree_const+0x39/0x40
[ 1273.388809][T17483]  ? kobject_set_name_vargs+0xce/0x120
[ 1273.394255][T17483]  device_create+0x258/0x2e0
[ 1273.398823][T17483]  ? root_device_unregister+0x80/0x80
[ 1273.404171][T17483]  ? number+0xd9b/0x1040
[ 1273.408389][T17483]  bdi_register_va+0x94/0x600
[ 1273.413040][T17483]  bdi_register+0xd1/0x120
[ 1273.417436][T17483]  ? __device_add_disk+0x536/0x11d0
[ 1273.422606][T17483]  ? bdi_register_va+0x600/0x600
[ 1273.427517][T17483]  ? vsnprintf+0x1bfd/0x1cd0
[ 1273.432084][T17483]  ? __kasan_check_read+0x11/0x20
[ 1273.437083][T17483]  ? blk_alloc_devt+0xd4/0x320
[ 1273.441821][T17483]  __device_add_disk+0x5cb/0x11d0
[ 1273.446822][T17483]  ? device_add_disk+0x40/0x40
[ 1273.451567][T17483]  ? loop_add+0x400/0x760
[ 1273.455872][T17483]  ? vsprintf+0x40/0x40
[ 1273.460007][T17483]  device_add_disk+0x2a/0x40
[ 1273.464588][T17483]  loop_add+0x58f/0x760
[ 1273.468731][T17483]  loop_control_ioctl+0x564/0x740
[ 1273.473735][T17483]  ? loop_remove+0xb0/0xb0
[ 1273.478130][T17483]  ? __fget_files+0x310/0x370
[ 1273.482787][T17483]  ? security_file_ioctl+0xb1/0xd0
[ 1273.487907][T17483]  ? loop_remove+0xb0/0xb0
[ 1273.492307][T17483]  __se_sys_ioctl+0x115/0x190
[ 1273.496965][T17483]  __x64_sys_ioctl+0x7b/0x90
[ 1273.501535][T17483]  do_syscall_64+0x34/0x70
[ 1273.505931][T17483]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1273.511803][T17483] RIP: 0033:0x7f6ee1968169
[ 1273.516200][T17483] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1273.535876][T17483] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1273.544271][T17483] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1273.552331][T17483] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
[ 1273.560284][T17483] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
[ 1273.568233][T17483] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1273.576210][T17483] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
[ 1273.584423][T17483] ------------[ cut here ]------------
[ 1273.589930][T17483] WARNING: CPU: 0 PID: 17483 at block/genhd.c:821 __device_add_disk+0xe7c/0x11d0
[ 1273.599056][T17483] Modules linked in:
[ 1273.602985][T17483] CPU: 0 PID: 17483 Comm: syz-executor.4 Tainted: G        W         5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1273.614894][T17483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1273.625254][T17483] RIP: 0010:__device_add_disk+0xe7c/0x11d0
[ 1273.631075][T17483] Code: ff ff e8 b7 ee 2b ff 0f 0b e9 28 f3 ff ff e8 ab ee 2b ff 0f 0b 42 80 3c 33 00 0f 85 db f8 ff ff e9 de f8 ff ff e8 94 ee 2b ff <0f> 0b e9 60 f7 ff ff e8 88 ee 2b ff e9 13 ff ff ff 44 89 f1 80 e1
[ 1273.650723][T17483] RSP: 0018:ffffc9000027fbc0 EFLAGS: 00010287
[ 1273.656825][T17483] RAX: ffffffff8241331c RBX: 00000000fffffff4 RCX: 0000000000040000
[ 1273.664823][T17483] RDX: ffffc90004706000 RSI: 0000000000026ac2 RDI: 0000000000026ac3
[ 1273.672860][T17483] RBP: ffffc9000027fd08 R08: ffffffff82412a76 R09: 0000000000000003
[ 1273.680835][T17483] R10: fffff5200004fe8d R11: 1ffff9200004fe8c R12: 0000000000000007
[ 1273.688819][T17483] R13: ffff888116078000 R14: ffff888165f6a338 R15: ffff888165f6a000
[ 1273.696810][T17483] FS:  00007f6ee0699700(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[ 1273.705868][T17483] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1273.712481][T17483] CR2: 00007f6ee0698ff8 CR3: 0000000157279000 CR4: 00000000003506b0
[ 1273.720463][T17483] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1273.728532][T17483] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1273.736537][T17483] Call Trace:
[ 1273.739837][T17483]  ? device_add_disk+0x40/0x40
[ 1273.744617][T17483]  ? loop_add+0x400/0x760
[ 1273.748951][T17483]  ? vsprintf+0x40/0x40
[ 1273.753115][T17483]  device_add_disk+0x2a/0x40
[ 1273.757700][T17483]  loop_add+0x58f/0x760
[ 1273.761980][T17483]  loop_control_ioctl+0x564/0x740
[ 1273.767008][T17483]  ? loop_remove+0xb0/0xb0
[ 1273.771448][T17483]  ? __fget_files+0x310/0x370
[ 1273.776167][T17483]  ? security_file_ioctl+0xb1/0xd0
[ 1273.781284][T17483]  ? loop_remove+0xb0/0xb0
[ 1273.785720][T17483]  __se_sys_ioctl+0x115/0x190
[ 1273.790398][T17483]  __x64_sys_ioctl+0x7b/0x90
[ 1273.795004][T17483]  do_syscall_64+0x34/0x70
[ 1273.799436][T17483]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1273.805337][T17483] RIP: 0033:0x7f6ee1968169
[ 1273.809752][T17483] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1273.829385][T17483] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1273.837823][T17483] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1273.845824][T17483] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
[ 1273.853827][T17483] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
[ 1273.861809][T17483] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1273.869781][T17483] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
[ 1273.877765][T17483] ---[ end trace c3340b11af948364 ]---
02:00:50 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x51, 0x0)

[ 1273.900738][T22520] udevd[22520]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory
02:00:50 executing program 3:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:00:50 executing program 5:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
execveat(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000840)=[&(0x7f00000006c0)='\x00', 0x0], 0x100)
socket$inet_udplite(0x2, 0x2, 0x88)
setuid(0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff})
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e00000085"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:00:50 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xbd, 0x0)

02:00:50 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x400000000000000)

02:00:50 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x53, 0x0)

02:00:50 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000))
connect$unix(0xffffffffffffffff, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000008c0)='net/mcfilter6\x00')
r0 = socket$key(0xf, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x176}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(0x0, 0x0, &(0x7f0000000480)=0x3008)
sched_setscheduler(r1, 0x1, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$loop_ctrl(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413e850000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
chdir(&(0x7f00000001c0)='./bus\x00')
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0) (fail_nth: 39)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
setfsuid(0x0)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)
r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
recvmmsg(r7, &(0x7f0000002e80)=[{{&(0x7f00000003c0)=@nl=@proc, 0x80, &(0x7f0000000340)=[{0x0}, {&(0x7f00000013c0)=""/78, 0x4e}], 0x2, &(0x7f0000001740)=""/229, 0xe5}, 0x5}, {{&(0x7f0000001440)=@caif=@util, 0x80, &(0x7f0000001d80)=[{&(0x7f0000001840)=""/236, 0xec}, {&(0x7f0000000440)=""/20, 0x14}, {&(0x7f00000014c0)=""/43, 0x2b}, {&(0x7f0000001b80)=""/197, 0xc5}, {&(0x7f0000001940)=""/101, 0x65}, {&(0x7f00000016c0)=""/55, 0x37}, {&(0x7f0000001c80)=""/229, 0xe5}], 0x7, &(0x7f0000001e00)=""/1, 0x1}, 0x24000}, {{&(0x7f0000001e40)=@in6={0xa, 0x0, 0x0, @private2}, 0x80, &(0x7f0000001f80)=[{&(0x7f0000001ec0)=""/151, 0x97}, {&(0x7f0000002480)=""/184, 0xb8}, {&(0x7f0000002540)=""/151, 0x97}, {&(0x7f0000002780)=""/248, 0xf8}], 0x4, &(0x7f0000002880)=""/127, 0x7f}, 0xa9}, {{&(0x7f0000002900)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x80, &(0x7f0000001fc0)=[{&(0x7f0000002980)=""/98, 0x62}], 0x1, &(0x7f0000002140)=""/1, 0x1}, 0x3}, {{&(0x7f0000002a00)=@nl=@proc, 0x80, &(0x7f0000002c80)=[{&(0x7f0000002a80)=""/88, 0x58}, {&(0x7f0000002b00)=""/198, 0xc6}, {&(0x7f0000002c00)=""/106, 0x6a}], 0x3, &(0x7f0000002cc0)=""/36, 0x24}, 0x7}], 0x5, 0x1, &(0x7f0000002e40)={0x77359400})
sendmsg$key(r0, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)

[ 1274.420939][T17466] 9pnet: bogus RWRITE count (2 > 1)
02:00:50 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x800000000000000)

02:00:50 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x55, 0x0)

02:00:50 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0xa00000000000000)

02:00:50 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xbf, 0x0)

[ 1274.542167][T17532] FAULT_INJECTION: forcing a failure.
[ 1274.542167][T17532] name failslab, interval 1, probability 0, space 0, times 0
[ 1274.554815][T17532] CPU: 1 PID: 17532 Comm: syz-executor.4 Tainted: G        W         5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1274.566768][T17532] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1274.576802][T17532] Call Trace:
[ 1274.580083][T17532]  dump_stack_lvl+0x1e2/0x24b
[ 1274.584743][T17532]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1274.590191][T17532]  dump_stack+0x15/0x17
[ 1274.594413][T17532]  should_fail+0x3c0/0x510
[ 1274.598807][T17532]  ? __kernfs_new_node+0x99/0x6e0
[ 1274.603809][T17532]  __should_failslab+0x9f/0xe0
[ 1274.608602][T17532]  should_failslab+0x9/0x20
[ 1274.613085][T17532]  __kmalloc_track_caller+0x5f/0x350
[ 1274.618609][T17532]  ? __kernel_text_address+0x9a/0x110
[ 1274.624137][T17532]  ? unwind_get_return_address+0x4c/0x90
[ 1274.629748][T17532]  kstrdup_const+0x55/0x90
[ 1274.634157][T17532]  __kernfs_new_node+0x99/0x6e0
[ 1274.638984][T17532]  ? stack_trace_save+0x12d/0x1f0
[ 1274.643987][T17532]  ? kernfs_new_node+0x170/0x170
[ 1274.649074][T17532]  ? stack_trace_snprint+0x100/0x100
[ 1274.654349][T17532]  ? stack_trace_save+0x12d/0x1f0
[ 1274.659351][T17532]  ? device_add+0xbe/0xbd0
[ 1274.663746][T17532]  kernfs_create_dir_ns+0x9b/0x230
[ 1274.668842][T17532]  sysfs_create_dir_ns+0x181/0x390
[ 1274.673958][T17532]  ? sysfs_warn_dup+0xa0/0xa0
[ 1274.678756][T17532]  kobject_add_internal+0x766/0xda0
[ 1274.683959][T17532]  kobject_add+0x14c/0x210
[ 1274.688364][T17532]  ? _raw_spin_lock+0xa3/0x1b0
[ 1274.693111][T17532]  ? kobject_init+0x1e0/0x1e0
[ 1274.697766][T17532]  ? mutex_unlock+0x29/0xf0
[ 1274.702253][T17532]  ? get_device_parent+0x2c5/0x430
[ 1274.707346][T17532]  device_add+0x3ca/0xbd0
[ 1274.711661][T17532]  device_create+0x258/0x2e0
[ 1274.716233][T17532]  ? root_device_unregister+0x80/0x80
[ 1274.721584][T17532]  ? number+0xd9b/0x1040
[ 1274.725806][T17532]  bdi_register_va+0x94/0x600
[ 1274.730460][T17532]  bdi_register+0xd1/0x120
[ 1274.734881][T17532]  ? __device_add_disk+0x536/0x11d0
[ 1274.740065][T17532]  ? bdi_register_va+0x600/0x600
[ 1274.744987][T17532]  ? vsnprintf+0x1bfd/0x1cd0
[ 1274.749559][T17532]  ? __kasan_check_read+0x11/0x20
[ 1274.754561][T17532]  ? blk_alloc_devt+0xd4/0x320
[ 1274.759303][T17532]  __device_add_disk+0x5cb/0x11d0
[ 1274.764308][T17532]  ? device_add_disk+0x40/0x40
[ 1274.769071][T17532]  ? loop_add+0x400/0x760
[ 1274.773385][T17532]  ? vsprintf+0x40/0x40
[ 1274.777519][T17532]  device_add_disk+0x2a/0x40
[ 1274.782087][T17532]  loop_add+0x58f/0x760
[ 1274.786229][T17532]  loop_control_ioctl+0x564/0x740
[ 1274.791248][T17532]  ? loop_remove+0xb0/0xb0
[ 1274.795643][T17532]  ? __fget_files+0x310/0x370
[ 1274.800475][T17532]  ? security_file_ioctl+0xb1/0xd0
[ 1274.805566][T17532]  ? loop_remove+0xb0/0xb0
[ 1274.809965][T17532]  __se_sys_ioctl+0x115/0x190
[ 1274.814622][T17532]  __x64_sys_ioctl+0x7b/0x90
[ 1274.819190][T17532]  do_syscall_64+0x34/0x70
[ 1274.823603][T17532]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1274.829489][T17532] RIP: 0033:0x7f6ee1968169
[ 1274.833917][T17532] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1274.853508][T17532] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1274.861913][T17532] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1274.869871][T17532] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
[ 1274.877821][T17532] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
[ 1274.885788][T17532] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1274.893747][T17532] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
[ 1274.901821][T17532] kobject_add_internal failed for 7:0 (error: -12 parent: bdi)
[ 1274.909526][T17532] ------------[ cut here ]------------
[ 1274.915026][T17532] WARNING: CPU: 1 PID: 17532 at block/genhd.c:821 __device_add_disk+0xe7c/0x11d0
[ 1274.924147][T17532] Modules linked in:
[ 1274.928662][T17532] CPU: 1 PID: 17532 Comm: syz-executor.4 Tainted: G        W         5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1274.940381][T17532] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1274.950560][T17532] RIP: 0010:__device_add_disk+0xe7c/0x11d0
[ 1274.956383][T17532] Code: ff ff e8 b7 ee 2b ff 0f 0b e9 28 f3 ff ff e8 ab ee 2b ff 0f 0b 42 80 3c 33 00 0f 85 db f8 ff ff e9 de f8 ff ff e8 94 ee 2b ff <0f> 0b e9 60 f7 ff ff e8 88 ee 2b ff e9 13 ff ff ff 44 89 f1 80 e1
[ 1274.976170][T17532] RSP: 0018:ffffc90002ed7bc0 EFLAGS: 00010283
[ 1274.982264][T17532] RAX: ffffffff8241331c RBX: 00000000fffffff4 RCX: 0000000000040000
[ 1274.990241][T17532] RDX: ffffc90004706000 RSI: 0000000000030de9 RDI: 0000000000030dea
[ 1274.998224][T17532] RBP: ffffc90002ed7d08 R08: ffffffff82412a76 R09: ffffc90002ed7610
[ 1275.006237][T17532] R10: 0000000000000013 R11: ffffffff84c00596 R12: 0000000000000007
[ 1275.014234][T17532] R13: ffff888111a2e000 R14: ffff888111a2d338 R15: ffff888111a2d000
[ 1275.022228][T17532] FS:  00007f6ee0699700(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[ 1275.031158][T17532] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1275.037776][T17532] CR2: 00007f6ee0698ff8 CR3: 000000016fad3000 CR4: 00000000003506a0
[ 1275.045768][T17532] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1275.053754][T17532] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1275.061723][T17532] Call Trace:
[ 1275.065112][T17532]  ? device_add_disk+0x40/0x40
[ 1275.069900][T17532]  ? loop_add+0x400/0x760
[ 1275.074248][T17532]  ? vsprintf+0x40/0x40
[ 1275.078403][T17532]  device_add_disk+0x2a/0x40
[ 1275.083006][T17532]  loop_add+0x58f/0x760
[ 1275.087165][T17532]  loop_control_ioctl+0x564/0x740
[ 1275.092226][T17532]  ? loop_remove+0xb0/0xb0
[ 1275.096643][T17532]  ? __fget_files+0x310/0x370
[ 1275.101341][T17532]  ? security_file_ioctl+0xb1/0xd0
[ 1275.106483][T17532]  ? loop_remove+0xb0/0xb0
[ 1275.110917][T17532]  __se_sys_ioctl+0x115/0x190
[ 1275.115607][T17532]  __x64_sys_ioctl+0x7b/0x90
[ 1275.120197][T17532]  do_syscall_64+0x34/0x70
[ 1275.124632][T17532]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1275.130536][T17532] RIP: 0033:0x7f6ee1968169
[ 1275.134963][T17532] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1275.154601][T17532] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1275.163035][T17532] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1275.171094][T17532] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
[ 1275.179073][T17532] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
[ 1275.187060][T17532] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1275.195147][T17532] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
[ 1275.203142][T17532] ---[ end trace c3340b11af948365 ]---
02:00:51 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x57, 0x0)

[ 1275.247804][T22520] udevd[22520]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory
02:00:51 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x1c8001a0ffffffff)

02:00:52 executing program 3:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:00:52 executing program 5:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
execveat(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000840)=[&(0x7f00000006c0)='\x00', 0x0], 0x100)
socket$inet_udplite(0x2, 0x2, 0x88)
setuid(0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff})
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e00000085"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:00:52 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xc1, 0x0)

02:00:52 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x59, 0x0)

02:00:52 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x8cffffff00000000)

02:00:52 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000))
connect$unix(0xffffffffffffffff, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000008c0)='net/mcfilter6\x00')
r0 = socket$key(0xf, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x176}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(0x0, 0x0, &(0x7f0000000480)=0x3008)
sched_setscheduler(r1, 0x1, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$loop_ctrl(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413e850000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
chdir(&(0x7f00000001c0)='./bus\x00')
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0) (fail_nth: 40)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
setfsuid(0x0)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)
r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
recvmmsg(r7, &(0x7f0000002e80)=[{{&(0x7f00000003c0)=@nl=@proc, 0x80, &(0x7f0000000340)=[{0x0}, {&(0x7f00000013c0)=""/78, 0x4e}], 0x2, &(0x7f0000001740)=""/229, 0xe5}, 0x5}, {{&(0x7f0000001440)=@caif=@util, 0x80, &(0x7f0000001d80)=[{&(0x7f0000001840)=""/236, 0xec}, {&(0x7f0000000440)=""/20, 0x14}, {&(0x7f00000014c0)=""/43, 0x2b}, {&(0x7f0000001b80)=""/197, 0xc5}, {&(0x7f0000001940)=""/101, 0x65}, {&(0x7f00000016c0)=""/55, 0x37}, {&(0x7f0000001c80)=""/229, 0xe5}], 0x7, &(0x7f0000001e00)=""/1, 0x1}, 0x24000}, {{&(0x7f0000001e40)=@in6={0xa, 0x0, 0x0, @private2}, 0x80, &(0x7f0000001f80)=[{&(0x7f0000001ec0)=""/151, 0x97}, {&(0x7f0000002480)=""/184, 0xb8}, {&(0x7f0000002540)=""/151, 0x97}, {&(0x7f0000002780)=""/248, 0xf8}], 0x4, &(0x7f0000002880)=""/127, 0x7f}, 0xa9}, {{&(0x7f0000002900)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x80, &(0x7f0000001fc0)=[{&(0x7f0000002980)=""/98, 0x62}], 0x1, &(0x7f0000002140)=""/1, 0x1}, 0x3}, {{&(0x7f0000002a00)=@nl=@proc, 0x80, &(0x7f0000002c80)=[{&(0x7f0000002a80)=""/88, 0x58}, {&(0x7f0000002b00)=""/198, 0xc6}, {&(0x7f0000002c00)=""/106, 0x6a}], 0x3, &(0x7f0000002cc0)=""/36, 0x24}, 0x7}], 0x5, 0x1, &(0x7f0000002e40)={0x77359400})
sendmsg$key(r0, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)

02:00:52 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xc3, 0x0)

[ 1275.607940][T17512] 9pnet: bogus RWRITE count (2 > 1)
02:00:52 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0xd82900a0ffffffff)

02:00:52 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x5b, 0x0)

02:00:52 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x5d, 0x0)

02:00:52 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0xf6ffffff00000000)

[ 1275.758411][T17579] FAULT_INJECTION: forcing a failure.
[ 1275.758411][T17579] name failslab, interval 1, probability 0, space 0, times 0
[ 1275.771056][T17579] CPU: 1 PID: 17579 Comm: syz-executor.4 Tainted: G        W         5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1275.782758][T17579] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1275.792876][T17579] Call Trace:
[ 1275.796152][T17579]  dump_stack_lvl+0x1e2/0x24b
[ 1275.800809][T17579]  ? panic+0x7d7/0x7d7
[ 1275.804855][T17579]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1275.810307][T17579]  dump_stack+0x15/0x17
[ 1275.814877][T17579]  should_fail+0x3c0/0x510
[ 1275.819285][T17579]  __should_failslab+0x9f/0xe0
[ 1275.824025][T17579]  should_failslab+0x9/0x20
[ 1275.828508][T17579]  kmem_cache_alloc+0x3f/0x300
[ 1275.833247][T17579]  ? __kernfs_new_node+0xdb/0x6e0
[ 1275.838248][T17579]  __kernfs_new_node+0xdb/0x6e0
[ 1275.843077][T17579]  ? stack_trace_save+0x12d/0x1f0
[ 1275.848096][T17579]  ? kernfs_new_node+0x170/0x170
[ 1275.853009][T17579]  ? stack_trace_snprint+0x100/0x100
[ 1275.858268][T17579]  ? stack_trace_save+0x12d/0x1f0
[ 1275.863268][T17579]  ? device_add+0xbe/0xbd0
[ 1275.867661][T17579]  kernfs_create_dir_ns+0x9b/0x230
[ 1275.872769][T17579]  sysfs_create_dir_ns+0x181/0x390
[ 1275.877860][T17579]  ? sysfs_warn_dup+0xa0/0xa0
[ 1275.882515][T17579]  kobject_add_internal+0x766/0xda0
[ 1275.887691][T17579]  kobject_add+0x14c/0x210
[ 1275.892084][T17579]  ? _raw_spin_lock+0xa3/0x1b0
[ 1275.896821][T17579]  ? kobject_init+0x1e0/0x1e0
[ 1275.901473][T17579]  ? mutex_unlock+0x29/0xf0
[ 1275.905959][T17579]  ? get_device_parent+0x2c5/0x430
[ 1275.911046][T17579]  device_add+0x3ca/0xbd0
[ 1275.915353][T17579]  device_create+0x258/0x2e0
[ 1275.919937][T17579]  ? root_device_unregister+0x80/0x80
[ 1275.925288][T17579]  ? number+0xd9b/0x1040
[ 1275.929510][T17579]  bdi_register_va+0x94/0x600
[ 1275.934164][T17579]  bdi_register+0xd1/0x120
[ 1275.938560][T17579]  ? __device_add_disk+0x536/0x11d0
[ 1275.943755][T17579]  ? bdi_register_va+0x600/0x600
[ 1275.948667][T17579]  ? vsnprintf+0x1bfd/0x1cd0
[ 1275.953253][T17579]  ? __kasan_check_read+0x11/0x20
[ 1275.958252][T17579]  ? blk_alloc_devt+0xd4/0x320
[ 1275.962993][T17579]  __device_add_disk+0x5cb/0x11d0
[ 1275.968098][T17579]  ? device_add_disk+0x40/0x40
[ 1275.972836][T17579]  ? loop_add+0x400/0x760
[ 1275.977140][T17579]  ? vsprintf+0x40/0x40
[ 1275.981272][T17579]  device_add_disk+0x2a/0x40
[ 1275.985839][T17579]  loop_add+0x58f/0x760
[ 1275.989975][T17579]  loop_control_ioctl+0x564/0x740
[ 1275.994980][T17579]  ? loop_remove+0xb0/0xb0
[ 1275.999393][T17579]  ? __fget_files+0x310/0x370
[ 1276.004158][T17579]  ? security_file_ioctl+0xb1/0xd0
[ 1276.009264][T17579]  ? loop_remove+0xb0/0xb0
[ 1276.013675][T17579]  __se_sys_ioctl+0x115/0x190
[ 1276.018328][T17579]  __x64_sys_ioctl+0x7b/0x90
[ 1276.022912][T17579]  do_syscall_64+0x34/0x70
[ 1276.027309][T17579]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1276.033177][T17579] RIP: 0033:0x7f6ee1968169
[ 1276.037571][T17579] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1276.057339][T17579] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1276.065737][T17579] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1276.073701][T17579] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
[ 1276.081651][T17579] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
[ 1276.089600][T17579] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1276.097550][T17579] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
[ 1276.105646][T17579] kobject_add_internal failed for 7:0 (error: -12 parent: bdi)
[ 1276.113399][T17579] ------------[ cut here ]------------
[ 1276.118875][T17579] WARNING: CPU: 1 PID: 17579 at block/genhd.c:821 __device_add_disk+0xe7c/0x11d0
[ 1276.127988][T17579] Modules linked in:
[ 1276.131905][T17579] CPU: 1 PID: 17579 Comm: syz-executor.4 Tainted: G        W         5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1276.143618][T17579] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1276.153695][T17579] RIP: 0010:__device_add_disk+0xe7c/0x11d0
[ 1276.159934][T17579] Code: ff ff e8 b7 ee 2b ff 0f 0b e9 28 f3 ff ff e8 ab ee 2b ff 0f 0b 42 80 3c 33 00 0f 85 db f8 ff ff e9 de f8 ff ff e8 94 ee 2b ff <0f> 0b e9 60 f7 ff ff e8 88 ee 2b ff e9 13 ff ff ff 44 89 f1 80 e1
[ 1276.179615][T17579] RSP: 0018:ffffc90002db7bc0 EFLAGS: 00010287
[ 1276.185700][T17579] RAX: ffffffff8241331c RBX: 00000000fffffff4 RCX: 0000000000040000
[ 1276.193693][T17579] RDX: ffffc90004706000 RSI: 000000000002fda2 RDI: 000000000002fda3
[ 1276.201664][T17579] RBP: ffffc90002db7d08 R08: ffffffff82412a76 R09: ffffc90002db7610
[ 1276.209685][T17579] R10: 0000000000000013 R11: ffffffff84c00596 R12: 0000000000000007
[ 1276.217688][T17579] R13: ffff888168de3000 R14: ffff888169015338 R15: ffff888169015000
[ 1276.225697][T17579] FS:  00007f6ee0699700(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[ 1276.234647][T17579] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1276.241243][T17579] CR2: 00007f6ee0698ff8 CR3: 0000000164d40000 CR4: 00000000003506a0
[ 1276.249231][T17579] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1276.257305][T17579] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1276.265302][T17579] Call Trace:
[ 1276.268600][T17579]  ? device_add_disk+0x40/0x40
[ 1276.273386][T17579]  ? loop_add+0x400/0x760
[ 1276.277731][T17579]  ? vsprintf+0x40/0x40
[ 1276.281903][T17579]  device_add_disk+0x2a/0x40
[ 1276.286497][T17579]  loop_add+0x58f/0x760
[ 1276.290671][T17579]  loop_control_ioctl+0x564/0x740
[ 1276.295713][T17579]  ? loop_remove+0xb0/0xb0
[ 1276.300147][T17579]  ? __fget_files+0x310/0x370
[ 1276.304851][T17579]  ? security_file_ioctl+0xb1/0xd0
[ 1276.309966][T17579]  ? loop_remove+0xb0/0xb0
[ 1276.314394][T17579]  __se_sys_ioctl+0x115/0x190
[ 1276.319071][T17579]  __x64_sys_ioctl+0x7b/0x90
[ 1276.323695][T17579]  do_syscall_64+0x34/0x70
[ 1276.328121][T17579]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1276.334036][T17579] RIP: 0033:0x7f6ee1968169
[ 1276.338444][T17579] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1276.358326][T17579] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1276.366761][T17579] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1276.374747][T17579] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
[ 1276.382762][T17579] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
[ 1276.390742][T17579] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1276.398758][T17579] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
[ 1276.406761][T17579] ---[ end trace c3340b11af948366 ]---
[ 1276.438335][T22520] udevd[22520]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory
02:00:52 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xc5, 0x0)

02:00:52 executing program 3:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:00:52 executing program 5:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
execveat(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000840)=[&(0x7f00000006c0)='\x00', 0x0], 0x100)
socket$inet_udplite(0x2, 0x2, 0x88)
setuid(0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff})
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e00000085"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:00:53 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0xfbffffff00000000)

02:00:53 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xc7, 0x0)

02:00:53 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x5f, 0x0)

02:00:53 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000))
connect$unix(0xffffffffffffffff, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000008c0)='net/mcfilter6\x00')
r0 = socket$key(0xf, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x176}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(0x0, 0x0, &(0x7f0000000480)=0x3008)
sched_setscheduler(r1, 0x1, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$loop_ctrl(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413e850000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
chdir(&(0x7f00000001c0)='./bus\x00')
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0) (fail_nth: 41)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
setfsuid(0x0)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)
r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
recvmmsg(r7, &(0x7f0000002e80)=[{{&(0x7f00000003c0)=@nl=@proc, 0x80, &(0x7f0000000340)=[{0x0}, {&(0x7f00000013c0)=""/78, 0x4e}], 0x2, &(0x7f0000001740)=""/229, 0xe5}, 0x5}, {{&(0x7f0000001440)=@caif=@util, 0x80, &(0x7f0000001d80)=[{&(0x7f0000001840)=""/236, 0xec}, {&(0x7f0000000440)=""/20, 0x14}, {&(0x7f00000014c0)=""/43, 0x2b}, {&(0x7f0000001b80)=""/197, 0xc5}, {&(0x7f0000001940)=""/101, 0x65}, {&(0x7f00000016c0)=""/55, 0x37}, {&(0x7f0000001c80)=""/229, 0xe5}], 0x7, &(0x7f0000001e00)=""/1, 0x1}, 0x24000}, {{&(0x7f0000001e40)=@in6={0xa, 0x0, 0x0, @private2}, 0x80, &(0x7f0000001f80)=[{&(0x7f0000001ec0)=""/151, 0x97}, {&(0x7f0000002480)=""/184, 0xb8}, {&(0x7f0000002540)=""/151, 0x97}, {&(0x7f0000002780)=""/248, 0xf8}], 0x4, &(0x7f0000002880)=""/127, 0x7f}, 0xa9}, {{&(0x7f0000002900)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x80, &(0x7f0000001fc0)=[{&(0x7f0000002980)=""/98, 0x62}], 0x1, &(0x7f0000002140)=""/1, 0x1}, 0x3}, {{&(0x7f0000002a00)=@nl=@proc, 0x80, &(0x7f0000002c80)=[{&(0x7f0000002a80)=""/88, 0x58}, {&(0x7f0000002b00)=""/198, 0xc6}, {&(0x7f0000002c00)=""/106, 0x6a}], 0x3, &(0x7f0000002cc0)=""/36, 0x24}, 0x7}], 0x5, 0x1, &(0x7f0000002e40)={0x77359400})
sendmsg$key(r0, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)

02:00:53 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0xffffffff00000000)

02:00:53 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x61, 0x0)

02:00:53 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0xffffffffa00029d8)

02:00:53 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xc9, 0x0)

[ 1276.907988][T17624] FAULT_INJECTION: forcing a failure.
[ 1276.907988][T17624] name failslab, interval 1, probability 0, space 0, times 0
[ 1276.920799][T17624] CPU: 0 PID: 17624 Comm: syz-executor.4 Tainted: G        W         5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1276.932509][T17624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1276.943261][T17624] Call Trace:
[ 1276.946966][T17624]  dump_stack_lvl+0x1e2/0x24b
[ 1276.951625][T17624]  ? panic+0x7d7/0x7d7
[ 1276.955672][T17624]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1276.961106][T17624]  dump_stack+0x15/0x17
[ 1276.965246][T17624]  should_fail+0x3c0/0x510
[ 1276.969637][T17624]  __should_failslab+0x9f/0xe0
[ 1276.974378][T17624]  should_failslab+0x9/0x20
[ 1276.978875][T17624]  kmem_cache_alloc+0x3f/0x300
[ 1276.983615][T17624]  ? __kernfs_new_node+0xdb/0x6e0
[ 1276.988630][T17624]  ? mutex_lock+0xb2/0x1e0
[ 1276.993041][T17624]  __kernfs_new_node+0xdb/0x6e0
[ 1276.997870][T17624]  ? kernfs_new_node+0x170/0x170
[ 1277.002786][T17624]  ? kernfs_add_one+0x4c5/0x5e0
[ 1277.007626][T17624]  ? kernfs_create_dir_ns+0x1eb/0x230
[ 1277.013026][T17624]  kernfs_new_node+0x97/0x170
[ 1277.017696][T17624]  __kernfs_create_file+0x4a/0x270
[ 1277.022802][T17624]  sysfs_add_file_mode_ns+0x273/0x320
[ 1277.028153][T17624]  sysfs_create_file_ns+0x191/0x2a0
[ 1277.033334][T17624]  ? sysfs_add_file_mode_ns+0x320/0x320
[ 1277.038880][T17624]  ? __kasan_check_write+0x14/0x20
[ 1277.043972][T17624]  ? __up_read+0x29/0x1c0
[ 1277.048280][T17624]  device_create_file+0x110/0x1d0
[ 1277.053279][T17624]  device_add+0x496/0xbd0
[ 1277.057603][T17624]  device_create+0x258/0x2e0
[ 1277.062171][T17624]  ? root_device_unregister+0x80/0x80
[ 1277.067518][T17624]  ? number+0xd9b/0x1040
[ 1277.071756][T17624]  bdi_register_va+0x94/0x600
[ 1277.076408][T17624]  bdi_register+0xd1/0x120
[ 1277.080803][T17624]  ? __device_add_disk+0x536/0x11d0
[ 1277.085997][T17624]  ? bdi_register_va+0x600/0x600
[ 1277.090910][T17624]  ? vsnprintf+0x1bfd/0x1cd0
[ 1277.095476][T17624]  ? __kasan_check_read+0x11/0x20
[ 1277.100564][T17624]  ? blk_alloc_devt+0xd4/0x320
[ 1277.105301][T17624]  __device_add_disk+0x5cb/0x11d0
[ 1277.110301][T17624]  ? device_add_disk+0x40/0x40
[ 1277.115063][T17624]  ? loop_add+0x400/0x760
[ 1277.119370][T17624]  ? vsprintf+0x40/0x40
[ 1277.123503][T17624]  device_add_disk+0x2a/0x40
[ 1277.128259][T17624]  loop_add+0x58f/0x760
[ 1277.132394][T17624]  loop_control_ioctl+0x564/0x740
[ 1277.137394][T17624]  ? loop_remove+0xb0/0xb0
[ 1277.141787][T17624]  ? __fget_files+0x310/0x370
[ 1277.146441][T17624]  ? security_file_ioctl+0xb1/0xd0
[ 1277.151527][T17624]  ? loop_remove+0xb0/0xb0
[ 1277.155921][T17624]  __se_sys_ioctl+0x115/0x190
[ 1277.160573][T17624]  __x64_sys_ioctl+0x7b/0x90
[ 1277.165146][T17624]  do_syscall_64+0x34/0x70
[ 1277.169542][T17624]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1277.175411][T17624] RIP: 0033:0x7f6ee1968169
[ 1277.179806][T17624] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1277.199386][T17624] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1277.207788][T17624] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1277.215735][T17624] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
[ 1277.223689][T17624] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
[ 1277.231646][T17624] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1277.239596][T17624] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
[ 1277.248120][T17624] ------------[ cut here ]------------
[ 1277.253623][T17624] WARNING: CPU: 0 PID: 17624 at block/genhd.c:821 __device_add_disk+0xe7c/0x11d0
[ 1277.262726][T17624] Modules linked in:
[ 1277.266643][T17624] CPU: 0 PID: 17624 Comm: syz-executor.4 Tainted: G        W         5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1277.278491][T17624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1277.288570][T17624] RIP: 0010:__device_add_disk+0xe7c/0x11d0
[ 1277.294383][T17624] Code: ff ff e8 b7 ee 2b ff 0f 0b e9 28 f3 ff ff e8 ab ee 2b ff 0f 0b 42 80 3c 33 00 0f 85 db f8 ff ff e9 de f8 ff ff e8 94 ee 2b ff <0f> 0b e9 60 f7 ff ff e8 88 ee 2b ff e9 13 ff ff ff 44 89 f1 80 e1
[ 1277.314018][T17624] RSP: 0018:ffffc9000027fbc0 EFLAGS: 00010287
[ 1277.320085][T17624] RAX: ffffffff8241331c RBX: 00000000fffffff4 RCX: 0000000000040000
[ 1277.328061][T17624] RDX: ffffc90004706000 RSI: 000000000002da23 RDI: 000000000002da24
[ 1277.336041][T17624] RBP: ffffc9000027fd08 R08: ffffffff82412a76 R09: ffffc9000027f610
[ 1277.344022][T17624] R10: 0000000000000013 R11: ffffffff84c00596 R12: 0000000000000007
[ 1277.352005][T17624] R13: ffff888165f6a000 R14: ffff888168224338 R15: ffff888168224000
[ 1277.359993][T17624] FS:  00007f6ee0699700(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[ 1277.368924][T17624] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1277.375540][T17624] CR2: 00007f6ee0698ff8 CR3: 000000011dae9000 CR4: 00000000003506b0
[ 1277.383529][T17624] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1277.391490][T17624] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1277.399465][T17624] Call Trace:
[ 1277.402780][T17624]  ? device_add_disk+0x40/0x40
[ 1277.407542][T17624]  ? loop_add+0x400/0x760
[ 1277.411888][T17624]  ? vsprintf+0x40/0x40
[ 1277.416042][T17624]  device_add_disk+0x2a/0x40
[ 1277.420806][T17624]  loop_add+0x58f/0x760
[ 1277.424980][T17624]  loop_control_ioctl+0x564/0x740
[ 1277.430003][T17624]  ? loop_remove+0xb0/0xb0
[ 1277.434567][T17624]  ? __fget_files+0x310/0x370
[ 1277.439246][T17624]  ? security_file_ioctl+0xb1/0xd0
[ 1277.444370][T17624]  ? loop_remove+0xb0/0xb0
[ 1277.448807][T17624]  __se_sys_ioctl+0x115/0x190
[ 1277.453494][T17624]  __x64_sys_ioctl+0x7b/0x90
[ 1277.458086][T17624]  do_syscall_64+0x34/0x70
[ 1277.462581][T17624]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1277.468474][T17624] RIP: 0033:0x7f6ee1968169
[ 1277.472901][T17624] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1277.492625][T17624] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1277.501488][T17624] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1277.509469][T17624] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
[ 1277.517451][T17624] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
[ 1277.525434][T17624] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1277.533416][T17624] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
[ 1277.541394][T17624] ---[ end trace c3340b11af948367 ]---
02:00:54 executing program 5:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
execveat(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000840)=[&(0x7f00000006c0)='\x00', 0x0], 0x100)
socket$inet_udplite(0x2, 0x2, 0x88)
setuid(0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff})
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000002a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:00:54 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0xffffffffa001801c)

[ 1277.585135][T22520] udevd[22520]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory
02:00:54 executing program 3:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:00:54 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x63, 0x0)

02:00:54 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfenos', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:00:54 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xcb, 0x0)

02:00:54 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000))
connect$unix(0xffffffffffffffff, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000008c0)='net/mcfilter6\x00')
r0 = socket$key(0xf, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x176}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(0x0, 0x0, &(0x7f0000000480)=0x3008)
sched_setscheduler(r1, 0x1, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$loop_ctrl(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413e850000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
chdir(&(0x7f00000001c0)='./bus\x00')
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0) (fail_nth: 42)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
setfsuid(0x0)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)
r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
recvmmsg(r7, &(0x7f0000002e80)=[{{&(0x7f00000003c0)=@nl=@proc, 0x80, &(0x7f0000000340)=[{0x0}, {&(0x7f00000013c0)=""/78, 0x4e}], 0x2, &(0x7f0000001740)=""/229, 0xe5}, 0x5}, {{&(0x7f0000001440)=@caif=@util, 0x80, &(0x7f0000001d80)=[{&(0x7f0000001840)=""/236, 0xec}, {&(0x7f0000000440)=""/20, 0x14}, {&(0x7f00000014c0)=""/43, 0x2b}, {&(0x7f0000001b80)=""/197, 0xc5}, {&(0x7f0000001940)=""/101, 0x65}, {&(0x7f00000016c0)=""/55, 0x37}, {&(0x7f0000001c80)=""/229, 0xe5}], 0x7, &(0x7f0000001e00)=""/1, 0x1}, 0x24000}, {{&(0x7f0000001e40)=@in6={0xa, 0x0, 0x0, @private2}, 0x80, &(0x7f0000001f80)=[{&(0x7f0000001ec0)=""/151, 0x97}, {&(0x7f0000002480)=""/184, 0xb8}, {&(0x7f0000002540)=""/151, 0x97}, {&(0x7f0000002780)=""/248, 0xf8}], 0x4, &(0x7f0000002880)=""/127, 0x7f}, 0xa9}, {{&(0x7f0000002900)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x80, &(0x7f0000001fc0)=[{&(0x7f0000002980)=""/98, 0x62}], 0x1, &(0x7f0000002140)=""/1, 0x1}, 0x3}, {{&(0x7f0000002a00)=@nl=@proc, 0x80, &(0x7f0000002c80)=[{&(0x7f0000002a80)=""/88, 0x58}, {&(0x7f0000002b00)=""/198, 0xc6}, {&(0x7f0000002c00)=""/106, 0x6a}], 0x3, &(0x7f0000002cc0)=""/36, 0x24}, 0x7}], 0x5, 0x1, &(0x7f0000002e40)={0x77359400})
sendmsg$key(r0, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)

[ 1278.156553][T17606] 9pnet: bogus RWRITE count (2 > 1)
02:00:54 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x65, 0x0)

02:00:54 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xcd, 0x0)

02:00:54 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) (async)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15) (async)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18) (async)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfenos', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

[ 1278.178723][T17656] 9pnet: Insufficient options for proto=fd
02:00:54 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x67, 0x0)

[ 1278.233186][T17663] 9pnet: Insufficient options for proto=fd
[ 1278.290361][T17669] FAULT_INJECTION: forcing a failure.
[ 1278.290361][T17669] name failslab, interval 1, probability 0, space 0, times 0
[ 1278.303066][T17669] CPU: 0 PID: 17669 Comm: syz-executor.4 Tainted: G        W         5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1278.314765][T17669] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1278.324813][T17669] Call Trace:
[ 1278.328086][T17669]  dump_stack_lvl+0x1e2/0x24b
[ 1278.332746][T17669]  ? panic+0x7d7/0x7d7
[ 1278.336793][T17669]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1278.342510][T17669]  ? _raw_spin_lock+0xa3/0x1b0
[ 1278.347255][T17669]  ? __radix_tree_preload+0x361/0x3e0
[ 1278.352603][T17669]  dump_stack+0x15/0x17
[ 1278.356738][T17669]  should_fail+0x3c0/0x510
[ 1278.361152][T17669]  __should_failslab+0x9f/0xe0
[ 1278.365907][T17669]  should_failslab+0x9/0x20
[ 1278.370385][T17669]  kmem_cache_alloc+0x3f/0x300
[ 1278.375130][T17669]  ? __kernfs_new_node+0xdb/0x6e0
[ 1278.380139][T17669]  __kernfs_new_node+0xdb/0x6e0
[ 1278.384968][T17669]  ? kernfs_activate+0x409/0x420
[ 1278.389883][T17669]  ? kernfs_add_one+0x4c5/0x5e0
[ 1278.394721][T17669]  ? kernfs_new_node+0x170/0x170
[ 1278.399638][T17669]  ? __kernfs_create_file+0x1fb/0x270
[ 1278.404987][T17669]  kernfs_new_node+0x97/0x170
[ 1278.409645][T17669]  kernfs_create_link+0xb8/0x210
[ 1278.414566][T17669]  sysfs_do_create_link_sd+0x89/0x110
[ 1278.419913][T17669]  sysfs_create_link+0x68/0x80
[ 1278.424658][T17669]  device_add_class_symlinks+0xdb/0x2a0
[ 1278.430182][T17669]  device_add+0x4c3/0xbd0
[ 1278.434488][T17669]  device_create+0x258/0x2e0
[ 1278.439169][T17669]  ? root_device_unregister+0x80/0x80
[ 1278.444642][T17669]  ? number+0xd9b/0x1040
[ 1278.448864][T17669]  bdi_register_va+0x94/0x600
[ 1278.453517][T17669]  bdi_register+0xd1/0x120
[ 1278.457911][T17669]  ? __device_add_disk+0x536/0x11d0
[ 1278.463082][T17669]  ? bdi_register_va+0x600/0x600
[ 1278.468010][T17669]  ? vsnprintf+0x1bfd/0x1cd0
[ 1278.472581][T17669]  ? __kasan_check_read+0x11/0x20
[ 1278.477582][T17669]  ? blk_alloc_devt+0xd4/0x320
[ 1278.482322][T17669]  __device_add_disk+0x5cb/0x11d0
[ 1278.487326][T17669]  ? device_add_disk+0x40/0x40
[ 1278.492065][T17669]  ? loop_add+0x400/0x760
[ 1278.496372][T17669]  ? vsprintf+0x40/0x40
[ 1278.500508][T17669]  device_add_disk+0x2a/0x40
[ 1278.505087][T17669]  loop_add+0x58f/0x760
[ 1278.509225][T17669]  loop_control_ioctl+0x564/0x740
[ 1278.514226][T17669]  ? loop_remove+0xb0/0xb0
[ 1278.518664][T17669]  ? __fget_files+0x310/0x370
[ 1278.523347][T17669]  ? security_file_ioctl+0xb1/0xd0
[ 1278.528438][T17669]  ? loop_remove+0xb0/0xb0
[ 1278.532832][T17669]  __se_sys_ioctl+0x115/0x190
[ 1278.537488][T17669]  __x64_sys_ioctl+0x7b/0x90
[ 1278.542059][T17669]  do_syscall_64+0x34/0x70
[ 1278.546542][T17669]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1278.552501][T17669] RIP: 0033:0x7f6ee1968169
[ 1278.556900][T17669] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1278.576484][T17669] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1278.584881][T17669] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1278.592828][T17669] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
[ 1278.600783][T17669] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
[ 1278.608733][T17669] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1278.616689][T17669] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
[ 1278.625128][T17669] ------------[ cut here ]------------
[ 1278.630608][T17669] WARNING: CPU: 0 PID: 17669 at block/genhd.c:821 __device_add_disk+0xe7c/0x11d0
[ 1278.639711][T17669] Modules linked in:
[ 1278.643629][T17669] CPU: 0 PID: 17669 Comm: syz-executor.4 Tainted: G        W         5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1278.655515][T17669] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1278.665609][T17669] RIP: 0010:__device_add_disk+0xe7c/0x11d0
[ 1278.671416][T17669] Code: ff ff e8 b7 ee 2b ff 0f 0b e9 28 f3 ff ff e8 ab ee 2b ff 0f 0b 42 80 3c 33 00 0f 85 db f8 ff ff e9 de f8 ff ff e8 94 ee 2b ff <0f> 0b e9 60 f7 ff ff e8 88 ee 2b ff e9 13 ff ff ff 44 89 f1 80 e1
[ 1278.691068][T17669] RSP: 0018:ffffc90000ca7bc0 EFLAGS: 00010287
[ 1278.697171][T17669] RAX: ffffffff8241331c RBX: 00000000fffffff4 RCX: 0000000000040000
[ 1278.705162][T17669] RDX: ffffc90004706000 RSI: 000000000002d02c RDI: 000000000002d02d
[ 1278.713189][T17669] RBP: ffffc90000ca7d08 R08: ffffffff82412a76 R09: ffffc90000ca7610
[ 1278.721170][T17669] R10: 0000000000000013 R11: ffffffff84c00596 R12: 0000000000000007
[ 1278.729153][T17669] R13: ffff888111a2a000 R14: ffff888111a2c338 R15: ffff888111a2c000
[ 1278.737143][T17669] FS:  00007f6ee0699700(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[ 1278.746081][T17669] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1278.752680][T17669] CR2: 00007f6ee0698ff8 CR3: 000000016fea5000 CR4: 00000000003506b0
[ 1278.760658][T17669] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1278.768647][T17669] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1278.776627][T17669] Call Trace:
[ 1278.779920][T17669]  ? device_add_disk+0x40/0x40
[ 1278.784698][T17669]  ? loop_add+0x400/0x760
[ 1278.789028][T17669]  ? vsprintf+0x40/0x40
[ 1278.793194][T17669]  device_add_disk+0x2a/0x40
[ 1278.797816][T17669]  loop_add+0x58f/0x760
[ 1278.801992][T17669]  loop_control_ioctl+0x564/0x740
[ 1278.807020][T17669]  ? loop_remove+0xb0/0xb0
[ 1278.811451][T17669]  ? __fget_files+0x310/0x370
[ 1278.816179][T17669]  ? security_file_ioctl+0xb1/0xd0
[ 1278.821287][T17669]  ? loop_remove+0xb0/0xb0
[ 1278.825715][T17669]  __se_sys_ioctl+0x115/0x190
[ 1278.830389][T17669]  __x64_sys_ioctl+0x7b/0x90
[ 1278.835027][T17669]  do_syscall_64+0x34/0x70
[ 1278.839443][T17669]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1278.845356][T17669] RIP: 0033:0x7f6ee1968169
[ 1278.849782][T17669] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1278.869395][T17669] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1278.877828][T17669] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1278.885808][T17669] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
[ 1278.893788][T17669] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
[ 1278.901774][T17669] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1278.909756][T17669] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
[ 1278.917739][T17669] ---[ end trace c3340b11af948368 ]---
02:00:55 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfenos', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) (async)
pipe2$9p(&(0x7f00000001c0), 0x0) (async)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15) (async)
dup(r1) (async)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18) (async)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) (async)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfenos', @ANYRESHEX=r1]) (async)
socketpair$unix(0x1, 0x0, 0x0, 0x0) (async)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000), &(0x7f0000002700)=ANY=[], 0x2000, 0x0) (async)

[ 1279.006273][T22520] udevd[22520]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory
[ 1279.117673][T17679] 9pnet: Insufficient options for proto=fd
02:00:55 executing program 5:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
execveat(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000840)=[&(0x7f00000006c0)='\x00', 0x0], 0x100)
socket$inet_udplite(0x2, 0x2, 0x88)
setuid(0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff})
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000002a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:00:55 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000000)=ANY=[], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000002a00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='ext4_unlink_enter\x00', r3}, 0x10)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x30, 0x5, 0x0, {0x0, 0x4}}, 0x30)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xe5)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

[ 1279.287142][T17646] 9pnet: bogus RWRITE count (2 > 1)
02:00:55 executing program 3:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:00:55 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xcf, 0x0)

02:00:55 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x69, 0x0)

02:00:55 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000))
connect$unix(0xffffffffffffffff, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000008c0)='net/mcfilter6\x00')
r0 = socket$key(0xf, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x176}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(0x0, 0x0, &(0x7f0000000480)=0x3008)
sched_setscheduler(r1, 0x1, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$loop_ctrl(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413e850000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
chdir(&(0x7f00000001c0)='./bus\x00')
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0) (fail_nth: 43)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
setfsuid(0x0)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)
r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
recvmmsg(r7, &(0x7f0000002e80)=[{{&(0x7f00000003c0)=@nl=@proc, 0x80, &(0x7f0000000340)=[{0x0}, {&(0x7f00000013c0)=""/78, 0x4e}], 0x2, &(0x7f0000001740)=""/229, 0xe5}, 0x5}, {{&(0x7f0000001440)=@caif=@util, 0x80, &(0x7f0000001d80)=[{&(0x7f0000001840)=""/236, 0xec}, {&(0x7f0000000440)=""/20, 0x14}, {&(0x7f00000014c0)=""/43, 0x2b}, {&(0x7f0000001b80)=""/197, 0xc5}, {&(0x7f0000001940)=""/101, 0x65}, {&(0x7f00000016c0)=""/55, 0x37}, {&(0x7f0000001c80)=""/229, 0xe5}], 0x7, &(0x7f0000001e00)=""/1, 0x1}, 0x24000}, {{&(0x7f0000001e40)=@in6={0xa, 0x0, 0x0, @private2}, 0x80, &(0x7f0000001f80)=[{&(0x7f0000001ec0)=""/151, 0x97}, {&(0x7f0000002480)=""/184, 0xb8}, {&(0x7f0000002540)=""/151, 0x97}, {&(0x7f0000002780)=""/248, 0xf8}], 0x4, &(0x7f0000002880)=""/127, 0x7f}, 0xa9}, {{&(0x7f0000002900)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x80, &(0x7f0000001fc0)=[{&(0x7f0000002980)=""/98, 0x62}], 0x1, &(0x7f0000002140)=""/1, 0x1}, 0x3}, {{&(0x7f0000002a00)=@nl=@proc, 0x80, &(0x7f0000002c80)=[{&(0x7f0000002a80)=""/88, 0x58}, {&(0x7f0000002b00)=""/198, 0xc6}, {&(0x7f0000002c00)=""/106, 0x6a}], 0x3, &(0x7f0000002cc0)=""/36, 0x24}, 0x7}], 0x5, 0x1, &(0x7f0000002e40)={0x77359400})
sendmsg$key(r0, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)

02:00:55 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000000)=ANY=[], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18) (async)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000002a00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='ext4_unlink_enter\x00', r3}, 0x10) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='ext4_unlink_enter\x00', r3}, 0x10)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x30, 0x5, 0x0, {0x0, 0x4}}, 0x30)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0) (async)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xe5)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:00:55 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000000)=ANY=[], 0x15) (async)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000002a00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='ext4_unlink_enter\x00', r3}, 0x10) (async)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x30, 0x5, 0x0, {0x0, 0x4}}, 0x30) (async)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0) (async, rerun: 64)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) (async, rerun: 64)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async, rerun: 32)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xe5) (rerun: 32)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

[ 1279.525449][T17659] 9pnet: bogus RWRITE count (2 > 1)
02:00:56 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x6b, 0x0)

02:00:56 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xd1, 0x0)

[ 1279.665132][T17730] FAULT_INJECTION: forcing a failure.
[ 1279.665132][T17730] name failslab, interval 1, probability 0, space 0, times 0
[ 1279.677798][T17730] CPU: 1 PID: 17730 Comm: syz-executor.4 Tainted: G        W         5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1279.689580][T17730] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1279.699614][T17730] Call Trace:
[ 1279.702890][T17730]  dump_stack_lvl+0x1e2/0x24b
[ 1279.707549][T17730]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1279.713075][T17730]  ? selinux_kernfs_init_security+0x1a8/0x760
[ 1279.719120][T17730]  dump_stack+0x15/0x17
[ 1279.723253][T17730]  should_fail+0x3c0/0x510
[ 1279.727652][T17730]  ? __kernfs_new_node+0x99/0x6e0
[ 1279.732650][T17730]  __should_failslab+0x9f/0xe0
[ 1279.737392][T17730]  should_failslab+0x9/0x20
[ 1279.741868][T17730]  __kmalloc_track_caller+0x5f/0x350
[ 1279.747127][T17730]  ? __radix_tree_preload+0x361/0x3e0
[ 1279.752500][T17730]  kstrdup_const+0x55/0x90
[ 1279.756894][T17730]  __kernfs_new_node+0x99/0x6e0
[ 1279.761723][T17730]  ? mutex_lock+0xb2/0x1e0
[ 1279.766119][T17730]  ? kernfs_new_node+0x170/0x170
[ 1279.771032][T17730]  ? __kasan_check_write+0x14/0x20
[ 1279.776115][T17730]  ? __kasan_check_write+0x14/0x20
[ 1279.781200][T17730]  ? mutex_unlock+0x29/0xf0
[ 1279.785678][T17730]  ? kernfs_activate+0x409/0x420
[ 1279.790593][T17730]  kernfs_new_node+0x97/0x170
[ 1279.795243][T17730]  kernfs_create_link+0xb8/0x210
[ 1279.800173][T17730]  sysfs_do_create_link_sd+0x89/0x110
[ 1279.805518][T17730]  sysfs_create_link+0x68/0x80
[ 1279.810258][T17730]  device_add_class_symlinks+0x222/0x2a0
[ 1279.815950][T17730]  device_add+0x4c3/0xbd0
[ 1279.820256][T17730]  device_create+0x258/0x2e0
[ 1279.824822][T17730]  ? root_device_unregister+0x80/0x80
[ 1279.830172][T17730]  ? number+0xd9b/0x1040
[ 1279.834397][T17730]  bdi_register_va+0x94/0x600
[ 1279.839066][T17730]  bdi_register+0xd1/0x120
[ 1279.843462][T17730]  ? __device_add_disk+0x536/0x11d0
[ 1279.848633][T17730]  ? bdi_register_va+0x600/0x600
[ 1279.853542][T17730]  ? vsnprintf+0x1bfd/0x1cd0
[ 1279.858108][T17730]  ? __kasan_check_read+0x11/0x20
[ 1279.863104][T17730]  ? blk_alloc_devt+0xd4/0x320
[ 1279.867844][T17730]  __device_add_disk+0x5cb/0x11d0
[ 1279.872845][T17730]  ? device_add_disk+0x40/0x40
[ 1279.877587][T17730]  ? loop_add+0x400/0x760
[ 1279.881891][T17730]  ? vsprintf+0x40/0x40
[ 1279.886020][T17730]  device_add_disk+0x2a/0x40
[ 1279.890585][T17730]  loop_add+0x58f/0x760
[ 1279.894719][T17730]  loop_control_ioctl+0x564/0x740
[ 1279.899719][T17730]  ? loop_remove+0xb0/0xb0
[ 1279.904109][T17730]  ? __fget_files+0x310/0x370
[ 1279.908762][T17730]  ? security_file_ioctl+0xb1/0xd0
[ 1279.913849][T17730]  ? loop_remove+0xb0/0xb0
[ 1279.918239][T17730]  __se_sys_ioctl+0x115/0x190
[ 1279.922891][T17730]  __x64_sys_ioctl+0x7b/0x90
[ 1279.927559][T17730]  do_syscall_64+0x34/0x70
[ 1279.931953][T17730]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1279.937819][T17730] RIP: 0033:0x7f6ee1968169
[ 1279.942225][T17730] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1279.961804][T17730] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1279.970195][T17730] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1279.978148][T17730] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
[ 1279.986096][T17730] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
[ 1279.994044][T17730] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1280.002003][T17730] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
[ 1280.010300][T17730] ------------[ cut here ]------------
[ 1280.015834][T17730] WARNING: CPU: 1 PID: 17730 at block/genhd.c:821 __device_add_disk+0xe7c/0x11d0
[ 1280.024936][T17730] Modules linked in:
[ 1280.028827][T17730] CPU: 1 PID: 17730 Comm: syz-executor.4 Tainted: G        W         5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1280.040538][T17730] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1280.050603][T17730] RIP: 0010:__device_add_disk+0xe7c/0x11d0
[ 1280.056412][T17730] Code: ff ff e8 b7 ee 2b ff 0f 0b e9 28 f3 ff ff e8 ab ee 2b ff 0f 0b 42 80 3c 33 00 0f 85 db f8 ff ff e9 de f8 ff ff e8 94 ee 2b ff <0f> 0b e9 60 f7 ff ff e8 88 ee 2b ff e9 13 ff ff ff 44 89 f1 80 e1
[ 1280.076028][T17730] RSP: 0000:ffffc90002d0fbc0 EFLAGS: 00010287
[ 1280.082098][T17730] RAX: ffffffff8241331c RBX: 00000000fffffff4 RCX: 0000000000040000
[ 1280.090058][T17730] RDX: ffffc90004706000 RSI: 000000000002eda8 RDI: 000000000002eda9
[ 1280.098033][T17730] RBP: ffffc90002d0fd08 R08: ffffffff82412a76 R09: ffffc90002d0f610
[ 1280.106004][T17730] R10: 0000000000000013 R11: ffffffff84c00596 R12: 0000000000000007
[ 1280.113980][T17730] R13: ffff88816f948000 R14: ffff88810e9c2338 R15: ffff88810e9c2000
[ 1280.121956][T17730] FS:  00007f6ee0699700(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[ 1280.130872][T17730] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1280.137465][T17730] CR2: 0000000020033030 CR3: 000000010e0b2000 CR4: 00000000003506a0
[ 1280.145444][T17730] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1280.153435][T17730] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1280.161404][T17730] Call Trace:
[ 1280.164702][T17730]  ? device_add_disk+0x40/0x40
[ 1280.169455][T17730]  ? loop_add+0x400/0x760
[ 1280.173811][T17730]  ? vsprintf+0x40/0x40
[ 1280.177955][T17730]  device_add_disk+0x2a/0x40
[ 1280.182542][T17730]  loop_add+0x58f/0x760
[ 1280.186692][T17730]  loop_control_ioctl+0x564/0x740
[ 1280.191703][T17730]  ? loop_remove+0xb0/0xb0
[ 1280.196131][T17730]  ? __fget_files+0x310/0x370
[ 1280.200799][T17730]  ? security_file_ioctl+0xb1/0xd0
[ 1280.205911][T17730]  ? loop_remove+0xb0/0xb0
[ 1280.210314][T17730]  __se_sys_ioctl+0x115/0x190
[ 1280.214990][T17730]  __x64_sys_ioctl+0x7b/0x90
[ 1280.219565][T17730]  do_syscall_64+0x34/0x70
[ 1280.224008][T17730]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1280.229887][T17730] RIP: 0033:0x7f6ee1968169
[ 1280.234303][T17730] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1280.254007][T17730] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1280.262421][T17730] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1280.270379][T17730] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
[ 1280.278362][T17730] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
[ 1280.286335][T17730] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1280.294307][T17730] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
[ 1280.302278][T17730] ---[ end trace c3340b11af948369 ]---
02:00:56 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x6d, 0x0)

[ 1280.324924][T22520] udevd[22520]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory
02:00:56 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x6f, 0x0)

02:00:57 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xd3, 0x0)

02:00:57 executing program 5:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
execveat(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000840)=[&(0x7f00000006c0)='\x00', 0x0], 0x100)
socket$inet_udplite(0x2, 0x2, 0x88)
setuid(0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff})
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000002a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:00:57 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x71, 0x0)

02:00:57 executing program 3:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:00:57 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000))
connect$unix(0xffffffffffffffff, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000008c0)='net/mcfilter6\x00')
r0 = socket$key(0xf, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x176}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(0x0, 0x0, &(0x7f0000000480)=0x3008)
sched_setscheduler(r1, 0x1, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$loop_ctrl(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413e850000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
chdir(&(0x7f00000001c0)='./bus\x00')
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0) (fail_nth: 44)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
setfsuid(0x0)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)
r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
recvmmsg(r7, &(0x7f0000002e80)=[{{&(0x7f00000003c0)=@nl=@proc, 0x80, &(0x7f0000000340)=[{0x0}, {&(0x7f00000013c0)=""/78, 0x4e}], 0x2, &(0x7f0000001740)=""/229, 0xe5}, 0x5}, {{&(0x7f0000001440)=@caif=@util, 0x80, &(0x7f0000001d80)=[{&(0x7f0000001840)=""/236, 0xec}, {&(0x7f0000000440)=""/20, 0x14}, {&(0x7f00000014c0)=""/43, 0x2b}, {&(0x7f0000001b80)=""/197, 0xc5}, {&(0x7f0000001940)=""/101, 0x65}, {&(0x7f00000016c0)=""/55, 0x37}, {&(0x7f0000001c80)=""/229, 0xe5}], 0x7, &(0x7f0000001e00)=""/1, 0x1}, 0x24000}, {{&(0x7f0000001e40)=@in6={0xa, 0x0, 0x0, @private2}, 0x80, &(0x7f0000001f80)=[{&(0x7f0000001ec0)=""/151, 0x97}, {&(0x7f0000002480)=""/184, 0xb8}, {&(0x7f0000002540)=""/151, 0x97}, {&(0x7f0000002780)=""/248, 0xf8}], 0x4, &(0x7f0000002880)=""/127, 0x7f}, 0xa9}, {{&(0x7f0000002900)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x80, &(0x7f0000001fc0)=[{&(0x7f0000002980)=""/98, 0x62}], 0x1, &(0x7f0000002140)=""/1, 0x1}, 0x3}, {{&(0x7f0000002a00)=@nl=@proc, 0x80, &(0x7f0000002c80)=[{&(0x7f0000002a80)=""/88, 0x58}, {&(0x7f0000002b00)=""/198, 0xc6}, {&(0x7f0000002c00)=""/106, 0x6a}], 0x3, &(0x7f0000002cc0)=""/36, 0x24}, 0x7}], 0x5, 0x1, &(0x7f0000002e40)={0x77359400})
sendmsg$key(r0, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)

02:00:57 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x802, 0x0)
connect$netlink(r7, &(0x7f00000001c0)=@proc, 0xc)
r8 = creat(&(0x7f00000004c0)='./file0\x00', 0x20)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240)={0x0, <r9=>0x0}, &(0x7f0000000280)=0x5)
setuid(r9)
getresgid(&(0x7f0000007740)=<r10=>0x0, &(0x7f0000007780), &(0x7f00000077c0))
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000078c0)=[{{&(0x7f0000000800)=@abs={0x0, 0x0, 0x4e23}, 0x6e, &(0x7f0000000780)=[{&(0x7f0000000900)="1ad0621acc1f2b8afaddd9dc3c6ab29bb537a606104eef42c22969a4ed7ffb561ba2565e2bb4990b269481f1a554d3430af8a1ec626685228cfb84231fd219b49d961176749f539c00c026399a6ee5bfc00aba4402c6373af813b4430761fe99", 0x60}, {&(0x7f0000000980)="9588c9fb53bc5728073cc108f836e32186296e7966fb277d79e5b5ab5077b5030fc016774599cf88a3b2b2f7e9577898e4c2c7ad55175b7c6dd513f548e1da107a7529c18c090e2e526e9e098af2a8025b3ce8795ebc467372afef91e7005df1810854f5e05ac1331ef9841804905229f2019d3c08b9a938ab300759ae04b61cab1060dca31da85eb3f6782be8dc608acd304bb8cc2cd53c927d1a9224ef34bdbb16c86b0e76fe924187dab7e9d6e6f3dcccc1cf66e8d804b5a469747a26262b3ec43f16e2f257ecfa8b49131b08ddfaf12c5c1aece14d9a5e39", 0xda}], 0x2, &(0x7f0000000b00)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, r8]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xffffffffffffffff, 0xee00}}}], 0x80}}, {{&(0x7f0000000b80)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000dc0)=[{&(0x7f0000000c00)}, {&(0x7f0000000c40)="92bf3fc09193abc711d2c0d605c6f0612b6c95ae18494c649fc8d36fd50d", 0x1e}, {&(0x7f0000000c80)="03b3fa053fc06e63264f82a0304a27bde50bb312f763340dcf4c7dbb6703361ab9799796f7a428c02b77105aaa1de27aaaebe3f96fbfa2e641b765a89fa3ea81725faeb9dc833f39b67a4ee214865eb23970c6c6857e207c78bd04f58193cc1ccbe5209e1a18fb7d24917111f1613070c124215dd7fe1ff65bd47a9c629352aa0e27ae46fd243c47078a84b764dc744d954e26", 0x93}, {&(0x7f0000000d40)="319d651a", 0x4}, {&(0x7f0000000d80)="3502224ae3e5abd77ecbb653b6ec9d27756066d778741ac957d7de084ae3299fc5ca239a32ffe69e728c2e823c4fdcf5584789000c0e38c1b0fa5f94", 0x3c}], 0x5, &(0x7f00000012c0)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32, @ANYRES32=0xee01, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32, @ANYRES32, @ANYRES32=0x0, @ANYBLOB="0000000020000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES16=r2, @ANYRES32, @ANYRES32=r5, @ANYRES32, @ANYRES32=r3, @ANYRES32=r2, @ANYRES32, @ANYRES32, @ANYBLOB="0000000024000000000000000100000001000000", @ANYRES32=r4, @ANYRES32=r3, @ANYRES32=r4, @ANYRES32, @ANYRES32=r2, @ANYBLOB="0000000034000000000000000100000001000000", @ANYRES32=r0, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32=r0, @ANYRES32=r3, @ANYRES32, @ANYRES32=r4, @ANYRES32, @ANYBLOB="0000000024000000000000000100000021000000", @ANYRES32, @ANYRES32=r4, @ANYRES32, @ANYRES32=r5, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00'], 0x138, 0x48901}}, {{0x0, 0x0, &(0x7f00000014c0)=[{&(0x7f0000001400)="bf58c2183a48b054e30974a44bf3cb7efd09f8d940ecdd688f64f6fd098789fce651390d37cf9c9d6aa58650b6b80c9b5c6d54f5c52ad85ea5bd7cf0fdcec4bcd0a9bce3384da2d7f82f55950ec1c49ceb92a85653f33dae8191218fbe5770ec092960c252b4a5a3e5c5ccb1ad0208d6fb0c7533adac", 0x76}, {&(0x7f0000001480)="938698a1bd7e35ef24b5", 0xa}, {&(0x7f0000002080)="98a61601e01fc057e7c1d9d8e9d321a54189792aa210926b39f2a696266a53ddf5930b1d9a9a74fd1183121f316924b1b69f8dfb5de713a5523980181f02a7384690871501843813507198c33a2654f4c51006586c647e4b9a1c2f2f66a7cddcdf833db5559be667fb9db530d2c506ca01b211c280dbd775c05649fb7466831da3b3033197a6c2e10673cfbce1df1aafc4849621723a600327a554cda9d97663d7ee8375f294bad4805eaed906d41a02fefbc9b5c4b1f9a9044e259de821884dff4e96a58cc843173ebda7d1ca8c0bb7152f61c9d937e9eb3c59baeb3683bf470bdcc05e33a0277c9a9c94e4f71ffd40922f6bf1f6b7ac485802a541a5bdd4ac60e4c00af484363d78cd255c3dfaa1c36acc96b94bb1d15fd963c6032a7d14e8c957385d8cb71be70aa375cccd7bc94e031e75199d35559298f6bfd54310b0df867ac726e48dd315412fb65405705be7d20cbf01d0e25bd2f6c10f67488e95bfe27767ea23ac9c76c492a745d2ce8b2439ca7ef4ce9182eacace66868d7d9c79ea01fbd2bc775db1926f04d19dc8fff5771a0139462f18108be6f24f6b7041775d4c22575bc274df8fe650676fe675699ea36dee98552a93c1bd24d83914cebac280acb3ee3873961d7d3e513d2b030a3dd0514b98308b7e8efd1669ea04d4bc0cf838d56d242ab56a3a63b2c477709cb09b40b75b3c27b17880eecdf22fef9addfdd4f142ad6fb9e4b570f9366ae8ad0a06a13cfaf252faf94877e2407548449a62fcec4f597395fbc5f66f597d7151964be85aec4a0f8cd414cdd68e1f306ef1e9e341cb4b375e6993023408f0bdd99f900d4dbf854a524b31536caa9b3ff48ee90e9f21913a4294d099f83b6933d6495ca20afab518d6696b29ceb025ab81b845e7198e428e936eddee97f0b12e521877fc58b9cf1cb0ea128723d445004586fe2f02be7e42698123aa2c75c065068863a58fbbd90d0ffbbf15b60f3cc355ecdc58c2897fbc263076eef79e40ded06cd3422d8ec5ae34ec6679b2b7c149a7bd4102e9f25b1291f25db9f74804b49840a21aaa10ce28525bbe070d8c3adb488a3310334c1610a80f2759f5a20c31ed95a7b299a23c5774080a52581bbeb8e7fca1ac2d043e0991b7a119426e4b2c5d73fc2cd5233844b0efb5b02df218c57c2e57a91bfa13c7a92968f9c5f58c5fc29e5ddbdaf9779390610fd5a8f1dd9d1ebe5f9a02d1f5c3c31f718d90674c5ea9c024a35951f2f014a65bd4c4764f52fd2e82b92ec2159d227adf38f6497973af9f2d5e854ee4d5268a2db231a8a090b4cde09ee0e58de55edfa1668d94302dd3524500ffe41a51392b918bf2ba0b7f477ef04ec83b5850d1a2a304e8849a61fd1f6bd127530c6a87f597fd7b743bbac9d168a6fea5ec7640a3f138167bb7b6c0c1be7b48180a6b9d77e4ac2468897b11e563f9756c84aeb738ab2677f402a379ebf722a98876aad2653400930971c6f46e425aa1d116d274f1465b90841ec8f6b84dec455e8fbd978fcd0b044642083956abd19afa4dedaeea536874a563b475186e0f055822c5402a1736ebf4e4273dc0724e1d8769307845d1090b12da8aa7255f9c95f424f0bd0c9653cd06af90f90cbc10f2b2c488ecd99cca2d41e7a1e94816dca679d1a2713647b5c6167ae86598826f29d086433fba8c61ba22667a3045da2d5e6630df318f330d1129d424bbbc60e521911e5de60ac58ac65ceee2c9a421fa487e542eba3dcb71b40d301b194207846069e1a0d864e32fee2da38ed240cdc060cec19c61532b150c5c7bfd3cbef1c039c75b74edc1221122e5cd9004758af2b54f7993a9764e6235b3b757905643baab29459cdb48532b9ed3e74133c8b070e966804abfdb6bf91351cec68637ba36dfa07021aff549c55308fadb48db7055e26922a0496df260f4ae80ab3fa928a25b1c68cad568830cd8f726d2bde4720cf159dedd3882972a24cacbc18648d18da1d4fdb6a85e26d8c119330c03f53991342bf77477a289c9bc460663cf40f232d7ba407bcbda300cab53763c86c2735d68a06416a44f90345397bf85388fe0dcff5329f4fea21dc4755d887ee4e05fb9361481320341de890016aeec104b5d4fbc5e1c76a89975c2bb2e80dfbb47a08dd3443f082a051715d88fbe585bb3dfaea6edb41f7b02bab9a93c894f4f82bff1a55418959f7e4c14cc2d64150ff4c3532e0da04b364c7b36e7cf15b477fc276a0db894cc917346cfa0d98eb0129b6eaf15d5ddc1eeb0138174ca088f8844b3024fe90b0d9993a26e2ddd840cc1abd5e6c16617d9d8f4936954f652f99636cbd22ad2c63a300968171649bd1a40ff3f13de082b53cf7fde28af4393c179d33516eb3191954576692a1f04226c63aec7d38b8118a65fca0afe6e20fb7c7b3e50f88af97f81a5e2101b01907ab3fcf91191e4d1d1dc5b75589b472d2267aa982c76d02444e60095f5ebca24ed828aa1f1516cfa9c6e0ca00b0ccae7b79735272804c98e008eadf04f3cd83516e5783db7ca5d59877fc3b767d2373f09ee9d35e03d14d7cce5afaf10cbe27d61450bb067e182c4b1ff9f64081371bb102eb930ee0cd2823c5a8801bd304317eb2ff77f8187d4ef586d3175a234fc446760f1df5ccf7dd6713e141ac520def0c7444e7905ecc9ab5ef9cebba5c553fb6e88814b9e8b353bfac0502657c91d0c4ee34fdaf177fc706fa183833506ebfd8af0e2f16f297a5e53eb2e3a78f2797d0a19f9340a14b65c52418b8f3bbd321ae06a47d403a93cae216113512affadefcb3a25a4e0ac14f3c354e929efe912276237986f0502ebc2af0a5ff39f7d6613efa8b07b26cd4acedaec45266eb705fd31f078c333257c636f1410966ac853d14b87d8275affbe0a09cc68ddfdfa8f4e729da8ec9b206bc2702cce53ebbb6af7c4427e7e12e0913dcbcb87cd7385286bfb46266b699df604f7b4407eed082a1fa7217a1780ab6beef9e5f3fdc3795ec4f7a676980c54cb14f88372488b7bc3ba9cc214d18d02bc31f6ed41ced36e5d684017c70d6aaa41e240fd781bd071f3b8107d7d459ecc98d586300dcc5d3e9832c1c5df7745fe2f903c0114ca53d6e079ae9d8c51a085fe571f419b42bcedbd820c925eac3659fec269ecd52dfd699bb726a1161dbac5105387fa56a7bb7ff6ffe96271f1770a7eda2ef45e51400632d041a337d783e30b17157f893e1b4ec1f9d5697ce69211ffdc642062ae518ebb276a959f3f97bfa7950acede1b94d9e84e4ec7c5281fe5f83d8bafaf79f9fe8a0a026f96b97e7ff13c9ecba126ef33e98c5e6edaaaf4e204d524cc617db93daa15ed86e718bdd698927203554c8bb8f0e1b7dd48a21b493a6c7ca7d542399bae75aa70e42d626aae5393bc3ada1bc2bacda83af8f40fa2da8917a69d5299b6ecbfae4cc72feeed6ef2e1e061802f412d03e6c9ae6b51704fd42f0f32cbfca0558461b94460fe19ee88fd6e77b7fe4f1a48daa07ce8201e5c7096345b60639bde85c75a0b639900045cbb38a77af25064093fa8ecb4a8ef000b14d821ad70d88c44e2383c6268737bee7cb27893582b04bdc12494a701fd415e0244b9023095cccb13cf9d87fa486e511defaf9e6c83a89b92b269a3e9d36dc9f71d20091b41c8b489736ba5d434d8bc9274d89e620b26ec429bde9bbc6942a147febf41a45547d8350eea01783eb1dec26af2cf34bf3bdc06654a1b3e3a3907a78399bf14df8a3b699004a2a2d9534438e584d23dc9ea2013525d7f4dce2c1e806110269585ba7f0f26b80ad5a0e0a5559e7410d8c121e805d4b731cde4f165a7225f4f895960d42460e12e17bc5e49b9230cf5445b654d2ad85151b4ca2ee70c70b70232c20ab70bee710aebdd50535ed7022fcfc0031e9c8e67760edae3455a335377ece5087587bced8b8141c5873c21a47eeb090b4e0ac1b081619803b7ef917ccb6a39a5b25b4d75342cff5561a09d8676efee17d85d717bd4e1f90bd73df21dac08073bcf3ca8cf2368f927f5c44ec5db891140b116fb65e3b0530f06b0f0c618a495dc67907973627fc7805720d03cda90654f1c41b2f47c13771b15ff2518445ef0e6a571a5a4e1dae5d043d6859e2d98fd2dd8022eb924879b17dff3e75e7dd1c7d4ed8fa90bdbfe3f0bcbea2188ff5a7e1218edead1adedd9760471b71c2d4e83d70e6eedec750765776368fc6eea077a3b18b16d03fc785229dbf08f664691f2d10fbe0e05b4bb631ec2a3474ad2c5ed8fb3f204e380acc56667f9fb2a9ce5bb7fb16a64bd56637cccc425bbb482b819e9ef3f35283ffbd016f5966eeca11e418d6c074f22ae9b5021012666487b1b85817f52d73696538970eb95fcfdea11ce73de3269d515d4e656c60fe56d0ffc6d117a77295c781269043ccde5fc36b3155623ea525ecd562b418bb928831f44a9539d8c24207460c026829cdad26d705c3063ebdf39efc581c93904aec385c8068b7957da488db548afc861f68fb96e60b1b74c6ed48d596057a954cb86c189f7b416886e45c74440e152c9a9632c55a1574726d8eb49eb9eb8386e648751ec8a5fdd73b9082aaf416d1ee602bb83c991b5a4a8b60fa6d6cc9661c07562a4107c13e4611b8e5382e8819e23b36de0587f6c9fdaab0eb8218d6bbc066e0c025e06a3858622958b3b54e274e7840b3edb19ee0d4f206340fb5a1ad019a36330fc838fb84558a0d678c9382d71dd697b3d253d8d6ec4e22173a3dccfc3982bcdab15ec0f6d9adfe3f0b82bb0fa635c59f505e2983765b4deb9d8f1405d7263e83fbf6461e59ad3c0665ae3311c35f4ee58e95baeeb02594d74b522c61f2350c25b88358ed567b31ae9d058072c215acc8d03d6c82127fdb187dd3d731627d218cbaf11c7b3b15184e1686708991ae42b57665f4490fcd1c48ec49801220684f492a5bd99fa1b55fec107b4b75e87a8e541d330d083189ae3107f8544a4852f5381f769b8d361db9741edab89481ff3336be46aa38d6cf68c938db36bc0acb3c75f6a975a8aab58fc929791dc73229c5a863514127273979df0b2b74b70566f12b817329f7a531cdc9224360a5f7feaf523cd934dc74b0c5c39968bdb74bcaf2e69cdd82f9151448fe6d90ad6cbed3410882ac757742bf14260bc7c506cafe51572dff421ce60a4b0afcfcd88ae4a138229cd2c6bb007486f11875b099865b00f73da69ae862198acd6e4a0b7c21d0d6290ce6768f8aa7c88003f9768ec993157399e7e4ef17e9f101a8b190b59125d862e22d3fb1a117fa8b023f320311d3929d4aa03ec68b1703185b44635dcf573f450c308a978330a1a808a41b966210d71ebcd4c88abcba6502bc047e73a333f9eb433afb627a7ef34f89997ff55cfe07c2b1ffaf212d3343acd74df7d1423d90869b7b2be3276f5449b4bd00041fa7489e4e51388cb7a9e46de5ed19e4d2cda39a46ebbda568af9f3a82886f67fc124fa7136b2f468559e8f44bb35af8fe29d07add56db3dba00a661c51951144d7f092172cb04d7909b62c97423164d577edc12f60ec444132a0a00bc99fe62b127b1006b98571c351dec13849b5cce601e0ee34b067d87269430b4fb2b4644feeeab8777dded402d78e6c402cf091cb49f3275d1b37b5b3a65c59e90ccc777dbdfa9d459283b896eed1e50293551055250b92133059efeec2fee4e6a77b66582db7ce7d8551de102c4ef3ead8916ddbc0ee9a74c1966eafa97d2d2d68345e0e0d4b0a4ec6fb6267782bd19d5fa1301a3afa37e28a638befe397", 0x1000}], 0x3, 0x0, 0x0, 0x8805}}, {{0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000001500)="b696a0665eafc664a275237d805b310e268e3c32", 0x14}, {&(0x7f0000003080)="54b2cf1672f58fdedcd940615ee1311cf826f55c42aafd724530f85e349c9dfeae2e0934e03176c72b3f22c111a7a7de4f8ea1ba448aa6d8610067985e0e33c541d3ff6615089edd99064dbcd0ae1858c4242a89963049bc0de0f929b7f829e55a887f5284fe73e33ed55200f31aee29bd7d5d40b15f6506513c051658560b28b6947bc1913f246a71fd34c0df5de36d5e9ded7506347e6d7cdedf11866ed5c9875f3e83658f489de4ed49888db44f3382417e070d182739f20f87ec4fba98b847738d716c937a2c21c21573e621dcf4907fd24e5463cee2e676cc3c5f141c78459c52f8f78d682eb7d0c8e0e4a2f5418d086950965bca83a99c626246b7896f0e4bdda9621c348ee0c44d352c671ad37853089ef6ef20afd9ceeb139699afa6fc753b19354b13b42404636e547937e8ceaf7003a869165cdbb40a9d60588605b0eddbcd947e2f14943c57f29151b65c4b3853c08a107ad4908e6fa25b5ff3d38d73b40d269dde1f29c0bc99341e157b7b6bcd564216169f938c4f5cb620b2315b2252d52e738ec6f3967e37b7f961d5c89cc08e3ca146def0e2c1859ea0962c222b83ef55f4692fd55451485492be887decaf2c6e1e07c57bb9f02117faf57b24140dc8fa34754270a8c32e49a8a3a485bef14a6b09d80cb0da580345cb236f49a1d5f859e676fe3bd6658e3a44fbc3f3acf480afc60bed8095e1f42fd88dced3fae32a3e30cf8c19184c0bdf73e5f1a36c5aeaf56d6afb89422bc661fd047a75a86d42982ed2ab1364beceaa5998161cfff9d430a0f93a04d1deebe40bc587ecfd385be25ec62a13725571fb0f1eeaa82511594eefaf3d3b23798a14cc320b0e1b4ec5b619ef56aed0f0ce848d7bebfa82d0f7b7230f234f211ff035d21cc4aa849fad88b9de42deb64e60045dfe01bffcdc9760d44cf0c75a2edd46eabea3a8c702d596db7fe0e43d9f9134b7f85a514db4191f9fb07710ce7e09417e781811fd3e332be101469acebae43c0624b3f98254bf27603bc77f76be1c8555d159380080828a90744a0ae49b37612838820d3716dc2dd854f2dd1ae7ecfd100d8322312f5a10f863f0dbc91d6fa97f0b0f105202f042666ac29ca1059cc6782c2c6531dec67e6f9a8cbd9eb612e73df295fa48f6c1a56710b822dfa01de3c6d1deb26ff7f06299cfb00bcdb2c28dd94d528f564eceb6ade170c775d49c28847f2d3685ce7475827e8f028858a5f12fa0aa5e17b945b4d6c8c92599e3866733337861369b0542cbd83428b29074696dbbea731b8748179e16baf6e953aeb88a63aeef9bca71158fe9e12d1e4dc02ffd460adbfb888de610af0f6f54e0faf0278a86ce055adbb7fdbeda38cc68b32757faf484de53804a418195d3e92b7004ee377fd54b578332b5272f5dfeae7515e62a9af6f88ebc23d06e652ccb6a39d8f7555bad90266cd0960829472e633b7ebb988b6fd15e9e7917bddfa9cbeb35699ffa30231d1afc25b8a8db6a60cf4e44691cb2ea567b4acf577c4a6715a2fcde0bad3b36d04150a81b664c8f876edb61de8ac58aa7efa7b66d874f45ecc2e19a1ba8214d73808dff8639fa881380b4100d76239a9070c3e1df7d07d22e4fbaa3f5a91653cc5952748682db2ee3688de0004a4f775a0bcca63c06dc05069e74802ff4a7e8ac766aa6ddc8292c4b5b4fbdd7740bd400f41861c4cc2404a6a8618d620855252ac13fa7d5665edf5f2264876c1285099efc12fec6210efc58bc9d85431ba478248cdb3a2883604b214a2fce03eff77cb2e3b7577fa6ee8a8bdbf55fd38ad362f9ce2597a2b053a3cb5d9ef1d152a6a961aa460b810e18f8c638a5baf7d4a989ad05897f7a5e58ae63b0273b8e53f3b278dc415c617f2851287c54a316c355b26ad905da44a1862e024d0425178dba734cac6e29fd0e446776736beb6f62adf6ba02ff9f1a5d6219635b6b60a62ab8734f64c3f36948d69c8daf472c3c3adc547856ee337c6c3ba6894037f8958aa45f4a8efeba853fa4bbcf004c54b1defdbf6e4b6d6675ed11a9b7c82b4ecd8184fd377b2d17874d909e00e784d43d04ab91a374699bdf54cead5d4c9a912d0d666cdf7076156f9e8cf7c2e68a98bae574bba5a43fded7fb49c18ccc260b402e8fc0006ca37a50e27a4a9fcf02b932b2de924623f8464060d30dd74c0af2a6de66ceeb86b53547b21fa783c64ec57b5721ab043d6144ca5c46e460795ffcb4eb5888dd2e4fcb01103142d9d4b415730d283f09fc0ff78490dd26009d913bceb1b94d4127fdd549a9ce52993c25fc7a723a4b99b87d0431275573cab2f22784fbd17f55587b175df9072e0499c50b5bd64ed58d4c8a7c9c45b2366bdbf4b048ee2533cfc22645afc6d35149851e42a5d1c074a09b361a20d1ce2c2aaa622adf7669a4ae1502dbedc432fe6c996347f6eecff87ec47ab35182d6a31fb5f7924a609e3b0166564919e626fcfc17ef8f3b446033c631e4fd984bcd6f6050c68ae20a5ccec6714a7be4b300505f014c55ffe7163b366a1281427a0fc6a5ee8dda2e3e86df875f84bd13656479b638d96cfafb0491902a2d8a9ca5917fcae74dbbd80160c0a7163c2865d9589ea1fefea21858647c14b968784f615b528c08a3b7046b89da22c1548e9d721a6801f5fd65c6a113b31c66bf9f869d4c9ab0372df64e201b9cf5e0c4ff134a1f1cab706ceafb2e847e84dfd8f675b6a76bde2cd4535e4f88c7b2cfa8ebfbc496dbb3c07f0b739ea18f0cd49c6ae736f5d69e4dab35d060440d200ec43428643845a09696d28d8d6d24a7aeb51c3950de965ad7f90972ae621e5c41b8e4fc271e635366e234cc27b41692f09ad2b5548db03d330f841adfa3abc1c4eb693c3c079c70aca57769e0c9cb1a34d7bf68f65db8198b4f1ad784e54eb663819acfd2190fae29c2caded9cf2953f0fb6312e212c1c550c906796168e30106409d29289d5465547f07a04cbc0564e7f51324af9be56bc8093ed0a71964e9b833b95bc9abfa228fc2d669e3fed0fe1b0795ef7180f1b40ce8a3442c70fe39d19b0752a644cf60fefda94e70cc1fd957248f5b592f80950a6d20d553b661acd4aad906a7f8814093414861878f91c3c1c62d7bd8ea977845fc4ebc2dece2b709aae614b5888e12c44925a80aabddc69e13f65b7ed703f893bd1acd5e0cc27c22c61216417ee33020e355e0c084f06ae6bd5429af5e8a3f48172b23f15a83d9b936499989a5d6365b76b555db544347f8de0c3a0b693246d2d785eed38578e11c0fc5849bf5c9517cd24609a67c63133117d21ca57638c5a5bb0d2a7d15d190aa39154a39df0fd9b5e0054bda952e14e603d8e9f697fea52cdf6212fd1b8377ae62dac62400fae7b81e0926e7e34fcffb3975336a8f51e8b069f114f0c2853082d91bfa54eb362a8d79e39f48bd0028675c38ade3260fb7adb9d5aaaf30743615808a69b4f8d07e94ad85793ad0cb1a154cfa3b62fa858ae44b46b3ea62b2531750649f9641ec8c75aac2efcfe0084877a93183604f38c640ba9846c4a7a1bd8a9d26407b9a8373647db94852dd91a155183cc8beac5d0f057342a4688836bf13d1b919c08a124bbf548bc9c581675876241d7f8e5f4424e191461599e875510b2c0770735109c8dda564125bf72c2696394915623250a14b8644f56bc5d8a5cb1613fa3b09ca9fa7da8834df94a8c12a7def69d7e91c42e939fbe4ee8656f3ff4f4015f19208ab4ba34942dbc835b74f6ecad124dd198637d2f58d0b3599b3519509484d7a3d7aab7a48cbe31a16762ce5ebfd0c16b087f494f344082bbe07680586604b388c6436b55a2166b5945b2c29a43a049a649988d37d2c929fb9834dcfa8c3e65c1d144cbab529b2bb60cd5aac40d51f88f6f97519efee5fce1adae47ffbd8c830af37c3e9090812e481f9e21af9806ffb308de085530dffb38a654c2e1fe3c13fedf1504dd4c934fa4bf886404d9204570257470d10b8b5a73970035c38d2081d72086e073951c177ae13640287854876499c86f872c31f1e744eeca84f8a9445627085a166057a5c30bf63203fc259c64813b6d2fe798f626d61f77416780fae1f78b99e8fd63831cd4ed20b8a4c7e23d9da82d1921dc753a951c714f366c6ed2f96597ddb9c0a6f48cbca24b2aebf853fe336b9a5c5e0b5aac1b0413024dc1bef6667f9dfceda373fa50b40ef7cf849deb84398c7573dea2c43bd06efc93aff811cb792f9650fe26eb5bdc30312533745cd7e3ecea5ec37ece2a776a694c056b3847358b837ac60f682371c2cdffed8e75df19894b838861b97796c83ad78407ac43a66ff8dddcace9fb2466a81dd46c9d13c9701bf2ce64d6348ebe0e4d4f0e4780209fce099bdf0b01a34e0992141e3b2c3064dfef9633539b08a430220cce9ad1a3f41c5a0b0bfc96728710e37f25567e3c746cf8db01b43911c39004c6b110767429bc3fbf6bbe38515f3a5d853d2000900b429bead83d97bd97cfe9d87ecb780e7e3ed14f37a3f8b102a5598168f7b1d9e734761e21414e1dd1feeb78a25e6bebeed845a8877d53e9fab070df95ed89f62dece54302a3ff44b55e00f00f5295b8ddba32072a17cb188d714a65485b9eead1f059ba995bf4bc60c508c91b2f148c609b2bf02ad18c89273b3ab71dda719669dc1626a685f88bd7d77188a3c1e124bbafb6dcde247c01ea68748ddda0397b892922c974e1c6f5b0a50defb5b168bf1c0b37b8cb3a80f88c0006ccaea5992f1f85caeb498d42f160ca8c9d178a69ccc0f60e27a5c1853a90bb3fe5059ca336d4c40792a160cf8870c324d24e3a5b5b8917ac9d9a8a284deaf3d584fc2581478fa506b3467be40bee7fbc24a5c4007435175a16cc0e7dc025fc574e62473aff3aa030b884266e8db9bbe9bfb87141c84a3eda391a2773421a078b4ff9ddcb9bd387ce7c7ea6f495418bab52d7117772f3917ff227ffd4b7f97d404e9db77faedaaa3f6c9c46990a4ee9e02d6ebde36ca492974e4755fe4fd75cbd6cc75e8aaee8cea676ac35d59f8b750cf9bd745a1f93577f8a21073a0773975c1f64280b6daa3f7e59a109f4db0e7e086caf99195901ea2749a4d0be0726d5e8823c8d9545a96aceb686f5b1eb61d81561f4e5db14b28a4bda537cff05cf60a80b12e693f308448e7fd11d684d75784f47914943033fb2a0b47c9c9536208ea7817f5203cb678bd60163cf18d64c2832e3cc8c5621159940e5be581f32057093ca6fd1f4755424bd8d7a671721f057f915e943fb3f0b84ab3cb52aa8e59e9d2b0f1626bdc6253319dbfd533946e21ede3c507051e54813472a3ab70843dfaf00e882d7b182b58f7c483fbfad6c87d345cf1a05b5fdedbbe9670094f79bafa87b59151087da912aa0c89f9563d03ec2c55fbb334a79873e773de3f01fd0400c5492d7477a87fc78aa722e205bff6584975b61f9e0d927dc36a8616c22825c48e350c83e83eb596b94c0a5a98d2ecc3faf03a1410a05e0c56af988037ed9269c8f334c767c44e0c8b0f2505bf8c6dd40e95bdcf41b5fa2bf215c944d2f42a5fa061ce7cac4dc3c527c2596439245db3e6e5d42e8111fd6af44a14bf4b7a4e652f4e19965bb65b6e0848a7301598ffc921dab54c9aeb56b624c535effa1b7dd304d0eb28c7ac00313174cad84a319b8c37f6949617236ddd1d0a4662591243ac793ca61e1c7d19a5ec69d961eb2f6b39bc3b6ac835bf69a0fa64856bd7fd368ef21a80654f4e09e1e747d9d7f22a147996823ca66e8c2096b63cae", 0x1000}, {&(0x7f0000004080)="dd7ba02cf3d86cf1e0145aae5d4d895615bfb6f2ba45eba6e196c7ac271f2e8456ca5d32512e1a8cb735738d2ef0a76716c3c66520ebbab388de0a9ec16a3e9647b899c66523bffe2d4874c072f6da30a5e23963cb7a6960fac6042e1f99a536c6e39604d73d861b58f2118c26689282dc0be66a5a60123d6b663ac20f6444ac92bc3b0aadad83dba8aa555cb96fdd0298d0bb4f9c7648a6dfff2bae7f7621718e0a4ad2091f8ccb709e9d22d70b73d17301c77de48059faa72b3c793e942bac3a85054fecb4d3ce9c2a3d344638efbed5c7dab6056c802dd6adb4484e5b540b877476623989108b01b479d10af7ddf702b52050aec01840075495b39984664c14e72a87e5a782d1e051347611e1959c99ca5f6534f8f6c1721487fe5aced2c65006cd3e20365d16ffd95b4aa821f6f7028b264fd2ac8ef96776cce4967e6962629e7958b6286863c533eb939717a84182740e957a9acb577114bb530074f4df306a2b66d74222e828846d271124589b8f0f594d24754a18981b5c98a3e990b8466b40f2ee439fc7d325b2451da737316f8cac761fbd4de1e8fe59edddf15d6f6b60c3f016043b97b26b0f51b33f038e459c9f07a24ad486f763b36667a9009e30136396fa90cd1cc0cfed95dd78b8895f206ad97d6dc5d138917452f391b23e240415f34d6022db9bdef65b7864f354d4a84f2bafd3756641267aaec004125bca06850b79766d187138c9608be3b501d84bdebe1efdcbefaefd5c7bd86bf4d8481307068350760f675e7e615f45fd3dff0d41370756f5c7b7fa3de1b57f1e2c85f5a6a7b422fb98db4fbea6bb89a97edbf920b5fe25b589fa7b6f9a94c58f86bd22a0016de68bac6cccc319a189cb099ee75ce6acc3e9047fef3094473fa9af66ec42aa7c3f02024e0ca88b884a50a77c0dd060dea8f627a6dec474af5b3e7eea0953129adebc7b295dbfcce4b7210252a5c48e6a7f65355db79a2fea5975c972dca0764428652c7808efdacff92cdca9167ebef60cce3883fa92fdfa22244a459b2a178600496e7b8ded2ec1d0934a0edf53b26a960602dbc78c76d199d5825e1f7b584a3b9fe504de4852ba34d6855d92846a8bd2711443aeb208f4b690f086de9aca72f2cb671aec31a2b3c82ac9a023ca0d72047d4cbd1ba6ccbdb45184b2766f7ac117e1f67c31cb48d8937720e2a5455567cd6202ec7002582a21d5bd660580065c80f696db2ff2817c296229511c88d4fa64a8fec1f3ca1de773501b0f6c267d1c0ad9e9dddb3ad8b63d36ac3b8c3c14570a386a791af03f09f1acb346f5658789460cbc5a91725b8c579dc0f2f89ecdac66352e8fe5b1bf40d896526c7e0b9cd18d688ebacbdeab5443f405d9cb29c5ec8f41fd48d5a092c360b17248ea096c0195d3a15e3540afa4315493d7f21149d5d4e2326dd47bca1f1e40ffabd1d06ab7a62db96deb1840b5d4281b1efe261ea21ec29648b745affcbad20699c0287efb59ef31e431438f80ad3ff010f0b7183838c304f98f3e253466064ecdb517176d94e0192bb4761f30b008262d02a11f4e367d231df6e08c4debef412767b1beccd4e5d43bb6d18d3ce022ae0944c49f032770a49337aacaed7002aa3c58220b2470730f5c3f552a62e4b1502951a32dd312d191e31bbdef58d46abca1e133f03752a213b937c0abc9b27088ac67aa63ac3ed00638c92b06211bdd5be393fa0cb43812a1fa52fe53490ce2353ac965b860bb91e87deb6026eafdf25af21b76a504ef918f09f16029dd14082d80184be814f8bc798022a9ef0be3b03e9c2a04ac2891500c902ca06082412193a470603aea1ddc8b70071a03992b9e9af8bf756a46084b3b9f389214a828977c1d177e1e8ac992722c762e3eb2a4f8858b3b073e1982a73e91e6bdfff6c8b1142e216781ad7497bbe0b82a48b806326745a95aec5aed1c820265499ac023714cd4acd23d913de92982edbec544ccd0a88da30e3791ce8f8b90c5d95e921739a2ce0666950fa2bd312b030c12deb46964c699cb6445b5094dc2af649583cff54c62e7379abe9a558f84bc8febcd9f70d68e2c6d07e4a3d5ab362a4ba73083452f776b67f5705c36d395c570e5c69a28f1a1604682c23aa46fc4b7c4166421aa2ee72e30cdaf3c590aa9fa30691b8ac74e22e59fd42e21b5160bf27e3647a8a3a2373bf8b1125dbfdff141ece13919948d11b00d31c852ab96564fb36f478e307766218462f98706931040cb55755a9bdf66278480b45e6bf0a76c25d36f0738cf779c85dc13fbb414130db1dd1e36c85de6ff8b1f27db2d04a7f9f9e01de02251656bc7fd0b1d83643a47144555932a0b0dfc2acd96806fcd5bc67d3e7284bce19944bc466f55d2881aceea0ec599660658e51ed32aefbce9e5a1233dc3e7da976667b8199bc3d82644a23bb18172111db413a6036fa36e9045554acbcbf04d791a53cc702f554769e2e0f53817322e81879a768c65e46c9313eaefd2ca78ea5143458e1a9493cb888b81a71deacedd4c101a1f6720525012426aa6f91c8b1373b5cd484c13ff28ede036f99f52250486363247ace924ffba32f09436ed1b4ece5776686dec5a3b2982b7759e6c3ae92393dcc689518b160f847069a9697d881bf8b10f997970d8eb13515c30b62046d5fa7c49ad6e63084441b46d331e3fca6dce4639753c04679e0cc2fd920bbb7b1a10dad60d065658239dcc5cbd6eec0f47228c1bb59728f29b44890430e36a0a481ca083d5c91693646fd8cee1d676ad9528c066cc48c1ab9da210eadb44f64f1f40c0541307b745da8b8e3dfcd4f2bee5c98651374158cdf17e031b8e989b98db1d298a5e3fbfe0d82ebc3f875050d5fc88ed2f862f231597971ffcce8634dcb0ea0eaad4cf9ee18e37ef172aece01b3f3347b5dd0275e1d5cfd25573998c62a2a022d42defe8aa5e182cde2a2397547bf19e27b7081ff8947fa2d65bd0160df02e9ef82ba791caffe146cdd9bf1768d052c4a975c5aa96c00ab5da843331cbab0097863eba2e87e3dd9188a4d959c37e10f22e5b0b2e43f9862e95a64cb3cddb1ddb7802c8e79abeeebf3144213c33e13b953cd0950ce968636821d11809cc766fa60ccf1402199a086a5d74371b3a82e5a27d97d17d2ba67221b5ec179ed49494b4df8ea775c653969bf007bc6647b48a08be5f308b1b8022a0d3928ffffdcce1f354e7b8b02628b7fb428d13557d311fd970fab31248faa719ca0420b7572de1a6c15976ec0dfa39ba5cc0b561cb4218a2284597a7c4263173a1989cfefdcf53d94b25817006272b199e2163e6067df56c93048237518d3f0d65f55d5119dc16682b8d9b74b20c7f6f75a0d4bb675035bcb88dbf731955808863b8a89d6378eb712cc9c716bdd82bb0aff61046a4817949e4993de21b6819d731dacadde0f9b0589e17800be875ea1b6483c29b8124528649645c03101c75635d9e7e0a5fc7bd021e8e5bac1c6ed9cc128b4ea025c4287e408540eced2cec659b13947ef034fe2e50ecfbd9c26c5adf54d42ce20ba2dace291b920f14d315942efbc33781588f6116c4b589aeb94c7e5d427e9e472058fda9eb10ab4c6bb2bb2b25f81d9d9ad2a3af39104677b7d276faa17ace4c80ed4872091b2289af0a2395a0b605800c036cb52ffcdd8250b46e6f768b5be3c656a4118d7e4f61852b46a736bcfcc123a67fcad3c3621080497e95b546324ea1ca46ef5ab1b10b492b7c3dfcd5b06b515fe090872ba001514597b35098c3dd96c0a14f2e3fa9ec8cab8023488272e844a44e77d381e7403495f70155711e59d297d810a636789f6818c0773599cf8cb0c24bb1f0f52603f263423d1db5e6dbb18b6778e438f26c2624b35145bc1a4c265caebdfab4c8cfcabe7409746d57fc00272c895c1a3ed3499af086a187f9bd297e52d0f2032dcd029346d84f38f718bdedcc31abd09ff111226e50764b4a15b6c765cdbded294555d50f306341329f823c503a80b73bede9d9886312404f63e034cdd61a7fe175204afb2b5107fdba0b15c2cbe6ba185da4f18800fe758927c5baab8cca3da57819806dd4bb8b3a2de1fd16797de50b5cb79a1482b56c9e602f488c9f6546beac4403883cf35da1f384f48725282ff0c732c4e630504e959330700bc6d19e46d017a549a1862f88f0ddb13852f90ad3758041faed5ea78afb6f3bc265ac1be9851fd78d604bf00120c26c7bd970630f7c837ac6fae6ba185fc723b7313ffbf5ca97d6d3a9618c619bc5704047fadcd031e9a2ef4ed3524e50ac59c544096703b4bd64fe74493d081e10b0c7b72df6144a4266f0e4575a98bfd6bf0c5a8d58ed0ecbde34f99e17710e3d3507eb0daada5532ba7023c4e131679eb08d3c35597aa848c92e5c8ff44cf13dae5ee8692994b48ab479f7ef8989564a6c2b87816f69d1aa234fca7f9dbca980c263979c758a102ad5ac93ccd829d40085ac508ac45dc32f2d95b6fd84b81e4e77ba96ba88d06db7689928f2f8ddadf7f0a9b62106b2417ca1345dbbab315cead58299452000cbfb5d4d7f5e83f1ac965d7b0b165c1a54bffed6b03490f52bc6b62a1c165d2733b09b158a36fc5c527fa2fd0204116560c11b2e1792a998ae1f6873e671e9e7817618f91b2cd374a54013e713c9e21d04c6e1a345c0f2ac20e785696c7b82076ccc7ddc340e18c9b8e15b62b8ad53f906ad85a40e993d354a4b3d38f0937fc413327e2f79b6b963976aebf2029fd679a513a7c4e5901cdd328eca3ae957732dc3423950cfe388b2766f907f50ec97f79747d08dc82fe7a24644169dd75820617af41873c516cab27371e5902184c5bbdfe63a050fd4ff77ab1050bf2d07c6b1469db790a8f64ce799531b4ed5169cfdf0b8b293eb30f0b2e8c2b9bc90713a64563204a232d244d3f71695614cd7ea991a4c6932080b98b1d3a9add6f9f122b9d2eed4808c1cd3f1247452559063d4096b3738d708e7d7f0e04606c72632f5d99825a84b7e65283dc91f2b2f4485b7b9fe27bfba804bb5c352577866e11e9d579d45c1ce01ec4aee1c5baaea1587640726435ade27240f388b255c34d31cbcd07d81747f8ac9b19dfc6e026e77ec884a5ce90528900617552907ab33ecdf6f08624703f59838df6d8a8b540f43515a28ea2841ae990deca7c2263748ac4600e139fe38b5e422c7a6780650712a2f452e2c59281112dc88d9efa879d19ecb5f1aed9a565dcaf10567155c9e8df587816ef90fcb13209d423e2548b104b8ffaa5088a431a98274b946fc55ee403dffda0c0e7a81cf22d08fee54ba7a2cfdc161fac3eff8fcffe0346cb15856fe61bd4ee5e800848a7d11d5f23f9c2ee810183342c1d3d061ca01c585e7d1f0bde92ce436553a5905072a9784279ea1c475658583b55c743f19033c625ab0d2837c3d39f1169c1c710392e176b4d286c60172af97b8c259e414248062b82d235f39e5811d9298af8b12346160bc65e1e9df61d30ac075e32155647bbd953defbefdcffc74ce43eb48b68ae4ff540ff5c08ac659c6f4670475bcb1d6a5881e89eff50040068fbea2464f225812f1b53e4105a9f45860ab88a2c8cb401f44da9a7b707445052e945e3ceee6ce38f5e09688e469b445b0335f9af7a950b8adb6c702f04ff642975931f9d96a17008a13f2c5995d60550026ed46e6ec820260394a9cb1c37c41e0fef508d0fe58e07d02178305276e9582a0912d81caf86f455bea04feac1624fb7367bc92bbb4ae48a18d802f24903b695adc8bd84cfd8e9bbd", 0x1000}, {&(0x7f0000000f00)="60183f53421a925ed7b365ef96e28ab05a6b01f19f52ce8b5ce8f0fa6c16f49496dd960b798b17868b0dbf13d35d6da7a87d354a1cb409f40ad94b8ccd01c2411ce5c0aef5dcf698150126ea31a336a73aa5f1974feff575698d8e396931c72dbeea0ffbf7656ab461edda94e5fa0abc064b538d1785cc5b488a9f443d6e54330c3378fa4d55a33c16a471d06a6579e93fb47d7f5ec734a19c1365e5d156a62acde11237453bedb5223d373efc5c44a8db61084c3806975baa2e6d4727cf015f49dbdacd", 0xc4}, {&(0x7f0000001580)="cf1e8e7c4ab1b50f0c0887cc749ef60ce0ea1ca88ed68306ea0627162ad67c1acef19a62ccec1461a9bef549912fbe1a423ae42df03b712a80e895266e971ad2317f2f646c0a28cd150da3d0dd9a269aba9012ec340179005bfefa0a48efcd7f0a4f452c99ccea62cae4525c0bb1d0bd87043e2d1001bf5480f424b62d8df4504166d319a8e0216927ef0e875ae07ca74d328af674cd5359c349f0d9d93e919e", 0xa0}, {&(0x7f0000001640)="f9a8e35012dfe4fe7348f1313040d00e151ca1108f06db851df4de8c8dae2838ff236ec571aad90ae86811dd6adb375cbff9d6666e3c1c8f0d0a879568a54eb4b1cac3081eb7f65fa303a9fd9ec82c1dea314b01b10336e2ca800a309fb5ea2afe5b673a514815eafdaffd5ac28fc81a8d5c7f1e66676206e889c384df0c65759aba64c9c3a219ef382e5e193eee9f5364639271fc32997cdf76766614549b40eb5788c099c922ac0a8bf31acf2ea5bf4867a96d827ee791200d178c3d36d601167f16772dd2e1c5fb7df786854164345a511a2fa290ee438c428cce6256378f51", 0xe1}], 0x6, &(0x7f00000018c0)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0xee01}}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xee01}}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, r5, r6, r8, r1, r4]}}], 0x70, 0x20008040}}, {{&(0x7f0000001940)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000001ac0)=[{&(0x7f00000019c0)="b7f2744064b2b617760de4ee2f74092689c158a687c54e8272c870839950249c24bae0cc", 0x24}, {&(0x7f0000001a00)="67cd103ee276c24d3227090bb311b94fed93c981e761ec68b6a85b1718cfee5815f5f48e8c1262730ec0daa18c2ee72f42a30bb75291f62ed9b119a8be4bf1bbdc4a0b56437055c7c847049eeff69dfff60ff37e062ebafe930914394d5304e8c2244aa46f45d3ad23095a6f5e0db66e20c27eb080e57237e3850848f14ba99765d4c9c631892d011f3d304bab8933126974832ba183a29f5c3bc357f863364606f8e1035a1d02c776f21f1634d09f5a802a4dbd9bc10f9f5e25", 0xba}], 0x2, &(0x7f0000001bc0)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0xee01}}}, @cred={{0x1c}}], 0x40, 0x10}}, {{&(0x7f0000001c00)=@abs={0x1, 0x0, 0x4e23}, 0x6e, &(0x7f0000001f40)=[{&(0x7f0000001c80)="f780d9b6e316c56756d35329feb74ed6a00758574da99dae16263e43b315d551d30b317446fd5bf2e2f2e7e2af54c9a477d03db65aa6e5224300781d8d34e0062da64fcffdda0c73ed73545f697e6159b70404dd9dab8b0be8bce788c8ae554d8036a7a1f1bdefafe028762c38119fbebf68fedd7ee9dff835e33d936ea0e3d73c54a9d87963493a0a1e0966d22b7cfacf2c4e61c4e42cc70e70e963dd0ef5f0a544c7f892f6db5d2b66afbc842b1899", 0xb0}, {&(0x7f0000001d40)="77ca4735b92042ddd3c7ecf69d251d2a32799aaed5044e08f6a7e263f27a2e17780a4c16fd6c6e315cc902934aeebaeda8679554a2de8af9291f4cdb247698bffb553afb77229e46030d2e43019ab2a3b56e813b511a15a374fa9de1767f2a31c0669c52e8f78b5abf4286546e2b18c4537edb707ffc610b307be577184d00eb90b3438c6f7f99e07906d44c1d4cd70ee828ce402740de2a9904a1502c140782eb57e40fcbe2920a25e9c34b4ceca96f66dc7f41ab4988f6e3ea5d8a5e59756c4a22a65ce909fdb401f75a819a7ca5fce771f11a92ddd8719c363545484a92f44e4c9c592afd9f7e", 0xe8}, {&(0x7f0000001e40)="82cf71500cc3ac5d51866bc6b1273e47427ddce4e557b8c8120de3d83b29f2cdd1b478311fcbbc2b31c1831dc86a17212fe345ffa12321ca68a3e2ce611c9dc7458b1a5d52d5d56b5319e9a10f809bc3dd47613b04bb7c518396a62194ad0e84e68b1990056a8b6b3f2079a66183bf09253d7c1246ebd3250fe9017e8fab17de574d694ff1cd63094d1b8062a7541efc951515d03c18532125b36fb5cff946dc0320d3d74e0229f510ee82680f341b11d58d37cecb303f3525616d2e9fa4eec95147acedbe66021d4b659e36bb08dd3899ec534401bd0f7a2e58d187cbaaf8bfaf5d698ae9b2477d993edbf1e06355c0", 0xf0}], 0x3, &(0x7f0000005180)=[@rights={{0x20, 0x1, 0x1, [r1, r8, r7, r7]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, r2, r2]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xee01, 0xee00}}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xee00, 0xee00}}}, @rights={{0x34, 0x1, 0x1, [r0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r1, 0xffffffffffffffff, r5, r8]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xffffffffffffffff}}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, r2, 0xffffffffffffffff]}}], 0x138, 0x4004001}}, {{&(0x7f00000052c0)=@abs={0x0, 0x0, 0x4e23}, 0x6e, &(0x7f0000005480)=[{&(0x7f0000005340)="af2a28f933da1e481db48b7c006d23d992422b4cf05b93abf209a711e6879b99a032ed579a10f01082447b830963e58b9e04120b058df6bbcb1abc212e4b36184047de051c528d25157955dcc62868da634afe7b2f5a99bdf3dc58b424f1c7bcff33eb8ef6957339184384202e", 0x6d}, {&(0x7f00000053c0)="665c226901dbf35fabfd1b103cf4265476d466deba610c35457e3ab1216196e93178f501c1a9411f4e3fb37cbb842d1eff1ed427043ecea873fc49c239c2405eaa59fc632cd84e613dce9eb8f6685ff9c773abbea5b7fffde626f3f3fb4497f2cc683eb23a66716d3e70262d9502f1f336d974458c1489f592d80bce3da88fecd1c55edc7c68d3e846a94daebf6959c06a8a4992d2d5da2b30f38cf247078ca67c66882373cb402da0f7ab728fef6c3314c7dd", 0xb3}], 0x2, &(0x7f0000007800)=[@cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, r9, 0xffffffffffffffff}}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, r1, r3, r1, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xffffffffffffffff}}}, @cred={{0x1c, 0x1, 0x2, {0x0, r9, r10}}}], 0xa8, 0x800}}], 0x7, 0x0)
r11 = open_tree(0xffffffffffffff9c, &(0x7f0000000600)='./file0\x00', 0xd1100)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0xe, 0xc, &(0x7f0000000500)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x200}, [@map_idx_val={0x18, 0x4, 0x6, 0x0, 0x8, 0x0, 0x0, 0x0, 0xfffffff7}, @jmp={0x5, 0x0, 0x8, 0x2, 0x9, 0x40}, @map_idx_val={0x18, 0x8, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x6}, @map_fd={0x18, 0x4, 0x1, 0x0, r8}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x2}]}, &(0x7f00000005c0)='GPL\x00', 0x80, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x1b, r11, 0x8, &(0x7f0000000640)={0x2, 0x1}, 0x8, 0x10, &(0x7f0000000680)={0x4, 0xe, 0x1, 0x3a}, 0x10, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r2, r2, r2]}, 0x80)
getsockname$packet(r7, &(0x7f00000003c0)={0x11, 0x0, <r12=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r12, @ANYBLOB="e522c8ffac000062270012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r12, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f00000007c0)={0x0, 0xf1ffffff, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r12, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x6180}]}}]}, 0x40}, 0x7, 0x11000000}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000040)={'ip_vti0\x00', &(0x7f0000000e40)={'sit0\x00', <r13=>0x0, 0x7b8, 0x789, 0xb41, 0xfffffffd, {{0x1d, 0x4, 0x3, 0x28, 0x74, 0x65, 0x0, 0x0, 0x2d, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}, @local, {[@rr={0x7, 0x1b, 0x6e, [@multicast2, @remote, @multicast1, @loopback, @private=0xa010100, @rand_addr=0x64010100]}, @ra={0x94, 0x4, 0x1}, @timestamp={0x44, 0x28, 0xef, 0x0, 0xc, [0x6, 0x7ffffffe, 0x5, 0x8, 0x7e5, 0x3f, 0x5, 0x7ff, 0x8]}, @rr={0x7, 0x7, 0x2b, [@empty]}, @rr={0x7, 0xf, 0x92, [@rand_addr=0x64010102, @local, @local]}]}}}}})
r14 = gettid()
sendmsg$nl_route(r5, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000400)=@bridge_getlink={0x8c, 0x12, 0x20, 0x70bd27, 0x25dfdbfd, {0x7, 0x0, 0x0, r13, 0x20040, 0x100a0}, [@IFLA_NET_NS_PID={0x8, 0x13, 0xffffffffffffffff}, @IFLA_VF_PORTS={0x2c, 0x18, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, [@IFLA_PORT_PROFILE={0x5, 0x2, '\x00'}, @IFLA_PORT_REQUEST={0x5, 0x6, 0x81}, @IFLA_PORT_INSTANCE_UUID={0x14, 0x4, "dd778ffd6c08c0b6774b901bbf64736e"}]}]}, @IFLA_LINK_NETNSID={0x8}, @IFLA_IFALIAS={0x14, 0x14, 'veth1_to_bridge\x00'}, @IFLA_CARRIER_CHANGES={0x8, 0x23, 0x7}, @IFLA_BROADCAST={0xa, 0x2, @broadcast}, @IFLA_NET_NS_PID={0x8, 0x13, r14}]}, 0x8c}, 0x1, 0x0, 0x0, 0xd4}, 0x4000)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

[ 1280.733122][T17707] 9pnet: bogus RWRITE count (2 > 1)
02:00:57 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x73, 0x0)

02:00:57 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xd5, 0x0)

[ 1280.776398][T17757] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1280.867283][T17770] FAULT_INJECTION: forcing a failure.
[ 1280.867283][T17770] name failslab, interval 1, probability 0, space 0, times 0
[ 1280.880066][T17770] CPU: 0 PID: 17770 Comm: syz-executor.4 Tainted: G        W         5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1280.891757][T17770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1280.901788][T17770] Call Trace:
[ 1280.905075][T17770]  dump_stack_lvl+0x1e2/0x24b
[ 1280.909725][T17770]  ? panic+0x7d7/0x7d7
[ 1280.913770][T17770]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1280.919205][T17770]  ? selinux_kernfs_init_security+0x1a8/0x760
[ 1280.925249][T17770]  dump_stack+0x15/0x17
[ 1280.929383][T17770]  should_fail+0x3c0/0x510
[ 1280.933777][T17770]  __should_failslab+0x9f/0xe0
[ 1280.938516][T17770]  should_failslab+0x9/0x20
[ 1280.942994][T17770]  kmem_cache_alloc+0x3f/0x300
[ 1280.947739][T17770]  ? __kernfs_new_node+0xdb/0x6e0
[ 1280.952740][T17770]  __kernfs_new_node+0xdb/0x6e0
[ 1280.957571][T17770]  ? kernfs_new_node+0x170/0x170
[ 1280.962485][T17770]  ? __kasan_check_write+0x14/0x20
[ 1280.967575][T17770]  ? __kasan_check_write+0x14/0x20
[ 1280.972663][T17770]  ? mutex_unlock+0x29/0xf0
[ 1280.977138][T17770]  ? kernfs_activate+0x409/0x420
[ 1280.982051][T17770]  kernfs_new_node+0x97/0x170
[ 1280.986704][T17770]  kernfs_create_link+0xb8/0x210
[ 1280.991617][T17770]  sysfs_do_create_link_sd+0x89/0x110
[ 1280.996967][T17770]  sysfs_create_link+0x68/0x80
[ 1281.001707][T17770]  device_add_class_symlinks+0x222/0x2a0
[ 1281.007314][T17770]  device_add+0x4c3/0xbd0
[ 1281.011621][T17770]  device_create+0x258/0x2e0
[ 1281.016206][T17770]  ? root_device_unregister+0x80/0x80
[ 1281.021551][T17770]  ? number+0xd9b/0x1040
[ 1281.025773][T17770]  bdi_register_va+0x94/0x600
[ 1281.030426][T17770]  bdi_register+0xd1/0x120
[ 1281.034830][T17770]  ? __device_add_disk+0x536/0x11d0
[ 1281.040002][T17770]  ? bdi_register_va+0x600/0x600
[ 1281.044916][T17770]  ? vsnprintf+0x1bfd/0x1cd0
[ 1281.049487][T17770]  ? __kasan_check_read+0x11/0x20
[ 1281.054486][T17770]  ? blk_alloc_devt+0xd4/0x320
[ 1281.059226][T17770]  __device_add_disk+0x5cb/0x11d0
[ 1281.064225][T17770]  ? device_add_disk+0x40/0x40
[ 1281.068966][T17770]  ? loop_add+0x400/0x760
[ 1281.073274][T17770]  ? vsprintf+0x40/0x40
[ 1281.077426][T17770]  device_add_disk+0x2a/0x40
[ 1281.082006][T17770]  loop_add+0x58f/0x760
[ 1281.086149][T17770]  loop_control_ioctl+0x564/0x740
[ 1281.091165][T17770]  ? loop_remove+0xb0/0xb0
[ 1281.095563][T17770]  ? __fget_files+0x310/0x370
[ 1281.100305][T17770]  ? security_file_ioctl+0xb1/0xd0
[ 1281.105407][T17770]  ? loop_remove+0xb0/0xb0
[ 1281.109802][T17770]  __se_sys_ioctl+0x115/0x190
[ 1281.114469][T17770]  __x64_sys_ioctl+0x7b/0x90
[ 1281.119040][T17770]  do_syscall_64+0x34/0x70
[ 1281.123441][T17770]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1281.129307][T17770] RIP: 0033:0x7f6ee1968169
[ 1281.133701][T17770] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1281.153288][T17770] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1281.161766][T17770] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1281.169723][T17770] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
[ 1281.177675][T17770] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
[ 1281.185633][T17770] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1281.193606][T17770] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
[ 1281.201998][T17770] ------------[ cut here ]------------
[ 1281.207492][T17770] WARNING: CPU: 0 PID: 17770 at block/genhd.c:821 __device_add_disk+0xe7c/0x11d0
[ 1281.216610][T17770] Modules linked in:
[ 1281.220515][T17770] CPU: 0 PID: 17770 Comm: syz-executor.4 Tainted: G        W         5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1281.232246][T17770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1281.242327][T17770] RIP: 0010:__device_add_disk+0xe7c/0x11d0
[ 1281.248135][T17770] Code: ff ff e8 b7 ee 2b ff 0f 0b e9 28 f3 ff ff e8 ab ee 2b ff 0f 0b 42 80 3c 33 00 0f 85 db f8 ff ff e9 de f8 ff ff e8 94 ee 2b ff <0f> 0b e9 60 f7 ff ff e8 88 ee 2b ff e9 13 ff ff ff 44 89 f1 80 e1
[ 1281.267839][T17770] RSP: 0018:ffffc90002e27bc0 EFLAGS: 00010283
[ 1281.273930][T17770] RAX: ffffffff8241331c RBX: 00000000fffffff4 RCX: 0000000000040000
[ 1281.281922][T17770] RDX: ffffc90004706000 RSI: 000000000002db56 RDI: 000000000002db57
[ 1281.289902][T17770] RBP: ffffc90002e27d08 R08: ffffffff82412a76 R09: ffffc90002e27610
[ 1281.297960][T17770] R10: 0000000000000013 R11: ffffffff84c00596 R12: 0000000000000007
[ 1281.305960][T17770] R13: ffff888168598000 R14: ffff888167f19338 R15: ffff888167f19000
[ 1281.313955][T17770] FS:  00007f6ee0699700(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[ 1281.322977][T17770] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1281.329563][T17770] CR2: 00007f6ee0698ff8 CR3: 000000011f364000 CR4: 00000000003506b0
[ 1281.337680][T17770] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1281.345677][T17770] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1281.353686][T17770] Call Trace:
[ 1281.356978][T17770]  ? device_add_disk+0x40/0x40
[ 1281.361758][T17770]  ? loop_add+0x400/0x760
[ 1281.366092][T17770]  ? vsprintf+0x40/0x40
[ 1281.370243][T17770]  device_add_disk+0x2a/0x40
[ 1281.374845][T17770]  loop_add+0x58f/0x760
[ 1281.379007][T17770]  loop_control_ioctl+0x564/0x740
[ 1281.384040][T17770]  ? loop_remove+0xb0/0xb0
[ 1281.388460][T17770]  ? __fget_files+0x310/0x370
[ 1281.393152][T17770]  ? security_file_ioctl+0xb1/0xd0
[ 1281.398262][T17770]  ? loop_remove+0xb0/0xb0
[ 1281.402689][T17770]  __se_sys_ioctl+0x115/0x190
[ 1281.407383][T17770]  __x64_sys_ioctl+0x7b/0x90
[ 1281.412043][T17770]  do_syscall_64+0x34/0x70
[ 1281.416467][T17770]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1281.422391][T17770] RIP: 0033:0x7f6ee1968169
[ 1281.426806][T17770] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1281.446434][T17770] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1281.454860][T17770] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1281.462959][T17770] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
[ 1281.470933][T17770] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
[ 1281.478918][T17770] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1281.486908][T17770] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
[ 1281.494903][T17770] ---[ end trace c3340b11af94836a ]---
02:00:58 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x75, 0x0)

[ 1281.526058][T22520] udevd[22520]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory
02:00:58 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x77, 0x0)

02:00:58 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xd7, 0x0)

02:00:58 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0), 0x0) (async)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0) (async)
r6 = socket$netlink(0x10, 0x3, 0x0)
socket(0x10, 0x802, 0x0) (async)
r7 = socket(0x10, 0x802, 0x0)
connect$netlink(r7, &(0x7f00000001c0)=@proc, 0xc) (async)
connect$netlink(r7, &(0x7f00000001c0)=@proc, 0xc)
creat(&(0x7f00000004c0)='./file0\x00', 0x20) (async)
r8 = creat(&(0x7f00000004c0)='./file0\x00', 0x20)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240), &(0x7f0000000280)=0x5) (async)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240)={0x0, <r9=>0x0}, &(0x7f0000000280)=0x5)
setuid(r9) (async)
setuid(r9)
getresgid(&(0x7f0000007740)=<r10=>0x0, &(0x7f0000007780), &(0x7f00000077c0))
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000078c0)=[{{&(0x7f0000000800)=@abs={0x0, 0x0, 0x4e23}, 0x6e, &(0x7f0000000780)=[{&(0x7f0000000900)="1ad0621acc1f2b8afaddd9dc3c6ab29bb537a606104eef42c22969a4ed7ffb561ba2565e2bb4990b269481f1a554d3430af8a1ec626685228cfb84231fd219b49d961176749f539c00c026399a6ee5bfc00aba4402c6373af813b4430761fe99", 0x60}, {&(0x7f0000000980)="9588c9fb53bc5728073cc108f836e32186296e7966fb277d79e5b5ab5077b5030fc016774599cf88a3b2b2f7e9577898e4c2c7ad55175b7c6dd513f548e1da107a7529c18c090e2e526e9e098af2a8025b3ce8795ebc467372afef91e7005df1810854f5e05ac1331ef9841804905229f2019d3c08b9a938ab300759ae04b61cab1060dca31da85eb3f6782be8dc608acd304bb8cc2cd53c927d1a9224ef34bdbb16c86b0e76fe924187dab7e9d6e6f3dcccc1cf66e8d804b5a469747a26262b3ec43f16e2f257ecfa8b49131b08ddfaf12c5c1aece14d9a5e39", 0xda}], 0x2, &(0x7f0000000b00)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, r8]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xffffffffffffffff, 0xee00}}}], 0x80}}, {{&(0x7f0000000b80)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000dc0)=[{&(0x7f0000000c00)}, {&(0x7f0000000c40)="92bf3fc09193abc711d2c0d605c6f0612b6c95ae18494c649fc8d36fd50d", 0x1e}, {&(0x7f0000000c80)="03b3fa053fc06e63264f82a0304a27bde50bb312f763340dcf4c7dbb6703361ab9799796f7a428c02b77105aaa1de27aaaebe3f96fbfa2e641b765a89fa3ea81725faeb9dc833f39b67a4ee214865eb23970c6c6857e207c78bd04f58193cc1ccbe5209e1a18fb7d24917111f1613070c124215dd7fe1ff65bd47a9c629352aa0e27ae46fd243c47078a84b764dc744d954e26", 0x93}, {&(0x7f0000000d40)="319d651a", 0x4}, {&(0x7f0000000d80)="3502224ae3e5abd77ecbb653b6ec9d27756066d778741ac957d7de084ae3299fc5ca239a32ffe69e728c2e823c4fdcf5584789000c0e38c1b0fa5f94", 0x3c}], 0x5, &(0x7f00000012c0)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32, @ANYRES32=0xee01, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32, @ANYRES32, @ANYRES32=0x0, @ANYBLOB="0000000020000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES16=r2, @ANYRES32, @ANYRES32=r5, @ANYRES32, @ANYRES32=r3, @ANYRES32=r2, @ANYRES32, @ANYRES32, @ANYBLOB="0000000024000000000000000100000001000000", @ANYRES32=r4, @ANYRES32=r3, @ANYRES32=r4, @ANYRES32, @ANYRES32=r2, @ANYBLOB="0000000034000000000000000100000001000000", @ANYRES32=r0, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32=r0, @ANYRES32=r3, @ANYRES32, @ANYRES32=r4, @ANYRES32, @ANYBLOB="0000000024000000000000000100000021000000", @ANYRES32, @ANYRES32=r4, @ANYRES32, @ANYRES32=r5, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00'], 0x138, 0x48901}}, {{0x0, 0x0, &(0x7f00000014c0)=[{&(0x7f0000001400)="bf58c2183a48b054e30974a44bf3cb7efd09f8d940ecdd688f64f6fd098789fce651390d37cf9c9d6aa58650b6b80c9b5c6d54f5c52ad85ea5bd7cf0fdcec4bcd0a9bce3384da2d7f82f55950ec1c49ceb92a85653f33dae8191218fbe5770ec092960c252b4a5a3e5c5ccb1ad0208d6fb0c7533adac", 0x76}, {&(0x7f0000001480)="938698a1bd7e35ef24b5", 0xa}, {&(0x7f0000002080)="98a61601e01fc057e7c1d9d8e9d321a54189792aa210926b39f2a696266a53ddf5930b1d9a9a74fd1183121f316924b1b69f8dfb5de713a5523980181f02a7384690871501843813507198c33a2654f4c51006586c647e4b9a1c2f2f66a7cddcdf833db5559be667fb9db530d2c506ca01b211c280dbd775c05649fb7466831da3b3033197a6c2e10673cfbce1df1aafc4849621723a600327a554cda9d97663d7ee8375f294bad4805eaed906d41a02fefbc9b5c4b1f9a9044e259de821884dff4e96a58cc843173ebda7d1ca8c0bb7152f61c9d937e9eb3c59baeb3683bf470bdcc05e33a0277c9a9c94e4f71ffd40922f6bf1f6b7ac485802a541a5bdd4ac60e4c00af484363d78cd255c3dfaa1c36acc96b94bb1d15fd963c6032a7d14e8c957385d8cb71be70aa375cccd7bc94e031e75199d35559298f6bfd54310b0df867ac726e48dd315412fb65405705be7d20cbf01d0e25bd2f6c10f67488e95bfe27767ea23ac9c76c492a745d2ce8b2439ca7ef4ce9182eacace66868d7d9c79ea01fbd2bc775db1926f04d19dc8fff5771a0139462f18108be6f24f6b7041775d4c22575bc274df8fe650676fe675699ea36dee98552a93c1bd24d83914cebac280acb3ee3873961d7d3e513d2b030a3dd0514b98308b7e8efd1669ea04d4bc0cf838d56d242ab56a3a63b2c477709cb09b40b75b3c27b17880eecdf22fef9addfdd4f142ad6fb9e4b570f9366ae8ad0a06a13cfaf252faf94877e2407548449a62fcec4f597395fbc5f66f597d7151964be85aec4a0f8cd414cdd68e1f306ef1e9e341cb4b375e6993023408f0bdd99f900d4dbf854a524b31536caa9b3ff48ee90e9f21913a4294d099f83b6933d6495ca20afab518d6696b29ceb025ab81b845e7198e428e936eddee97f0b12e521877fc58b9cf1cb0ea128723d445004586fe2f02be7e42698123aa2c75c065068863a58fbbd90d0ffbbf15b60f3cc355ecdc58c2897fbc263076eef79e40ded06cd3422d8ec5ae34ec6679b2b7c149a7bd4102e9f25b1291f25db9f74804b49840a21aaa10ce28525bbe070d8c3adb488a3310334c1610a80f2759f5a20c31ed95a7b299a23c5774080a52581bbeb8e7fca1ac2d043e0991b7a119426e4b2c5d73fc2cd5233844b0efb5b02df218c57c2e57a91bfa13c7a92968f9c5f58c5fc29e5ddbdaf9779390610fd5a8f1dd9d1ebe5f9a02d1f5c3c31f718d90674c5ea9c024a35951f2f014a65bd4c4764f52fd2e82b92ec2159d227adf38f6497973af9f2d5e854ee4d5268a2db231a8a090b4cde09ee0e58de55edfa1668d94302dd3524500ffe41a51392b918bf2ba0b7f477ef04ec83b5850d1a2a304e8849a61fd1f6bd127530c6a87f597fd7b743bbac9d168a6fea5ec7640a3f138167bb7b6c0c1be7b48180a6b9d77e4ac2468897b11e563f9756c84aeb738ab2677f402a379ebf722a98876aad2653400930971c6f46e425aa1d116d274f1465b90841ec8f6b84dec455e8fbd978fcd0b044642083956abd19afa4dedaeea536874a563b475186e0f055822c5402a1736ebf4e4273dc0724e1d8769307845d1090b12da8aa7255f9c95f424f0bd0c9653cd06af90f90cbc10f2b2c488ecd99cca2d41e7a1e94816dca679d1a2713647b5c6167ae86598826f29d086433fba8c61ba22667a3045da2d5e6630df318f330d1129d424bbbc60e521911e5de60ac58ac65ceee2c9a421fa487e542eba3dcb71b40d301b194207846069e1a0d864e32fee2da38ed240cdc060cec19c61532b150c5c7bfd3cbef1c039c75b74edc1221122e5cd9004758af2b54f7993a9764e6235b3b757905643baab29459cdb48532b9ed3e74133c8b070e966804abfdb6bf91351cec68637ba36dfa07021aff549c55308fadb48db7055e26922a0496df260f4ae80ab3fa928a25b1c68cad568830cd8f726d2bde4720cf159dedd3882972a24cacbc18648d18da1d4fdb6a85e26d8c119330c03f53991342bf77477a289c9bc460663cf40f232d7ba407bcbda300cab53763c86c2735d68a06416a44f90345397bf85388fe0dcff5329f4fea21dc4755d887ee4e05fb9361481320341de890016aeec104b5d4fbc5e1c76a89975c2bb2e80dfbb47a08dd3443f082a051715d88fbe585bb3dfaea6edb41f7b02bab9a93c894f4f82bff1a55418959f7e4c14cc2d64150ff4c3532e0da04b364c7b36e7cf15b477fc276a0db894cc917346cfa0d98eb0129b6eaf15d5ddc1eeb0138174ca088f8844b3024fe90b0d9993a26e2ddd840cc1abd5e6c16617d9d8f4936954f652f99636cbd22ad2c63a300968171649bd1a40ff3f13de082b53cf7fde28af4393c179d33516eb3191954576692a1f04226c63aec7d38b8118a65fca0afe6e20fb7c7b3e50f88af97f81a5e2101b01907ab3fcf91191e4d1d1dc5b75589b472d2267aa982c76d02444e60095f5ebca24ed828aa1f1516cfa9c6e0ca00b0ccae7b79735272804c98e008eadf04f3cd83516e5783db7ca5d59877fc3b767d2373f09ee9d35e03d14d7cce5afaf10cbe27d61450bb067e182c4b1ff9f64081371bb102eb930ee0cd2823c5a8801bd304317eb2ff77f8187d4ef586d3175a234fc446760f1df5ccf7dd6713e141ac520def0c7444e7905ecc9ab5ef9cebba5c553fb6e88814b9e8b353bfac0502657c91d0c4ee34fdaf177fc706fa183833506ebfd8af0e2f16f297a5e53eb2e3a78f2797d0a19f9340a14b65c52418b8f3bbd321ae06a47d403a93cae216113512affadefcb3a25a4e0ac14f3c354e929efe912276237986f0502ebc2af0a5ff39f7d6613efa8b07b26cd4acedaec45266eb705fd31f078c333257c636f1410966ac853d14b87d8275affbe0a09cc68ddfdfa8f4e729da8ec9b206bc2702cce53ebbb6af7c4427e7e12e0913dcbcb87cd7385286bfb46266b699df604f7b4407eed082a1fa7217a1780ab6beef9e5f3fdc3795ec4f7a676980c54cb14f88372488b7bc3ba9cc214d18d02bc31f6ed41ced36e5d684017c70d6aaa41e240fd781bd071f3b8107d7d459ecc98d586300dcc5d3e9832c1c5df7745fe2f903c0114ca53d6e079ae9d8c51a085fe571f419b42bcedbd820c925eac3659fec269ecd52dfd699bb726a1161dbac5105387fa56a7bb7ff6ffe96271f1770a7eda2ef45e51400632d041a337d783e30b17157f893e1b4ec1f9d5697ce69211ffdc642062ae518ebb276a959f3f97bfa7950acede1b94d9e84e4ec7c5281fe5f83d8bafaf79f9fe8a0a026f96b97e7ff13c9ecba126ef33e98c5e6edaaaf4e204d524cc617db93daa15ed86e718bdd698927203554c8bb8f0e1b7dd48a21b493a6c7ca7d542399bae75aa70e42d626aae5393bc3ada1bc2bacda83af8f40fa2da8917a69d5299b6ecbfae4cc72feeed6ef2e1e061802f412d03e6c9ae6b51704fd42f0f32cbfca0558461b94460fe19ee88fd6e77b7fe4f1a48daa07ce8201e5c7096345b60639bde85c75a0b639900045cbb38a77af25064093fa8ecb4a8ef000b14d821ad70d88c44e2383c6268737bee7cb27893582b04bdc12494a701fd415e0244b9023095cccb13cf9d87fa486e511defaf9e6c83a89b92b269a3e9d36dc9f71d20091b41c8b489736ba5d434d8bc9274d89e620b26ec429bde9bbc6942a147febf41a45547d8350eea01783eb1dec26af2cf34bf3bdc06654a1b3e3a3907a78399bf14df8a3b699004a2a2d9534438e584d23dc9ea2013525d7f4dce2c1e806110269585ba7f0f26b80ad5a0e0a5559e7410d8c121e805d4b731cde4f165a7225f4f895960d42460e12e17bc5e49b9230cf5445b654d2ad85151b4ca2ee70c70b70232c20ab70bee710aebdd50535ed7022fcfc0031e9c8e67760edae3455a335377ece5087587bced8b8141c5873c21a47eeb090b4e0ac1b081619803b7ef917ccb6a39a5b25b4d75342cff5561a09d8676efee17d85d717bd4e1f90bd73df21dac08073bcf3ca8cf2368f927f5c44ec5db891140b116fb65e3b0530f06b0f0c618a495dc67907973627fc7805720d03cda90654f1c41b2f47c13771b15ff2518445ef0e6a571a5a4e1dae5d043d6859e2d98fd2dd8022eb924879b17dff3e75e7dd1c7d4ed8fa90bdbfe3f0bcbea2188ff5a7e1218edead1adedd9760471b71c2d4e83d70e6eedec750765776368fc6eea077a3b18b16d03fc785229dbf08f664691f2d10fbe0e05b4bb631ec2a3474ad2c5ed8fb3f204e380acc56667f9fb2a9ce5bb7fb16a64bd56637cccc425bbb482b819e9ef3f35283ffbd016f5966eeca11e418d6c074f22ae9b5021012666487b1b85817f52d73696538970eb95fcfdea11ce73de3269d515d4e656c60fe56d0ffc6d117a77295c781269043ccde5fc36b3155623ea525ecd562b418bb928831f44a9539d8c24207460c026829cdad26d705c3063ebdf39efc581c93904aec385c8068b7957da488db548afc861f68fb96e60b1b74c6ed48d596057a954cb86c189f7b416886e45c74440e152c9a9632c55a1574726d8eb49eb9eb8386e648751ec8a5fdd73b9082aaf416d1ee602bb83c991b5a4a8b60fa6d6cc9661c07562a4107c13e4611b8e5382e8819e23b36de0587f6c9fdaab0eb8218d6bbc066e0c025e06a3858622958b3b54e274e7840b3edb19ee0d4f206340fb5a1ad019a36330fc838fb84558a0d678c9382d71dd697b3d253d8d6ec4e22173a3dccfc3982bcdab15ec0f6d9adfe3f0b82bb0fa635c59f505e2983765b4deb9d8f1405d7263e83fbf6461e59ad3c0665ae3311c35f4ee58e95baeeb02594d74b522c61f2350c25b88358ed567b31ae9d058072c215acc8d03d6c82127fdb187dd3d731627d218cbaf11c7b3b15184e1686708991ae42b57665f4490fcd1c48ec49801220684f492a5bd99fa1b55fec107b4b75e87a8e541d330d083189ae3107f8544a4852f5381f769b8d361db9741edab89481ff3336be46aa38d6cf68c938db36bc0acb3c75f6a975a8aab58fc929791dc73229c5a863514127273979df0b2b74b70566f12b817329f7a531cdc9224360a5f7feaf523cd934dc74b0c5c39968bdb74bcaf2e69cdd82f9151448fe6d90ad6cbed3410882ac757742bf14260bc7c506cafe51572dff421ce60a4b0afcfcd88ae4a138229cd2c6bb007486f11875b099865b00f73da69ae862198acd6e4a0b7c21d0d6290ce6768f8aa7c88003f9768ec993157399e7e4ef17e9f101a8b190b59125d862e22d3fb1a117fa8b023f320311d3929d4aa03ec68b1703185b44635dcf573f450c308a978330a1a808a41b966210d71ebcd4c88abcba6502bc047e73a333f9eb433afb627a7ef34f89997ff55cfe07c2b1ffaf212d3343acd74df7d1423d90869b7b2be3276f5449b4bd00041fa7489e4e51388cb7a9e46de5ed19e4d2cda39a46ebbda568af9f3a82886f67fc124fa7136b2f468559e8f44bb35af8fe29d07add56db3dba00a661c51951144d7f092172cb04d7909b62c97423164d577edc12f60ec444132a0a00bc99fe62b127b1006b98571c351dec13849b5cce601e0ee34b067d87269430b4fb2b4644feeeab8777dded402d78e6c402cf091cb49f3275d1b37b5b3a65c59e90ccc777dbdfa9d459283b896eed1e50293551055250b92133059efeec2fee4e6a77b66582db7ce7d8551de102c4ef3ead8916ddbc0ee9a74c1966eafa97d2d2d68345e0e0d4b0a4ec6fb6267782bd19d5fa1301a3afa37e28a638befe397", 0x1000}], 0x3, 0x0, 0x0, 0x8805}}, {{0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000001500)="b696a0665eafc664a275237d805b310e268e3c32", 0x14}, {&(0x7f0000003080)="54b2cf1672f58fdedcd940615ee1311cf826f55c42aafd724530f85e349c9dfeae2e0934e03176c72b3f22c111a7a7de4f8ea1ba448aa6d8610067985e0e33c541d3ff6615089edd99064dbcd0ae1858c4242a89963049bc0de0f929b7f829e55a887f5284fe73e33ed55200f31aee29bd7d5d40b15f6506513c051658560b28b6947bc1913f246a71fd34c0df5de36d5e9ded7506347e6d7cdedf11866ed5c9875f3e83658f489de4ed49888db44f3382417e070d182739f20f87ec4fba98b847738d716c937a2c21c21573e621dcf4907fd24e5463cee2e676cc3c5f141c78459c52f8f78d682eb7d0c8e0e4a2f5418d086950965bca83a99c626246b7896f0e4bdda9621c348ee0c44d352c671ad37853089ef6ef20afd9ceeb139699afa6fc753b19354b13b42404636e547937e8ceaf7003a869165cdbb40a9d60588605b0eddbcd947e2f14943c57f29151b65c4b3853c08a107ad4908e6fa25b5ff3d38d73b40d269dde1f29c0bc99341e157b7b6bcd564216169f938c4f5cb620b2315b2252d52e738ec6f3967e37b7f961d5c89cc08e3ca146def0e2c1859ea0962c222b83ef55f4692fd55451485492be887decaf2c6e1e07c57bb9f02117faf57b24140dc8fa34754270a8c32e49a8a3a485bef14a6b09d80cb0da580345cb236f49a1d5f859e676fe3bd6658e3a44fbc3f3acf480afc60bed8095e1f42fd88dced3fae32a3e30cf8c19184c0bdf73e5f1a36c5aeaf56d6afb89422bc661fd047a75a86d42982ed2ab1364beceaa5998161cfff9d430a0f93a04d1deebe40bc587ecfd385be25ec62a13725571fb0f1eeaa82511594eefaf3d3b23798a14cc320b0e1b4ec5b619ef56aed0f0ce848d7bebfa82d0f7b7230f234f211ff035d21cc4aa849fad88b9de42deb64e60045dfe01bffcdc9760d44cf0c75a2edd46eabea3a8c702d596db7fe0e43d9f9134b7f85a514db4191f9fb07710ce7e09417e781811fd3e332be101469acebae43c0624b3f98254bf27603bc77f76be1c8555d159380080828a90744a0ae49b37612838820d3716dc2dd854f2dd1ae7ecfd100d8322312f5a10f863f0dbc91d6fa97f0b0f105202f042666ac29ca1059cc6782c2c6531dec67e6f9a8cbd9eb612e73df295fa48f6c1a56710b822dfa01de3c6d1deb26ff7f06299cfb00bcdb2c28dd94d528f564eceb6ade170c775d49c28847f2d3685ce7475827e8f028858a5f12fa0aa5e17b945b4d6c8c92599e3866733337861369b0542cbd83428b29074696dbbea731b8748179e16baf6e953aeb88a63aeef9bca71158fe9e12d1e4dc02ffd460adbfb888de610af0f6f54e0faf0278a86ce055adbb7fdbeda38cc68b32757faf484de53804a418195d3e92b7004ee377fd54b578332b5272f5dfeae7515e62a9af6f88ebc23d06e652ccb6a39d8f7555bad90266cd0960829472e633b7ebb988b6fd15e9e7917bddfa9cbeb35699ffa30231d1afc25b8a8db6a60cf4e44691cb2ea567b4acf577c4a6715a2fcde0bad3b36d04150a81b664c8f876edb61de8ac58aa7efa7b66d874f45ecc2e19a1ba8214d73808dff8639fa881380b4100d76239a9070c3e1df7d07d22e4fbaa3f5a91653cc5952748682db2ee3688de0004a4f775a0bcca63c06dc05069e74802ff4a7e8ac766aa6ddc8292c4b5b4fbdd7740bd400f41861c4cc2404a6a8618d620855252ac13fa7d5665edf5f2264876c1285099efc12fec6210efc58bc9d85431ba478248cdb3a2883604b214a2fce03eff77cb2e3b7577fa6ee8a8bdbf55fd38ad362f9ce2597a2b053a3cb5d9ef1d152a6a961aa460b810e18f8c638a5baf7d4a989ad05897f7a5e58ae63b0273b8e53f3b278dc415c617f2851287c54a316c355b26ad905da44a1862e024d0425178dba734cac6e29fd0e446776736beb6f62adf6ba02ff9f1a5d6219635b6b60a62ab8734f64c3f36948d69c8daf472c3c3adc547856ee337c6c3ba6894037f8958aa45f4a8efeba853fa4bbcf004c54b1defdbf6e4b6d6675ed11a9b7c82b4ecd8184fd377b2d17874d909e00e784d43d04ab91a374699bdf54cead5d4c9a912d0d666cdf7076156f9e8cf7c2e68a98bae574bba5a43fded7fb49c18ccc260b402e8fc0006ca37a50e27a4a9fcf02b932b2de924623f8464060d30dd74c0af2a6de66ceeb86b53547b21fa783c64ec57b5721ab043d6144ca5c46e460795ffcb4eb5888dd2e4fcb01103142d9d4b415730d283f09fc0ff78490dd26009d913bceb1b94d4127fdd549a9ce52993c25fc7a723a4b99b87d0431275573cab2f22784fbd17f55587b175df9072e0499c50b5bd64ed58d4c8a7c9c45b2366bdbf4b048ee2533cfc22645afc6d35149851e42a5d1c074a09b361a20d1ce2c2aaa622adf7669a4ae1502dbedc432fe6c996347f6eecff87ec47ab35182d6a31fb5f7924a609e3b0166564919e626fcfc17ef8f3b446033c631e4fd984bcd6f6050c68ae20a5ccec6714a7be4b300505f014c55ffe7163b366a1281427a0fc6a5ee8dda2e3e86df875f84bd13656479b638d96cfafb0491902a2d8a9ca5917fcae74dbbd80160c0a7163c2865d9589ea1fefea21858647c14b968784f615b528c08a3b7046b89da22c1548e9d721a6801f5fd65c6a113b31c66bf9f869d4c9ab0372df64e201b9cf5e0c4ff134a1f1cab706ceafb2e847e84dfd8f675b6a76bde2cd4535e4f88c7b2cfa8ebfbc496dbb3c07f0b739ea18f0cd49c6ae736f5d69e4dab35d060440d200ec43428643845a09696d28d8d6d24a7aeb51c3950de965ad7f90972ae621e5c41b8e4fc271e635366e234cc27b41692f09ad2b5548db03d330f841adfa3abc1c4eb693c3c079c70aca57769e0c9cb1a34d7bf68f65db8198b4f1ad784e54eb663819acfd2190fae29c2caded9cf2953f0fb6312e212c1c550c906796168e30106409d29289d5465547f07a04cbc0564e7f51324af9be56bc8093ed0a71964e9b833b95bc9abfa228fc2d669e3fed0fe1b0795ef7180f1b40ce8a3442c70fe39d19b0752a644cf60fefda94e70cc1fd957248f5b592f80950a6d20d553b661acd4aad906a7f8814093414861878f91c3c1c62d7bd8ea977845fc4ebc2dece2b709aae614b5888e12c44925a80aabddc69e13f65b7ed703f893bd1acd5e0cc27c22c61216417ee33020e355e0c084f06ae6bd5429af5e8a3f48172b23f15a83d9b936499989a5d6365b76b555db544347f8de0c3a0b693246d2d785eed38578e11c0fc5849bf5c9517cd24609a67c63133117d21ca57638c5a5bb0d2a7d15d190aa39154a39df0fd9b5e0054bda952e14e603d8e9f697fea52cdf6212fd1b8377ae62dac62400fae7b81e0926e7e34fcffb3975336a8f51e8b069f114f0c2853082d91bfa54eb362a8d79e39f48bd0028675c38ade3260fb7adb9d5aaaf30743615808a69b4f8d07e94ad85793ad0cb1a154cfa3b62fa858ae44b46b3ea62b2531750649f9641ec8c75aac2efcfe0084877a93183604f38c640ba9846c4a7a1bd8a9d26407b9a8373647db94852dd91a155183cc8beac5d0f057342a4688836bf13d1b919c08a124bbf548bc9c581675876241d7f8e5f4424e191461599e875510b2c0770735109c8dda564125bf72c2696394915623250a14b8644f56bc5d8a5cb1613fa3b09ca9fa7da8834df94a8c12a7def69d7e91c42e939fbe4ee8656f3ff4f4015f19208ab4ba34942dbc835b74f6ecad124dd198637d2f58d0b3599b3519509484d7a3d7aab7a48cbe31a16762ce5ebfd0c16b087f494f344082bbe07680586604b388c6436b55a2166b5945b2c29a43a049a649988d37d2c929fb9834dcfa8c3e65c1d144cbab529b2bb60cd5aac40d51f88f6f97519efee5fce1adae47ffbd8c830af37c3e9090812e481f9e21af9806ffb308de085530dffb38a654c2e1fe3c13fedf1504dd4c934fa4bf886404d9204570257470d10b8b5a73970035c38d2081d72086e073951c177ae13640287854876499c86f872c31f1e744eeca84f8a9445627085a166057a5c30bf63203fc259c64813b6d2fe798f626d61f77416780fae1f78b99e8fd63831cd4ed20b8a4c7e23d9da82d1921dc753a951c714f366c6ed2f96597ddb9c0a6f48cbca24b2aebf853fe336b9a5c5e0b5aac1b0413024dc1bef6667f9dfceda373fa50b40ef7cf849deb84398c7573dea2c43bd06efc93aff811cb792f9650fe26eb5bdc30312533745cd7e3ecea5ec37ece2a776a694c056b3847358b837ac60f682371c2cdffed8e75df19894b838861b97796c83ad78407ac43a66ff8dddcace9fb2466a81dd46c9d13c9701bf2ce64d6348ebe0e4d4f0e4780209fce099bdf0b01a34e0992141e3b2c3064dfef9633539b08a430220cce9ad1a3f41c5a0b0bfc96728710e37f25567e3c746cf8db01b43911c39004c6b110767429bc3fbf6bbe38515f3a5d853d2000900b429bead83d97bd97cfe9d87ecb780e7e3ed14f37a3f8b102a5598168f7b1d9e734761e21414e1dd1feeb78a25e6bebeed845a8877d53e9fab070df95ed89f62dece54302a3ff44b55e00f00f5295b8ddba32072a17cb188d714a65485b9eead1f059ba995bf4bc60c508c91b2f148c609b2bf02ad18c89273b3ab71dda719669dc1626a685f88bd7d77188a3c1e124bbafb6dcde247c01ea68748ddda0397b892922c974e1c6f5b0a50defb5b168bf1c0b37b8cb3a80f88c0006ccaea5992f1f85caeb498d42f160ca8c9d178a69ccc0f60e27a5c1853a90bb3fe5059ca336d4c40792a160cf8870c324d24e3a5b5b8917ac9d9a8a284deaf3d584fc2581478fa506b3467be40bee7fbc24a5c4007435175a16cc0e7dc025fc574e62473aff3aa030b884266e8db9bbe9bfb87141c84a3eda391a2773421a078b4ff9ddcb9bd387ce7c7ea6f495418bab52d7117772f3917ff227ffd4b7f97d404e9db77faedaaa3f6c9c46990a4ee9e02d6ebde36ca492974e4755fe4fd75cbd6cc75e8aaee8cea676ac35d59f8b750cf9bd745a1f93577f8a21073a0773975c1f64280b6daa3f7e59a109f4db0e7e086caf99195901ea2749a4d0be0726d5e8823c8d9545a96aceb686f5b1eb61d81561f4e5db14b28a4bda537cff05cf60a80b12e693f308448e7fd11d684d75784f47914943033fb2a0b47c9c9536208ea7817f5203cb678bd60163cf18d64c2832e3cc8c5621159940e5be581f32057093ca6fd1f4755424bd8d7a671721f057f915e943fb3f0b84ab3cb52aa8e59e9d2b0f1626bdc6253319dbfd533946e21ede3c507051e54813472a3ab70843dfaf00e882d7b182b58f7c483fbfad6c87d345cf1a05b5fdedbbe9670094f79bafa87b59151087da912aa0c89f9563d03ec2c55fbb334a79873e773de3f01fd0400c5492d7477a87fc78aa722e205bff6584975b61f9e0d927dc36a8616c22825c48e350c83e83eb596b94c0a5a98d2ecc3faf03a1410a05e0c56af988037ed9269c8f334c767c44e0c8b0f2505bf8c6dd40e95bdcf41b5fa2bf215c944d2f42a5fa061ce7cac4dc3c527c2596439245db3e6e5d42e8111fd6af44a14bf4b7a4e652f4e19965bb65b6e0848a7301598ffc921dab54c9aeb56b624c535effa1b7dd304d0eb28c7ac00313174cad84a319b8c37f6949617236ddd1d0a4662591243ac793ca61e1c7d19a5ec69d961eb2f6b39bc3b6ac835bf69a0fa64856bd7fd368ef21a80654f4e09e1e747d9d7f22a147996823ca66e8c2096b63cae", 0x1000}, {&(0x7f0000004080)="dd7ba02cf3d86cf1e0145aae5d4d895615bfb6f2ba45eba6e196c7ac271f2e8456ca5d32512e1a8cb735738d2ef0a76716c3c66520ebbab388de0a9ec16a3e9647b899c66523bffe2d4874c072f6da30a5e23963cb7a6960fac6042e1f99a536c6e39604d73d861b58f2118c26689282dc0be66a5a60123d6b663ac20f6444ac92bc3b0aadad83dba8aa555cb96fdd0298d0bb4f9c7648a6dfff2bae7f7621718e0a4ad2091f8ccb709e9d22d70b73d17301c77de48059faa72b3c793e942bac3a85054fecb4d3ce9c2a3d344638efbed5c7dab6056c802dd6adb4484e5b540b877476623989108b01b479d10af7ddf702b52050aec01840075495b39984664c14e72a87e5a782d1e051347611e1959c99ca5f6534f8f6c1721487fe5aced2c65006cd3e20365d16ffd95b4aa821f6f7028b264fd2ac8ef96776cce4967e6962629e7958b6286863c533eb939717a84182740e957a9acb577114bb530074f4df306a2b66d74222e828846d271124589b8f0f594d24754a18981b5c98a3e990b8466b40f2ee439fc7d325b2451da737316f8cac761fbd4de1e8fe59edddf15d6f6b60c3f016043b97b26b0f51b33f038e459c9f07a24ad486f763b36667a9009e30136396fa90cd1cc0cfed95dd78b8895f206ad97d6dc5d138917452f391b23e240415f34d6022db9bdef65b7864f354d4a84f2bafd3756641267aaec004125bca06850b79766d187138c9608be3b501d84bdebe1efdcbefaefd5c7bd86bf4d8481307068350760f675e7e615f45fd3dff0d41370756f5c7b7fa3de1b57f1e2c85f5a6a7b422fb98db4fbea6bb89a97edbf920b5fe25b589fa7b6f9a94c58f86bd22a0016de68bac6cccc319a189cb099ee75ce6acc3e9047fef3094473fa9af66ec42aa7c3f02024e0ca88b884a50a77c0dd060dea8f627a6dec474af5b3e7eea0953129adebc7b295dbfcce4b7210252a5c48e6a7f65355db79a2fea5975c972dca0764428652c7808efdacff92cdca9167ebef60cce3883fa92fdfa22244a459b2a178600496e7b8ded2ec1d0934a0edf53b26a960602dbc78c76d199d5825e1f7b584a3b9fe504de4852ba34d6855d92846a8bd2711443aeb208f4b690f086de9aca72f2cb671aec31a2b3c82ac9a023ca0d72047d4cbd1ba6ccbdb45184b2766f7ac117e1f67c31cb48d8937720e2a5455567cd6202ec7002582a21d5bd660580065c80f696db2ff2817c296229511c88d4fa64a8fec1f3ca1de773501b0f6c267d1c0ad9e9dddb3ad8b63d36ac3b8c3c14570a386a791af03f09f1acb346f5658789460cbc5a91725b8c579dc0f2f89ecdac66352e8fe5b1bf40d896526c7e0b9cd18d688ebacbdeab5443f405d9cb29c5ec8f41fd48d5a092c360b17248ea096c0195d3a15e3540afa4315493d7f21149d5d4e2326dd47bca1f1e40ffabd1d06ab7a62db96deb1840b5d4281b1efe261ea21ec29648b745affcbad20699c0287efb59ef31e431438f80ad3ff010f0b7183838c304f98f3e253466064ecdb517176d94e0192bb4761f30b008262d02a11f4e367d231df6e08c4debef412767b1beccd4e5d43bb6d18d3ce022ae0944c49f032770a49337aacaed7002aa3c58220b2470730f5c3f552a62e4b1502951a32dd312d191e31bbdef58d46abca1e133f03752a213b937c0abc9b27088ac67aa63ac3ed00638c92b06211bdd5be393fa0cb43812a1fa52fe53490ce2353ac965b860bb91e87deb6026eafdf25af21b76a504ef918f09f16029dd14082d80184be814f8bc798022a9ef0be3b03e9c2a04ac2891500c902ca06082412193a470603aea1ddc8b70071a03992b9e9af8bf756a46084b3b9f389214a828977c1d177e1e8ac992722c762e3eb2a4f8858b3b073e1982a73e91e6bdfff6c8b1142e216781ad7497bbe0b82a48b806326745a95aec5aed1c820265499ac023714cd4acd23d913de92982edbec544ccd0a88da30e3791ce8f8b90c5d95e921739a2ce0666950fa2bd312b030c12deb46964c699cb6445b5094dc2af649583cff54c62e7379abe9a558f84bc8febcd9f70d68e2c6d07e4a3d5ab362a4ba73083452f776b67f5705c36d395c570e5c69a28f1a1604682c23aa46fc4b7c4166421aa2ee72e30cdaf3c590aa9fa30691b8ac74e22e59fd42e21b5160bf27e3647a8a3a2373bf8b1125dbfdff141ece13919948d11b00d31c852ab96564fb36f478e307766218462f98706931040cb55755a9bdf66278480b45e6bf0a76c25d36f0738cf779c85dc13fbb414130db1dd1e36c85de6ff8b1f27db2d04a7f9f9e01de02251656bc7fd0b1d83643a47144555932a0b0dfc2acd96806fcd5bc67d3e7284bce19944bc466f55d2881aceea0ec599660658e51ed32aefbce9e5a1233dc3e7da976667b8199bc3d82644a23bb18172111db413a6036fa36e9045554acbcbf04d791a53cc702f554769e2e0f53817322e81879a768c65e46c9313eaefd2ca78ea5143458e1a9493cb888b81a71deacedd4c101a1f6720525012426aa6f91c8b1373b5cd484c13ff28ede036f99f52250486363247ace924ffba32f09436ed1b4ece5776686dec5a3b2982b7759e6c3ae92393dcc689518b160f847069a9697d881bf8b10f997970d8eb13515c30b62046d5fa7c49ad6e63084441b46d331e3fca6dce4639753c04679e0cc2fd920bbb7b1a10dad60d065658239dcc5cbd6eec0f47228c1bb59728f29b44890430e36a0a481ca083d5c91693646fd8cee1d676ad9528c066cc48c1ab9da210eadb44f64f1f40c0541307b745da8b8e3dfcd4f2bee5c98651374158cdf17e031b8e989b98db1d298a5e3fbfe0d82ebc3f875050d5fc88ed2f862f231597971ffcce8634dcb0ea0eaad4cf9ee18e37ef172aece01b3f3347b5dd0275e1d5cfd25573998c62a2a022d42defe8aa5e182cde2a2397547bf19e27b7081ff8947fa2d65bd0160df02e9ef82ba791caffe146cdd9bf1768d052c4a975c5aa96c00ab5da843331cbab0097863eba2e87e3dd9188a4d959c37e10f22e5b0b2e43f9862e95a64cb3cddb1ddb7802c8e79abeeebf3144213c33e13b953cd0950ce968636821d11809cc766fa60ccf1402199a086a5d74371b3a82e5a27d97d17d2ba67221b5ec179ed49494b4df8ea775c653969bf007bc6647b48a08be5f308b1b8022a0d3928ffffdcce1f354e7b8b02628b7fb428d13557d311fd970fab31248faa719ca0420b7572de1a6c15976ec0dfa39ba5cc0b561cb4218a2284597a7c4263173a1989cfefdcf53d94b25817006272b199e2163e6067df56c93048237518d3f0d65f55d5119dc16682b8d9b74b20c7f6f75a0d4bb675035bcb88dbf731955808863b8a89d6378eb712cc9c716bdd82bb0aff61046a4817949e4993de21b6819d731dacadde0f9b0589e17800be875ea1b6483c29b8124528649645c03101c75635d9e7e0a5fc7bd021e8e5bac1c6ed9cc128b4ea025c4287e408540eced2cec659b13947ef034fe2e50ecfbd9c26c5adf54d42ce20ba2dace291b920f14d315942efbc33781588f6116c4b589aeb94c7e5d427e9e472058fda9eb10ab4c6bb2bb2b25f81d9d9ad2a3af39104677b7d276faa17ace4c80ed4872091b2289af0a2395a0b605800c036cb52ffcdd8250b46e6f768b5be3c656a4118d7e4f61852b46a736bcfcc123a67fcad3c3621080497e95b546324ea1ca46ef5ab1b10b492b7c3dfcd5b06b515fe090872ba001514597b35098c3dd96c0a14f2e3fa9ec8cab8023488272e844a44e77d381e7403495f70155711e59d297d810a636789f6818c0773599cf8cb0c24bb1f0f52603f263423d1db5e6dbb18b6778e438f26c2624b35145bc1a4c265caebdfab4c8cfcabe7409746d57fc00272c895c1a3ed3499af086a187f9bd297e52d0f2032dcd029346d84f38f718bdedcc31abd09ff111226e50764b4a15b6c765cdbded294555d50f306341329f823c503a80b73bede9d9886312404f63e034cdd61a7fe175204afb2b5107fdba0b15c2cbe6ba185da4f18800fe758927c5baab8cca3da57819806dd4bb8b3a2de1fd16797de50b5cb79a1482b56c9e602f488c9f6546beac4403883cf35da1f384f48725282ff0c732c4e630504e959330700bc6d19e46d017a549a1862f88f0ddb13852f90ad3758041faed5ea78afb6f3bc265ac1be9851fd78d604bf00120c26c7bd970630f7c837ac6fae6ba185fc723b7313ffbf5ca97d6d3a9618c619bc5704047fadcd031e9a2ef4ed3524e50ac59c544096703b4bd64fe74493d081e10b0c7b72df6144a4266f0e4575a98bfd6bf0c5a8d58ed0ecbde34f99e17710e3d3507eb0daada5532ba7023c4e131679eb08d3c35597aa848c92e5c8ff44cf13dae5ee8692994b48ab479f7ef8989564a6c2b87816f69d1aa234fca7f9dbca980c263979c758a102ad5ac93ccd829d40085ac508ac45dc32f2d95b6fd84b81e4e77ba96ba88d06db7689928f2f8ddadf7f0a9b62106b2417ca1345dbbab315cead58299452000cbfb5d4d7f5e83f1ac965d7b0b165c1a54bffed6b03490f52bc6b62a1c165d2733b09b158a36fc5c527fa2fd0204116560c11b2e1792a998ae1f6873e671e9e7817618f91b2cd374a54013e713c9e21d04c6e1a345c0f2ac20e785696c7b82076ccc7ddc340e18c9b8e15b62b8ad53f906ad85a40e993d354a4b3d38f0937fc413327e2f79b6b963976aebf2029fd679a513a7c4e5901cdd328eca3ae957732dc3423950cfe388b2766f907f50ec97f79747d08dc82fe7a24644169dd75820617af41873c516cab27371e5902184c5bbdfe63a050fd4ff77ab1050bf2d07c6b1469db790a8f64ce799531b4ed5169cfdf0b8b293eb30f0b2e8c2b9bc90713a64563204a232d244d3f71695614cd7ea991a4c6932080b98b1d3a9add6f9f122b9d2eed4808c1cd3f1247452559063d4096b3738d708e7d7f0e04606c72632f5d99825a84b7e65283dc91f2b2f4485b7b9fe27bfba804bb5c352577866e11e9d579d45c1ce01ec4aee1c5baaea1587640726435ade27240f388b255c34d31cbcd07d81747f8ac9b19dfc6e026e77ec884a5ce90528900617552907ab33ecdf6f08624703f59838df6d8a8b540f43515a28ea2841ae990deca7c2263748ac4600e139fe38b5e422c7a6780650712a2f452e2c59281112dc88d9efa879d19ecb5f1aed9a565dcaf10567155c9e8df587816ef90fcb13209d423e2548b104b8ffaa5088a431a98274b946fc55ee403dffda0c0e7a81cf22d08fee54ba7a2cfdc161fac3eff8fcffe0346cb15856fe61bd4ee5e800848a7d11d5f23f9c2ee810183342c1d3d061ca01c585e7d1f0bde92ce436553a5905072a9784279ea1c475658583b55c743f19033c625ab0d2837c3d39f1169c1c710392e176b4d286c60172af97b8c259e414248062b82d235f39e5811d9298af8b12346160bc65e1e9df61d30ac075e32155647bbd953defbefdcffc74ce43eb48b68ae4ff540ff5c08ac659c6f4670475bcb1d6a5881e89eff50040068fbea2464f225812f1b53e4105a9f45860ab88a2c8cb401f44da9a7b707445052e945e3ceee6ce38f5e09688e469b445b0335f9af7a950b8adb6c702f04ff642975931f9d96a17008a13f2c5995d60550026ed46e6ec820260394a9cb1c37c41e0fef508d0fe58e07d02178305276e9582a0912d81caf86f455bea04feac1624fb7367bc92bbb4ae48a18d802f24903b695adc8bd84cfd8e9bbd", 0x1000}, {&(0x7f0000000f00)="60183f53421a925ed7b365ef96e28ab05a6b01f19f52ce8b5ce8f0fa6c16f49496dd960b798b17868b0dbf13d35d6da7a87d354a1cb409f40ad94b8ccd01c2411ce5c0aef5dcf698150126ea31a336a73aa5f1974feff575698d8e396931c72dbeea0ffbf7656ab461edda94e5fa0abc064b538d1785cc5b488a9f443d6e54330c3378fa4d55a33c16a471d06a6579e93fb47d7f5ec734a19c1365e5d156a62acde11237453bedb5223d373efc5c44a8db61084c3806975baa2e6d4727cf015f49dbdacd", 0xc4}, {&(0x7f0000001580)="cf1e8e7c4ab1b50f0c0887cc749ef60ce0ea1ca88ed68306ea0627162ad67c1acef19a62ccec1461a9bef549912fbe1a423ae42df03b712a80e895266e971ad2317f2f646c0a28cd150da3d0dd9a269aba9012ec340179005bfefa0a48efcd7f0a4f452c99ccea62cae4525c0bb1d0bd87043e2d1001bf5480f424b62d8df4504166d319a8e0216927ef0e875ae07ca74d328af674cd5359c349f0d9d93e919e", 0xa0}, {&(0x7f0000001640)="f9a8e35012dfe4fe7348f1313040d00e151ca1108f06db851df4de8c8dae2838ff236ec571aad90ae86811dd6adb375cbff9d6666e3c1c8f0d0a879568a54eb4b1cac3081eb7f65fa303a9fd9ec82c1dea314b01b10336e2ca800a309fb5ea2afe5b673a514815eafdaffd5ac28fc81a8d5c7f1e66676206e889c384df0c65759aba64c9c3a219ef382e5e193eee9f5364639271fc32997cdf76766614549b40eb5788c099c922ac0a8bf31acf2ea5bf4867a96d827ee791200d178c3d36d601167f16772dd2e1c5fb7df786854164345a511a2fa290ee438c428cce6256378f51", 0xe1}], 0x6, &(0x7f00000018c0)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0xee01}}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xee01}}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, r5, r6, r8, r1, r4]}}], 0x70, 0x20008040}}, {{&(0x7f0000001940)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000001ac0)=[{&(0x7f00000019c0)="b7f2744064b2b617760de4ee2f74092689c158a687c54e8272c870839950249c24bae0cc", 0x24}, {&(0x7f0000001a00)="67cd103ee276c24d3227090bb311b94fed93c981e761ec68b6a85b1718cfee5815f5f48e8c1262730ec0daa18c2ee72f42a30bb75291f62ed9b119a8be4bf1bbdc4a0b56437055c7c847049eeff69dfff60ff37e062ebafe930914394d5304e8c2244aa46f45d3ad23095a6f5e0db66e20c27eb080e57237e3850848f14ba99765d4c9c631892d011f3d304bab8933126974832ba183a29f5c3bc357f863364606f8e1035a1d02c776f21f1634d09f5a802a4dbd9bc10f9f5e25", 0xba}], 0x2, &(0x7f0000001bc0)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0xee01}}}, @cred={{0x1c}}], 0x40, 0x10}}, {{&(0x7f0000001c00)=@abs={0x1, 0x0, 0x4e23}, 0x6e, &(0x7f0000001f40)=[{&(0x7f0000001c80)="f780d9b6e316c56756d35329feb74ed6a00758574da99dae16263e43b315d551d30b317446fd5bf2e2f2e7e2af54c9a477d03db65aa6e5224300781d8d34e0062da64fcffdda0c73ed73545f697e6159b70404dd9dab8b0be8bce788c8ae554d8036a7a1f1bdefafe028762c38119fbebf68fedd7ee9dff835e33d936ea0e3d73c54a9d87963493a0a1e0966d22b7cfacf2c4e61c4e42cc70e70e963dd0ef5f0a544c7f892f6db5d2b66afbc842b1899", 0xb0}, {&(0x7f0000001d40)="77ca4735b92042ddd3c7ecf69d251d2a32799aaed5044e08f6a7e263f27a2e17780a4c16fd6c6e315cc902934aeebaeda8679554a2de8af9291f4cdb247698bffb553afb77229e46030d2e43019ab2a3b56e813b511a15a374fa9de1767f2a31c0669c52e8f78b5abf4286546e2b18c4537edb707ffc610b307be577184d00eb90b3438c6f7f99e07906d44c1d4cd70ee828ce402740de2a9904a1502c140782eb57e40fcbe2920a25e9c34b4ceca96f66dc7f41ab4988f6e3ea5d8a5e59756c4a22a65ce909fdb401f75a819a7ca5fce771f11a92ddd8719c363545484a92f44e4c9c592afd9f7e", 0xe8}, {&(0x7f0000001e40)="82cf71500cc3ac5d51866bc6b1273e47427ddce4e557b8c8120de3d83b29f2cdd1b478311fcbbc2b31c1831dc86a17212fe345ffa12321ca68a3e2ce611c9dc7458b1a5d52d5d56b5319e9a10f809bc3dd47613b04bb7c518396a62194ad0e84e68b1990056a8b6b3f2079a66183bf09253d7c1246ebd3250fe9017e8fab17de574d694ff1cd63094d1b8062a7541efc951515d03c18532125b36fb5cff946dc0320d3d74e0229f510ee82680f341b11d58d37cecb303f3525616d2e9fa4eec95147acedbe66021d4b659e36bb08dd3899ec534401bd0f7a2e58d187cbaaf8bfaf5d698ae9b2477d993edbf1e06355c0", 0xf0}], 0x3, &(0x7f0000005180)=[@rights={{0x20, 0x1, 0x1, [r1, r8, r7, r7]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, r2, r2]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xee01, 0xee00}}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xee00, 0xee00}}}, @rights={{0x34, 0x1, 0x1, [r0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r1, 0xffffffffffffffff, r5, r8]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xffffffffffffffff}}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, r2, 0xffffffffffffffff]}}], 0x138, 0x4004001}}, {{&(0x7f00000052c0)=@abs={0x0, 0x0, 0x4e23}, 0x6e, &(0x7f0000005480)=[{&(0x7f0000005340)="af2a28f933da1e481db48b7c006d23d992422b4cf05b93abf209a711e6879b99a032ed579a10f01082447b830963e58b9e04120b058df6bbcb1abc212e4b36184047de051c528d25157955dcc62868da634afe7b2f5a99bdf3dc58b424f1c7bcff33eb8ef6957339184384202e", 0x6d}, {&(0x7f00000053c0)="665c226901dbf35fabfd1b103cf4265476d466deba610c35457e3ab1216196e93178f501c1a9411f4e3fb37cbb842d1eff1ed427043ecea873fc49c239c2405eaa59fc632cd84e613dce9eb8f6685ff9c773abbea5b7fffde626f3f3fb4497f2cc683eb23a66716d3e70262d9502f1f336d974458c1489f592d80bce3da88fecd1c55edc7c68d3e846a94daebf6959c06a8a4992d2d5da2b30f38cf247078ca67c66882373cb402da0f7ab728fef6c3314c7dd", 0xb3}], 0x2, &(0x7f0000007800)=[@cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, r9, 0xffffffffffffffff}}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, r1, r3, r1, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xffffffffffffffff}}}, @cred={{0x1c, 0x1, 0x2, {0x0, r9, r10}}}], 0xa8, 0x800}}], 0x7, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000600)='./file0\x00', 0xd1100) (async)
r11 = open_tree(0xffffffffffffff9c, &(0x7f0000000600)='./file0\x00', 0xd1100)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0xe, 0xc, &(0x7f0000000500)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x200}, [@map_idx_val={0x18, 0x4, 0x6, 0x0, 0x8, 0x0, 0x0, 0x0, 0xfffffff7}, @jmp={0x5, 0x0, 0x8, 0x2, 0x9, 0x40}, @map_idx_val={0x18, 0x8, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x6}, @map_fd={0x18, 0x4, 0x1, 0x0, r8}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x2}]}, &(0x7f00000005c0)='GPL\x00', 0x80, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x1b, r11, 0x8, &(0x7f0000000640)={0x2, 0x1}, 0x8, 0x10, &(0x7f0000000680)={0x4, 0xe, 0x1, 0x3a}, 0x10, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r2, r2, r2]}, 0x80)
getsockname$packet(r7, &(0x7f00000003c0)={0x11, 0x0, <r12=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r12, @ANYBLOB="e522c8ffac000062270012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r12, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f00000007c0)={0x0, 0xf1ffffff, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r12, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x6180}]}}]}, 0x40}, 0x7, 0x11000000}, 0x0) (async)
sendmsg$nl_route_sched(r5, &(0x7f00000007c0)={0x0, 0xf1ffffff, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r12, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x6180}]}}]}, 0x40}, 0x7, 0x11000000}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000040)={'ip_vti0\x00', &(0x7f0000000e40)={'sit0\x00', <r13=>0x0, 0x7b8, 0x789, 0xb41, 0xfffffffd, {{0x1d, 0x4, 0x3, 0x28, 0x74, 0x65, 0x0, 0x0, 0x2d, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}, @local, {[@rr={0x7, 0x1b, 0x6e, [@multicast2, @remote, @multicast1, @loopback, @private=0xa010100, @rand_addr=0x64010100]}, @ra={0x94, 0x4, 0x1}, @timestamp={0x44, 0x28, 0xef, 0x0, 0xc, [0x6, 0x7ffffffe, 0x5, 0x8, 0x7e5, 0x3f, 0x5, 0x7ff, 0x8]}, @rr={0x7, 0x7, 0x2b, [@empty]}, @rr={0x7, 0xf, 0x92, [@rand_addr=0x64010102, @local, @local]}]}}}}})
r14 = gettid()
sendmsg$nl_route(r5, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000400)=@bridge_getlink={0x8c, 0x12, 0x20, 0x70bd27, 0x25dfdbfd, {0x7, 0x0, 0x0, r13, 0x20040, 0x100a0}, [@IFLA_NET_NS_PID={0x8, 0x13, 0xffffffffffffffff}, @IFLA_VF_PORTS={0x2c, 0x18, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, [@IFLA_PORT_PROFILE={0x5, 0x2, '\x00'}, @IFLA_PORT_REQUEST={0x5, 0x6, 0x81}, @IFLA_PORT_INSTANCE_UUID={0x14, 0x4, "dd778ffd6c08c0b6774b901bbf64736e"}]}]}, @IFLA_LINK_NETNSID={0x8}, @IFLA_IFALIAS={0x14, 0x14, 'veth1_to_bridge\x00'}, @IFLA_CARRIER_CHANGES={0x8, 0x23, 0x7}, @IFLA_BROADCAST={0xa, 0x2, @broadcast}, @IFLA_NET_NS_PID={0x8, 0x13, r14}]}, 0x8c}, 0x1, 0x0, 0x0, 0xd4}, 0x4000)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:00:58 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x79, 0x0)

[ 1281.921465][T17798] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'.
02:00:58 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xd9, 0x0)

[ 1282.169518][T17755] 9pnet: bogus RWRITE count (2 > 1)
02:00:58 executing program 5:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
execveat(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000840)=[&(0x7f00000006c0)='\x00', 0x0], 0x100)
socket$inet_udplite(0x2, 0x2, 0x88)
setuid(0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff})
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000002a0000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:00:58 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x7b, 0x0)

02:00:58 executing program 3:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:00:58 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000))
connect$unix(0xffffffffffffffff, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000008c0)='net/mcfilter6\x00')
r0 = socket$key(0xf, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x176}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(0x0, 0x0, &(0x7f0000000480)=0x3008)
sched_setscheduler(r1, 0x1, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$loop_ctrl(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413e850000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
chdir(&(0x7f00000001c0)='./bus\x00')
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0) (fail_nth: 45)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
setfsuid(0x0)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)
r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
recvmmsg(r7, &(0x7f0000002e80)=[{{&(0x7f00000003c0)=@nl=@proc, 0x80, &(0x7f0000000340)=[{0x0}, {&(0x7f00000013c0)=""/78, 0x4e}], 0x2, &(0x7f0000001740)=""/229, 0xe5}, 0x5}, {{&(0x7f0000001440)=@caif=@util, 0x80, &(0x7f0000001d80)=[{&(0x7f0000001840)=""/236, 0xec}, {&(0x7f0000000440)=""/20, 0x14}, {&(0x7f00000014c0)=""/43, 0x2b}, {&(0x7f0000001b80)=""/197, 0xc5}, {&(0x7f0000001940)=""/101, 0x65}, {&(0x7f00000016c0)=""/55, 0x37}, {&(0x7f0000001c80)=""/229, 0xe5}], 0x7, &(0x7f0000001e00)=""/1, 0x1}, 0x24000}, {{&(0x7f0000001e40)=@in6={0xa, 0x0, 0x0, @private2}, 0x80, &(0x7f0000001f80)=[{&(0x7f0000001ec0)=""/151, 0x97}, {&(0x7f0000002480)=""/184, 0xb8}, {&(0x7f0000002540)=""/151, 0x97}, {&(0x7f0000002780)=""/248, 0xf8}], 0x4, &(0x7f0000002880)=""/127, 0x7f}, 0xa9}, {{&(0x7f0000002900)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x80, &(0x7f0000001fc0)=[{&(0x7f0000002980)=""/98, 0x62}], 0x1, &(0x7f0000002140)=""/1, 0x1}, 0x3}, {{&(0x7f0000002a00)=@nl=@proc, 0x80, &(0x7f0000002c80)=[{&(0x7f0000002a80)=""/88, 0x58}, {&(0x7f0000002b00)=""/198, 0xc6}, {&(0x7f0000002c00)=""/106, 0x6a}], 0x3, &(0x7f0000002cc0)=""/36, 0x24}, 0x7}], 0x5, 0x1, &(0x7f0000002e40)={0x77359400})
sendmsg$key(r0, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)

02:00:58 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xdb, 0x0)

02:00:58 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) (async)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18) (async)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) (async)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) (async)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
r5 = socket$netlink(0x10, 0x3, 0x0) (async)
r6 = socket$netlink(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x802, 0x0)
connect$netlink(r7, &(0x7f00000001c0)=@proc, 0xc) (async)
r8 = creat(&(0x7f00000004c0)='./file0\x00', 0x20)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240)={0x0, <r9=>0x0}, &(0x7f0000000280)=0x5)
setuid(r9)
getresgid(&(0x7f0000007740)=<r10=>0x0, &(0x7f0000007780), &(0x7f00000077c0))
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000078c0)=[{{&(0x7f0000000800)=@abs={0x0, 0x0, 0x4e23}, 0x6e, &(0x7f0000000780)=[{&(0x7f0000000900)="1ad0621acc1f2b8afaddd9dc3c6ab29bb537a606104eef42c22969a4ed7ffb561ba2565e2bb4990b269481f1a554d3430af8a1ec626685228cfb84231fd219b49d961176749f539c00c026399a6ee5bfc00aba4402c6373af813b4430761fe99", 0x60}, {&(0x7f0000000980)="9588c9fb53bc5728073cc108f836e32186296e7966fb277d79e5b5ab5077b5030fc016774599cf88a3b2b2f7e9577898e4c2c7ad55175b7c6dd513f548e1da107a7529c18c090e2e526e9e098af2a8025b3ce8795ebc467372afef91e7005df1810854f5e05ac1331ef9841804905229f2019d3c08b9a938ab300759ae04b61cab1060dca31da85eb3f6782be8dc608acd304bb8cc2cd53c927d1a9224ef34bdbb16c86b0e76fe924187dab7e9d6e6f3dcccc1cf66e8d804b5a469747a26262b3ec43f16e2f257ecfa8b49131b08ddfaf12c5c1aece14d9a5e39", 0xda}], 0x2, &(0x7f0000000b00)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, r8]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xffffffffffffffff, 0xee00}}}], 0x80}}, {{&(0x7f0000000b80)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000dc0)=[{&(0x7f0000000c00)}, {&(0x7f0000000c40)="92bf3fc09193abc711d2c0d605c6f0612b6c95ae18494c649fc8d36fd50d", 0x1e}, {&(0x7f0000000c80)="03b3fa053fc06e63264f82a0304a27bde50bb312f763340dcf4c7dbb6703361ab9799796f7a428c02b77105aaa1de27aaaebe3f96fbfa2e641b765a89fa3ea81725faeb9dc833f39b67a4ee214865eb23970c6c6857e207c78bd04f58193cc1ccbe5209e1a18fb7d24917111f1613070c124215dd7fe1ff65bd47a9c629352aa0e27ae46fd243c47078a84b764dc744d954e26", 0x93}, {&(0x7f0000000d40)="319d651a", 0x4}, {&(0x7f0000000d80)="3502224ae3e5abd77ecbb653b6ec9d27756066d778741ac957d7de084ae3299fc5ca239a32ffe69e728c2e823c4fdcf5584789000c0e38c1b0fa5f94", 0x3c}], 0x5, &(0x7f00000012c0)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32, @ANYRES32=0xee01, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32, @ANYRES32, @ANYRES32=0x0, @ANYBLOB="0000000020000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES16=r2, @ANYRES32, @ANYRES32=r5, @ANYRES32, @ANYRES32=r3, @ANYRES32=r2, @ANYRES32, @ANYRES32, @ANYBLOB="0000000024000000000000000100000001000000", @ANYRES32=r4, @ANYRES32=r3, @ANYRES32=r4, @ANYRES32, @ANYRES32=r2, @ANYBLOB="0000000034000000000000000100000001000000", @ANYRES32=r0, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32=r0, @ANYRES32=r3, @ANYRES32, @ANYRES32=r4, @ANYRES32, @ANYBLOB="0000000024000000000000000100000021000000", @ANYRES32, @ANYRES32=r4, @ANYRES32, @ANYRES32=r5, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00'], 0x138, 0x48901}}, {{0x0, 0x0, &(0x7f00000014c0)=[{&(0x7f0000001400)="bf58c2183a48b054e30974a44bf3cb7efd09f8d940ecdd688f64f6fd098789fce651390d37cf9c9d6aa58650b6b80c9b5c6d54f5c52ad85ea5bd7cf0fdcec4bcd0a9bce3384da2d7f82f55950ec1c49ceb92a85653f33dae8191218fbe5770ec092960c252b4a5a3e5c5ccb1ad0208d6fb0c7533adac", 0x76}, {&(0x7f0000001480)="938698a1bd7e35ef24b5", 0xa}, {&(0x7f0000002080)="98a61601e01fc057e7c1d9d8e9d321a54189792aa210926b39f2a696266a53ddf5930b1d9a9a74fd1183121f316924b1b69f8dfb5de713a5523980181f02a7384690871501843813507198c33a2654f4c51006586c647e4b9a1c2f2f66a7cddcdf833db5559be667fb9db530d2c506ca01b211c280dbd775c05649fb7466831da3b3033197a6c2e10673cfbce1df1aafc4849621723a600327a554cda9d97663d7ee8375f294bad4805eaed906d41a02fefbc9b5c4b1f9a9044e259de821884dff4e96a58cc843173ebda7d1ca8c0bb7152f61c9d937e9eb3c59baeb3683bf470bdcc05e33a0277c9a9c94e4f71ffd40922f6bf1f6b7ac485802a541a5bdd4ac60e4c00af484363d78cd255c3dfaa1c36acc96b94bb1d15fd963c6032a7d14e8c957385d8cb71be70aa375cccd7bc94e031e75199d35559298f6bfd54310b0df867ac726e48dd315412fb65405705be7d20cbf01d0e25bd2f6c10f67488e95bfe27767ea23ac9c76c492a745d2ce8b2439ca7ef4ce9182eacace66868d7d9c79ea01fbd2bc775db1926f04d19dc8fff5771a0139462f18108be6f24f6b7041775d4c22575bc274df8fe650676fe675699ea36dee98552a93c1bd24d83914cebac280acb3ee3873961d7d3e513d2b030a3dd0514b98308b7e8efd1669ea04d4bc0cf838d56d242ab56a3a63b2c477709cb09b40b75b3c27b17880eecdf22fef9addfdd4f142ad6fb9e4b570f9366ae8ad0a06a13cfaf252faf94877e2407548449a62fcec4f597395fbc5f66f597d7151964be85aec4a0f8cd414cdd68e1f306ef1e9e341cb4b375e6993023408f0bdd99f900d4dbf854a524b31536caa9b3ff48ee90e9f21913a4294d099f83b6933d6495ca20afab518d6696b29ceb025ab81b845e7198e428e936eddee97f0b12e521877fc58b9cf1cb0ea128723d445004586fe2f02be7e42698123aa2c75c065068863a58fbbd90d0ffbbf15b60f3cc355ecdc58c2897fbc263076eef79e40ded06cd3422d8ec5ae34ec6679b2b7c149a7bd4102e9f25b1291f25db9f74804b49840a21aaa10ce28525bbe070d8c3adb488a3310334c1610a80f2759f5a20c31ed95a7b299a23c5774080a52581bbeb8e7fca1ac2d043e0991b7a119426e4b2c5d73fc2cd5233844b0efb5b02df218c57c2e57a91bfa13c7a92968f9c5f58c5fc29e5ddbdaf9779390610fd5a8f1dd9d1ebe5f9a02d1f5c3c31f718d90674c5ea9c024a35951f2f014a65bd4c4764f52fd2e82b92ec2159d227adf38f6497973af9f2d5e854ee4d5268a2db231a8a090b4cde09ee0e58de55edfa1668d94302dd3524500ffe41a51392b918bf2ba0b7f477ef04ec83b5850d1a2a304e8849a61fd1f6bd127530c6a87f597fd7b743bbac9d168a6fea5ec7640a3f138167bb7b6c0c1be7b48180a6b9d77e4ac2468897b11e563f9756c84aeb738ab2677f402a379ebf722a98876aad2653400930971c6f46e425aa1d116d274f1465b90841ec8f6b84dec455e8fbd978fcd0b044642083956abd19afa4dedaeea536874a563b475186e0f055822c5402a1736ebf4e4273dc0724e1d8769307845d1090b12da8aa7255f9c95f424f0bd0c9653cd06af90f90cbc10f2b2c488ecd99cca2d41e7a1e94816dca679d1a2713647b5c6167ae86598826f29d086433fba8c61ba22667a3045da2d5e6630df318f330d1129d424bbbc60e521911e5de60ac58ac65ceee2c9a421fa487e542eba3dcb71b40d301b194207846069e1a0d864e32fee2da38ed240cdc060cec19c61532b150c5c7bfd3cbef1c039c75b74edc1221122e5cd9004758af2b54f7993a9764e6235b3b757905643baab29459cdb48532b9ed3e74133c8b070e966804abfdb6bf91351cec68637ba36dfa07021aff549c55308fadb48db7055e26922a0496df260f4ae80ab3fa928a25b1c68cad568830cd8f726d2bde4720cf159dedd3882972a24cacbc18648d18da1d4fdb6a85e26d8c119330c03f53991342bf77477a289c9bc460663cf40f232d7ba407bcbda300cab53763c86c2735d68a06416a44f90345397bf85388fe0dcff5329f4fea21dc4755d887ee4e05fb9361481320341de890016aeec104b5d4fbc5e1c76a89975c2bb2e80dfbb47a08dd3443f082a051715d88fbe585bb3dfaea6edb41f7b02bab9a93c894f4f82bff1a55418959f7e4c14cc2d64150ff4c3532e0da04b364c7b36e7cf15b477fc276a0db894cc917346cfa0d98eb0129b6eaf15d5ddc1eeb0138174ca088f8844b3024fe90b0d9993a26e2ddd840cc1abd5e6c16617d9d8f4936954f652f99636cbd22ad2c63a300968171649bd1a40ff3f13de082b53cf7fde28af4393c179d33516eb3191954576692a1f04226c63aec7d38b8118a65fca0afe6e20fb7c7b3e50f88af97f81a5e2101b01907ab3fcf91191e4d1d1dc5b75589b472d2267aa982c76d02444e60095f5ebca24ed828aa1f1516cfa9c6e0ca00b0ccae7b79735272804c98e008eadf04f3cd83516e5783db7ca5d59877fc3b767d2373f09ee9d35e03d14d7cce5afaf10cbe27d61450bb067e182c4b1ff9f64081371bb102eb930ee0cd2823c5a8801bd304317eb2ff77f8187d4ef586d3175a234fc446760f1df5ccf7dd6713e141ac520def0c7444e7905ecc9ab5ef9cebba5c553fb6e88814b9e8b353bfac0502657c91d0c4ee34fdaf177fc706fa183833506ebfd8af0e2f16f297a5e53eb2e3a78f2797d0a19f9340a14b65c52418b8f3bbd321ae06a47d403a93cae216113512affadefcb3a25a4e0ac14f3c354e929efe912276237986f0502ebc2af0a5ff39f7d6613efa8b07b26cd4acedaec45266eb705fd31f078c333257c636f1410966ac853d14b87d8275affbe0a09cc68ddfdfa8f4e729da8ec9b206bc2702cce53ebbb6af7c4427e7e12e0913dcbcb87cd7385286bfb46266b699df604f7b4407eed082a1fa7217a1780ab6beef9e5f3fdc3795ec4f7a676980c54cb14f88372488b7bc3ba9cc214d18d02bc31f6ed41ced36e5d684017c70d6aaa41e240fd781bd071f3b8107d7d459ecc98d586300dcc5d3e9832c1c5df7745fe2f903c0114ca53d6e079ae9d8c51a085fe571f419b42bcedbd820c925eac3659fec269ecd52dfd699bb726a1161dbac5105387fa56a7bb7ff6ffe96271f1770a7eda2ef45e51400632d041a337d783e30b17157f893e1b4ec1f9d5697ce69211ffdc642062ae518ebb276a959f3f97bfa7950acede1b94d9e84e4ec7c5281fe5f83d8bafaf79f9fe8a0a026f96b97e7ff13c9ecba126ef33e98c5e6edaaaf4e204d524cc617db93daa15ed86e718bdd698927203554c8bb8f0e1b7dd48a21b493a6c7ca7d542399bae75aa70e42d626aae5393bc3ada1bc2bacda83af8f40fa2da8917a69d5299b6ecbfae4cc72feeed6ef2e1e061802f412d03e6c9ae6b51704fd42f0f32cbfca0558461b94460fe19ee88fd6e77b7fe4f1a48daa07ce8201e5c7096345b60639bde85c75a0b639900045cbb38a77af25064093fa8ecb4a8ef000b14d821ad70d88c44e2383c6268737bee7cb27893582b04bdc12494a701fd415e0244b9023095cccb13cf9d87fa486e511defaf9e6c83a89b92b269a3e9d36dc9f71d20091b41c8b489736ba5d434d8bc9274d89e620b26ec429bde9bbc6942a147febf41a45547d8350eea01783eb1dec26af2cf34bf3bdc06654a1b3e3a3907a78399bf14df8a3b699004a2a2d9534438e584d23dc9ea2013525d7f4dce2c1e806110269585ba7f0f26b80ad5a0e0a5559e7410d8c121e805d4b731cde4f165a7225f4f895960d42460e12e17bc5e49b9230cf5445b654d2ad85151b4ca2ee70c70b70232c20ab70bee710aebdd50535ed7022fcfc0031e9c8e67760edae3455a335377ece5087587bced8b8141c5873c21a47eeb090b4e0ac1b081619803b7ef917ccb6a39a5b25b4d75342cff5561a09d8676efee17d85d717bd4e1f90bd73df21dac08073bcf3ca8cf2368f927f5c44ec5db891140b116fb65e3b0530f06b0f0c618a495dc67907973627fc7805720d03cda90654f1c41b2f47c13771b15ff2518445ef0e6a571a5a4e1dae5d043d6859e2d98fd2dd8022eb924879b17dff3e75e7dd1c7d4ed8fa90bdbfe3f0bcbea2188ff5a7e1218edead1adedd9760471b71c2d4e83d70e6eedec750765776368fc6eea077a3b18b16d03fc785229dbf08f664691f2d10fbe0e05b4bb631ec2a3474ad2c5ed8fb3f204e380acc56667f9fb2a9ce5bb7fb16a64bd56637cccc425bbb482b819e9ef3f35283ffbd016f5966eeca11e418d6c074f22ae9b5021012666487b1b85817f52d73696538970eb95fcfdea11ce73de3269d515d4e656c60fe56d0ffc6d117a77295c781269043ccde5fc36b3155623ea525ecd562b418bb928831f44a9539d8c24207460c026829cdad26d705c3063ebdf39efc581c93904aec385c8068b7957da488db548afc861f68fb96e60b1b74c6ed48d596057a954cb86c189f7b416886e45c74440e152c9a9632c55a1574726d8eb49eb9eb8386e648751ec8a5fdd73b9082aaf416d1ee602bb83c991b5a4a8b60fa6d6cc9661c07562a4107c13e4611b8e5382e8819e23b36de0587f6c9fdaab0eb8218d6bbc066e0c025e06a3858622958b3b54e274e7840b3edb19ee0d4f206340fb5a1ad019a36330fc838fb84558a0d678c9382d71dd697b3d253d8d6ec4e22173a3dccfc3982bcdab15ec0f6d9adfe3f0b82bb0fa635c59f505e2983765b4deb9d8f1405d7263e83fbf6461e59ad3c0665ae3311c35f4ee58e95baeeb02594d74b522c61f2350c25b88358ed567b31ae9d058072c215acc8d03d6c82127fdb187dd3d731627d218cbaf11c7b3b15184e1686708991ae42b57665f4490fcd1c48ec49801220684f492a5bd99fa1b55fec107b4b75e87a8e541d330d083189ae3107f8544a4852f5381f769b8d361db9741edab89481ff3336be46aa38d6cf68c938db36bc0acb3c75f6a975a8aab58fc929791dc73229c5a863514127273979df0b2b74b70566f12b817329f7a531cdc9224360a5f7feaf523cd934dc74b0c5c39968bdb74bcaf2e69cdd82f9151448fe6d90ad6cbed3410882ac757742bf14260bc7c506cafe51572dff421ce60a4b0afcfcd88ae4a138229cd2c6bb007486f11875b099865b00f73da69ae862198acd6e4a0b7c21d0d6290ce6768f8aa7c88003f9768ec993157399e7e4ef17e9f101a8b190b59125d862e22d3fb1a117fa8b023f320311d3929d4aa03ec68b1703185b44635dcf573f450c308a978330a1a808a41b966210d71ebcd4c88abcba6502bc047e73a333f9eb433afb627a7ef34f89997ff55cfe07c2b1ffaf212d3343acd74df7d1423d90869b7b2be3276f5449b4bd00041fa7489e4e51388cb7a9e46de5ed19e4d2cda39a46ebbda568af9f3a82886f67fc124fa7136b2f468559e8f44bb35af8fe29d07add56db3dba00a661c51951144d7f092172cb04d7909b62c97423164d577edc12f60ec444132a0a00bc99fe62b127b1006b98571c351dec13849b5cce601e0ee34b067d87269430b4fb2b4644feeeab8777dded402d78e6c402cf091cb49f3275d1b37b5b3a65c59e90ccc777dbdfa9d459283b896eed1e50293551055250b92133059efeec2fee4e6a77b66582db7ce7d8551de102c4ef3ead8916ddbc0ee9a74c1966eafa97d2d2d68345e0e0d4b0a4ec6fb6267782bd19d5fa1301a3afa37e28a638befe397", 0x1000}], 0x3, 0x0, 0x0, 0x8805}}, {{0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000001500)="b696a0665eafc664a275237d805b310e268e3c32", 0x14}, {&(0x7f0000003080)="54b2cf1672f58fdedcd940615ee1311cf826f55c42aafd724530f85e349c9dfeae2e0934e03176c72b3f22c111a7a7de4f8ea1ba448aa6d8610067985e0e33c541d3ff6615089edd99064dbcd0ae1858c4242a89963049bc0de0f929b7f829e55a887f5284fe73e33ed55200f31aee29bd7d5d40b15f6506513c051658560b28b6947bc1913f246a71fd34c0df5de36d5e9ded7506347e6d7cdedf11866ed5c9875f3e83658f489de4ed49888db44f3382417e070d182739f20f87ec4fba98b847738d716c937a2c21c21573e621dcf4907fd24e5463cee2e676cc3c5f141c78459c52f8f78d682eb7d0c8e0e4a2f5418d086950965bca83a99c626246b7896f0e4bdda9621c348ee0c44d352c671ad37853089ef6ef20afd9ceeb139699afa6fc753b19354b13b42404636e547937e8ceaf7003a869165cdbb40a9d60588605b0eddbcd947e2f14943c57f29151b65c4b3853c08a107ad4908e6fa25b5ff3d38d73b40d269dde1f29c0bc99341e157b7b6bcd564216169f938c4f5cb620b2315b2252d52e738ec6f3967e37b7f961d5c89cc08e3ca146def0e2c1859ea0962c222b83ef55f4692fd55451485492be887decaf2c6e1e07c57bb9f02117faf57b24140dc8fa34754270a8c32e49a8a3a485bef14a6b09d80cb0da580345cb236f49a1d5f859e676fe3bd6658e3a44fbc3f3acf480afc60bed8095e1f42fd88dced3fae32a3e30cf8c19184c0bdf73e5f1a36c5aeaf56d6afb89422bc661fd047a75a86d42982ed2ab1364beceaa5998161cfff9d430a0f93a04d1deebe40bc587ecfd385be25ec62a13725571fb0f1eeaa82511594eefaf3d3b23798a14cc320b0e1b4ec5b619ef56aed0f0ce848d7bebfa82d0f7b7230f234f211ff035d21cc4aa849fad88b9de42deb64e60045dfe01bffcdc9760d44cf0c75a2edd46eabea3a8c702d596db7fe0e43d9f9134b7f85a514db4191f9fb07710ce7e09417e781811fd3e332be101469acebae43c0624b3f98254bf27603bc77f76be1c8555d159380080828a90744a0ae49b37612838820d3716dc2dd854f2dd1ae7ecfd100d8322312f5a10f863f0dbc91d6fa97f0b0f105202f042666ac29ca1059cc6782c2c6531dec67e6f9a8cbd9eb612e73df295fa48f6c1a56710b822dfa01de3c6d1deb26ff7f06299cfb00bcdb2c28dd94d528f564eceb6ade170c775d49c28847f2d3685ce7475827e8f028858a5f12fa0aa5e17b945b4d6c8c92599e3866733337861369b0542cbd83428b29074696dbbea731b8748179e16baf6e953aeb88a63aeef9bca71158fe9e12d1e4dc02ffd460adbfb888de610af0f6f54e0faf0278a86ce055adbb7fdbeda38cc68b32757faf484de53804a418195d3e92b7004ee377fd54b578332b5272f5dfeae7515e62a9af6f88ebc23d06e652ccb6a39d8f7555bad90266cd0960829472e633b7ebb988b6fd15e9e7917bddfa9cbeb35699ffa30231d1afc25b8a8db6a60cf4e44691cb2ea567b4acf577c4a6715a2fcde0bad3b36d04150a81b664c8f876edb61de8ac58aa7efa7b66d874f45ecc2e19a1ba8214d73808dff8639fa881380b4100d76239a9070c3e1df7d07d22e4fbaa3f5a91653cc5952748682db2ee3688de0004a4f775a0bcca63c06dc05069e74802ff4a7e8ac766aa6ddc8292c4b5b4fbdd7740bd400f41861c4cc2404a6a8618d620855252ac13fa7d5665edf5f2264876c1285099efc12fec6210efc58bc9d85431ba478248cdb3a2883604b214a2fce03eff77cb2e3b7577fa6ee8a8bdbf55fd38ad362f9ce2597a2b053a3cb5d9ef1d152a6a961aa460b810e18f8c638a5baf7d4a989ad05897f7a5e58ae63b0273b8e53f3b278dc415c617f2851287c54a316c355b26ad905da44a1862e024d0425178dba734cac6e29fd0e446776736beb6f62adf6ba02ff9f1a5d6219635b6b60a62ab8734f64c3f36948d69c8daf472c3c3adc547856ee337c6c3ba6894037f8958aa45f4a8efeba853fa4bbcf004c54b1defdbf6e4b6d6675ed11a9b7c82b4ecd8184fd377b2d17874d909e00e784d43d04ab91a374699bdf54cead5d4c9a912d0d666cdf7076156f9e8cf7c2e68a98bae574bba5a43fded7fb49c18ccc260b402e8fc0006ca37a50e27a4a9fcf02b932b2de924623f8464060d30dd74c0af2a6de66ceeb86b53547b21fa783c64ec57b5721ab043d6144ca5c46e460795ffcb4eb5888dd2e4fcb01103142d9d4b415730d283f09fc0ff78490dd26009d913bceb1b94d4127fdd549a9ce52993c25fc7a723a4b99b87d0431275573cab2f22784fbd17f55587b175df9072e0499c50b5bd64ed58d4c8a7c9c45b2366bdbf4b048ee2533cfc22645afc6d35149851e42a5d1c074a09b361a20d1ce2c2aaa622adf7669a4ae1502dbedc432fe6c996347f6eecff87ec47ab35182d6a31fb5f7924a609e3b0166564919e626fcfc17ef8f3b446033c631e4fd984bcd6f6050c68ae20a5ccec6714a7be4b300505f014c55ffe7163b366a1281427a0fc6a5ee8dda2e3e86df875f84bd13656479b638d96cfafb0491902a2d8a9ca5917fcae74dbbd80160c0a7163c2865d9589ea1fefea21858647c14b968784f615b528c08a3b7046b89da22c1548e9d721a6801f5fd65c6a113b31c66bf9f869d4c9ab0372df64e201b9cf5e0c4ff134a1f1cab706ceafb2e847e84dfd8f675b6a76bde2cd4535e4f88c7b2cfa8ebfbc496dbb3c07f0b739ea18f0cd49c6ae736f5d69e4dab35d060440d200ec43428643845a09696d28d8d6d24a7aeb51c3950de965ad7f90972ae621e5c41b8e4fc271e635366e234cc27b41692f09ad2b5548db03d330f841adfa3abc1c4eb693c3c079c70aca57769e0c9cb1a34d7bf68f65db8198b4f1ad784e54eb663819acfd2190fae29c2caded9cf2953f0fb6312e212c1c550c906796168e30106409d29289d5465547f07a04cbc0564e7f51324af9be56bc8093ed0a71964e9b833b95bc9abfa228fc2d669e3fed0fe1b0795ef7180f1b40ce8a3442c70fe39d19b0752a644cf60fefda94e70cc1fd957248f5b592f80950a6d20d553b661acd4aad906a7f8814093414861878f91c3c1c62d7bd8ea977845fc4ebc2dece2b709aae614b5888e12c44925a80aabddc69e13f65b7ed703f893bd1acd5e0cc27c22c61216417ee33020e355e0c084f06ae6bd5429af5e8a3f48172b23f15a83d9b936499989a5d6365b76b555db544347f8de0c3a0b693246d2d785eed38578e11c0fc5849bf5c9517cd24609a67c63133117d21ca57638c5a5bb0d2a7d15d190aa39154a39df0fd9b5e0054bda952e14e603d8e9f697fea52cdf6212fd1b8377ae62dac62400fae7b81e0926e7e34fcffb3975336a8f51e8b069f114f0c2853082d91bfa54eb362a8d79e39f48bd0028675c38ade3260fb7adb9d5aaaf30743615808a69b4f8d07e94ad85793ad0cb1a154cfa3b62fa858ae44b46b3ea62b2531750649f9641ec8c75aac2efcfe0084877a93183604f38c640ba9846c4a7a1bd8a9d26407b9a8373647db94852dd91a155183cc8beac5d0f057342a4688836bf13d1b919c08a124bbf548bc9c581675876241d7f8e5f4424e191461599e875510b2c0770735109c8dda564125bf72c2696394915623250a14b8644f56bc5d8a5cb1613fa3b09ca9fa7da8834df94a8c12a7def69d7e91c42e939fbe4ee8656f3ff4f4015f19208ab4ba34942dbc835b74f6ecad124dd198637d2f58d0b3599b3519509484d7a3d7aab7a48cbe31a16762ce5ebfd0c16b087f494f344082bbe07680586604b388c6436b55a2166b5945b2c29a43a049a649988d37d2c929fb9834dcfa8c3e65c1d144cbab529b2bb60cd5aac40d51f88f6f97519efee5fce1adae47ffbd8c830af37c3e9090812e481f9e21af9806ffb308de085530dffb38a654c2e1fe3c13fedf1504dd4c934fa4bf886404d9204570257470d10b8b5a73970035c38d2081d72086e073951c177ae13640287854876499c86f872c31f1e744eeca84f8a9445627085a166057a5c30bf63203fc259c64813b6d2fe798f626d61f77416780fae1f78b99e8fd63831cd4ed20b8a4c7e23d9da82d1921dc753a951c714f366c6ed2f96597ddb9c0a6f48cbca24b2aebf853fe336b9a5c5e0b5aac1b0413024dc1bef6667f9dfceda373fa50b40ef7cf849deb84398c7573dea2c43bd06efc93aff811cb792f9650fe26eb5bdc30312533745cd7e3ecea5ec37ece2a776a694c056b3847358b837ac60f682371c2cdffed8e75df19894b838861b97796c83ad78407ac43a66ff8dddcace9fb2466a81dd46c9d13c9701bf2ce64d6348ebe0e4d4f0e4780209fce099bdf0b01a34e0992141e3b2c3064dfef9633539b08a430220cce9ad1a3f41c5a0b0bfc96728710e37f25567e3c746cf8db01b43911c39004c6b110767429bc3fbf6bbe38515f3a5d853d2000900b429bead83d97bd97cfe9d87ecb780e7e3ed14f37a3f8b102a5598168f7b1d9e734761e21414e1dd1feeb78a25e6bebeed845a8877d53e9fab070df95ed89f62dece54302a3ff44b55e00f00f5295b8ddba32072a17cb188d714a65485b9eead1f059ba995bf4bc60c508c91b2f148c609b2bf02ad18c89273b3ab71dda719669dc1626a685f88bd7d77188a3c1e124bbafb6dcde247c01ea68748ddda0397b892922c974e1c6f5b0a50defb5b168bf1c0b37b8cb3a80f88c0006ccaea5992f1f85caeb498d42f160ca8c9d178a69ccc0f60e27a5c1853a90bb3fe5059ca336d4c40792a160cf8870c324d24e3a5b5b8917ac9d9a8a284deaf3d584fc2581478fa506b3467be40bee7fbc24a5c4007435175a16cc0e7dc025fc574e62473aff3aa030b884266e8db9bbe9bfb87141c84a3eda391a2773421a078b4ff9ddcb9bd387ce7c7ea6f495418bab52d7117772f3917ff227ffd4b7f97d404e9db77faedaaa3f6c9c46990a4ee9e02d6ebde36ca492974e4755fe4fd75cbd6cc75e8aaee8cea676ac35d59f8b750cf9bd745a1f93577f8a21073a0773975c1f64280b6daa3f7e59a109f4db0e7e086caf99195901ea2749a4d0be0726d5e8823c8d9545a96aceb686f5b1eb61d81561f4e5db14b28a4bda537cff05cf60a80b12e693f308448e7fd11d684d75784f47914943033fb2a0b47c9c9536208ea7817f5203cb678bd60163cf18d64c2832e3cc8c5621159940e5be581f32057093ca6fd1f4755424bd8d7a671721f057f915e943fb3f0b84ab3cb52aa8e59e9d2b0f1626bdc6253319dbfd533946e21ede3c507051e54813472a3ab70843dfaf00e882d7b182b58f7c483fbfad6c87d345cf1a05b5fdedbbe9670094f79bafa87b59151087da912aa0c89f9563d03ec2c55fbb334a79873e773de3f01fd0400c5492d7477a87fc78aa722e205bff6584975b61f9e0d927dc36a8616c22825c48e350c83e83eb596b94c0a5a98d2ecc3faf03a1410a05e0c56af988037ed9269c8f334c767c44e0c8b0f2505bf8c6dd40e95bdcf41b5fa2bf215c944d2f42a5fa061ce7cac4dc3c527c2596439245db3e6e5d42e8111fd6af44a14bf4b7a4e652f4e19965bb65b6e0848a7301598ffc921dab54c9aeb56b624c535effa1b7dd304d0eb28c7ac00313174cad84a319b8c37f6949617236ddd1d0a4662591243ac793ca61e1c7d19a5ec69d961eb2f6b39bc3b6ac835bf69a0fa64856bd7fd368ef21a80654f4e09e1e747d9d7f22a147996823ca66e8c2096b63cae", 0x1000}, {&(0x7f0000004080)="dd7ba02cf3d86cf1e0145aae5d4d895615bfb6f2ba45eba6e196c7ac271f2e8456ca5d32512e1a8cb735738d2ef0a76716c3c66520ebbab388de0a9ec16a3e9647b899c66523bffe2d4874c072f6da30a5e23963cb7a6960fac6042e1f99a536c6e39604d73d861b58f2118c26689282dc0be66a5a60123d6b663ac20f6444ac92bc3b0aadad83dba8aa555cb96fdd0298d0bb4f9c7648a6dfff2bae7f7621718e0a4ad2091f8ccb709e9d22d70b73d17301c77de48059faa72b3c793e942bac3a85054fecb4d3ce9c2a3d344638efbed5c7dab6056c802dd6adb4484e5b540b877476623989108b01b479d10af7ddf702b52050aec01840075495b39984664c14e72a87e5a782d1e051347611e1959c99ca5f6534f8f6c1721487fe5aced2c65006cd3e20365d16ffd95b4aa821f6f7028b264fd2ac8ef96776cce4967e6962629e7958b6286863c533eb939717a84182740e957a9acb577114bb530074f4df306a2b66d74222e828846d271124589b8f0f594d24754a18981b5c98a3e990b8466b40f2ee439fc7d325b2451da737316f8cac761fbd4de1e8fe59edddf15d6f6b60c3f016043b97b26b0f51b33f038e459c9f07a24ad486f763b36667a9009e30136396fa90cd1cc0cfed95dd78b8895f206ad97d6dc5d138917452f391b23e240415f34d6022db9bdef65b7864f354d4a84f2bafd3756641267aaec004125bca06850b79766d187138c9608be3b501d84bdebe1efdcbefaefd5c7bd86bf4d8481307068350760f675e7e615f45fd3dff0d41370756f5c7b7fa3de1b57f1e2c85f5a6a7b422fb98db4fbea6bb89a97edbf920b5fe25b589fa7b6f9a94c58f86bd22a0016de68bac6cccc319a189cb099ee75ce6acc3e9047fef3094473fa9af66ec42aa7c3f02024e0ca88b884a50a77c0dd060dea8f627a6dec474af5b3e7eea0953129adebc7b295dbfcce4b7210252a5c48e6a7f65355db79a2fea5975c972dca0764428652c7808efdacff92cdca9167ebef60cce3883fa92fdfa22244a459b2a178600496e7b8ded2ec1d0934a0edf53b26a960602dbc78c76d199d5825e1f7b584a3b9fe504de4852ba34d6855d92846a8bd2711443aeb208f4b690f086de9aca72f2cb671aec31a2b3c82ac9a023ca0d72047d4cbd1ba6ccbdb45184b2766f7ac117e1f67c31cb48d8937720e2a5455567cd6202ec7002582a21d5bd660580065c80f696db2ff2817c296229511c88d4fa64a8fec1f3ca1de773501b0f6c267d1c0ad9e9dddb3ad8b63d36ac3b8c3c14570a386a791af03f09f1acb346f5658789460cbc5a91725b8c579dc0f2f89ecdac66352e8fe5b1bf40d896526c7e0b9cd18d688ebacbdeab5443f405d9cb29c5ec8f41fd48d5a092c360b17248ea096c0195d3a15e3540afa4315493d7f21149d5d4e2326dd47bca1f1e40ffabd1d06ab7a62db96deb1840b5d4281b1efe261ea21ec29648b745affcbad20699c0287efb59ef31e431438f80ad3ff010f0b7183838c304f98f3e253466064ecdb517176d94e0192bb4761f30b008262d02a11f4e367d231df6e08c4debef412767b1beccd4e5d43bb6d18d3ce022ae0944c49f032770a49337aacaed7002aa3c58220b2470730f5c3f552a62e4b1502951a32dd312d191e31bbdef58d46abca1e133f03752a213b937c0abc9b27088ac67aa63ac3ed00638c92b06211bdd5be393fa0cb43812a1fa52fe53490ce2353ac965b860bb91e87deb6026eafdf25af21b76a504ef918f09f16029dd14082d80184be814f8bc798022a9ef0be3b03e9c2a04ac2891500c902ca06082412193a470603aea1ddc8b70071a03992b9e9af8bf756a46084b3b9f389214a828977c1d177e1e8ac992722c762e3eb2a4f8858b3b073e1982a73e91e6bdfff6c8b1142e216781ad7497bbe0b82a48b806326745a95aec5aed1c820265499ac023714cd4acd23d913de92982edbec544ccd0a88da30e3791ce8f8b90c5d95e921739a2ce0666950fa2bd312b030c12deb46964c699cb6445b5094dc2af649583cff54c62e7379abe9a558f84bc8febcd9f70d68e2c6d07e4a3d5ab362a4ba73083452f776b67f5705c36d395c570e5c69a28f1a1604682c23aa46fc4b7c4166421aa2ee72e30cdaf3c590aa9fa30691b8ac74e22e59fd42e21b5160bf27e3647a8a3a2373bf8b1125dbfdff141ece13919948d11b00d31c852ab96564fb36f478e307766218462f98706931040cb55755a9bdf66278480b45e6bf0a76c25d36f0738cf779c85dc13fbb414130db1dd1e36c85de6ff8b1f27db2d04a7f9f9e01de02251656bc7fd0b1d83643a47144555932a0b0dfc2acd96806fcd5bc67d3e7284bce19944bc466f55d2881aceea0ec599660658e51ed32aefbce9e5a1233dc3e7da976667b8199bc3d82644a23bb18172111db413a6036fa36e9045554acbcbf04d791a53cc702f554769e2e0f53817322e81879a768c65e46c9313eaefd2ca78ea5143458e1a9493cb888b81a71deacedd4c101a1f6720525012426aa6f91c8b1373b5cd484c13ff28ede036f99f52250486363247ace924ffba32f09436ed1b4ece5776686dec5a3b2982b7759e6c3ae92393dcc689518b160f847069a9697d881bf8b10f997970d8eb13515c30b62046d5fa7c49ad6e63084441b46d331e3fca6dce4639753c04679e0cc2fd920bbb7b1a10dad60d065658239dcc5cbd6eec0f47228c1bb59728f29b44890430e36a0a481ca083d5c91693646fd8cee1d676ad9528c066cc48c1ab9da210eadb44f64f1f40c0541307b745da8b8e3dfcd4f2bee5c98651374158cdf17e031b8e989b98db1d298a5e3fbfe0d82ebc3f875050d5fc88ed2f862f231597971ffcce8634dcb0ea0eaad4cf9ee18e37ef172aece01b3f3347b5dd0275e1d5cfd25573998c62a2a022d42defe8aa5e182cde2a2397547bf19e27b7081ff8947fa2d65bd0160df02e9ef82ba791caffe146cdd9bf1768d052c4a975c5aa96c00ab5da843331cbab0097863eba2e87e3dd9188a4d959c37e10f22e5b0b2e43f9862e95a64cb3cddb1ddb7802c8e79abeeebf3144213c33e13b953cd0950ce968636821d11809cc766fa60ccf1402199a086a5d74371b3a82e5a27d97d17d2ba67221b5ec179ed49494b4df8ea775c653969bf007bc6647b48a08be5f308b1b8022a0d3928ffffdcce1f354e7b8b02628b7fb428d13557d311fd970fab31248faa719ca0420b7572de1a6c15976ec0dfa39ba5cc0b561cb4218a2284597a7c4263173a1989cfefdcf53d94b25817006272b199e2163e6067df56c93048237518d3f0d65f55d5119dc16682b8d9b74b20c7f6f75a0d4bb675035bcb88dbf731955808863b8a89d6378eb712cc9c716bdd82bb0aff61046a4817949e4993de21b6819d731dacadde0f9b0589e17800be875ea1b6483c29b8124528649645c03101c75635d9e7e0a5fc7bd021e8e5bac1c6ed9cc128b4ea025c4287e408540eced2cec659b13947ef034fe2e50ecfbd9c26c5adf54d42ce20ba2dace291b920f14d315942efbc33781588f6116c4b589aeb94c7e5d427e9e472058fda9eb10ab4c6bb2bb2b25f81d9d9ad2a3af39104677b7d276faa17ace4c80ed4872091b2289af0a2395a0b605800c036cb52ffcdd8250b46e6f768b5be3c656a4118d7e4f61852b46a736bcfcc123a67fcad3c3621080497e95b546324ea1ca46ef5ab1b10b492b7c3dfcd5b06b515fe090872ba001514597b35098c3dd96c0a14f2e3fa9ec8cab8023488272e844a44e77d381e7403495f70155711e59d297d810a636789f6818c0773599cf8cb0c24bb1f0f52603f263423d1db5e6dbb18b6778e438f26c2624b35145bc1a4c265caebdfab4c8cfcabe7409746d57fc00272c895c1a3ed3499af086a187f9bd297e52d0f2032dcd029346d84f38f718bdedcc31abd09ff111226e50764b4a15b6c765cdbded294555d50f306341329f823c503a80b73bede9d9886312404f63e034cdd61a7fe175204afb2b5107fdba0b15c2cbe6ba185da4f18800fe758927c5baab8cca3da57819806dd4bb8b3a2de1fd16797de50b5cb79a1482b56c9e602f488c9f6546beac4403883cf35da1f384f48725282ff0c732c4e630504e959330700bc6d19e46d017a549a1862f88f0ddb13852f90ad3758041faed5ea78afb6f3bc265ac1be9851fd78d604bf00120c26c7bd970630f7c837ac6fae6ba185fc723b7313ffbf5ca97d6d3a9618c619bc5704047fadcd031e9a2ef4ed3524e50ac59c544096703b4bd64fe74493d081e10b0c7b72df6144a4266f0e4575a98bfd6bf0c5a8d58ed0ecbde34f99e17710e3d3507eb0daada5532ba7023c4e131679eb08d3c35597aa848c92e5c8ff44cf13dae5ee8692994b48ab479f7ef8989564a6c2b87816f69d1aa234fca7f9dbca980c263979c758a102ad5ac93ccd829d40085ac508ac45dc32f2d95b6fd84b81e4e77ba96ba88d06db7689928f2f8ddadf7f0a9b62106b2417ca1345dbbab315cead58299452000cbfb5d4d7f5e83f1ac965d7b0b165c1a54bffed6b03490f52bc6b62a1c165d2733b09b158a36fc5c527fa2fd0204116560c11b2e1792a998ae1f6873e671e9e7817618f91b2cd374a54013e713c9e21d04c6e1a345c0f2ac20e785696c7b82076ccc7ddc340e18c9b8e15b62b8ad53f906ad85a40e993d354a4b3d38f0937fc413327e2f79b6b963976aebf2029fd679a513a7c4e5901cdd328eca3ae957732dc3423950cfe388b2766f907f50ec97f79747d08dc82fe7a24644169dd75820617af41873c516cab27371e5902184c5bbdfe63a050fd4ff77ab1050bf2d07c6b1469db790a8f64ce799531b4ed5169cfdf0b8b293eb30f0b2e8c2b9bc90713a64563204a232d244d3f71695614cd7ea991a4c6932080b98b1d3a9add6f9f122b9d2eed4808c1cd3f1247452559063d4096b3738d708e7d7f0e04606c72632f5d99825a84b7e65283dc91f2b2f4485b7b9fe27bfba804bb5c352577866e11e9d579d45c1ce01ec4aee1c5baaea1587640726435ade27240f388b255c34d31cbcd07d81747f8ac9b19dfc6e026e77ec884a5ce90528900617552907ab33ecdf6f08624703f59838df6d8a8b540f43515a28ea2841ae990deca7c2263748ac4600e139fe38b5e422c7a6780650712a2f452e2c59281112dc88d9efa879d19ecb5f1aed9a565dcaf10567155c9e8df587816ef90fcb13209d423e2548b104b8ffaa5088a431a98274b946fc55ee403dffda0c0e7a81cf22d08fee54ba7a2cfdc161fac3eff8fcffe0346cb15856fe61bd4ee5e800848a7d11d5f23f9c2ee810183342c1d3d061ca01c585e7d1f0bde92ce436553a5905072a9784279ea1c475658583b55c743f19033c625ab0d2837c3d39f1169c1c710392e176b4d286c60172af97b8c259e414248062b82d235f39e5811d9298af8b12346160bc65e1e9df61d30ac075e32155647bbd953defbefdcffc74ce43eb48b68ae4ff540ff5c08ac659c6f4670475bcb1d6a5881e89eff50040068fbea2464f225812f1b53e4105a9f45860ab88a2c8cb401f44da9a7b707445052e945e3ceee6ce38f5e09688e469b445b0335f9af7a950b8adb6c702f04ff642975931f9d96a17008a13f2c5995d60550026ed46e6ec820260394a9cb1c37c41e0fef508d0fe58e07d02178305276e9582a0912d81caf86f455bea04feac1624fb7367bc92bbb4ae48a18d802f24903b695adc8bd84cfd8e9bbd", 0x1000}, {&(0x7f0000000f00)="60183f53421a925ed7b365ef96e28ab05a6b01f19f52ce8b5ce8f0fa6c16f49496dd960b798b17868b0dbf13d35d6da7a87d354a1cb409f40ad94b8ccd01c2411ce5c0aef5dcf698150126ea31a336a73aa5f1974feff575698d8e396931c72dbeea0ffbf7656ab461edda94e5fa0abc064b538d1785cc5b488a9f443d6e54330c3378fa4d55a33c16a471d06a6579e93fb47d7f5ec734a19c1365e5d156a62acde11237453bedb5223d373efc5c44a8db61084c3806975baa2e6d4727cf015f49dbdacd", 0xc4}, {&(0x7f0000001580)="cf1e8e7c4ab1b50f0c0887cc749ef60ce0ea1ca88ed68306ea0627162ad67c1acef19a62ccec1461a9bef549912fbe1a423ae42df03b712a80e895266e971ad2317f2f646c0a28cd150da3d0dd9a269aba9012ec340179005bfefa0a48efcd7f0a4f452c99ccea62cae4525c0bb1d0bd87043e2d1001bf5480f424b62d8df4504166d319a8e0216927ef0e875ae07ca74d328af674cd5359c349f0d9d93e919e", 0xa0}, {&(0x7f0000001640)="f9a8e35012dfe4fe7348f1313040d00e151ca1108f06db851df4de8c8dae2838ff236ec571aad90ae86811dd6adb375cbff9d6666e3c1c8f0d0a879568a54eb4b1cac3081eb7f65fa303a9fd9ec82c1dea314b01b10336e2ca800a309fb5ea2afe5b673a514815eafdaffd5ac28fc81a8d5c7f1e66676206e889c384df0c65759aba64c9c3a219ef382e5e193eee9f5364639271fc32997cdf76766614549b40eb5788c099c922ac0a8bf31acf2ea5bf4867a96d827ee791200d178c3d36d601167f16772dd2e1c5fb7df786854164345a511a2fa290ee438c428cce6256378f51", 0xe1}], 0x6, &(0x7f00000018c0)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0xee01}}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xee01}}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, r5, r6, r8, r1, r4]}}], 0x70, 0x20008040}}, {{&(0x7f0000001940)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000001ac0)=[{&(0x7f00000019c0)="b7f2744064b2b617760de4ee2f74092689c158a687c54e8272c870839950249c24bae0cc", 0x24}, {&(0x7f0000001a00)="67cd103ee276c24d3227090bb311b94fed93c981e761ec68b6a85b1718cfee5815f5f48e8c1262730ec0daa18c2ee72f42a30bb75291f62ed9b119a8be4bf1bbdc4a0b56437055c7c847049eeff69dfff60ff37e062ebafe930914394d5304e8c2244aa46f45d3ad23095a6f5e0db66e20c27eb080e57237e3850848f14ba99765d4c9c631892d011f3d304bab8933126974832ba183a29f5c3bc357f863364606f8e1035a1d02c776f21f1634d09f5a802a4dbd9bc10f9f5e25", 0xba}], 0x2, &(0x7f0000001bc0)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0xee01}}}, @cred={{0x1c}}], 0x40, 0x10}}, {{&(0x7f0000001c00)=@abs={0x1, 0x0, 0x4e23}, 0x6e, &(0x7f0000001f40)=[{&(0x7f0000001c80)="f780d9b6e316c56756d35329feb74ed6a00758574da99dae16263e43b315d551d30b317446fd5bf2e2f2e7e2af54c9a477d03db65aa6e5224300781d8d34e0062da64fcffdda0c73ed73545f697e6159b70404dd9dab8b0be8bce788c8ae554d8036a7a1f1bdefafe028762c38119fbebf68fedd7ee9dff835e33d936ea0e3d73c54a9d87963493a0a1e0966d22b7cfacf2c4e61c4e42cc70e70e963dd0ef5f0a544c7f892f6db5d2b66afbc842b1899", 0xb0}, {&(0x7f0000001d40)="77ca4735b92042ddd3c7ecf69d251d2a32799aaed5044e08f6a7e263f27a2e17780a4c16fd6c6e315cc902934aeebaeda8679554a2de8af9291f4cdb247698bffb553afb77229e46030d2e43019ab2a3b56e813b511a15a374fa9de1767f2a31c0669c52e8f78b5abf4286546e2b18c4537edb707ffc610b307be577184d00eb90b3438c6f7f99e07906d44c1d4cd70ee828ce402740de2a9904a1502c140782eb57e40fcbe2920a25e9c34b4ceca96f66dc7f41ab4988f6e3ea5d8a5e59756c4a22a65ce909fdb401f75a819a7ca5fce771f11a92ddd8719c363545484a92f44e4c9c592afd9f7e", 0xe8}, {&(0x7f0000001e40)="82cf71500cc3ac5d51866bc6b1273e47427ddce4e557b8c8120de3d83b29f2cdd1b478311fcbbc2b31c1831dc86a17212fe345ffa12321ca68a3e2ce611c9dc7458b1a5d52d5d56b5319e9a10f809bc3dd47613b04bb7c518396a62194ad0e84e68b1990056a8b6b3f2079a66183bf09253d7c1246ebd3250fe9017e8fab17de574d694ff1cd63094d1b8062a7541efc951515d03c18532125b36fb5cff946dc0320d3d74e0229f510ee82680f341b11d58d37cecb303f3525616d2e9fa4eec95147acedbe66021d4b659e36bb08dd3899ec534401bd0f7a2e58d187cbaaf8bfaf5d698ae9b2477d993edbf1e06355c0", 0xf0}], 0x3, &(0x7f0000005180)=[@rights={{0x20, 0x1, 0x1, [r1, r8, r7, r7]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, r2, r2]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xee01, 0xee00}}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xee00, 0xee00}}}, @rights={{0x34, 0x1, 0x1, [r0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r1, 0xffffffffffffffff, r5, r8]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xffffffffffffffff}}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, r2, 0xffffffffffffffff]}}], 0x138, 0x4004001}}, {{&(0x7f00000052c0)=@abs={0x0, 0x0, 0x4e23}, 0x6e, &(0x7f0000005480)=[{&(0x7f0000005340)="af2a28f933da1e481db48b7c006d23d992422b4cf05b93abf209a711e6879b99a032ed579a10f01082447b830963e58b9e04120b058df6bbcb1abc212e4b36184047de051c528d25157955dcc62868da634afe7b2f5a99bdf3dc58b424f1c7bcff33eb8ef6957339184384202e", 0x6d}, {&(0x7f00000053c0)="665c226901dbf35fabfd1b103cf4265476d466deba610c35457e3ab1216196e93178f501c1a9411f4e3fb37cbb842d1eff1ed427043ecea873fc49c239c2405eaa59fc632cd84e613dce9eb8f6685ff9c773abbea5b7fffde626f3f3fb4497f2cc683eb23a66716d3e70262d9502f1f336d974458c1489f592d80bce3da88fecd1c55edc7c68d3e846a94daebf6959c06a8a4992d2d5da2b30f38cf247078ca67c66882373cb402da0f7ab728fef6c3314c7dd", 0xb3}], 0x2, &(0x7f0000007800)=[@cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, r9, 0xffffffffffffffff}}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, r1, r3, r1, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xffffffffffffffff}}}, @cred={{0x1c, 0x1, 0x2, {0x0, r9, r10}}}], 0xa8, 0x800}}], 0x7, 0x0)
r11 = open_tree(0xffffffffffffff9c, &(0x7f0000000600)='./file0\x00', 0xd1100)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0xe, 0xc, &(0x7f0000000500)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x200}, [@map_idx_val={0x18, 0x4, 0x6, 0x0, 0x8, 0x0, 0x0, 0x0, 0xfffffff7}, @jmp={0x5, 0x0, 0x8, 0x2, 0x9, 0x40}, @map_idx_val={0x18, 0x8, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x6}, @map_fd={0x18, 0x4, 0x1, 0x0, r8}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x2}]}, &(0x7f00000005c0)='GPL\x00', 0x80, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x1b, r11, 0x8, &(0x7f0000000640)={0x2, 0x1}, 0x8, 0x10, &(0x7f0000000680)={0x4, 0xe, 0x1, 0x3a}, 0x10, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r2, r2, r2]}, 0x80)
getsockname$packet(r7, &(0x7f00000003c0)={0x11, 0x0, <r12=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r12, @ANYBLOB="e522c8ffac000062270012000c00010076657468"], 0x48}}, 0x0) (async)
sendmsg$nl_route_sched(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r12, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) (async)
sendmsg$nl_route_sched(r5, &(0x7f00000007c0)={0x0, 0xf1ffffff, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r12, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x6180}]}}]}, 0x40}, 0x7, 0x11000000}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000040)={'ip_vti0\x00', &(0x7f0000000e40)={'sit0\x00', <r13=>0x0, 0x7b8, 0x789, 0xb41, 0xfffffffd, {{0x1d, 0x4, 0x3, 0x28, 0x74, 0x65, 0x0, 0x0, 0x2d, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}, @local, {[@rr={0x7, 0x1b, 0x6e, [@multicast2, @remote, @multicast1, @loopback, @private=0xa010100, @rand_addr=0x64010100]}, @ra={0x94, 0x4, 0x1}, @timestamp={0x44, 0x28, 0xef, 0x0, 0xc, [0x6, 0x7ffffffe, 0x5, 0x8, 0x7e5, 0x3f, 0x5, 0x7ff, 0x8]}, @rr={0x7, 0x7, 0x2b, [@empty]}, @rr={0x7, 0xf, 0x92, [@rand_addr=0x64010102, @local, @local]}]}}}}}) (async)
r14 = gettid()
sendmsg$nl_route(r5, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000400)=@bridge_getlink={0x8c, 0x12, 0x20, 0x70bd27, 0x25dfdbfd, {0x7, 0x0, 0x0, r13, 0x20040, 0x100a0}, [@IFLA_NET_NS_PID={0x8, 0x13, 0xffffffffffffffff}, @IFLA_VF_PORTS={0x2c, 0x18, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, [@IFLA_PORT_PROFILE={0x5, 0x2, '\x00'}, @IFLA_PORT_REQUEST={0x5, 0x6, 0x81}, @IFLA_PORT_INSTANCE_UUID={0x14, 0x4, "dd778ffd6c08c0b6774b901bbf64736e"}]}]}, @IFLA_LINK_NETNSID={0x8}, @IFLA_IFALIAS={0x14, 0x14, 'veth1_to_bridge\x00'}, @IFLA_CARRIER_CHANGES={0x8, 0x23, 0x7}, @IFLA_BROADCAST={0xa, 0x2, @broadcast}, @IFLA_NET_NS_PID={0x8, 0x13, r14}]}, 0x8c}, 0x1, 0x0, 0x0, 0xd4}, 0x4000) (async)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

[ 1282.230371][T17769] 9pnet: bogus RWRITE count (2 > 1)
02:00:58 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x7d, 0x0)

02:00:58 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xdd, 0x0)

02:00:58 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
newfstatat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, <r3=>0x0}, 0x1000)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './file0/file0'}}, {@xino_off}, {@xino_on}, {@index_off}], [{@fowner_lt={'fowner<', r3}}, {@measure}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@audit}]})
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x200400, &(0x7f0000000340)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@aname={'aname', 0x3d, 'trusted.overlay.upper\x00'}}, {@access_any}], [{@defcontext={'defcontext', 0x3d, 'sysadm_u'}}, {@measure}, {@uid_lt={'uid<', 0xffffffffffffffff}}, {@seclabel}, {@func={'func', 0x3d, 'CREDS_CHECK'}}]}})
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='afs_notify_call\x00', r1}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

[ 1282.251511][T17808] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1282.314476][T17823] overlayfs: unrecognized mount option "fowner<00000000000000016384" or missing value
[ 1282.367725][T17827] FAULT_INJECTION: forcing a failure.
[ 1282.367725][T17827] name failslab, interval 1, probability 0, space 0, times 0
[ 1282.380360][T17827] CPU: 1 PID: 17827 Comm: syz-executor.4 Tainted: G        W         5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1282.392150][T17827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1282.402188][T17827] Call Trace:
[ 1282.405456][T17827]  dump_stack_lvl+0x1e2/0x24b
[ 1282.410108][T17827]  ? panic+0x7d7/0x7d7
[ 1282.414155][T17827]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1282.419589][T17827]  dump_stack+0x15/0x17
[ 1282.423721][T17827]  should_fail+0x3c0/0x510
[ 1282.428116][T17827]  __should_failslab+0x9f/0xe0
[ 1282.432856][T17827]  should_failslab+0x9/0x20
[ 1282.437350][T17827]  kmem_cache_alloc+0x3f/0x300
[ 1282.442088][T17827]  ? __kernfs_new_node+0xdb/0x6e0
[ 1282.447100][T17827]  __kernfs_new_node+0xdb/0x6e0
[ 1282.451926][T17827]  ? kernfs_new_node+0x170/0x170
[ 1282.456844][T17827]  ? __kasan_check_write+0x14/0x20
[ 1282.461932][T17827]  ? _raw_spin_lock+0xa3/0x1b0
[ 1282.466673][T17827]  ? __radix_tree_preload+0x361/0x3e0
[ 1282.472022][T17827]  kernfs_new_node+0x97/0x170
[ 1282.476675][T17827]  __kernfs_create_file+0x4a/0x270
[ 1282.481765][T17827]  sysfs_add_file_mode_ns+0x273/0x320
[ 1282.487133][T17827]  internal_create_group+0x55e/0xf50
[ 1282.492414][T17827]  ? sysfs_create_group+0x30/0x30
[ 1282.497418][T17827]  ? kernfs_put+0x48/0x540
[ 1282.501809][T17827]  ? kernfs_create_link+0x1a0/0x210
[ 1282.506986][T17827]  sysfs_create_groups+0x5d/0x130
[ 1282.511992][T17827]  device_add_attrs+0x8b/0x3e0
[ 1282.516733][T17827]  ? device_add_class_symlinks+0x27c/0x2a0
[ 1282.522516][T17827]  device_add+0x4e6/0xbd0
[ 1282.526823][T17827]  device_create+0x258/0x2e0
[ 1282.531407][T17827]  ? root_device_unregister+0x80/0x80
[ 1282.536758][T17827]  ? number+0xd9b/0x1040
[ 1282.540988][T17827]  bdi_register_va+0x94/0x600
[ 1282.545655][T17827]  bdi_register+0xd1/0x120
[ 1282.550057][T17827]  ? __device_add_disk+0x536/0x11d0
[ 1282.555230][T17827]  ? bdi_register_va+0x600/0x600
[ 1282.560141][T17827]  ? vsnprintf+0x1bfd/0x1cd0
[ 1282.564733][T17827]  ? __kasan_check_read+0x11/0x20
[ 1282.569735][T17827]  ? blk_alloc_devt+0xd4/0x320
[ 1282.574477][T17827]  __device_add_disk+0x5cb/0x11d0
[ 1282.579503][T17827]  ? device_add_disk+0x40/0x40
[ 1282.584251][T17827]  ? loop_add+0x400/0x760
[ 1282.588562][T17827]  ? vsprintf+0x40/0x40
[ 1282.592697][T17827]  device_add_disk+0x2a/0x40
[ 1282.597266][T17827]  loop_add+0x58f/0x760
[ 1282.601402][T17827]  loop_control_ioctl+0x564/0x740
[ 1282.606403][T17827]  ? loop_remove+0xb0/0xb0
[ 1282.610812][T17827]  ? __fget_files+0x310/0x370
[ 1282.615468][T17827]  ? security_file_ioctl+0xb1/0xd0
[ 1282.620557][T17827]  ? loop_remove+0xb0/0xb0
[ 1282.624948][T17827]  __se_sys_ioctl+0x115/0x190
[ 1282.629600][T17827]  __x64_sys_ioctl+0x7b/0x90
[ 1282.634167][T17827]  do_syscall_64+0x34/0x70
[ 1282.638567][T17827]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1282.644432][T17827] RIP: 0033:0x7f6ee1968169
[ 1282.648825][T17827] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1282.668403][T17827] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1282.676808][T17827] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1282.684773][T17827] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
[ 1282.692729][T17827] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
[ 1282.700782][T17827] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1282.708865][T17827] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
[ 1282.717408][T17827] ------------[ cut here ]------------
[ 1282.722898][T17827] WARNING: CPU: 1 PID: 17827 at block/genhd.c:821 __device_add_disk+0xe7c/0x11d0
[ 1282.732006][T17827] Modules linked in:
[ 1282.735911][T17827] CPU: 1 PID: 17827 Comm: syz-executor.4 Tainted: G        W         5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1282.747624][T17827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1282.757706][T17827] RIP: 0010:__device_add_disk+0xe7c/0x11d0
[ 1282.763525][T17827] Code: ff ff e8 b7 ee 2b ff 0f 0b e9 28 f3 ff ff e8 ab ee 2b ff 0f 0b 42 80 3c 33 00 0f 85 db f8 ff ff e9 de f8 ff ff e8 94 ee 2b ff <0f> 0b e9 60 f7 ff ff e8 88 ee 2b ff e9 13 ff ff ff 44 89 f1 80 e1
[ 1282.783165][T17827] RSP: 0018:ffffc90002db7bc0 EFLAGS: 00010283
[ 1282.789238][T17827] RAX: ffffffff8241331c RBX: 00000000fffffff4 RCX: 0000000000040000
[ 1282.797215][T17827] RDX: ffffc90004706000 RSI: 000000000002f98e RDI: 000000000002f98f
[ 1282.805201][T17827] RBP: ffffc90002db7d08 R08: ffffffff82412a76 R09: ffffc90002db7610
[ 1282.813201][T17827] R10: 0000000000000013 R11: ffffffff84c00596 R12: 0000000000000007
[ 1282.821174][T17827] R13: ffff888166d47000 R14: ffff88815a001338 R15: ffff88815a001000
[ 1282.829155][T17827] FS:  00007f6ee0699700(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[ 1282.838092][T17827] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1282.844698][T17827] CR2: 00007f6ee0698ff8 CR3: 000000011d42d000 CR4: 00000000003506a0
[ 1282.852683][T17827] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1282.860655][T17827] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1282.868626][T17827] Call Trace:
[ 1282.871928][T17827]  ? device_add_disk+0x40/0x40
[ 1282.876691][T17827]  ? loop_add+0x400/0x760
[ 1282.881014][T17827]  ? vsprintf+0x40/0x40
[ 1282.885179][T17827]  device_add_disk+0x2a/0x40
[ 1282.889766][T17827]  loop_add+0x58f/0x760
[ 1282.893933][T17827]  loop_control_ioctl+0x564/0x740
[ 1282.898952][T17827]  ? loop_remove+0xb0/0xb0
[ 1282.903457][T17827]  ? __fget_files+0x310/0x370
[ 1282.908136][T17827]  ? security_file_ioctl+0xb1/0xd0
[ 1282.913257][T17827]  ? loop_remove+0xb0/0xb0
[ 1282.917671][T17827]  __se_sys_ioctl+0x115/0x190
[ 1282.922376][T17827]  __x64_sys_ioctl+0x7b/0x90
[ 1282.926959][T17827]  do_syscall_64+0x34/0x70
[ 1282.931377][T17827]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1282.937327][T17827] RIP: 0033:0x7f6ee1968169
[ 1282.941754][T17827] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1282.961363][T17827] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
02:00:59 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x83, 0x0)

[ 1282.969830][T17827] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1282.977841][T17827] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
[ 1282.985833][T17827] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
[ 1282.993852][T17827] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1283.001830][T17827] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
[ 1283.009804][T17827] ---[ end trace c3340b11af94836b ]---
02:00:59 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xdf, 0x0)

02:00:59 executing program 3:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000085"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:01:00 executing program 5:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
execveat(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000840)=[&(0x7f00000006c0)='\x00', 0x0], 0x100)
socket$inet_udplite(0x2, 0x2, 0x88)
setuid(0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff})
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000002a0000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:01:00 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
newfstatat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, <r3=>0x0}, 0x1000)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './file0/file0'}}, {@xino_off}, {@xino_on}, {@index_off}], [{@fowner_lt={'fowner<', r3}}, {@measure}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@audit}]})
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x200400, &(0x7f0000000340)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@aname={'aname', 0x3d, 'trusted.overlay.upper\x00'}}, {@access_any}], [{@defcontext={'defcontext', 0x3d, 'sysadm_u'}}, {@measure}, {@uid_lt={'uid<', 0xffffffffffffffff}}, {@seclabel}, {@func={'func', 0x3d, 'CREDS_CHECK'}}]}})
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='afs_notify_call\x00', r1}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) (async)
pipe2$9p(&(0x7f00000001c0), 0x0) (async)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15) (async)
dup(r1) (async)
newfstatat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x1000) (async)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './file0/file0'}}, {@xino_off}, {@xino_on}, {@index_off}], [{@fowner_lt={'fowner<', r3}}, {@measure}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@audit}]}) (async)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x200400, &(0x7f0000000340)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@aname={'aname', 0x3d, 'trusted.overlay.upper\x00'}}, {@access_any}], [{@defcontext={'defcontext', 0x3d, 'sysadm_u'}}, {@measure}, {@uid_lt={'uid<', 0xffffffffffffffff}}, {@seclabel}, {@func={'func', 0x3d, 'CREDS_CHECK'}}]}}) (async)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18) (async)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) (async)
socketpair$unix(0x1, 0x0, 0x0, 0x0) (async)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='afs_notify_call\x00', r1}, 0x10) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0) (async)

02:01:00 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000))
connect$unix(0xffffffffffffffff, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000008c0)='net/mcfilter6\x00')
r0 = socket$key(0xf, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x176}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(0x0, 0x0, &(0x7f0000000480)=0x3008)
sched_setscheduler(r1, 0x1, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$loop_ctrl(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413e850000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
chdir(&(0x7f00000001c0)='./bus\x00')
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0) (fail_nth: 46)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
setfsuid(0x0)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)
r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
recvmmsg(r7, &(0x7f0000002e80)=[{{&(0x7f00000003c0)=@nl=@proc, 0x80, &(0x7f0000000340)=[{0x0}, {&(0x7f00000013c0)=""/78, 0x4e}], 0x2, &(0x7f0000001740)=""/229, 0xe5}, 0x5}, {{&(0x7f0000001440)=@caif=@util, 0x80, &(0x7f0000001d80)=[{&(0x7f0000001840)=""/236, 0xec}, {&(0x7f0000000440)=""/20, 0x14}, {&(0x7f00000014c0)=""/43, 0x2b}, {&(0x7f0000001b80)=""/197, 0xc5}, {&(0x7f0000001940)=""/101, 0x65}, {&(0x7f00000016c0)=""/55, 0x37}, {&(0x7f0000001c80)=""/229, 0xe5}], 0x7, &(0x7f0000001e00)=""/1, 0x1}, 0x24000}, {{&(0x7f0000001e40)=@in6={0xa, 0x0, 0x0, @private2}, 0x80, &(0x7f0000001f80)=[{&(0x7f0000001ec0)=""/151, 0x97}, {&(0x7f0000002480)=""/184, 0xb8}, {&(0x7f0000002540)=""/151, 0x97}, {&(0x7f0000002780)=""/248, 0xf8}], 0x4, &(0x7f0000002880)=""/127, 0x7f}, 0xa9}, {{&(0x7f0000002900)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x80, &(0x7f0000001fc0)=[{&(0x7f0000002980)=""/98, 0x62}], 0x1, &(0x7f0000002140)=""/1, 0x1}, 0x3}, {{&(0x7f0000002a00)=@nl=@proc, 0x80, &(0x7f0000002c80)=[{&(0x7f0000002a80)=""/88, 0x58}, {&(0x7f0000002b00)=""/198, 0xc6}, {&(0x7f0000002c00)=""/106, 0x6a}], 0x3, &(0x7f0000002cc0)=""/36, 0x24}, 0x7}], 0x5, 0x1, &(0x7f0000002e40)={0x77359400})
sendmsg$key(r0, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)

02:01:00 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x85, 0x0)

02:01:00 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xe1, 0x0)

02:01:00 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x87, 0x0)

02:01:00 executing program 3:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000085"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:01:00 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xe3, 0x0)

[ 1283.707572][T17826] 9pnet: bogus RWRITE count (2 > 1)
[ 1283.711995][T17842] 9pnet: bogus RWRITE count (2 > 1)
[ 1283.729841][T17859] overlayfs: unrecognized mount option "fowner<00000000000000016384" or missing value
[ 1283.833687][T17881] FAULT_INJECTION: forcing a failure.
[ 1283.833687][T17881] name failslab, interval 1, probability 0, space 0, times 0
[ 1283.846337][T17881] CPU: 0 PID: 17881 Comm: syz-executor.4 Tainted: G        W         5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1283.858030][T17881] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1283.868060][T17881] Call Trace:
[ 1283.871336][T17881]  dump_stack_lvl+0x1e2/0x24b
[ 1283.875988][T17881]  ? panic+0x7d7/0x7d7
[ 1283.880035][T17881]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1283.885473][T17881]  ? selinux_kernfs_init_security+0x1a8/0x760
[ 1283.891515][T17881]  dump_stack+0x15/0x17
[ 1283.895647][T17881]  should_fail+0x3c0/0x510
[ 1283.900043][T17881]  __should_failslab+0x9f/0xe0
[ 1283.904785][T17881]  should_failslab+0x9/0x20
[ 1283.909267][T17881]  kmem_cache_alloc+0x3f/0x300
[ 1283.914007][T17881]  ? __kernfs_new_node+0xdb/0x6e0
[ 1283.919006][T17881]  __kernfs_new_node+0xdb/0x6e0
[ 1283.923832][T17881]  ? __kasan_check_write+0x14/0x20
[ 1283.928920][T17881]  ? mutex_lock+0xb2/0x1e0
[ 1283.933311][T17881]  ? mutex_trylock+0x180/0x180
[ 1283.938067][T17881]  ? kernfs_new_node+0x170/0x170
[ 1283.942988][T17881]  ? __kasan_check_write+0x14/0x20
[ 1283.948075][T17881]  ? mutex_unlock+0x29/0xf0
[ 1283.952556][T17881]  ? kernfs_activate+0x409/0x420
[ 1283.957470][T17881]  kernfs_new_node+0x97/0x170
[ 1283.962128][T17881]  __kernfs_create_file+0x4a/0x270
[ 1283.967219][T17881]  sysfs_add_file_mode_ns+0x273/0x320
[ 1283.972567][T17881]  internal_create_group+0x55e/0xf50
[ 1283.977840][T17881]  ? sysfs_create_group+0x30/0x30
[ 1283.982852][T17881]  ? kernfs_put+0x48/0x540
[ 1283.987258][T17881]  ? kernfs_create_link+0x1a0/0x210
[ 1283.992436][T17881]  sysfs_create_groups+0x5d/0x130
[ 1283.997443][T17881]  device_add_attrs+0x8b/0x3e0
[ 1284.002183][T17881]  ? device_add_class_symlinks+0x27c/0x2a0
[ 1284.007971][T17881]  device_add+0x4e6/0xbd0
[ 1284.012282][T17881]  device_create+0x258/0x2e0
[ 1284.016852][T17881]  ? root_device_unregister+0x80/0x80
[ 1284.022203][T17881]  ? number+0xd9b/0x1040
[ 1284.026426][T17881]  bdi_register_va+0x94/0x600
[ 1284.031079][T17881]  bdi_register+0xd1/0x120
[ 1284.035476][T17881]  ? __device_add_disk+0x536/0x11d0
[ 1284.040649][T17881]  ? bdi_register_va+0x600/0x600
[ 1284.045575][T17881]  ? vsnprintf+0x1bfd/0x1cd0
[ 1284.050156][T17881]  ? __kasan_check_read+0x11/0x20
[ 1284.055154][T17881]  ? blk_alloc_devt+0xd4/0x320
[ 1284.059900][T17881]  __device_add_disk+0x5cb/0x11d0
[ 1284.064903][T17881]  ? device_add_disk+0x40/0x40
[ 1284.069645][T17881]  ? loop_add+0x400/0x760
[ 1284.073953][T17881]  ? vsprintf+0x40/0x40
[ 1284.078265][T17881]  device_add_disk+0x2a/0x40
[ 1284.082836][T17881]  loop_add+0x58f/0x760
[ 1284.086983][T17881]  loop_control_ioctl+0x564/0x740
[ 1284.091983][T17881]  ? loop_remove+0xb0/0xb0
[ 1284.096377][T17881]  ? __fget_files+0x310/0x370
[ 1284.101031][T17881]  ? security_file_ioctl+0xb1/0xd0
[ 1284.106118][T17881]  ? loop_remove+0xb0/0xb0
[ 1284.110610][T17881]  __se_sys_ioctl+0x115/0x190
[ 1284.115267][T17881]  __x64_sys_ioctl+0x7b/0x90
[ 1284.119832][T17881]  do_syscall_64+0x34/0x70
[ 1284.124226][T17881]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1284.130104][T17881] RIP: 0033:0x7f6ee1968169
[ 1284.134499][T17881] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1284.154080][T17881] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1284.162557][T17881] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1284.170504][T17881] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
[ 1284.178453][T17881] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
[ 1284.186400][T17881] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1284.194347][T17881] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
[ 1284.202799][T17881] ------------[ cut here ]------------
[ 1284.208276][T17881] WARNING: CPU: 0 PID: 17881 at block/genhd.c:821 __device_add_disk+0xe7c/0x11d0
[ 1284.217393][T17881] Modules linked in:
[ 1284.221292][T17881] CPU: 0 PID: 17881 Comm: syz-executor.4 Tainted: G        W         5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1284.233022][T17881] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1284.243119][T17881] RIP: 0010:__device_add_disk+0xe7c/0x11d0
[ 1284.248920][T17881] Code: ff ff e8 b7 ee 2b ff 0f 0b e9 28 f3 ff ff e8 ab ee 2b ff 0f 0b 42 80 3c 33 00 0f 85 db f8 ff ff e9 de f8 ff ff e8 94 ee 2b ff <0f> 0b e9 60 f7 ff ff e8 88 ee 2b ff e9 13 ff ff ff 44 89 f1 80 e1
[ 1284.268559][T17881] RSP: 0018:ffffc90002e37bc0 EFLAGS: 00010287
[ 1284.274651][T17881] RAX: ffffffff8241331c RBX: 00000000fffffff4 RCX: 0000000000040000
[ 1284.282628][T17881] RDX: ffffc90004706000 RSI: 0000000000032126 RDI: 0000000000032127
[ 1284.290598][T17881] RBP: ffffc90002e37d08 R08: ffffffff82412a76 R09: ffffc90002e37610
[ 1284.298580][T17881] R10: 0000000000000013 R11: ffffffff84c00596 R12: 0000000000000007
[ 1284.306558][T17881] R13: ffff888117d99000 R14: ffff88816bfbf338 R15: ffff88816bfbf000
[ 1284.314544][T17881] FS:  00007f6ee0699700(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[ 1284.323519][T17881] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1284.330106][T17881] CR2: 00007f6ee0698ff8 CR3: 000000016456c000 CR4: 00000000003506b0
[ 1284.338092][T17881] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1284.346078][T17881] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1284.354053][T17881] Call Trace:
[ 1284.357340][T17881]  ? device_add_disk+0x40/0x40
[ 1284.362118][T17881]  ? loop_add+0x400/0x760
[ 1284.366444][T17881]  ? vsprintf+0x40/0x40
[ 1284.370596][T17881]  device_add_disk+0x2a/0x40
[ 1284.375208][T17881]  loop_add+0x58f/0x760
[ 1284.379371][T17881]  loop_control_ioctl+0x564/0x740
[ 1284.384492][T17881]  ? loop_remove+0xb0/0xb0
[ 1284.388910][T17881]  ? __fget_files+0x310/0x370
[ 1284.393606][T17881]  ? security_file_ioctl+0xb1/0xd0
[ 1284.398729][T17881]  ? loop_remove+0xb0/0xb0
[ 1284.403160][T17881]  __se_sys_ioctl+0x115/0x190
[ 1284.407833][T17881]  __x64_sys_ioctl+0x7b/0x90
[ 1284.412532][T17881]  do_syscall_64+0x34/0x70
[ 1284.416952][T17881]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1284.422850][T17881] RIP: 0033:0x7f6ee1968169
[ 1284.427273][T17881] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1284.446886][T17881] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1284.455315][T17881] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1284.463294][T17881] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
[ 1284.471265][T17881] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
02:01:00 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) (async, rerun: 32)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0) (rerun: 32)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15) (async)
r2 = dup(r1)
newfstatat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, <r3=>0x0}, 0x1000)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './file0/file0'}}, {@xino_off}, {@xino_on}, {@index_off}], [{@fowner_lt={'fowner<', r3}}, {@measure}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@audit}]}) (async, rerun: 64)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x200400, &(0x7f0000000340)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@aname={'aname', 0x3d, 'trusted.overlay.upper\x00'}}, {@access_any}], [{@defcontext={'defcontext', 0x3d, 'sysadm_u'}}, {@measure}, {@uid_lt={'uid<', 0xffffffffffffffff}}, {@seclabel}, {@func={'func', 0x3d, 'CREDS_CHECK'}}]}}) (async, rerun: 64)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18) (async)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) (async)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) (async, rerun: 32)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async, rerun: 32)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='afs_notify_call\x00', r1}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

[ 1284.479273][T17881] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1284.487263][T17881] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
[ 1284.495261][T17881] ---[ end trace c3340b11af94836c ]---
[ 1284.522082][T22520] udevd[22520]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory
02:01:00 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x89, 0x0)

[ 1284.693329][T17887] overlayfs: unrecognized mount option "fowner<00000000000000016384" or missing value
02:01:01 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xe5, 0x0)

02:01:01 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x8b, 0x0)

[ 1284.917245][T17887] overlayfs: unrecognized mount option "fowner<00000000000000016384" or missing value
[ 1284.961563][T17887] overlayfs: unrecognized mount option "fowner<00000000000000016384" or missing value
[ 1285.024036][T17887] overlayfs: unrecognized mount option "fowner<00000000000000016384" or missing value
[ 1285.042715][T17887] overlayfs: unrecognized mount option "fowner<00000000000000016384" or missing value
[ 1285.052757][T17887] overlayfs: unrecognized mount option "fowner<00000000000000016384" or missing value
[ 1285.063605][T17887] overlayfs: unrecognized mount option "fowner<00000000000000016384" or missing value
[ 1285.073688][T17887] overlayfs: unrecognized mount option "fowner<00000000000000016384" or missing value
[ 1285.083992][T17887] overlayfs: unrecognized mount option "fowner<00000000000000016384" or missing value
[ 1285.093981][T17887] overlayfs: unrecognized mount option "fowner<00000000000000016384" or missing value
[ 1285.104029][T17887] overlayfs: unrecognized mount option "fowner<00000000000000016384" or missing value
[ 1285.114077][T17887] overlayfs: unrecognized mount option "fowner<00000000000000016384" or missing value
[ 1285.124150][T17887] overlayfs: unrecognized mount option "fowner<00000000000000016384" or missing value
[ 1285.134634][T17887] overlayfs: unrecognized mount option "fowner<00000000000000016384" or missing value
[ 1285.144709][T17887] overlayfs: unrecognized mount option "fowner<00000000000000016384" or missing value
[ 1285.154859][T17887] overlayfs: unrecognized mount option "fowner<00000000000000016384" or missing value
[ 1285.164937][T17887] overlayfs: unrecognized mount option "fowner<00000000000000016384" or missing value
[ 1285.175038][T17887] overlayfs: unrecognized mount option "fowner<00000000000000016384" or missing value
[ 1285.185029][T17887] overlayfs: unrecognized mount option "fowner<00000000000000016384" or missing value
[ 1285.195055][T17887] overlayfs: unrecognized mount option "fowner<00000000000000016384" or missing value
[ 1285.205303][T17887] overlayfs: unrecognized mount option "fowner<00000000000000016384" or missing value
[ 1285.215329][T17887] overlayfs: unrecognized mount option "fowner<00000000000000016384" or missing value
[ 1285.225994][T17887] overlayfs: unrecognized mount option "fowner<00000000000000016384" or missing value
[ 1285.236047][T17887] overlayfs: unrecognized mount option "fowner<00000000000000016384" or missing value
[ 1285.246719][T17887] overlayfs: unrecognized mount option "fowner<00000000000000016384" or missing value
[ 1285.256752][T17887] overlayfs: unrecognized mount option "fowner<00000000000000016384" or missing value
[ 1285.266828][T17887] overlayfs: unrecognized mount option "fowner<00000000000000016384" or missing value
[ 1285.276879][T17887] overlayfs: unrecognized mount option "fowner<00000000000000016384" or missing value
[ 1285.287142][T17887] overlayfs: unrecognized mount option "fowner<00000000000000016384" or missing value
[ 1285.297175][T17887] overlayfs: unrecognized mount option "fowner<00000000000000016384" or missing value
[ 1285.307240][T17887] overlayfs: unrecognized mount option "fowner<00000000000000016384" or missing value
[ 1285.317307][T17887] overlayfs: unrecognized mount option "fowner<00000000000000016384" or missing value
[ 1285.327347][T17887] overlayfs: unrecognized mount option "fowner<00000000000000016384" or missing value
[ 1285.337839][T17887] overlayfs: unrecognized mount option "fowner<00000000000000016384" or missing value
[ 1285.347978][T17887] overlayfs: unrecognized mount option "fowner<00000000000000016384" or missing value
[ 1285.357981][T17887] overlayfs: unrecognized mount option "fowner<00000000000000016384" or missing value
[ 1285.367994][T17887] overlayfs: unrecognized mount option "fowner<00000000000000016384" or missing value
[ 1285.378112][T17887] overlayfs: unrecognized mount option "fowner<00000000000000016384" or missing value
[ 1285.388114][T17887] overlayfs: unrecognized mount option "fowner<00000000000000016384" or missing value
[ 1285.398145][T17887] overlayfs: unrecognized mount option "fowner<00000000000000016384" or missing value
[ 1285.408163][T17887] overlayfs: unrecognized mount option "fowner<00000000000000016384" or missing value
[ 1285.418316][T17887] overlayfs: unrecognized mount option "fowner<00000000000000016384" or missing value
[ 1285.428367][T17887] overlayfs: unrecognized mount option "fowner<00000000000000016384" or missing value
[ 1285.438361][T17887] overlayfs: unrecognized mount option "fowner<00000000000000016384" or missing value
[ 1285.448816][T17887] overlayfs: unrecognized mount option "fowner<00000000000000016384" or missing value
02:01:01 executing program 5:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
execveat(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000840)=[&(0x7f00000006c0)='\x00', 0x0], 0x100)
socket$inet_udplite(0x2, 0x2, 0x88)
setuid(0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff})
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000002a0000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:01:01 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000))
connect$unix(0xffffffffffffffff, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000008c0)='net/mcfilter6\x00')
r0 = socket$key(0xf, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x176}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(0x0, 0x0, &(0x7f0000000480)=0x3008)
sched_setscheduler(r1, 0x1, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$loop_ctrl(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413e850000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
chdir(&(0x7f00000001c0)='./bus\x00')
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0) (fail_nth: 47)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
setfsuid(0x0)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)
r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
recvmmsg(r7, &(0x7f0000002e80)=[{{&(0x7f00000003c0)=@nl=@proc, 0x80, &(0x7f0000000340)=[{0x0}, {&(0x7f00000013c0)=""/78, 0x4e}], 0x2, &(0x7f0000001740)=""/229, 0xe5}, 0x5}, {{&(0x7f0000001440)=@caif=@util, 0x80, &(0x7f0000001d80)=[{&(0x7f0000001840)=""/236, 0xec}, {&(0x7f0000000440)=""/20, 0x14}, {&(0x7f00000014c0)=""/43, 0x2b}, {&(0x7f0000001b80)=""/197, 0xc5}, {&(0x7f0000001940)=""/101, 0x65}, {&(0x7f00000016c0)=""/55, 0x37}, {&(0x7f0000001c80)=""/229, 0xe5}], 0x7, &(0x7f0000001e00)=""/1, 0x1}, 0x24000}, {{&(0x7f0000001e40)=@in6={0xa, 0x0, 0x0, @private2}, 0x80, &(0x7f0000001f80)=[{&(0x7f0000001ec0)=""/151, 0x97}, {&(0x7f0000002480)=""/184, 0xb8}, {&(0x7f0000002540)=""/151, 0x97}, {&(0x7f0000002780)=""/248, 0xf8}], 0x4, &(0x7f0000002880)=""/127, 0x7f}, 0xa9}, {{&(0x7f0000002900)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x80, &(0x7f0000001fc0)=[{&(0x7f0000002980)=""/98, 0x62}], 0x1, &(0x7f0000002140)=""/1, 0x1}, 0x3}, {{&(0x7f0000002a00)=@nl=@proc, 0x80, &(0x7f0000002c80)=[{&(0x7f0000002a80)=""/88, 0x58}, {&(0x7f0000002b00)=""/198, 0xc6}, {&(0x7f0000002c00)=""/106, 0x6a}], 0x3, &(0x7f0000002cc0)=""/36, 0x24}, 0x7}], 0x5, 0x1, &(0x7f0000002e40)={0x77359400})
sendmsg$key(r0, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)

02:01:01 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xe7, 0x0)

02:01:01 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x8d, 0x0)

02:01:01 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
copy_file_range(r2, &(0x7f0000000040)=0x3, 0xffffffffffffffff, &(0x7f0000000080)=0x7fffffff, 0xfff, 0x0)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
write$P9_RCLUNK(r1, &(0x7f0000000000)={0x7, 0x79, 0x2}, 0x7)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:01:01 executing program 3:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000085"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

[ 1285.476438][T17880] 9pnet: bogus RWRITE count (2 > 1)
[ 1285.486510][T17865] 9pnet: bogus RWRITE count (2 > 1)
02:01:01 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15) (async)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) (async)
copy_file_range(r2, &(0x7f0000000040)=0x3, 0xffffffffffffffff, &(0x7f0000000080)=0x7fffffff, 0xfff, 0x0) (async)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
write$P9_RCLUNK(r1, &(0x7f0000000000)={0x7, 0x79, 0x2}, 0x7) (async, rerun: 32)
socketpair$unix(0x1, 0x1, 0x0, 0x0) (async, rerun: 32)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:01:01 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x8f, 0x0)

02:01:01 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xe9, 0x0)

[ 1285.616930][T17936] FAULT_INJECTION: forcing a failure.
[ 1285.616930][T17936] name failslab, interval 1, probability 0, space 0, times 0
[ 1285.629595][T17936] CPU: 0 PID: 17936 Comm: syz-executor.4 Tainted: G        W         5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1285.641304][T17936] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1285.651338][T17936] Call Trace:
[ 1285.654611][T17936]  dump_stack_lvl+0x1e2/0x24b
[ 1285.659265][T17936]  ? panic+0x7d7/0x7d7
[ 1285.663312][T17936]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1285.668838][T17936]  ? selinux_kernfs_init_security+0x1a8/0x760
[ 1285.674896][T17936]  dump_stack+0x15/0x17
[ 1285.679029][T17936]  should_fail+0x3c0/0x510
[ 1285.683424][T17936]  __should_failslab+0x9f/0xe0
[ 1285.688197][T17936]  should_failslab+0x9/0x20
[ 1285.692691][T17936]  kmem_cache_alloc+0x3f/0x300
[ 1285.697447][T17936]  ? __kernfs_new_node+0xdb/0x6e0
[ 1285.702451][T17936]  __kernfs_new_node+0xdb/0x6e0
[ 1285.707289][T17936]  ? __kasan_check_write+0x14/0x20
[ 1285.712381][T17936]  ? mutex_lock+0xb2/0x1e0
[ 1285.716779][T17936]  ? mutex_trylock+0x180/0x180
[ 1285.721527][T17936]  ? kernfs_new_node+0x170/0x170
[ 1285.726448][T17936]  ? __kasan_check_write+0x14/0x20
[ 1285.731537][T17936]  ? mutex_unlock+0x29/0xf0
[ 1285.736022][T17936]  ? kernfs_activate+0x409/0x420
[ 1285.740942][T17936]  kernfs_new_node+0x97/0x170
[ 1285.745614][T17936]  __kernfs_create_file+0x4a/0x270
[ 1285.750708][T17936]  sysfs_add_file_mode_ns+0x273/0x320
[ 1285.756059][T17936]  internal_create_group+0x55e/0xf50
[ 1285.761324][T17936]  ? sysfs_create_group+0x30/0x30
[ 1285.766323][T17936]  ? kernfs_put+0x48/0x540
[ 1285.770719][T17936]  ? kernfs_create_link+0x1a0/0x210
[ 1285.775912][T17936]  sysfs_create_groups+0x5d/0x130
[ 1285.780930][T17936]  device_add_attrs+0x8b/0x3e0
[ 1285.785669][T17936]  ? device_add_class_symlinks+0x27c/0x2a0
[ 1285.791466][T17936]  device_add+0x4e6/0xbd0
[ 1285.795775][T17936]  device_create+0x258/0x2e0
[ 1285.800341][T17936]  ? root_device_unregister+0x80/0x80
[ 1285.805694][T17936]  ? number+0xd9b/0x1040
[ 1285.809912][T17936]  bdi_register_va+0x94/0x600
[ 1285.814565][T17936]  bdi_register+0xd1/0x120
[ 1285.818961][T17936]  ? __device_add_disk+0x536/0x11d0
[ 1285.824399][T17936]  ? bdi_register_va+0x600/0x600
[ 1285.829319][T17936]  ? vsnprintf+0x1bfd/0x1cd0
[ 1285.833897][T17936]  ? __kasan_check_read+0x11/0x20
[ 1285.838898][T17936]  ? blk_alloc_devt+0xd4/0x320
[ 1285.843642][T17936]  __device_add_disk+0x5cb/0x11d0
[ 1285.848645][T17936]  ? device_add_disk+0x40/0x40
[ 1285.853393][T17936]  ? loop_add+0x400/0x760
[ 1285.857700][T17936]  ? vsprintf+0x40/0x40
[ 1285.861836][T17936]  device_add_disk+0x2a/0x40
[ 1285.866405][T17936]  loop_add+0x58f/0x760
[ 1285.870539][T17936]  loop_control_ioctl+0x564/0x740
[ 1285.875690][T17936]  ? loop_remove+0xb0/0xb0
[ 1285.880095][T17936]  ? __fget_files+0x310/0x370
[ 1285.884782][T17936]  ? security_file_ioctl+0xb1/0xd0
[ 1285.889879][T17936]  ? loop_remove+0xb0/0xb0
[ 1285.894291][T17936]  __se_sys_ioctl+0x115/0x190
[ 1285.898983][T17936]  __x64_sys_ioctl+0x7b/0x90
[ 1285.903635][T17936]  do_syscall_64+0x34/0x70
[ 1285.908054][T17936]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1285.913945][T17936] RIP: 0033:0x7f6ee1968169
[ 1285.918364][T17936] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1285.938042][T17936] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1285.946441][T17936] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1285.954409][T17936] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
[ 1285.962374][T17936] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
[ 1285.970341][T17936] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1285.978311][T17936] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
[ 1285.987077][T17936] ------------[ cut here ]------------
[ 1285.992570][T17936] WARNING: CPU: 0 PID: 17936 at block/genhd.c:821 __device_add_disk+0xe7c/0x11d0
[ 1286.001778][T17936] Modules linked in:
[ 1286.005702][T17936] CPU: 0 PID: 17936 Comm: syz-executor.4 Tainted: G        W         5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1286.017530][T17936] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1286.027617][T17936] RIP: 0010:__device_add_disk+0xe7c/0x11d0
[ 1286.033447][T17936] Code: ff ff e8 b7 ee 2b ff 0f 0b e9 28 f3 ff ff e8 ab ee 2b ff 0f 0b 42 80 3c 33 00 0f 85 db f8 ff ff e9 de f8 ff ff e8 94 ee 2b ff <0f> 0b e9 60 f7 ff ff e8 88 ee 2b ff e9 13 ff ff ff 44 89 f1 80 e1
[ 1286.053167][T17936] RSP: 0018:ffffc90002fd7bc0 EFLAGS: 00010283
[ 1286.059243][T17936] RAX: ffffffff8241331c RBX: 00000000fffffff4 RCX: 0000000000040000
[ 1286.067233][T17936] RDX: ffffc90004706000 RSI: 00000000000321a3 RDI: 00000000000321a4
[ 1286.075246][T17936] RBP: ffffc90002fd7d08 R08: ffffffff82412a76 R09: ffffc90002fd7610
[ 1286.083299][T17936] R10: 0000000000000013 R11: ffffffff84c00596 R12: 0000000000000007
[ 1286.091279][T17936] R13: ffff888111606000 R14: ffff888111607338 R15: ffff888111607000
[ 1286.099339][T17936] FS:  00007f6ee0699700(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[ 1286.108311][T17936] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1286.114922][T17936] CR2: 00007f6ee0698ff8 CR3: 0000000115e88000 CR4: 00000000003506b0
[ 1286.122914][T17936] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1286.130903][T17936] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1286.138902][T17936] Call Trace:
[ 1286.142218][T17936]  ? device_add_disk+0x40/0x40
[ 1286.146984][T17936]  ? loop_add+0x400/0x760
[ 1286.151318][T17936]  ? vsprintf+0x40/0x40
[ 1286.155494][T17936]  device_add_disk+0x2a/0x40
[ 1286.160098][T17936]  loop_add+0x58f/0x760
[ 1286.164267][T17936]  loop_control_ioctl+0x564/0x740
[ 1286.169283][T17936]  ? loop_remove+0xb0/0xb0
[ 1286.173742][T17936]  ? __fget_files+0x310/0x370
[ 1286.178436][T17936]  ? security_file_ioctl+0xb1/0xd0
[ 1286.183575][T17936]  ? loop_remove+0xb0/0xb0
[ 1286.187994][T17936]  __se_sys_ioctl+0x115/0x190
[ 1286.192699][T17936]  __x64_sys_ioctl+0x7b/0x90
[ 1286.197307][T17936]  do_syscall_64+0x34/0x70
[ 1286.201724][T17936]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1286.207637][T17936] RIP: 0033:0x7f6ee1968169
[ 1286.212077][T17936] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1286.231713][T17936] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1286.240168][T17936] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1286.248147][T17936] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
[ 1286.256146][T17936] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
[ 1286.264132][T17936] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1286.272108][T17936] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
[ 1286.280093][T17936] ---[ end trace c3340b11af94836d ]---
[ 1286.307392][T22520] udevd[22520]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory
02:01:02 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15) (async)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18) (async)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) (async)
copy_file_range(r2, &(0x7f0000000040)=0x3, 0xffffffffffffffff, &(0x7f0000000080)=0x7fffffff, 0xfff, 0x0)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
write$P9_RCLUNK(r1, &(0x7f0000000000)={0x7, 0x79, 0x2}, 0x7) (async)
socketpair$unix(0x1, 0x1, 0x0, 0x0) (async)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:01:02 executing program 3:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e00000085"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:01:02 executing program 5:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
execveat(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000840)=[&(0x7f00000006c0)='\x00', 0x0], 0x100)
socket$inet_udplite(0x2, 0x2, 0x88)
setuid(0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff})
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000002a000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:01:02 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x91, 0x0)

02:01:03 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000))
connect$unix(0xffffffffffffffff, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000008c0)='net/mcfilter6\x00')
r0 = socket$key(0xf, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x176}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(0x0, 0x0, &(0x7f0000000480)=0x3008)
sched_setscheduler(r1, 0x1, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$loop_ctrl(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413e850000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
chdir(&(0x7f00000001c0)='./bus\x00')
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0) (fail_nth: 48)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
setfsuid(0x0)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)
r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
recvmmsg(r7, &(0x7f0000002e80)=[{{&(0x7f00000003c0)=@nl=@proc, 0x80, &(0x7f0000000340)=[{0x0}, {&(0x7f00000013c0)=""/78, 0x4e}], 0x2, &(0x7f0000001740)=""/229, 0xe5}, 0x5}, {{&(0x7f0000001440)=@caif=@util, 0x80, &(0x7f0000001d80)=[{&(0x7f0000001840)=""/236, 0xec}, {&(0x7f0000000440)=""/20, 0x14}, {&(0x7f00000014c0)=""/43, 0x2b}, {&(0x7f0000001b80)=""/197, 0xc5}, {&(0x7f0000001940)=""/101, 0x65}, {&(0x7f00000016c0)=""/55, 0x37}, {&(0x7f0000001c80)=""/229, 0xe5}], 0x7, &(0x7f0000001e00)=""/1, 0x1}, 0x24000}, {{&(0x7f0000001e40)=@in6={0xa, 0x0, 0x0, @private2}, 0x80, &(0x7f0000001f80)=[{&(0x7f0000001ec0)=""/151, 0x97}, {&(0x7f0000002480)=""/184, 0xb8}, {&(0x7f0000002540)=""/151, 0x97}, {&(0x7f0000002780)=""/248, 0xf8}], 0x4, &(0x7f0000002880)=""/127, 0x7f}, 0xa9}, {{&(0x7f0000002900)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x80, &(0x7f0000001fc0)=[{&(0x7f0000002980)=""/98, 0x62}], 0x1, &(0x7f0000002140)=""/1, 0x1}, 0x3}, {{&(0x7f0000002a00)=@nl=@proc, 0x80, &(0x7f0000002c80)=[{&(0x7f0000002a80)=""/88, 0x58}, {&(0x7f0000002b00)=""/198, 0xc6}, {&(0x7f0000002c00)=""/106, 0x6a}], 0x3, &(0x7f0000002cc0)=""/36, 0x24}, 0x7}], 0x5, 0x1, &(0x7f0000002e40)={0x77359400})
sendmsg$key(r0, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)

02:01:03 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xeb, 0x0)

02:01:03 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB="2c7766646e6f3dde4742ea0382d192b992eee6cebd9914b0bc01f9526c7a99cd25982430bceae14e06d7a8ec8395af413310f60143c8497f5c308ff5d3b372fd34e65e813f1d1de55520c6ac8b6c9cd09210a5a684eecbca82379a718e34079998716e9dd363d17bff45f77836565147701cb226e2a88af781e0f7dd8b48658fccb5c9507b3fc9e6189b232f02db93f94360be481e593f24bd7e8642175d838417acd8d2b2db15e98645695511358e86efe137a6f07b22d7bc1735fda423304e949e4a074b18fbf275fd9cd108ffa9359ca19fc9412861f5406c8be6c23e45c2fa0b91cda4ff8aa9cda5d07e6c98b84ea13400000000000000", @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:01:03 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x93, 0x0)

02:01:03 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB="2c7766646e6f3dde4742ea0382d192b992eee6cebd9914b0bc01f9526c7a99cd25982430bceae14e06d7a8ec8395af413310f60143c8497f5c308ff5d3b372fd34e65e813f1d1de55520c6ac8b6c9cd09210a5a684eecbca82379a718e34079998716e9dd363d17bff45f77836565147701cb226e2a88af781e0f7dd8b48658fccb5c9507b3fc9e6189b232f02db93f94360be481e593f24bd7e8642175d838417acd8d2b2db15e98645695511358e86efe137a6f07b22d7bc1735fda423304e949e4a074b18fbf275fd9cd108ffa9359ca19fc9412861f5406c8be6c23e45c2fa0b91cda4ff8aa9cda5d07e6c98b84ea13400000000000000", @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) (async)
pipe2$9p(&(0x7f00000001c0), 0x0) (async)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15) (async)
dup(r1) (async)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18) (async)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) (async)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB="2c7766646e6f3dde4742ea0382d192b992eee6cebd9914b0bc01f9526c7a99cd25982430bceae14e06d7a8ec8395af413310f60143c8497f5c308ff5d3b372fd34e65e813f1d1de55520c6ac8b6c9cd09210a5a684eecbca82379a718e34079998716e9dd363d17bff45f77836565147701cb226e2a88af781e0f7dd8b48658fccb5c9507b3fc9e6189b232f02db93f94360be481e593f24bd7e8642175d838417acd8d2b2db15e98645695511358e86efe137a6f07b22d7bc1735fda423304e949e4a074b18fbf275fd9cd108ffa9359ca19fc9412861f5406c8be6c23e45c2fa0b91cda4ff8aa9cda5d07e6c98b84ea13400000000000000", @ANYRESHEX=r1]) (async)
socketpair$unix(0x1, 0x0, 0x0, 0x0) (async)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0) (async)

02:01:03 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x95, 0x0)

02:01:03 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xed, 0x0)

[ 1286.716010][T17975] 9pnet: Insufficient options for proto=fd
[ 1286.753865][T17977] 9pnet: Insufficient options for proto=fd
[ 1286.798808][T17977] 9pnet: Insufficient options for proto=fd
[ 1286.815385][T17988] FAULT_INJECTION: forcing a failure.
[ 1286.815385][T17988] name failslab, interval 1, probability 0, space 0, times 0
[ 1286.828033][T17988] CPU: 1 PID: 17988 Comm: syz-executor.4 Tainted: G        W         5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1286.839727][T17988] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1286.849863][T17988] Call Trace:
[ 1286.853136][T17988]  dump_stack_lvl+0x1e2/0x24b
[ 1286.857791][T17988]  ? panic+0x7d7/0x7d7
[ 1286.861839][T17988]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1286.867275][T17988]  ? selinux_kernfs_init_security+0x1a8/0x760
[ 1286.873329][T17988]  dump_stack+0x15/0x17
[ 1286.877463][T17988]  should_fail+0x3c0/0x510
[ 1286.881858][T17988]  __should_failslab+0x9f/0xe0
[ 1286.886693][T17988]  should_failslab+0x9/0x20
[ 1286.891259][T17988]  kmem_cache_alloc+0x3f/0x300
[ 1286.896003][T17988]  ? __kernfs_new_node+0xdb/0x6e0
[ 1286.901012][T17988]  __kernfs_new_node+0xdb/0x6e0
[ 1286.905839][T17988]  ? __kasan_check_write+0x14/0x20
[ 1286.910935][T17988]  ? mutex_lock+0xb2/0x1e0
[ 1286.915335][T17988]  ? mutex_trylock+0x180/0x180
[ 1286.920078][T17988]  ? kernfs_new_node+0x170/0x170
[ 1286.924992][T17988]  ? __kasan_check_write+0x14/0x20
[ 1286.930102][T17988]  ? mutex_unlock+0x29/0xf0
[ 1286.934586][T17988]  ? kernfs_activate+0x409/0x420
[ 1286.939501][T17988]  kernfs_new_node+0x97/0x170
[ 1286.944161][T17988]  __kernfs_create_file+0x4a/0x270
[ 1286.949249][T17988]  sysfs_add_file_mode_ns+0x273/0x320
[ 1286.954602][T17988]  internal_create_group+0x55e/0xf50
[ 1286.959866][T17988]  ? sysfs_create_group+0x30/0x30
[ 1286.964865][T17988]  ? kernfs_put+0x48/0x540
[ 1286.969257][T17988]  ? kernfs_create_link+0x1a0/0x210
[ 1286.974449][T17988]  sysfs_create_groups+0x5d/0x130
[ 1286.979452][T17988]  device_add_attrs+0x8b/0x3e0
[ 1286.984193][T17988]  ? device_add_class_symlinks+0x27c/0x2a0
[ 1286.989988][T17988]  device_add+0x4e6/0xbd0
[ 1286.994294][T17988]  device_create+0x258/0x2e0
[ 1286.998860][T17988]  ? root_device_unregister+0x80/0x80
[ 1287.004211][T17988]  ? number+0xd9b/0x1040
[ 1287.008439][T17988]  bdi_register_va+0x94/0x600
[ 1287.013096][T17988]  bdi_register+0xd1/0x120
[ 1287.017490][T17988]  ? __device_add_disk+0x536/0x11d0
[ 1287.022661][T17988]  ? bdi_register_va+0x600/0x600
[ 1287.027578][T17988]  ? vsnprintf+0x1bfd/0x1cd0
[ 1287.032171][T17988]  ? __kasan_check_read+0x11/0x20
[ 1287.037171][T17988]  ? blk_alloc_devt+0xd4/0x320
[ 1287.041909][T17988]  __device_add_disk+0x5cb/0x11d0
[ 1287.046911][T17988]  ? device_add_disk+0x40/0x40
[ 1287.051651][T17988]  ? loop_add+0x400/0x760
[ 1287.055975][T17988]  ? vsprintf+0x40/0x40
[ 1287.060111][T17988]  device_add_disk+0x2a/0x40
[ 1287.064678][T17988]  loop_add+0x58f/0x760
[ 1287.068813][T17988]  loop_control_ioctl+0x564/0x740
[ 1287.073918][T17988]  ? loop_remove+0xb0/0xb0
[ 1287.078312][T17988]  ? __fget_files+0x310/0x370
[ 1287.082971][T17988]  ? security_file_ioctl+0xb1/0xd0
[ 1287.088058][T17988]  ? loop_remove+0xb0/0xb0
[ 1287.092452][T17988]  __se_sys_ioctl+0x115/0x190
[ 1287.097105][T17988]  __x64_sys_ioctl+0x7b/0x90
[ 1287.101673][T17988]  do_syscall_64+0x34/0x70
[ 1287.106073][T17988]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1287.111939][T17988] RIP: 0033:0x7f6ee1968169
[ 1287.116337][T17988] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1287.135937][T17988] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1287.144330][T17988] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1287.152280][T17988] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
[ 1287.160251][T17988] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
[ 1287.168200][T17988] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1287.176165][T17988] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
[ 1287.184955][T17988] ------------[ cut here ]------------
[ 1287.190457][T17988] WARNING: CPU: 0 PID: 17988 at block/genhd.c:821 __device_add_disk+0xe7c/0x11d0
[ 1287.199914][T17988] Modules linked in:
[ 1287.203827][T17988] CPU: 0 PID: 17988 Comm: syz-executor.4 Tainted: G        W         5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1287.215534][T17988] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1287.225607][T17988] RIP: 0010:__device_add_disk+0xe7c/0x11d0
[ 1287.231940][T17988] Code: ff ff e8 b7 ee 2b ff 0f 0b e9 28 f3 ff ff e8 ab ee 2b ff 0f 0b 42 80 3c 33 00 0f 85 db f8 ff ff e9 de f8 ff ff e8 94 ee 2b ff <0f> 0b e9 60 f7 ff ff e8 88 ee 2b ff e9 13 ff ff ff 44 89 f1 80 e1
[ 1287.251616][T17988] RSP: 0018:ffffc90002f87bc0 EFLAGS: 00010287
[ 1287.257700][T17988] RAX: ffffffff8241331c RBX: 00000000fffffff4 RCX: 0000000000040000
[ 1287.265678][T17988] RDX: ffffc90004706000 RSI: 0000000000031ff5 RDI: 0000000000031ff6
[ 1287.273685][T17988] RBP: ffffc90002f87d08 R08: ffffffff82412a76 R09: ffffc90002f87610
[ 1287.281651][T17988] R10: 0000000000000013 R11: ffffffff84c00596 R12: 0000000000000007
[ 1287.289635][T17988] R13: ffff888167db4000 R14: ffff888167db6338 R15: ffff888167db6000
[ 1287.297615][T17988] FS:  00007f6ee0699700(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[ 1287.306589][T17988] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1287.313212][T17988] CR2: 000000002002c030 CR3: 000000016880c000 CR4: 00000000003506b0
[ 1287.321174][T17988] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1287.329165][T17988] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1287.337153][T17988] Call Trace:
[ 1287.340438][T17988]  ? device_add_disk+0x40/0x40
[ 1287.345209][T17988]  ? loop_add+0x400/0x760
[ 1287.349531][T17988]  ? vsprintf+0x40/0x40
[ 1287.353690][T17988]  device_add_disk+0x2a/0x40
[ 1287.358273][T17988]  loop_add+0x58f/0x760
[ 1287.362429][T17988]  loop_control_ioctl+0x564/0x740
[ 1287.367443][T17988]  ? loop_remove+0xb0/0xb0
[ 1287.372295][T17988]  ? __fget_files+0x310/0x370
[ 1287.376968][T17988]  ? security_file_ioctl+0xb1/0xd0
[ 1287.382085][T17988]  ? loop_remove+0xb0/0xb0
[ 1287.386508][T17988]  __se_sys_ioctl+0x115/0x190
[ 1287.391178][T17988]  __x64_sys_ioctl+0x7b/0x90
[ 1287.395813][T17988]  do_syscall_64+0x34/0x70
[ 1287.400224][T17988]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1287.406142][T17988] RIP: 0033:0x7f6ee1968169
[ 1287.410548][T17988] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1287.430189][T17988] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1287.438605][T17988] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1287.446584][T17988] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
[ 1287.454588][T17988] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
[ 1287.462563][T17988] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1287.470522][T17988] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
[ 1287.478542][T17988] ---[ end trace c3340b11af94836e ]---
02:01:04 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) (async, rerun: 32)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0) (rerun: 32)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15) (async)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB="2c7766646e6f3dde4742ea0382d192b992eee6cebd9914b0bc01f9526c7a99cd25982430bceae14e06d7a8ec8395af413310f60143c8497f5c308ff5d3b372fd34e65e813f1d1de55520c6ac8b6c9cd09210a5a684eecbca82379a718e34079998716e9dd363d17bff45f77836565147701cb226e2a88af781e0f7dd8b48658fccb5c9507b3fc9e6189b232f02db93f94360be481e593f24bd7e8642175d838417acd8d2b2db15e98645695511358e86efe137a6f07b22d7bc1735fda423304e949e4a074b18fbf275fd9cd108ffa9359ca19fc9412861f5406c8be6c23e45c2fa0b91cda4ff8aa9cda5d07e6c98b84ea13400000000000000", @ANYRESHEX=r1]) (async)
socketpair$unix(0x1, 0x0, 0x0, 0x0) (async)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:01:04 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x97, 0x0)

[ 1287.725806][T18003] 9pnet: Insufficient options for proto=fd
02:01:04 executing program 3:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e00000085"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

[ 1288.115471][T17958] 9pnet: bogus RWRITE count (2 > 1)
02:01:04 executing program 5:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
execveat(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000840)=[&(0x7f00000006c0)='\x00', 0x0], 0x100)
socket$inet_udplite(0x2, 0x2, 0x88)
setuid(0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff})
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000002a000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:01:04 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xef, 0x0)

02:01:04 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = socket(0x10, 0x802, 0x0)
connect$netlink(r5, &(0x7f00000001c0)=@proc, 0xc)
getsockname$packet(r5, &(0x7f00000003c0)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r6, @ANYBLOB="e522c8ffac000062270012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000007c0)={0x0, 0xf1ffffff, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x6180}]}}]}, 0x40}, 0x7, 0x11000000}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r5, 0x89f0, &(0x7f0000000340)={'sit0\x00', &(0x7f0000000400)={'syztnl2\x00', r6, 0x8, 0x40, 0x1ff, 0x1, {{0x25, 0x4, 0x3, 0x2, 0x94, 0x67, 0x0, 0xfe, 0x29, 0x0, @multicast2, @local, {[@timestamp_prespec={0x44, 0xc, 0x97, 0x3, 0x6, [{@remote, 0x7}]}, @cipso={0x86, 0x17, 0x3, [{0x7, 0x11, "1f00266cb2e05f3012e709d2c04772"}]}, @cipso={0x86, 0x31, 0x3, [{0x6, 0x2}, {0x6, 0xf, "d3c08f470ee6476d9528179c09"}, {0x1, 0xf, "d525868005a73b1552afb16086"}, {0x0, 0xb, "c91a5216b7928faeae"}]}, @lsrr={0x83, 0xb, 0xba, [@rand_addr=0x64010102, @rand_addr=0x64010100]}, @end, @cipso={0x86, 0x1e, 0x2, [{0x2, 0x10, "52e42057797ebc8947db64fcd6d6"}, {0x7, 0x8, "cc94fb91e7ed"}]}]}}}}})
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x802, 0x0)
connect$netlink(r8, &(0x7f00000001c0)=@proc, 0xc)
getsockname$packet(r8, &(0x7f00000003c0)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r9, @ANYBLOB="e522c8ffac000062270012000c00010076657468"], 0x48}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000300)={'lo\x00'})
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000000100)=ANY=[@ANYRESDEC=r5, @ANYRESDEC=r7], 0x2000, 0x0)

02:01:04 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x99, 0x0)

02:01:04 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000))
connect$unix(0xffffffffffffffff, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000008c0)='net/mcfilter6\x00')
r0 = socket$key(0xf, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x176}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(0x0, 0x0, &(0x7f0000000480)=0x3008)
sched_setscheduler(r1, 0x1, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$loop_ctrl(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413e850000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
chdir(&(0x7f00000001c0)='./bus\x00')
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0) (fail_nth: 49)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
setfsuid(0x0)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)
r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
recvmmsg(r7, &(0x7f0000002e80)=[{{&(0x7f00000003c0)=@nl=@proc, 0x80, &(0x7f0000000340)=[{0x0}, {&(0x7f00000013c0)=""/78, 0x4e}], 0x2, &(0x7f0000001740)=""/229, 0xe5}, 0x5}, {{&(0x7f0000001440)=@caif=@util, 0x80, &(0x7f0000001d80)=[{&(0x7f0000001840)=""/236, 0xec}, {&(0x7f0000000440)=""/20, 0x14}, {&(0x7f00000014c0)=""/43, 0x2b}, {&(0x7f0000001b80)=""/197, 0xc5}, {&(0x7f0000001940)=""/101, 0x65}, {&(0x7f00000016c0)=""/55, 0x37}, {&(0x7f0000001c80)=""/229, 0xe5}], 0x7, &(0x7f0000001e00)=""/1, 0x1}, 0x24000}, {{&(0x7f0000001e40)=@in6={0xa, 0x0, 0x0, @private2}, 0x80, &(0x7f0000001f80)=[{&(0x7f0000001ec0)=""/151, 0x97}, {&(0x7f0000002480)=""/184, 0xb8}, {&(0x7f0000002540)=""/151, 0x97}, {&(0x7f0000002780)=""/248, 0xf8}], 0x4, &(0x7f0000002880)=""/127, 0x7f}, 0xa9}, {{&(0x7f0000002900)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x80, &(0x7f0000001fc0)=[{&(0x7f0000002980)=""/98, 0x62}], 0x1, &(0x7f0000002140)=""/1, 0x1}, 0x3}, {{&(0x7f0000002a00)=@nl=@proc, 0x80, &(0x7f0000002c80)=[{&(0x7f0000002a80)=""/88, 0x58}, {&(0x7f0000002b00)=""/198, 0xc6}, {&(0x7f0000002c00)=""/106, 0x6a}], 0x3, &(0x7f0000002cc0)=""/36, 0x24}, 0x7}], 0x5, 0x1, &(0x7f0000002e40)={0x77359400})
sendmsg$key(r0, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)

[ 1288.249700][T17963] 9pnet: bogus RWRITE count (2 > 1)
02:01:04 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x9b, 0x0)

02:01:04 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xf1, 0x0)

[ 1288.283639][T18023] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1288.377701][T18035] FAULT_INJECTION: forcing a failure.
[ 1288.377701][T18035] name failslab, interval 1, probability 0, space 0, times 0
[ 1288.390640][T18035] CPU: 1 PID: 18035 Comm: syz-executor.4 Tainted: G        W         5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1288.402337][T18035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1288.412386][T18035] Call Trace:
[ 1288.415664][T18035]  dump_stack_lvl+0x1e2/0x24b
[ 1288.420317][T18035]  ? panic+0x7d7/0x7d7
[ 1288.424375][T18035]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1288.429828][T18035]  ? __kasan_check_write+0x14/0x20
[ 1288.437291][T18035]  ? _raw_spin_lock+0xa3/0x1b0
[ 1288.442032][T18035]  dump_stack+0x15/0x17
[ 1288.446182][T18035]  should_fail+0x3c0/0x510
[ 1288.450575][T18035]  __should_failslab+0x9f/0xe0
[ 1288.455314][T18035]  should_failslab+0x9/0x20
[ 1288.459790][T18035]  kmem_cache_alloc+0x3f/0x300
[ 1288.464528][T18035]  ? __kernfs_new_node+0xdb/0x6e0
[ 1288.469528][T18035]  __kernfs_new_node+0xdb/0x6e0
[ 1288.474356][T18035]  ? kernfs_activate+0x409/0x420
[ 1288.479271][T18035]  ? kernfs_new_node+0x170/0x170
[ 1288.484186][T18035]  ? kernfs_add_one+0x4c5/0x5e0
[ 1288.489025][T18035]  ? __kernfs_create_file+0x1fb/0x270
[ 1288.494377][T18035]  ? __kasan_check_write+0x14/0x20
[ 1288.499480][T18035]  kernfs_create_dir_ns+0x9b/0x230
[ 1288.504676][T18035]  internal_create_group+0x29d/0xf50
[ 1288.510210][T18035]  ? sysfs_create_group+0x30/0x30
[ 1288.515215][T18035]  ? kernfs_put+0x48/0x540
[ 1288.519612][T18035]  ? sysfs_create_group+0x30/0x30
[ 1288.524614][T18035]  ? kernfs_create_link+0x1a0/0x210
[ 1288.529791][T18035]  sysfs_create_group+0x1f/0x30
[ 1288.534619][T18035]  dpm_sysfs_add+0x5d/0x290
[ 1288.539105][T18035]  device_add+0x52c/0xbd0
[ 1288.543414][T18035]  device_create+0x258/0x2e0
[ 1288.548001][T18035]  ? root_device_unregister+0x80/0x80
[ 1288.553355][T18035]  ? number+0xd9b/0x1040
[ 1288.557598][T18035]  bdi_register_va+0x94/0x600
[ 1288.562271][T18035]  bdi_register+0xd1/0x120
[ 1288.566673][T18035]  ? __device_add_disk+0x536/0x11d0
[ 1288.571851][T18035]  ? bdi_register_va+0x600/0x600
[ 1288.576768][T18035]  ? vsnprintf+0x1bfd/0x1cd0
[ 1288.581337][T18035]  ? __kasan_check_read+0x11/0x20
[ 1288.586425][T18035]  ? blk_alloc_devt+0xd4/0x320
[ 1288.591168][T18035]  __device_add_disk+0x5cb/0x11d0
[ 1288.596172][T18035]  ? device_add_disk+0x40/0x40
[ 1288.600915][T18035]  ? loop_add+0x400/0x760
[ 1288.605221][T18035]  ? vsprintf+0x40/0x40
[ 1288.609358][T18035]  device_add_disk+0x2a/0x40
[ 1288.613926][T18035]  loop_add+0x58f/0x760
[ 1288.618061][T18035]  loop_control_ioctl+0x564/0x740
[ 1288.623062][T18035]  ? loop_remove+0xb0/0xb0
[ 1288.627476][T18035]  ? __fget_files+0x310/0x370
[ 1288.632143][T18035]  ? security_file_ioctl+0xb1/0xd0
[ 1288.637229][T18035]  ? loop_remove+0xb0/0xb0
[ 1288.641637][T18035]  __se_sys_ioctl+0x115/0x190
[ 1288.646289][T18035]  __x64_sys_ioctl+0x7b/0x90
[ 1288.650863][T18035]  do_syscall_64+0x34/0x70
[ 1288.655257][T18035]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1288.661122][T18035] RIP: 0033:0x7f6ee1968169
[ 1288.665514][T18035] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1288.685094][T18035] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1288.693503][T18035] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1288.701460][T18035] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
[ 1288.709439][T18035] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
[ 1288.717391][T18035] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1288.725345][T18035] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
[ 1288.733900][T18035] ------------[ cut here ]------------
[ 1288.739386][T18035] WARNING: CPU: 1 PID: 18035 at block/genhd.c:821 __device_add_disk+0xe7c/0x11d0
[ 1288.748499][T18035] Modules linked in:
[ 1288.752441][T18035] CPU: 1 PID: 18035 Comm: syz-executor.4 Tainted: G        W         5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1288.764203][T18035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1288.774295][T18035] RIP: 0010:__device_add_disk+0xe7c/0x11d0
[ 1288.780106][T18035] Code: ff ff e8 b7 ee 2b ff 0f 0b e9 28 f3 ff ff e8 ab ee 2b ff 0f 0b 42 80 3c 33 00 0f 85 db f8 ff ff e9 de f8 ff ff e8 94 ee 2b ff <0f> 0b e9 60 f7 ff ff e8 88 ee 2b ff e9 13 ff ff ff 44 89 f1 80 e1
[ 1288.799737][T18035] RSP: 0018:ffffc90002f07bc0 EFLAGS: 00010283
[ 1288.805826][T18035] RAX: ffffffff8241331c RBX: 00000000fffffff4 RCX: 0000000000040000
[ 1288.813829][T18035] RDX: ffffc90004706000 RSI: 0000000000030037 RDI: 0000000000030038
[ 1288.821864][T18035] RBP: ffffc90002f07d08 R08: ffffffff82412a76 R09: ffffc90002f07610
[ 1288.829840][T18035] R10: 0000000000000013 R11: ffffffff84c00596 R12: 0000000000000007
[ 1288.837822][T18035] R13: ffff888104d97000 R14: ffff88815dfae338 R15: ffff88815dfae000
[ 1288.845837][T18035] FS:  00007f6ee0699700(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[ 1288.854812][T18035] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1288.861423][T18035] CR2: 00007f6ee0698ff8 CR3: 00000001138f7000 CR4: 00000000003506a0
[ 1288.869413][T18035] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1288.877408][T18035] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1288.885393][T18035] Call Trace:
[ 1288.888688][T18035]  ? device_add_disk+0x40/0x40
[ 1288.895532][T18035]  ? loop_add+0x400/0x760
[ 1288.899891][T18035]  ? vsprintf+0x40/0x40
[ 1288.904071][T18035]  device_add_disk+0x2a/0x40
[ 1288.908659][T18035]  loop_add+0x58f/0x760
[ 1288.912862][T18035]  loop_control_ioctl+0x564/0x740
[ 1288.917894][T18035]  ? loop_remove+0xb0/0xb0
[ 1288.922321][T18035]  ? __fget_files+0x310/0x370
[ 1288.927022][T18035]  ? security_file_ioctl+0xb1/0xd0
[ 1288.932142][T18035]  ? loop_remove+0xb0/0xb0
[ 1288.936556][T18035]  __se_sys_ioctl+0x115/0x190
[ 1288.941245][T18035]  __x64_sys_ioctl+0x7b/0x90
[ 1288.945844][T18035]  do_syscall_64+0x34/0x70
[ 1288.950264][T18035]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1288.956166][T18035] RIP: 0033:0x7f6ee1968169
[ 1288.960582][T18035] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1288.980213][T18035] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1288.988649][T18035] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1288.996646][T18035] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
[ 1289.004624][T18035] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
[ 1289.012608][T18035] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1289.020576][T18035] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
[ 1289.028558][T18035] ---[ end trace c3340b11af94836f ]---
[ 1289.048414][T22520] udevd[22520]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory
[ 1289.055642][T18023] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'.
02:01:05 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xf3, 0x0)

02:01:05 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x9d, 0x0)

02:01:05 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0), 0x0) (async)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) (async)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = socket(0x10, 0x802, 0x0)
connect$netlink(r5, &(0x7f00000001c0)=@proc, 0xc)
getsockname$packet(r5, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) (async)
getsockname$packet(r5, &(0x7f00000003c0)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r6, @ANYBLOB="e522c8ffac000062270012000c00010076657468"], 0x48}}, 0x0) (async)
sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r6, @ANYBLOB="e522c8ffac000062270012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000007c0)={0x0, 0xf1ffffff, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x6180}]}}]}, 0x40}, 0x7, 0x11000000}, 0x0) (async)
sendmsg$nl_route_sched(r3, &(0x7f00000007c0)={0x0, 0xf1ffffff, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x6180}]}}]}, 0x40}, 0x7, 0x11000000}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r5, 0x89f0, &(0x7f0000000340)={'sit0\x00', &(0x7f0000000400)={'syztnl2\x00', r6, 0x8, 0x40, 0x1ff, 0x1, {{0x25, 0x4, 0x3, 0x2, 0x94, 0x67, 0x0, 0xfe, 0x29, 0x0, @multicast2, @local, {[@timestamp_prespec={0x44, 0xc, 0x97, 0x3, 0x6, [{@remote, 0x7}]}, @cipso={0x86, 0x17, 0x3, [{0x7, 0x11, "1f00266cb2e05f3012e709d2c04772"}]}, @cipso={0x86, 0x31, 0x3, [{0x6, 0x2}, {0x6, 0xf, "d3c08f470ee6476d9528179c09"}, {0x1, 0xf, "d525868005a73b1552afb16086"}, {0x0, 0xb, "c91a5216b7928faeae"}]}, @lsrr={0x83, 0xb, 0xba, [@rand_addr=0x64010102, @rand_addr=0x64010100]}, @end, @cipso={0x86, 0x1e, 0x2, [{0x2, 0x10, "52e42057797ebc8947db64fcd6d6"}, {0x7, 0x8, "cc94fb91e7ed"}]}]}}}}})
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x802, 0x0)
connect$netlink(r8, &(0x7f00000001c0)=@proc, 0xc) (async)
connect$netlink(r8, &(0x7f00000001c0)=@proc, 0xc)
getsockname$packet(r8, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) (async)
getsockname$packet(r8, &(0x7f00000003c0)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r9, @ANYBLOB="e522c8ffac000062270012000c00010076657468"], 0x48}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000300)={'lo\x00'}) (async)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000300)={'lo\x00'})
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000000100)=ANY=[@ANYRESDEC=r5, @ANYRESDEC=r7], 0x2000, 0x0) (async)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000000100)=ANY=[@ANYRESDEC=r5, @ANYRESDEC=r7], 0x2000, 0x0)

[ 1289.401875][T18056] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'.
02:01:05 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x9f, 0x0)

[ 1289.524785][T18059] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1289.570256][T18054] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'.
02:01:06 executing program 3:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e00000085"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

[ 1289.733600][T18018] 9pnet: bogus RWRITE count (2 > 1)
02:01:06 executing program 5:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
execveat(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000840)=[&(0x7f00000006c0)='\x00', 0x0], 0x100)
socket$inet_udplite(0x2, 0x2, 0x88)
setuid(0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff})
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000002a000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:01:06 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000))
connect$unix(0xffffffffffffffff, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000008c0)='net/mcfilter6\x00')
r0 = socket$key(0xf, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x176}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(0x0, 0x0, &(0x7f0000000480)=0x3008)
sched_setscheduler(r1, 0x1, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$loop_ctrl(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413e850000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
chdir(&(0x7f00000001c0)='./bus\x00')
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0) (fail_nth: 50)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
setfsuid(0x0)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)
r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
recvmmsg(r7, &(0x7f0000002e80)=[{{&(0x7f00000003c0)=@nl=@proc, 0x80, &(0x7f0000000340)=[{0x0}, {&(0x7f00000013c0)=""/78, 0x4e}], 0x2, &(0x7f0000001740)=""/229, 0xe5}, 0x5}, {{&(0x7f0000001440)=@caif=@util, 0x80, &(0x7f0000001d80)=[{&(0x7f0000001840)=""/236, 0xec}, {&(0x7f0000000440)=""/20, 0x14}, {&(0x7f00000014c0)=""/43, 0x2b}, {&(0x7f0000001b80)=""/197, 0xc5}, {&(0x7f0000001940)=""/101, 0x65}, {&(0x7f00000016c0)=""/55, 0x37}, {&(0x7f0000001c80)=""/229, 0xe5}], 0x7, &(0x7f0000001e00)=""/1, 0x1}, 0x24000}, {{&(0x7f0000001e40)=@in6={0xa, 0x0, 0x0, @private2}, 0x80, &(0x7f0000001f80)=[{&(0x7f0000001ec0)=""/151, 0x97}, {&(0x7f0000002480)=""/184, 0xb8}, {&(0x7f0000002540)=""/151, 0x97}, {&(0x7f0000002780)=""/248, 0xf8}], 0x4, &(0x7f0000002880)=""/127, 0x7f}, 0xa9}, {{&(0x7f0000002900)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x80, &(0x7f0000001fc0)=[{&(0x7f0000002980)=""/98, 0x62}], 0x1, &(0x7f0000002140)=""/1, 0x1}, 0x3}, {{&(0x7f0000002a00)=@nl=@proc, 0x80, &(0x7f0000002c80)=[{&(0x7f0000002a80)=""/88, 0x58}, {&(0x7f0000002b00)=""/198, 0xc6}, {&(0x7f0000002c00)=""/106, 0x6a}], 0x3, &(0x7f0000002cc0)=""/36, 0x24}, 0x7}], 0x5, 0x1, &(0x7f0000002e40)={0x77359400})
sendmsg$key(r0, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)

02:01:06 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xf5, 0x0)

02:01:06 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xa1, 0x0)

02:01:06 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) (async)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) (async)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = socket(0x10, 0x802, 0x0)
connect$netlink(r5, &(0x7f00000001c0)=@proc, 0xc)
getsockname$packet(r5, &(0x7f00000003c0)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r6, @ANYBLOB="e522c8ffac000062270012000c00010076657468"], 0x48}}, 0x0) (async)
sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r6, @ANYBLOB="e522c8ffac000062270012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000007c0)={0x0, 0xf1ffffff, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x6180}]}}]}, 0x40}, 0x7, 0x11000000}, 0x0) (async)
sendmsg$nl_route_sched(r3, &(0x7f00000007c0)={0x0, 0xf1ffffff, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x6180}]}}]}, 0x40}, 0x7, 0x11000000}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r5, 0x89f0, &(0x7f0000000340)={'sit0\x00', &(0x7f0000000400)={'syztnl2\x00', r6, 0x8, 0x40, 0x1ff, 0x1, {{0x25, 0x4, 0x3, 0x2, 0x94, 0x67, 0x0, 0xfe, 0x29, 0x0, @multicast2, @local, {[@timestamp_prespec={0x44, 0xc, 0x97, 0x3, 0x6, [{@remote, 0x7}]}, @cipso={0x86, 0x17, 0x3, [{0x7, 0x11, "1f00266cb2e05f3012e709d2c04772"}]}, @cipso={0x86, 0x31, 0x3, [{0x6, 0x2}, {0x6, 0xf, "d3c08f470ee6476d9528179c09"}, {0x1, 0xf, "d525868005a73b1552afb16086"}, {0x0, 0xb, "c91a5216b7928faeae"}]}, @lsrr={0x83, 0xb, 0xba, [@rand_addr=0x64010102, @rand_addr=0x64010100]}, @end, @cipso={0x86, 0x1e, 0x2, [{0x2, 0x10, "52e42057797ebc8947db64fcd6d6"}, {0x7, 0x8, "cc94fb91e7ed"}]}]}}}}}) (async)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r5, 0x89f0, &(0x7f0000000340)={'sit0\x00', &(0x7f0000000400)={'syztnl2\x00', r6, 0x8, 0x40, 0x1ff, 0x1, {{0x25, 0x4, 0x3, 0x2, 0x94, 0x67, 0x0, 0xfe, 0x29, 0x0, @multicast2, @local, {[@timestamp_prespec={0x44, 0xc, 0x97, 0x3, 0x6, [{@remote, 0x7}]}, @cipso={0x86, 0x17, 0x3, [{0x7, 0x11, "1f00266cb2e05f3012e709d2c04772"}]}, @cipso={0x86, 0x31, 0x3, [{0x6, 0x2}, {0x6, 0xf, "d3c08f470ee6476d9528179c09"}, {0x1, 0xf, "d525868005a73b1552afb16086"}, {0x0, 0xb, "c91a5216b7928faeae"}]}, @lsrr={0x83, 0xb, 0xba, [@rand_addr=0x64010102, @rand_addr=0x64010100]}, @end, @cipso={0x86, 0x1e, 0x2, [{0x2, 0x10, "52e42057797ebc8947db64fcd6d6"}, {0x7, 0x8, "cc94fb91e7ed"}]}]}}}}})
socket$netlink(0x10, 0x3, 0x0) (async)
r7 = socket$netlink(0x10, 0x3, 0x0)
socket(0x10, 0x802, 0x0) (async)
r8 = socket(0x10, 0x802, 0x0)
connect$netlink(r8, &(0x7f00000001c0)=@proc, 0xc)
getsockname$packet(r8, &(0x7f00000003c0)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r9, @ANYBLOB="e522c8ffac000062270012000c00010076657468"], 0x48}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000300)={'lo\x00'}) (async)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000300)={'lo\x00'})
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000000100)=ANY=[@ANYRESDEC=r5, @ANYRESDEC=r7], 0x2000, 0x0)

[ 1289.858551][T18034] 9pnet: bogus RWRITE count (2 > 1)
02:01:06 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xa3, 0x0)

02:01:06 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xf7, 0x0)

[ 1289.893226][T18076] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1289.925970][T18071] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1289.989597][T18084] FAULT_INJECTION: forcing a failure.
[ 1289.989597][T18084] name failslab, interval 1, probability 0, space 0, times 0
[ 1290.002421][T18084] CPU: 0 PID: 18084 Comm: syz-executor.4 Tainted: G        W         5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1290.014119][T18084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1290.024168][T18084] Call Trace:
[ 1290.027440][T18084]  dump_stack_lvl+0x1e2/0x24b
[ 1290.032131][T18084]  ? panic+0x7d7/0x7d7
[ 1290.036179][T18084]  ? mutex_unlock+0x29/0xf0
[ 1290.040658][T18084]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1290.046093][T18084]  ? kernfs_xattr_get+0x80/0x90
[ 1290.050945][T18084]  ? selinux_kernfs_init_security+0x1a8/0x760
[ 1290.056988][T18084]  dump_stack+0x15/0x17
[ 1290.061121][T18084]  should_fail+0x3c0/0x510
[ 1290.065512][T18084]  __should_failslab+0x9f/0xe0
[ 1290.070255][T18084]  should_failslab+0x9/0x20
[ 1290.074736][T18084]  kmem_cache_alloc+0x3f/0x300
[ 1290.079491][T18084]  ? __kernfs_new_node+0xdb/0x6e0
[ 1290.084492][T18084]  __kernfs_new_node+0xdb/0x6e0
[ 1290.089323][T18084]  ? __kasan_check_write+0x14/0x20
[ 1290.094411][T18084]  ? mutex_lock+0xb2/0x1e0
[ 1290.098805][T18084]  ? mutex_trylock+0x180/0x180
[ 1290.103547][T18084]  ? kernfs_new_node+0x170/0x170
[ 1290.108458][T18084]  ? mutex_lock+0xb2/0x1e0
[ 1290.112859][T18084]  ? __kasan_check_write+0x14/0x20
[ 1290.117970][T18084]  ? mutex_unlock+0x29/0xf0
[ 1290.122451][T18084]  ? kernfs_activate+0x409/0x420
[ 1290.127364][T18084]  kernfs_new_node+0x97/0x170
[ 1290.132019][T18084]  __kernfs_create_file+0x4a/0x270
[ 1290.137108][T18084]  sysfs_add_file_mode_ns+0x273/0x320
[ 1290.142475][T18084]  sysfs_merge_group+0x207/0x460
[ 1290.147407][T18084]  ? sysfs_remove_groups+0xb0/0xb0
[ 1290.152495][T18084]  dpm_sysfs_add+0xcf/0x290
[ 1290.156976][T18084]  device_add+0x52c/0xbd0
[ 1290.161295][T18084]  device_create+0x258/0x2e0
[ 1290.165867][T18084]  ? root_device_unregister+0x80/0x80
[ 1290.171321][T18084]  ? number+0xd9b/0x1040
[ 1290.175563][T18084]  bdi_register_va+0x94/0x600
[ 1290.180223][T18084]  bdi_register+0xd1/0x120
[ 1290.184617][T18084]  ? __device_add_disk+0x536/0x11d0
[ 1290.189791][T18084]  ? bdi_register_va+0x600/0x600
[ 1290.194705][T18084]  ? vsnprintf+0x1bfd/0x1cd0
[ 1290.199283][T18084]  ? __kasan_check_read+0x11/0x20
[ 1290.204284][T18084]  ? blk_alloc_devt+0xd4/0x320
[ 1290.209026][T18084]  __device_add_disk+0x5cb/0x11d0
[ 1290.214031][T18084]  ? device_add_disk+0x40/0x40
[ 1290.218780][T18084]  ? loop_add+0x400/0x760
[ 1290.223085][T18084]  ? vsprintf+0x40/0x40
[ 1290.227221][T18084]  device_add_disk+0x2a/0x40
[ 1290.231790][T18084]  loop_add+0x58f/0x760
[ 1290.235936][T18084]  loop_control_ioctl+0x564/0x740
[ 1290.240943][T18084]  ? loop_remove+0xb0/0xb0
[ 1290.245357][T18084]  ? __fget_files+0x310/0x370
[ 1290.250098][T18084]  ? security_file_ioctl+0xb1/0xd0
[ 1290.255200][T18084]  ? loop_remove+0xb0/0xb0
[ 1290.259594][T18084]  __se_sys_ioctl+0x115/0x190
[ 1290.264250][T18084]  __x64_sys_ioctl+0x7b/0x90
[ 1290.268821][T18084]  do_syscall_64+0x34/0x70
[ 1290.273238][T18084]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1290.279105][T18084] RIP: 0033:0x7f6ee1968169
[ 1290.283503][T18084] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1290.303082][T18084] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1290.311471][T18084] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1290.319422][T18084] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
[ 1290.327373][T18084] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
[ 1290.335757][T18084] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1290.343706][T18084] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
[ 1290.352106][T18084] ------------[ cut here ]------------
[ 1290.357589][T18084] WARNING: CPU: 0 PID: 18084 at block/genhd.c:821 __device_add_disk+0xe7c/0x11d0
[ 1290.366718][T18084] Modules linked in:
[ 1290.370615][T18084] CPU: 0 PID: 18084 Comm: syz-executor.4 Tainted: G        W         5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1290.382336][T18084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1290.392504][T18084] RIP: 0010:__device_add_disk+0xe7c/0x11d0
[ 1290.398313][T18084] Code: ff ff e8 b7 ee 2b ff 0f 0b e9 28 f3 ff ff e8 ab ee 2b ff 0f 0b 42 80 3c 33 00 0f 85 db f8 ff ff e9 de f8 ff ff e8 94 ee 2b ff <0f> 0b e9 60 f7 ff ff e8 88 ee 2b ff e9 13 ff ff ff 44 89 f1 80 e1
[ 1290.418032][T18084] RSP: 0018:ffffc90002f57bc0 EFLAGS: 00010283
[ 1290.424210][T18084] RAX: ffffffff8241331c RBX: 00000000fffffff4 RCX: 0000000000040000
[ 1290.432197][T18084] RDX: ffffc90004706000 RSI: 0000000000030e63 RDI: 0000000000030e64
[ 1290.440257][T18084] RBP: ffffc90002f57d08 R08: ffffffff82412a76 R09: ffffc90002f57610
[ 1290.448822][T18084] R10: 0000000000000013 R11: ffffffff84c00596 R12: 0000000000000007
[ 1290.456840][T18084] R13: ffff88815b957000 R14: ffff88815b954338 R15: ffff88815b954000
[ 1290.464840][T18084] FS:  00007f6ee0699700(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[ 1290.473786][T18084] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1290.480482][T18084] CR2: 00007f6ee0698ff8 CR3: 0000000116c2c000 CR4: 00000000003506b0
[ 1290.488582][T18084] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1290.496762][T18084] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1290.504783][T18084] Call Trace:
[ 1290.508076][T18084]  ? device_add_disk+0x40/0x40
[ 1290.512861][T18084]  ? loop_add+0x400/0x760
[ 1290.517219][T18084]  ? vsprintf+0x40/0x40
[ 1290.521399][T18084]  device_add_disk+0x2a/0x40
[ 1290.526013][T18084]  loop_add+0x58f/0x760
[ 1290.530172][T18084]  loop_control_ioctl+0x564/0x740
[ 1290.535211][T18084]  ? loop_remove+0xb0/0xb0
[ 1290.539645][T18084]  ? __fget_files+0x310/0x370
[ 1290.544348][T18084]  ? security_file_ioctl+0xb1/0xd0
[ 1290.549478][T18084]  ? loop_remove+0xb0/0xb0
[ 1290.554003][T18084]  __se_sys_ioctl+0x115/0x190
[ 1290.558677][T18084]  __x64_sys_ioctl+0x7b/0x90
[ 1290.563299][T18084]  do_syscall_64+0x34/0x70
[ 1290.567722][T18084]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1290.573631][T18084] RIP: 0033:0x7f6ee1968169
[ 1290.578242][T18084] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1290.597863][T18084] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1290.606315][T18084] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1290.617100][T18084] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
[ 1290.625126][T18084] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
[ 1290.633116][T18084] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1290.641094][T18084] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
[ 1290.649087][T18084] ---[ end trace c3340b11af948370 ]---
02:01:07 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xa5, 0x0)

02:01:07 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xf9, 0x0)

[ 1290.790576][T18093] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'.
02:01:07 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xa7, 0x0)

02:01:07 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
r6 = socket(0x10, 0x802, 0x0)
connect$netlink(r6, &(0x7f00000001c0)=@proc, 0xc)
getsockname$packet(r6, &(0x7f00000003c0)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14)
sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r7, @ANYBLOB="e522c8ffac000062270012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0x300, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xfff3}, {0x2, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_QUANTUM={0x8, 0x6, 0xae4}]}}]}, 0x40}, 0x7, 0x11000000}, 0x0)
r8 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080), 0x20000, 0x0)
r9 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$F2FS_IOC_RESERVE_COMPRESS_BLOCKS(r9, 0x8008f513, &(0x7f0000000440))
r10 = socket$netlink(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r10, 0x8933, &(0x7f0000000040)={'team0\x00', <r11=>0x0})
r12 = open_tree(0xffffffffffffffff, &(0x7f0000000380)='./file0\x00', 0x1001)
sendmsg$nl_route(r12, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="48000000100005ff00000000000000000000004a", @ANYRES32=0x0, @ANYBLOB="00036cc900000000140012800b00010062617461647600000400028008000a00", @ANYRES32=r11], 0x48}}, 0x0)
ppoll(&(0x7f0000000100)=[{r0, 0x280}, {r4, 0x10}, {r0, 0x5100}, {r8, 0x208}, {r10, 0x4024}, {r3, 0xa001}], 0x6, &(0x7f0000000280), &(0x7f0000000340), 0x8)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)
bind$unix(r2, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e20}, 0x6e)

[ 1291.052617][T18113] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'.
02:01:07 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xfb, 0x0)

[ 1291.282900][T18067] 9pnet: bogus RWRITE count (2 > 1)
02:01:07 executing program 5:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
execveat(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000840)=[&(0x7f00000006c0)='\x00', 0x0], 0x100)
socket$inet_udplite(0x2, 0x2, 0x88)
setuid(0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff})
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000002a00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:01:07 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000))
connect$unix(0xffffffffffffffff, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000008c0)='net/mcfilter6\x00')
r0 = socket$key(0xf, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x176}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(0x0, 0x0, &(0x7f0000000480)=0x3008)
sched_setscheduler(r1, 0x1, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$loop_ctrl(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413e850000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
chdir(&(0x7f00000001c0)='./bus\x00')
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0) (fail_nth: 51)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
setfsuid(0x0)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)
r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
recvmmsg(r7, &(0x7f0000002e80)=[{{&(0x7f00000003c0)=@nl=@proc, 0x80, &(0x7f0000000340)=[{0x0}, {&(0x7f00000013c0)=""/78, 0x4e}], 0x2, &(0x7f0000001740)=""/229, 0xe5}, 0x5}, {{&(0x7f0000001440)=@caif=@util, 0x80, &(0x7f0000001d80)=[{&(0x7f0000001840)=""/236, 0xec}, {&(0x7f0000000440)=""/20, 0x14}, {&(0x7f00000014c0)=""/43, 0x2b}, {&(0x7f0000001b80)=""/197, 0xc5}, {&(0x7f0000001940)=""/101, 0x65}, {&(0x7f00000016c0)=""/55, 0x37}, {&(0x7f0000001c80)=""/229, 0xe5}], 0x7, &(0x7f0000001e00)=""/1, 0x1}, 0x24000}, {{&(0x7f0000001e40)=@in6={0xa, 0x0, 0x0, @private2}, 0x80, &(0x7f0000001f80)=[{&(0x7f0000001ec0)=""/151, 0x97}, {&(0x7f0000002480)=""/184, 0xb8}, {&(0x7f0000002540)=""/151, 0x97}, {&(0x7f0000002780)=""/248, 0xf8}], 0x4, &(0x7f0000002880)=""/127, 0x7f}, 0xa9}, {{&(0x7f0000002900)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x80, &(0x7f0000001fc0)=[{&(0x7f0000002980)=""/98, 0x62}], 0x1, &(0x7f0000002140)=""/1, 0x1}, 0x3}, {{&(0x7f0000002a00)=@nl=@proc, 0x80, &(0x7f0000002c80)=[{&(0x7f0000002a80)=""/88, 0x58}, {&(0x7f0000002b00)=""/198, 0xc6}, {&(0x7f0000002c00)=""/106, 0x6a}], 0x3, &(0x7f0000002cc0)=""/36, 0x24}, 0x7}], 0x5, 0x1, &(0x7f0000002e40)={0x77359400})
sendmsg$key(r0, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)

02:01:07 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xa9, 0x0)

02:01:07 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) (async, rerun: 32)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0) (rerun: 32)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18) (async)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) (async)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0) (async)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0) (async)
r5 = socket$netlink(0x10, 0x3, 0x0)
r6 = socket(0x10, 0x802, 0x0)
connect$netlink(r6, &(0x7f00000001c0)=@proc, 0xc)
getsockname$packet(r6, &(0x7f00000003c0)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14)
sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r7, @ANYBLOB="e522c8ffac000062270012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) (async)
sendmsg$nl_route_sched(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0x300, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xfff3}, {0x2, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_QUANTUM={0x8, 0x6, 0xae4}]}}]}, 0x40}, 0x7, 0x11000000}, 0x0) (async, rerun: 32)
r8 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080), 0x20000, 0x0) (rerun: 32)
r9 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$F2FS_IOC_RESERVE_COMPRESS_BLOCKS(r9, 0x8008f513, &(0x7f0000000440)) (async)
r10 = socket$netlink(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r10, 0x8933, &(0x7f0000000040)={'team0\x00', <r11=>0x0}) (async, rerun: 64)
r12 = open_tree(0xffffffffffffffff, &(0x7f0000000380)='./file0\x00', 0x1001) (rerun: 64)
sendmsg$nl_route(r12, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="48000000100005ff00000000000000000000004a", @ANYRES32=0x0, @ANYBLOB="00036cc900000000140012800b00010062617461647600000400028008000a00", @ANYRES32=r11], 0x48}}, 0x0) (async)
ppoll(&(0x7f0000000100)=[{r0, 0x280}, {r4, 0x10}, {r0, 0x5100}, {r8, 0x208}, {r10, 0x4024}, {r3, 0xa001}], 0x6, &(0x7f0000000280), &(0x7f0000000340), 0x8) (async, rerun: 64)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0) (async, rerun: 64)
bind$unix(r2, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e20}, 0x6e)

02:01:07 executing program 3:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000002a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:01:07 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xfd, 0x0)

[ 1291.363201][T18083] 9pnet: bogus RWRITE count (2 > 1)
02:01:07 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xab, 0x0)

[ 1291.404027][T18124] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1291.489645][T18137] FAULT_INJECTION: forcing a failure.
[ 1291.489645][T18137] name failslab, interval 1, probability 0, space 0, times 0
[ 1291.502309][T18137] CPU: 1 PID: 18137 Comm: syz-executor.4 Tainted: G        W         5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1291.514105][T18137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1291.524141][T18137] Call Trace:
[ 1291.527434][T18137]  dump_stack_lvl+0x1e2/0x24b
[ 1291.532088][T18137]  ? panic+0x7d7/0x7d7
[ 1291.536134][T18137]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1291.541569][T18137]  ? selinux_kernfs_init_security+0x1a8/0x760
[ 1291.547613][T18137]  dump_stack+0x15/0x17
[ 1291.551759][T18137]  should_fail+0x3c0/0x510
[ 1291.556157][T18137]  __should_failslab+0x9f/0xe0
[ 1291.560915][T18137]  should_failslab+0x9/0x20
[ 1291.565411][T18137]  kmem_cache_alloc+0x3f/0x300
[ 1291.570151][T18137]  ? __kernfs_new_node+0xdb/0x6e0
[ 1291.575156][T18137]  __kernfs_new_node+0xdb/0x6e0
[ 1291.580071][T18137]  ? __kasan_check_write+0x14/0x20
[ 1291.585161][T18137]  ? mutex_lock+0xb2/0x1e0
[ 1291.589554][T18137]  ? mutex_trylock+0x180/0x180
[ 1291.594291][T18137]  ? kernfs_new_node+0x170/0x170
[ 1291.599295][T18137]  ? __kasan_check_write+0x14/0x20
[ 1291.604395][T18137]  ? mutex_unlock+0x29/0xf0
[ 1291.608875][T18137]  ? kernfs_activate+0x409/0x420
[ 1291.613790][T18137]  kernfs_new_node+0x97/0x170
[ 1291.618665][T18137]  __kernfs_create_file+0x4a/0x270
[ 1291.623760][T18137]  sysfs_add_file_mode_ns+0x273/0x320
[ 1291.629109][T18137]  sysfs_merge_group+0x207/0x460
[ 1291.634026][T18137]  ? sysfs_remove_groups+0xb0/0xb0
[ 1291.639114][T18137]  dpm_sysfs_add+0xcf/0x290
[ 1291.643598][T18137]  device_add+0x52c/0xbd0
[ 1291.647995][T18137]  device_create+0x258/0x2e0
[ 1291.652564][T18137]  ? root_device_unregister+0x80/0x80
[ 1291.657917][T18137]  ? number+0xd9b/0x1040
[ 1291.662151][T18137]  bdi_register_va+0x94/0x600
[ 1291.666825][T18137]  bdi_register+0xd1/0x120
[ 1291.671233][T18137]  ? __device_add_disk+0x536/0x11d0
[ 1291.676411][T18137]  ? bdi_register_va+0x600/0x600
[ 1291.681348][T18137]  ? vsnprintf+0x1bfd/0x1cd0
[ 1291.685918][T18137]  ? __kasan_check_read+0x11/0x20
[ 1291.690921][T18137]  ? blk_alloc_devt+0xd4/0x320
[ 1291.695664][T18137]  __device_add_disk+0x5cb/0x11d0
[ 1291.700684][T18137]  ? device_add_disk+0x40/0x40
[ 1291.705442][T18137]  ? loop_add+0x400/0x760
[ 1291.709756][T18137]  ? vsprintf+0x40/0x40
[ 1291.713889][T18137]  device_add_disk+0x2a/0x40
[ 1291.718459][T18137]  loop_add+0x58f/0x760
[ 1291.722595][T18137]  loop_control_ioctl+0x564/0x740
[ 1291.727599][T18137]  ? loop_remove+0xb0/0xb0
[ 1291.731998][T18137]  ? __fget_files+0x310/0x370
[ 1291.736654][T18137]  ? security_file_ioctl+0xb1/0xd0
[ 1291.741755][T18137]  ? loop_remove+0xb0/0xb0
[ 1291.746153][T18137]  __se_sys_ioctl+0x115/0x190
[ 1291.750814][T18137]  __x64_sys_ioctl+0x7b/0x90
[ 1291.755387][T18137]  do_syscall_64+0x34/0x70
[ 1291.759785][T18137]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1291.765652][T18137] RIP: 0033:0x7f6ee1968169
[ 1291.770050][T18137] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1291.789634][T18137] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1291.798024][T18137] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1291.805972][T18137] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
[ 1291.814100][T18137] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
[ 1291.822063][T18137] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1291.830100][T18137] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
[ 1291.838644][T18137] ------------[ cut here ]------------
[ 1291.844140][T18137] WARNING: CPU: 1 PID: 18137 at block/genhd.c:821 __device_add_disk+0xe7c/0x11d0
[ 1291.853266][T18137] Modules linked in:
[ 1291.857189][T18137] CPU: 1 PID: 18137 Comm: syz-executor.4 Tainted: G        W         5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1291.868937][T18137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1291.879022][T18137] RIP: 0010:__device_add_disk+0xe7c/0x11d0
[ 1291.884842][T18137] Code: ff ff e8 b7 ee 2b ff 0f 0b e9 28 f3 ff ff e8 ab ee 2b ff 0f 0b 42 80 3c 33 00 0f 85 db f8 ff ff e9 de f8 ff ff e8 94 ee 2b ff <0f> 0b e9 60 f7 ff ff e8 88 ee 2b ff e9 13 ff ff ff 44 89 f1 80 e1
[ 1291.904483][T18137] RSP: 0018:ffffc90002f07bc0 EFLAGS: 00010283
[ 1291.910569][T18137] RAX: ffffffff8241331c RBX: 00000000fffffff4 RCX: 0000000000040000
[ 1291.918556][T18137] RDX: ffffc90004706000 RSI: 000000000002f307 RDI: 000000000002f308
[ 1291.926563][T18137] RBP: ffffc90002f07d08 R08: ffffffff82412a76 R09: ffffc90002f07610
[ 1291.934628][T18137] R10: 0000000000000013 R11: ffffffff84c00596 R12: 0000000000000007
[ 1291.942615][T18137] R13: ffff88811cc0c000 R14: ffff88815b4b5338 R15: ffff88815b4b5000
[ 1291.950588][T18137] FS:  00007f6ee0699700(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[ 1291.959526][T18137] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1291.966191][T18137] CR2: 00007f6ee0698ff8 CR3: 000000010c9b7000 CR4: 00000000003506a0
[ 1291.974183][T18137] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1291.982161][T18137] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1291.990130][T18137] Call Trace:
[ 1291.993501][T18137]  ? device_add_disk+0x40/0x40
[ 1291.998266][T18137]  ? loop_add+0x400/0x760
[ 1292.002620][T18137]  ? vsprintf+0x40/0x40
[ 1292.006767][T18137]  device_add_disk+0x2a/0x40
[ 1292.011354][T18137]  loop_add+0x58f/0x760
[ 1292.015528][T18137]  loop_control_ioctl+0x564/0x740
[ 1292.020548][T18137]  ? loop_remove+0xb0/0xb0
[ 1292.025014][T18137]  ? __fget_files+0x310/0x370
[ 1292.029696][T18137]  ? security_file_ioctl+0xb1/0xd0
[ 1292.034824][T18137]  ? loop_remove+0xb0/0xb0
[ 1292.039256][T18137]  __se_sys_ioctl+0x115/0x190
[ 1292.043950][T18137]  __x64_sys_ioctl+0x7b/0x90
[ 1292.048550][T18137]  do_syscall_64+0x34/0x70
[ 1292.052974][T18137]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1292.058865][T18137] RIP: 0033:0x7f6ee1968169
[ 1292.063289][T18137] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1292.082926][T18137] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1292.091338][T18137] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1292.099338][T18137] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
[ 1292.107315][T18137] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
[ 1292.115299][T18137] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1292.123297][T18137] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
[ 1292.131269][T18137] ---[ end trace c3340b11af948371 ]---
02:01:08 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x103, 0x0)

[ 1292.170417][T22520] udevd[22520]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory
02:01:08 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xad, 0x0)

02:01:08 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) (async, rerun: 64)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0) (rerun: 64)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) (async, rerun: 64)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) (async, rerun: 64)
socketpair$unix(0x1, 0x0, 0x0, 0x0) (async)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) (async, rerun: 64)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async, rerun: 64)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
r4 = socket$netlink(0x10, 0x3, 0x0) (async)
r5 = socket$netlink(0x10, 0x3, 0x0) (async)
r6 = socket(0x10, 0x802, 0x0)
connect$netlink(r6, &(0x7f00000001c0)=@proc, 0xc) (async)
getsockname$packet(r6, &(0x7f00000003c0)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14)
sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r7, @ANYBLOB="e522c8ffac000062270012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) (async)
sendmsg$nl_route_sched(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0x300, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xfff3}, {0x2, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_QUANTUM={0x8, 0x6, 0xae4}]}}]}, 0x40}, 0x7, 0x11000000}, 0x0)
r8 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080), 0x20000, 0x0)
r9 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$F2FS_IOC_RESERVE_COMPRESS_BLOCKS(r9, 0x8008f513, &(0x7f0000000440))
r10 = socket$netlink(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r10, 0x8933, &(0x7f0000000040)={'team0\x00', <r11=>0x0}) (async, rerun: 64)
r12 = open_tree(0xffffffffffffffff, &(0x7f0000000380)='./file0\x00', 0x1001) (rerun: 64)
sendmsg$nl_route(r12, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="48000000100005ff00000000000000000000004a", @ANYRES32=0x0, @ANYBLOB="00036cc900000000140012800b00010062617461647600000400028008000a00", @ANYRES32=r11], 0x48}}, 0x0)
ppoll(&(0x7f0000000100)=[{r0, 0x280}, {r4, 0x10}, {r0, 0x5100}, {r8, 0x208}, {r10, 0x4024}, {r3, 0xa001}], 0x6, &(0x7f0000000280), &(0x7f0000000340), 0x8)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0) (async)
bind$unix(r2, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e20}, 0x6e)

02:01:08 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x105, 0x0)

02:01:08 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xaf, 0x0)

02:01:09 executing program 5:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
execveat(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000840)=[&(0x7f00000006c0)='\x00', 0x0], 0x100)
socket$inet_udplite(0x2, 0x2, 0x88)
setuid(0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff})
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000002a00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:01:09 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000))
connect$unix(0xffffffffffffffff, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000008c0)='net/mcfilter6\x00')
r0 = socket$key(0xf, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x176}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(0x0, 0x0, &(0x7f0000000480)=0x3008)
sched_setscheduler(r1, 0x1, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$loop_ctrl(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413e850000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
chdir(&(0x7f00000001c0)='./bus\x00')
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0) (fail_nth: 52)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
setfsuid(0x0)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)
r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
recvmmsg(r7, &(0x7f0000002e80)=[{{&(0x7f00000003c0)=@nl=@proc, 0x80, &(0x7f0000000340)=[{0x0}, {&(0x7f00000013c0)=""/78, 0x4e}], 0x2, &(0x7f0000001740)=""/229, 0xe5}, 0x5}, {{&(0x7f0000001440)=@caif=@util, 0x80, &(0x7f0000001d80)=[{&(0x7f0000001840)=""/236, 0xec}, {&(0x7f0000000440)=""/20, 0x14}, {&(0x7f00000014c0)=""/43, 0x2b}, {&(0x7f0000001b80)=""/197, 0xc5}, {&(0x7f0000001940)=""/101, 0x65}, {&(0x7f00000016c0)=""/55, 0x37}, {&(0x7f0000001c80)=""/229, 0xe5}], 0x7, &(0x7f0000001e00)=""/1, 0x1}, 0x24000}, {{&(0x7f0000001e40)=@in6={0xa, 0x0, 0x0, @private2}, 0x80, &(0x7f0000001f80)=[{&(0x7f0000001ec0)=""/151, 0x97}, {&(0x7f0000002480)=""/184, 0xb8}, {&(0x7f0000002540)=""/151, 0x97}, {&(0x7f0000002780)=""/248, 0xf8}], 0x4, &(0x7f0000002880)=""/127, 0x7f}, 0xa9}, {{&(0x7f0000002900)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x80, &(0x7f0000001fc0)=[{&(0x7f0000002980)=""/98, 0x62}], 0x1, &(0x7f0000002140)=""/1, 0x1}, 0x3}, {{&(0x7f0000002a00)=@nl=@proc, 0x80, &(0x7f0000002c80)=[{&(0x7f0000002a80)=""/88, 0x58}, {&(0x7f0000002b00)=""/198, 0xc6}, {&(0x7f0000002c00)=""/106, 0x6a}], 0x3, &(0x7f0000002cc0)=""/36, 0x24}, 0x7}], 0x5, 0x1, &(0x7f0000002e40)={0x77359400})
sendmsg$key(r0, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)

02:01:09 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
open(&(0x7f0000000000)='./file1\x00', 0x82c42, 0x214)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:01:09 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xb1, 0x0)

[ 1292.946975][T18136] 9pnet: bogus RWRITE count (2 > 1)
02:01:09 executing program 3:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000002a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:01:09 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x107, 0x0)

02:01:09 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xb3, 0x0)

02:01:09 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) (async)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) (async)
socketpair$unix(0x1, 0x0, 0x0, 0x0) (async)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async)
open(&(0x7f0000000000)='./file1\x00', 0x82c42, 0x214) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

[ 1292.968612][T18123] 9pnet: bogus RWRITE count (2 > 1)
02:01:09 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0), 0x0) (async)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) (async)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
open(&(0x7f0000000000)='./file1\x00', 0x82c42, 0x214) (async)
open(&(0x7f0000000000)='./file1\x00', 0x82c42, 0x214)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

[ 1293.080505][T18197] FAULT_INJECTION: forcing a failure.
[ 1293.080505][T18197] name failslab, interval 1, probability 0, space 0, times 0
[ 1293.093138][T18197] CPU: 0 PID: 18197 Comm: syz-executor.4 Tainted: G        W         5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1293.104834][T18197] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1293.114864][T18197] Call Trace:
[ 1293.118133][T18197]  dump_stack_lvl+0x1e2/0x24b
[ 1293.122787][T18197]  ? panic+0x7d7/0x7d7
[ 1293.126831][T18197]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1293.132264][T18197]  ? selinux_kernfs_init_security+0x1a8/0x760
[ 1293.138305][T18197]  dump_stack+0x15/0x17
[ 1293.142434][T18197]  should_fail+0x3c0/0x510
[ 1293.146825][T18197]  __should_failslab+0x9f/0xe0
[ 1293.151572][T18197]  should_failslab+0x9/0x20
[ 1293.156050][T18197]  kmem_cache_alloc+0x3f/0x300
[ 1293.160791][T18197]  ? __kernfs_new_node+0xdb/0x6e0
[ 1293.165791][T18197]  __kernfs_new_node+0xdb/0x6e0
[ 1293.170615][T18197]  ? __kasan_check_write+0x14/0x20
[ 1293.175718][T18197]  ? mutex_lock+0xb2/0x1e0
[ 1293.180139][T18197]  ? mutex_trylock+0x180/0x180
[ 1293.184887][T18197]  ? kernfs_new_node+0x170/0x170
[ 1293.189820][T18197]  ? __kasan_check_write+0x14/0x20
[ 1293.194903][T18197]  ? mutex_unlock+0x29/0xf0
[ 1293.199382][T18197]  ? kernfs_activate+0x409/0x420
[ 1293.204295][T18197]  kernfs_new_node+0x97/0x170
[ 1293.208949][T18197]  __kernfs_create_file+0x4a/0x270
[ 1293.214038][T18197]  sysfs_add_file_mode_ns+0x273/0x320
[ 1293.219385][T18197]  sysfs_merge_group+0x207/0x460
[ 1293.224298][T18197]  ? sysfs_remove_groups+0xb0/0xb0
[ 1293.229472][T18197]  dpm_sysfs_add+0xcf/0x290
[ 1293.233948][T18197]  device_add+0x52c/0xbd0
[ 1293.238254][T18197]  device_create+0x258/0x2e0
[ 1293.242846][T18197]  ? root_device_unregister+0x80/0x80
[ 1293.248193][T18197]  ? number+0xd9b/0x1040
[ 1293.252412][T18197]  bdi_register_va+0x94/0x600
[ 1293.257065][T18197]  bdi_register+0xd1/0x120
[ 1293.261457][T18197]  ? __device_add_disk+0x536/0x11d0
[ 1293.266666][T18197]  ? bdi_register_va+0x600/0x600
[ 1293.271580][T18197]  ? vsnprintf+0x1bfd/0x1cd0
[ 1293.276149][T18197]  ? __kasan_check_read+0x11/0x20
[ 1293.281152][T18197]  ? blk_alloc_devt+0xd4/0x320
[ 1293.285888][T18197]  __device_add_disk+0x5cb/0x11d0
[ 1293.290888][T18197]  ? device_add_disk+0x40/0x40
[ 1293.295630][T18197]  ? loop_add+0x400/0x760
[ 1293.299935][T18197]  ? vsprintf+0x40/0x40
[ 1293.304069][T18197]  device_add_disk+0x2a/0x40
[ 1293.308639][T18197]  loop_add+0x58f/0x760
[ 1293.312772][T18197]  loop_control_ioctl+0x564/0x740
[ 1293.317772][T18197]  ? loop_remove+0xb0/0xb0
[ 1293.322162][T18197]  ? __fget_files+0x310/0x370
[ 1293.326832][T18197]  ? security_file_ioctl+0xb1/0xd0
[ 1293.331918][T18197]  ? loop_remove+0xb0/0xb0
[ 1293.336311][T18197]  __se_sys_ioctl+0x115/0x190
[ 1293.340975][T18197]  __x64_sys_ioctl+0x7b/0x90
[ 1293.345541][T18197]  do_syscall_64+0x34/0x70
[ 1293.349931][T18197]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1293.355798][T18197] RIP: 0033:0x7f6ee1968169
[ 1293.360207][T18197] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1293.379790][T18197] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1293.388178][T18197] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1293.396125][T18197] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
[ 1293.404074][T18197] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
[ 1293.412022][T18197] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1293.419972][T18197] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
[ 1293.428476][T18197] ------------[ cut here ]------------
[ 1293.433966][T18197] WARNING: CPU: 0 PID: 18197 at block/genhd.c:821 __device_add_disk+0xe7c/0x11d0
[ 1293.443074][T18197] Modules linked in:
[ 1293.446981][T18197] CPU: 0 PID: 18197 Comm: syz-executor.4 Tainted: G        W         5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1293.458759][T18197] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1293.468838][T18197] RIP: 0010:__device_add_disk+0xe7c/0x11d0
[ 1293.474650][T18197] Code: ff ff e8 b7 ee 2b ff 0f 0b e9 28 f3 ff ff e8 ab ee 2b ff 0f 0b 42 80 3c 33 00 0f 85 db f8 ff ff e9 de f8 ff ff e8 94 ee 2b ff <0f> 0b e9 60 f7 ff ff e8 88 ee 2b ff e9 13 ff ff ff 44 89 f1 80 e1
[ 1293.494319][T18197] RSP: 0018:ffffc90003037bc0 EFLAGS: 00010287
[ 1293.500384][T18197] RAX: ffffffff8241331c RBX: 00000000fffffff4 RCX: 0000000000040000
[ 1293.508358][T18197] RDX: ffffc90004706000 RSI: 000000000003031d RDI: 000000000003031e
[ 1293.516360][T18197] RBP: ffffc90003037d08 R08: ffffffff82412a76 R09: ffffc90003037610
[ 1293.524342][T18197] R10: 0000000000000013 R11: ffffffff84c00596 R12: 0000000000000007
[ 1293.532330][T18197] R13: ffff888110337000 R14: ffff888110331338 R15: ffff888110331000
[ 1293.540300][T18197] FS:  00007f6ee0699700(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[ 1293.549242][T18197] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1293.555847][T18197] CR2: 00007f6ee0698ff8 CR3: 0000000118859000 CR4: 00000000003506b0
[ 1293.564110][T18197] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1293.572101][T18197] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1293.580070][T18197] Call Trace:
[ 1293.583375][T18197]  ? device_add_disk+0x40/0x40
[ 1293.588143][T18197]  ? loop_add+0x400/0x760
[ 1293.592479][T18197]  ? vsprintf+0x40/0x40
[ 1293.596649][T18197]  device_add_disk+0x2a/0x40
[ 1293.601257][T18197]  loop_add+0x58f/0x760
[ 1293.605422][T18197]  loop_control_ioctl+0x564/0x740
[ 1293.610443][T18197]  ? loop_remove+0xb0/0xb0
[ 1293.614891][T18197]  ? __fget_files+0x310/0x370
[ 1293.619567][T18197]  ? security_file_ioctl+0xb1/0xd0
[ 1293.624697][T18197]  ? loop_remove+0xb0/0xb0
[ 1293.629111][T18197]  __se_sys_ioctl+0x115/0x190
[ 1293.633803][T18197]  __x64_sys_ioctl+0x7b/0x90
[ 1293.638401][T18197]  do_syscall_64+0x34/0x70
[ 1293.642829][T18197]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1293.648725][T18197] RIP: 0033:0x7f6ee1968169
[ 1293.653163][T18197] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1293.672788][T18197] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1293.681214][T18197] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1293.689208][T18197] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
[ 1293.697294][T18197] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
[ 1293.705274][T18197] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1293.713271][T18197] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
[ 1293.721241][T18197] ---[ end trace c3340b11af948372 ]---
02:01:10 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x109, 0x0)

[ 1293.754861][T22520] udevd[22520]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory
02:01:10 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESDEC=r0])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:01:10 executing program 5:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
execveat(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000840)=[&(0x7f00000006c0)='\x00', 0x0], 0x100)
socket$inet_udplite(0x2, 0x2, 0x88)
setuid(0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff})
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000002a00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:01:10 executing program 3:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000002a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:01:10 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000))
connect$unix(0xffffffffffffffff, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000008c0)='net/mcfilter6\x00')
r0 = socket$key(0xf, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x176}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(0x0, 0x0, &(0x7f0000000480)=0x3008)
sched_setscheduler(r1, 0x1, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$loop_ctrl(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413e850000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
chdir(&(0x7f00000001c0)='./bus\x00')
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0) (fail_nth: 53)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
setfsuid(0x0)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)
r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
recvmmsg(r7, &(0x7f0000002e80)=[{{&(0x7f00000003c0)=@nl=@proc, 0x80, &(0x7f0000000340)=[{0x0}, {&(0x7f00000013c0)=""/78, 0x4e}], 0x2, &(0x7f0000001740)=""/229, 0xe5}, 0x5}, {{&(0x7f0000001440)=@caif=@util, 0x80, &(0x7f0000001d80)=[{&(0x7f0000001840)=""/236, 0xec}, {&(0x7f0000000440)=""/20, 0x14}, {&(0x7f00000014c0)=""/43, 0x2b}, {&(0x7f0000001b80)=""/197, 0xc5}, {&(0x7f0000001940)=""/101, 0x65}, {&(0x7f00000016c0)=""/55, 0x37}, {&(0x7f0000001c80)=""/229, 0xe5}], 0x7, &(0x7f0000001e00)=""/1, 0x1}, 0x24000}, {{&(0x7f0000001e40)=@in6={0xa, 0x0, 0x0, @private2}, 0x80, &(0x7f0000001f80)=[{&(0x7f0000001ec0)=""/151, 0x97}, {&(0x7f0000002480)=""/184, 0xb8}, {&(0x7f0000002540)=""/151, 0x97}, {&(0x7f0000002780)=""/248, 0xf8}], 0x4, &(0x7f0000002880)=""/127, 0x7f}, 0xa9}, {{&(0x7f0000002900)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x80, &(0x7f0000001fc0)=[{&(0x7f0000002980)=""/98, 0x62}], 0x1, &(0x7f0000002140)=""/1, 0x1}, 0x3}, {{&(0x7f0000002a00)=@nl=@proc, 0x80, &(0x7f0000002c80)=[{&(0x7f0000002a80)=""/88, 0x58}, {&(0x7f0000002b00)=""/198, 0xc6}, {&(0x7f0000002c00)=""/106, 0x6a}], 0x3, &(0x7f0000002cc0)=""/36, 0x24}, 0x7}], 0x5, 0x1, &(0x7f0000002e40)={0x77359400})
sendmsg$key(r0, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)

02:01:10 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xb5, 0x0)

02:01:10 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x10b, 0x0)

02:01:10 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) (async, rerun: 64)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0) (rerun: 64)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15) (async)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18) (async, rerun: 64)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) (rerun: 64)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESDEC=r0])
socketpair$unix(0x1, 0x0, 0x0, 0x0) (async)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:01:10 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xb7, 0x0)

02:01:10 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15) (async)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18) (async)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESDEC=r0])
socketpair$unix(0x1, 0x0, 0x0, 0x0) (async)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:01:10 executing program 1:
mkdirat(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0xc0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
statfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000340)=""/123)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
r3 = signalfd4(r2, &(0x7f0000000380)={[0xe5]}, 0x8, 0x0)
execveat(r3, &(0x7f0000000440)='./bus\x00', 0x0, &(0x7f0000000840)=[&(0x7f00000006c0)='\x00', 0x0], 0x100)
write$P9_RVERSION(r3, &(0x7f0000000300)=ANY=[@ANYRES64=r3], 0x15)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x1a1842, 0x80)
r4 = dup(r1)
write$FUSE_BMAP(r4, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000040)=ANY=[@ANYRESHEX=r4, @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

[ 1294.165171][T18242] FAULT_INJECTION: forcing a failure.
[ 1294.165171][T18242] name failslab, interval 1, probability 0, space 0, times 0
[ 1294.177951][T18242] CPU: 0 PID: 18242 Comm: syz-executor.4 Tainted: G        W         5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1294.189648][T18242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1294.199677][T18242] Call Trace:
[ 1294.202952][T18242]  dump_stack_lvl+0x1e2/0x24b
[ 1294.207610][T18242]  ? panic+0x7d7/0x7d7
[ 1294.211654][T18242]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1294.217087][T18242]  ? selinux_kernfs_init_security+0x1a8/0x760
[ 1294.223128][T18242]  dump_stack+0x15/0x17
[ 1294.227258][T18242]  should_fail+0x3c0/0x510
[ 1294.231657][T18242]  __should_failslab+0x9f/0xe0
[ 1294.236510][T18242]  should_failslab+0x9/0x20
[ 1294.240990][T18242]  kmem_cache_alloc+0x3f/0x300
[ 1294.245729][T18242]  ? __kernfs_new_node+0xdb/0x6e0
[ 1294.250727][T18242]  __kernfs_new_node+0xdb/0x6e0
[ 1294.255555][T18242]  ? __kasan_check_write+0x14/0x20
[ 1294.260640][T18242]  ? mutex_lock+0xb2/0x1e0
[ 1294.265033][T18242]  ? mutex_trylock+0x180/0x180
[ 1294.269773][T18242]  ? kernfs_new_node+0x170/0x170
[ 1294.274685][T18242]  ? __kasan_check_write+0x14/0x20
[ 1294.279770][T18242]  ? mutex_unlock+0x29/0xf0
[ 1294.284248][T18242]  ? kernfs_activate+0x409/0x420
[ 1294.289163][T18242]  kernfs_new_node+0x97/0x170
[ 1294.293816][T18242]  __kernfs_create_file+0x4a/0x270
[ 1294.298905][T18242]  sysfs_add_file_mode_ns+0x273/0x320
[ 1294.304254][T18242]  sysfs_merge_group+0x207/0x460
[ 1294.309172][T18242]  ? sysfs_remove_groups+0xb0/0xb0
[ 1294.314265][T18242]  dpm_sysfs_add+0xcf/0x290
[ 1294.318743][T18242]  device_add+0x52c/0xbd0
[ 1294.323046][T18242]  device_create+0x258/0x2e0
[ 1294.327615][T18242]  ? root_device_unregister+0x80/0x80
[ 1294.332963][T18242]  ? number+0xd9b/0x1040
[ 1294.337183][T18242]  bdi_register_va+0x94/0x600
[ 1294.341833][T18242]  bdi_register+0xd1/0x120
[ 1294.346226][T18242]  ? __device_add_disk+0x536/0x11d0
[ 1294.351405][T18242]  ? bdi_register_va+0x600/0x600
[ 1294.356330][T18242]  ? vsnprintf+0x1bfd/0x1cd0
[ 1294.360899][T18242]  ? __kasan_check_read+0x11/0x20
[ 1294.365899][T18242]  ? blk_alloc_devt+0xd4/0x320
[ 1294.370641][T18242]  __device_add_disk+0x5cb/0x11d0
[ 1294.375641][T18242]  ? device_add_disk+0x40/0x40
[ 1294.380381][T18242]  ? loop_add+0x400/0x760
[ 1294.384686][T18242]  ? vsprintf+0x40/0x40
[ 1294.388816][T18242]  device_add_disk+0x2a/0x40
[ 1294.393380][T18242]  loop_add+0x58f/0x760
[ 1294.397515][T18242]  loop_control_ioctl+0x564/0x740
[ 1294.402514][T18242]  ? loop_remove+0xb0/0xb0
[ 1294.406908][T18242]  ? __fget_files+0x310/0x370
[ 1294.411567][T18242]  ? security_file_ioctl+0xb1/0xd0
[ 1294.416650][T18242]  ? loop_remove+0xb0/0xb0
[ 1294.421042][T18242]  __se_sys_ioctl+0x115/0x190
[ 1294.425694][T18242]  __x64_sys_ioctl+0x7b/0x90
[ 1294.430262][T18242]  do_syscall_64+0x34/0x70
[ 1294.434656][T18242]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1294.440526][T18242] RIP: 0033:0x7f6ee1968169
[ 1294.444919][T18242] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1294.464508][T18242] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1294.472912][T18242] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1294.480868][T18242] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
[ 1294.488825][T18242] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
[ 1294.496781][T18242] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1294.504734][T18242] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
[ 1294.513203][T18242] ------------[ cut here ]------------
[ 1294.518692][T18242] WARNING: CPU: 0 PID: 18242 at block/genhd.c:821 __device_add_disk+0xe7c/0x11d0
[ 1294.527799][T18242] Modules linked in:
[ 1294.531716][T18242] CPU: 0 PID: 18242 Comm: syz-executor.4 Tainted: G        W         5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1294.543449][T18242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1294.553525][T18242] RIP: 0010:__device_add_disk+0xe7c/0x11d0
[ 1294.559336][T18242] Code: ff ff e8 b7 ee 2b ff 0f 0b e9 28 f3 ff ff e8 ab ee 2b ff 0f 0b 42 80 3c 33 00 0f 85 db f8 ff ff e9 de f8 ff ff e8 94 ee 2b ff <0f> 0b e9 60 f7 ff ff e8 88 ee 2b ff e9 13 ff ff ff 44 89 f1 80 e1
[ 1294.579024][T18242] RSP: 0018:ffffc90002d3fbc0 EFLAGS: 00010283
[ 1294.585116][T18242] RAX: ffffffff8241331c RBX: 00000000fffffff4 RCX: 0000000000040000
[ 1294.593105][T18242] RDX: ffffc90004706000 RSI: 000000000002fb37 RDI: 000000000002fb38
[ 1294.601088][T18242] RBP: ffffc90002d3fd08 R08: ffffffff82412a76 R09: ffffc90002d3f610
[ 1294.609110][T18242] R10: 0000000000000013 R11: ffffffff84c00596 R12: 0000000000000007
[ 1294.617103][T18242] R13: ffff88815a0cf000 R14: ffff88811cc08338 R15: ffff88811cc08000
[ 1294.625085][T18242] FS:  00007f6ee0699700(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[ 1294.634044][T18242] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1294.640629][T18242] CR2: 00007f6ee0698ff8 CR3: 0000000115c11000 CR4: 00000000003506b0
[ 1294.648632][T18242] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1294.656662][T18242] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1294.664657][T18242] Call Trace:
[ 1294.667954][T18242]  ? device_add_disk+0x40/0x40
[ 1294.672732][T18242]  ? loop_add+0x400/0x760
[ 1294.677060][T18242]  ? vsprintf+0x40/0x40
[ 1294.681215][T18242]  device_add_disk+0x2a/0x40
[ 1294.685813][T18242]  loop_add+0x58f/0x760
[ 1294.689968][T18242]  loop_control_ioctl+0x564/0x740
[ 1294.695010][T18242]  ? loop_remove+0xb0/0xb0
[ 1294.699429][T18242]  ? __fget_files+0x310/0x370
[ 1294.704116][T18242]  ? security_file_ioctl+0xb1/0xd0
[ 1294.709243][T18242]  ? loop_remove+0xb0/0xb0
[ 1294.713774][T18242]  __se_sys_ioctl+0x115/0x190
[ 1294.718467][T18242]  __x64_sys_ioctl+0x7b/0x90
[ 1294.723098][T18242]  do_syscall_64+0x34/0x70
[ 1294.727514][T18242]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1294.733413][T18242] RIP: 0033:0x7f6ee1968169
[ 1294.737828][T18242] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1294.757443][T18242] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1294.765870][T18242] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1294.773853][T18242] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
[ 1294.781845][T18242] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
[ 1294.789817][T18242] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1294.797793][T18242] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
[ 1294.805782][T18242] ---[ end trace c3340b11af948373 ]---
02:01:11 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x10d, 0x0)

[ 1294.853322][T22520] udevd[22520]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory
02:01:11 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xb9, 0x0)

02:01:11 executing program 3:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000002a0000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:01:11 executing program 5:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
execveat(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000840)=[&(0x7f00000006c0)='\x00', 0x0], 0x100)
socket$inet_udplite(0x2, 0x2, 0x88)
setuid(0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff})
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000002a00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
setxattr$trusted_overlay_upper(0x0, &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:01:11 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xbb, 0x0)

02:01:11 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x10f, 0x0)

02:01:11 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000))
connect$unix(0xffffffffffffffff, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000008c0)='net/mcfilter6\x00')
r0 = socket$key(0xf, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x176}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(0x0, 0x0, &(0x7f0000000480)=0x3008)
sched_setscheduler(r1, 0x1, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$loop_ctrl(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413e850000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
chdir(&(0x7f00000001c0)='./bus\x00')
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0) (fail_nth: 54)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
setfsuid(0x0)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)
r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
recvmmsg(r7, &(0x7f0000002e80)=[{{&(0x7f00000003c0)=@nl=@proc, 0x80, &(0x7f0000000340)=[{0x0}, {&(0x7f00000013c0)=""/78, 0x4e}], 0x2, &(0x7f0000001740)=""/229, 0xe5}, 0x5}, {{&(0x7f0000001440)=@caif=@util, 0x80, &(0x7f0000001d80)=[{&(0x7f0000001840)=""/236, 0xec}, {&(0x7f0000000440)=""/20, 0x14}, {&(0x7f00000014c0)=""/43, 0x2b}, {&(0x7f0000001b80)=""/197, 0xc5}, {&(0x7f0000001940)=""/101, 0x65}, {&(0x7f00000016c0)=""/55, 0x37}, {&(0x7f0000001c80)=""/229, 0xe5}], 0x7, &(0x7f0000001e00)=""/1, 0x1}, 0x24000}, {{&(0x7f0000001e40)=@in6={0xa, 0x0, 0x0, @private2}, 0x80, &(0x7f0000001f80)=[{&(0x7f0000001ec0)=""/151, 0x97}, {&(0x7f0000002480)=""/184, 0xb8}, {&(0x7f0000002540)=""/151, 0x97}, {&(0x7f0000002780)=""/248, 0xf8}], 0x4, &(0x7f0000002880)=""/127, 0x7f}, 0xa9}, {{&(0x7f0000002900)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x80, &(0x7f0000001fc0)=[{&(0x7f0000002980)=""/98, 0x62}], 0x1, &(0x7f0000002140)=""/1, 0x1}, 0x3}, {{&(0x7f0000002a00)=@nl=@proc, 0x80, &(0x7f0000002c80)=[{&(0x7f0000002a80)=""/88, 0x58}, {&(0x7f0000002b00)=""/198, 0xc6}, {&(0x7f0000002c00)=""/106, 0x6a}], 0x3, &(0x7f0000002cc0)=""/36, 0x24}, 0x7}], 0x5, 0x1, &(0x7f0000002e40)={0x77359400})
sendmsg$key(r0, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)

[ 1295.486291][T18230] 9pnet: bogus RWRITE count (2 > 1)
02:01:11 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xbd, 0x0)

02:01:11 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x111, 0x0)

[ 1295.615966][T18282] FAULT_INJECTION: forcing a failure.
[ 1295.615966][T18282] name failslab, interval 1, probability 0, space 0, times 0
[ 1295.628733][T18282] CPU: 0 PID: 18282 Comm: syz-executor.4 Tainted: G        W         5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1295.640425][T18282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1295.650457][T18282] Call Trace:
[ 1295.654160][T18282]  dump_stack_lvl+0x1e2/0x24b
[ 1295.658812][T18282]  ? panic+0x7d7/0x7d7
[ 1295.662859][T18282]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1295.668305][T18282]  ? selinux_kernfs_init_security+0x1a8/0x760
[ 1295.674364][T18282]  dump_stack+0x15/0x17
[ 1295.678499][T18282]  should_fail+0x3c0/0x510
[ 1295.682895][T18282]  __should_failslab+0x9f/0xe0
[ 1295.687649][T18282]  should_failslab+0x9/0x20
[ 1295.692137][T18282]  kmem_cache_alloc+0x3f/0x300
[ 1295.696880][T18282]  ? __kernfs_new_node+0xdb/0x6e0
[ 1295.701886][T18282]  __kernfs_new_node+0xdb/0x6e0
[ 1295.706719][T18282]  ? __kasan_check_write+0x14/0x20
[ 1295.711810][T18282]  ? mutex_lock+0xb2/0x1e0
[ 1295.716207][T18282]  ? mutex_trylock+0x180/0x180
[ 1295.720951][T18282]  ? kernfs_new_node+0x170/0x170
[ 1295.725866][T18282]  ? __kasan_check_write+0x14/0x20
[ 1295.730957][T18282]  ? mutex_unlock+0x29/0xf0
[ 1295.735436][T18282]  ? kernfs_activate+0x409/0x420
[ 1295.740348][T18282]  kernfs_new_node+0x97/0x170
[ 1295.745000][T18282]  __kernfs_create_file+0x4a/0x270
[ 1295.750099][T18282]  sysfs_add_file_mode_ns+0x273/0x320
[ 1295.755466][T18282]  sysfs_merge_group+0x207/0x460
[ 1295.760401][T18282]  ? sysfs_remove_groups+0xb0/0xb0
[ 1295.765496][T18282]  dpm_sysfs_add+0xcf/0x290
[ 1295.769977][T18282]  device_add+0x52c/0xbd0
[ 1295.774289][T18282]  device_create+0x258/0x2e0
[ 1295.778858][T18282]  ? root_device_unregister+0x80/0x80
[ 1295.784208][T18282]  ? number+0xd9b/0x1040
[ 1295.788431][T18282]  bdi_register_va+0x94/0x600
[ 1295.793083][T18282]  bdi_register+0xd1/0x120
[ 1295.797506][T18282]  ? __device_add_disk+0x536/0x11d0
[ 1295.802684][T18282]  ? bdi_register_va+0x600/0x600
[ 1295.807600][T18282]  ? vsnprintf+0x1bfd/0x1cd0
[ 1295.812170][T18282]  ? __kasan_check_read+0x11/0x20
[ 1295.817174][T18282]  ? blk_alloc_devt+0xd4/0x320
[ 1295.821917][T18282]  __device_add_disk+0x5cb/0x11d0
[ 1295.826923][T18282]  ? device_add_disk+0x40/0x40
[ 1295.831676][T18282]  ? loop_add+0x400/0x760
[ 1295.835984][T18282]  ? vsprintf+0x40/0x40
[ 1295.840134][T18282]  device_add_disk+0x2a/0x40
[ 1295.844706][T18282]  loop_add+0x58f/0x760
[ 1295.848841][T18282]  loop_control_ioctl+0x564/0x740
[ 1295.853851][T18282]  ? loop_remove+0xb0/0xb0
[ 1295.858247][T18282]  ? __fget_files+0x310/0x370
[ 1295.862903][T18282]  ? security_file_ioctl+0xb1/0xd0
[ 1295.867992][T18282]  ? loop_remove+0xb0/0xb0
[ 1295.872383][T18282]  __se_sys_ioctl+0x115/0x190
[ 1295.877035][T18282]  __x64_sys_ioctl+0x7b/0x90
[ 1295.881607][T18282]  do_syscall_64+0x34/0x70
[ 1295.886001][T18282]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1295.891869][T18282] RIP: 0033:0x7f6ee1968169
[ 1295.896266][T18282] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1295.915851][T18282] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1295.924246][T18282] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1295.932196][T18282] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
[ 1295.940143][T18282] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
[ 1295.948092][T18282] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1295.956040][T18282] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
[ 1295.964516][T18282] ------------[ cut here ]------------
[ 1295.969994][T18282] WARNING: CPU: 0 PID: 18282 at block/genhd.c:821 __device_add_disk+0xe7c/0x11d0
[ 1295.979107][T18282] Modules linked in:
[ 1295.983024][T18282] CPU: 0 PID: 18282 Comm: syz-executor.4 Tainted: G        W         5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1295.994737][T18282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1296.004814][T18282] RIP: 0010:__device_add_disk+0xe7c/0x11d0
[ 1296.010621][T18282] Code: ff ff e8 b7 ee 2b ff 0f 0b e9 28 f3 ff ff e8 ab ee 2b ff 0f 0b 42 80 3c 33 00 0f 85 db f8 ff ff e9 de f8 ff ff e8 94 ee 2b ff <0f> 0b e9 60 f7 ff ff e8 88 ee 2b ff e9 13 ff ff ff 44 89 f1 80 e1
[ 1296.030291][T18282] RSP: 0018:ffffc90002e27bc0 EFLAGS: 00010283
[ 1296.036376][T18282] RAX: ffffffff8241331c RBX: 00000000fffffff4 RCX: 0000000000040000
[ 1296.044358][T18282] RDX: ffffc90004706000 RSI: 000000000002f9fd RDI: 000000000002f9fe
[ 1296.052351][T18282] RBP: ffffc90002e27d08 R08: ffffffff82412a76 R09: ffffc90002e27610
[ 1296.060325][T18282] R10: 0000000000000013 R11: ffffffff84c00596 R12: 0000000000000007
[ 1296.068301][T18282] R13: ffff888159961000 R14: ffff888159966338 R15: ffff888159966000
[ 1296.076299][T18282] FS:  00007f6ee0699700(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[ 1296.085240][T18282] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1296.091834][T18282] CR2: 00007f6ee0698ff8 CR3: 000000011d8e9000 CR4: 00000000003506b0
[ 1296.099811][T18282] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1296.107793][T18282] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1296.115786][T18282] Call Trace:
[ 1296.119077][T18282]  ? device_add_disk+0x40/0x40
[ 1296.123855][T18282]  ? loop_add+0x400/0x760
[ 1296.128186][T18282]  ? vsprintf+0x40/0x40
[ 1296.132351][T18282]  device_add_disk+0x2a/0x40
[ 1296.136939][T18282]  loop_add+0x58f/0x760
[ 1296.141096][T18282]  loop_control_ioctl+0x564/0x740
[ 1296.146124][T18282]  ? loop_remove+0xb0/0xb0
[ 1296.150538][T18282]  ? __fget_files+0x310/0x370
[ 1296.155234][T18282]  ? security_file_ioctl+0xb1/0xd0
[ 1296.160341][T18282]  ? loop_remove+0xb0/0xb0
[ 1296.164760][T18282]  __se_sys_ioctl+0x115/0x190
[ 1296.169439][T18282]  __x64_sys_ioctl+0x7b/0x90
[ 1296.174077][T18282]  do_syscall_64+0x34/0x70
[ 1296.178500][T18282]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1296.184397][T18282] RIP: 0033:0x7f6ee1968169
[ 1296.188813][T18282] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1296.208455][T18282] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1296.216878][T18282] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1296.225033][T18282] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
[ 1296.233014][T18282] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
[ 1296.240989][T18282] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1296.248972][T18282] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
[ 1296.256969][T18282] ---[ end trace c3340b11af948374 ]---
02:01:12 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xbf, 0x0)

02:01:12 executing program 1:
mkdirat(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0xc0) (async)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0) (async)
statfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000340)=""/123) (async, rerun: 64)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r2=>0xffffffffffffffff}) (rerun: 64)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) (async, rerun: 64)
r3 = signalfd4(r2, &(0x7f0000000380)={[0xe5]}, 0x8, 0x0) (rerun: 64)
execveat(r3, &(0x7f0000000440)='./bus\x00', 0x0, &(0x7f0000000840)=[&(0x7f00000006c0)='\x00', 0x0], 0x100)
write$P9_RVERSION(r3, &(0x7f0000000300)=ANY=[@ANYRES64=r3], 0x15)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x1a1842, 0x80) (async, rerun: 64)
r4 = dup(r1) (rerun: 64)
write$FUSE_BMAP(r4, &(0x7f00000002c0)={0x18}, 0x18) (async)
write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137) (async)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000040)=ANY=[@ANYRESHEX=r4, @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) (async)
socketpair$unix(0x1, 0x0, 0x0, 0x0) (async)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async, rerun: 32)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0) (rerun: 32)

02:01:12 executing program 5:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
execveat(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000840)=[&(0x7f00000006c0)='\x00', 0x0], 0x100)
socket$inet_udplite(0x2, 0x2, 0x88)
setuid(0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff})
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000002a00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
setxattr$trusted_overlay_upper(0x0, &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:01:12 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x113, 0x0)

02:01:13 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xc1, 0x0)

[ 1296.572197][T18260] 9pnet: bogus RWRITE count (2 > 1)
02:01:13 executing program 3:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000002a0000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:01:13 executing program 1:
mkdirat(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0xc0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0) (async)
statfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000340)=""/123) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) (async)
r3 = signalfd4(r2, &(0x7f0000000380)={[0xe5]}, 0x8, 0x0)
execveat(r3, &(0x7f0000000440)='./bus\x00', 0x0, &(0x7f0000000840)=[&(0x7f00000006c0)='\x00', 0x0], 0x100) (async)
write$P9_RVERSION(r3, &(0x7f0000000300)=ANY=[@ANYRES64=r3], 0x15) (async)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x1a1842, 0x80)
r4 = dup(r1)
write$FUSE_BMAP(r4, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137) (async)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000040)=ANY=[@ANYRESHEX=r4, @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) (async)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:01:13 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000))
connect$unix(0xffffffffffffffff, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000008c0)='net/mcfilter6\x00')
r0 = socket$key(0xf, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x176}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(0x0, 0x0, &(0x7f0000000480)=0x3008)
sched_setscheduler(r1, 0x1, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$loop_ctrl(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413e850000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
chdir(&(0x7f00000001c0)='./bus\x00')
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0) (fail_nth: 55)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
setfsuid(0x0)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)
r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
recvmmsg(r7, &(0x7f0000002e80)=[{{&(0x7f00000003c0)=@nl=@proc, 0x80, &(0x7f0000000340)=[{0x0}, {&(0x7f00000013c0)=""/78, 0x4e}], 0x2, &(0x7f0000001740)=""/229, 0xe5}, 0x5}, {{&(0x7f0000001440)=@caif=@util, 0x80, &(0x7f0000001d80)=[{&(0x7f0000001840)=""/236, 0xec}, {&(0x7f0000000440)=""/20, 0x14}, {&(0x7f00000014c0)=""/43, 0x2b}, {&(0x7f0000001b80)=""/197, 0xc5}, {&(0x7f0000001940)=""/101, 0x65}, {&(0x7f00000016c0)=""/55, 0x37}, {&(0x7f0000001c80)=""/229, 0xe5}], 0x7, &(0x7f0000001e00)=""/1, 0x1}, 0x24000}, {{&(0x7f0000001e40)=@in6={0xa, 0x0, 0x0, @private2}, 0x80, &(0x7f0000001f80)=[{&(0x7f0000001ec0)=""/151, 0x97}, {&(0x7f0000002480)=""/184, 0xb8}, {&(0x7f0000002540)=""/151, 0x97}, {&(0x7f0000002780)=""/248, 0xf8}], 0x4, &(0x7f0000002880)=""/127, 0x7f}, 0xa9}, {{&(0x7f0000002900)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x80, &(0x7f0000001fc0)=[{&(0x7f0000002980)=""/98, 0x62}], 0x1, &(0x7f0000002140)=""/1, 0x1}, 0x3}, {{&(0x7f0000002a00)=@nl=@proc, 0x80, &(0x7f0000002c80)=[{&(0x7f0000002a80)=""/88, 0x58}, {&(0x7f0000002b00)=""/198, 0xc6}, {&(0x7f0000002c00)=""/106, 0x6a}], 0x3, &(0x7f0000002cc0)=""/36, 0x24}, 0x7}], 0x5, 0x1, &(0x7f0000002e40)={0x77359400})
sendmsg$key(r0, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)

02:01:13 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x115, 0x0)

02:01:13 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xc3, 0x0)

02:01:13 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xc5, 0x0)

[ 1296.756178][T18332] FAULT_INJECTION: forcing a failure.
[ 1296.756178][T18332] name failslab, interval 1, probability 0, space 0, times 0
[ 1296.768802][T18332] CPU: 0 PID: 18332 Comm: syz-executor.4 Tainted: G        W         5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1296.780493][T18332] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1296.790541][T18332] Call Trace:
[ 1296.793812][T18332]  dump_stack_lvl+0x1e2/0x24b
[ 1296.798464][T18332]  ? panic+0x7d7/0x7d7
[ 1296.802506][T18332]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1296.807941][T18332]  ? selinux_kernfs_init_security+0x1a8/0x760
[ 1296.813983][T18332]  dump_stack+0x15/0x17
[ 1296.818114][T18332]  should_fail+0x3c0/0x510
[ 1296.822507][T18332]  __should_failslab+0x9f/0xe0
[ 1296.827247][T18332]  should_failslab+0x9/0x20
[ 1296.831730][T18332]  kmem_cache_alloc+0x3f/0x300
[ 1296.836470][T18332]  ? __kernfs_new_node+0xdb/0x6e0
[ 1296.841468][T18332]  __kernfs_new_node+0xdb/0x6e0
[ 1296.846310][T18332]  ? __kasan_check_write+0x14/0x20
[ 1296.851402][T18332]  ? mutex_lock+0xb2/0x1e0
[ 1296.855793][T18332]  ? mutex_trylock+0x180/0x180
[ 1296.860531][T18332]  ? kernfs_new_node+0x170/0x170
[ 1296.865447][T18332]  ? __kasan_check_write+0x14/0x20
[ 1296.870532][T18332]  ? mutex_unlock+0x29/0xf0
[ 1296.875011][T18332]  ? kernfs_activate+0x409/0x420
[ 1296.879926][T18332]  kernfs_new_node+0x97/0x170
[ 1296.884579][T18332]  __kernfs_create_file+0x4a/0x270
[ 1296.889681][T18332]  sysfs_add_file_mode_ns+0x273/0x320
[ 1296.895030][T18332]  sysfs_merge_group+0x207/0x460
[ 1296.899966][T18332]  ? sysfs_remove_groups+0xb0/0xb0
[ 1296.905059][T18332]  dpm_sysfs_add+0xcf/0x290
[ 1296.909553][T18332]  device_add+0x52c/0xbd0
[ 1296.913949][T18332]  device_create+0x258/0x2e0
[ 1296.918515][T18332]  ? root_device_unregister+0x80/0x80
[ 1296.923969][T18332]  ? number+0xd9b/0x1040
[ 1296.928185][T18332]  bdi_register_va+0x94/0x600
[ 1296.932849][T18332]  bdi_register+0xd1/0x120
[ 1296.937251][T18332]  ? __device_add_disk+0x536/0x11d0
[ 1296.942424][T18332]  ? bdi_register_va+0x600/0x600
[ 1296.947349][T18332]  ? vsnprintf+0x1bfd/0x1cd0
[ 1296.951920][T18332]  ? __kasan_check_read+0x11/0x20
[ 1296.956918][T18332]  ? blk_alloc_devt+0xd4/0x320
[ 1296.961661][T18332]  __device_add_disk+0x5cb/0x11d0
[ 1296.966661][T18332]  ? device_add_disk+0x40/0x40
[ 1296.971400][T18332]  ? loop_add+0x400/0x760
[ 1296.975717][T18332]  ? vsprintf+0x40/0x40
[ 1296.979849][T18332]  device_add_disk+0x2a/0x40
[ 1296.984507][T18332]  loop_add+0x58f/0x760
[ 1296.988639][T18332]  loop_control_ioctl+0x564/0x740
[ 1296.993637][T18332]  ? loop_remove+0xb0/0xb0
[ 1296.998033][T18332]  ? __fget_files+0x310/0x370
[ 1297.002687][T18332]  ? security_file_ioctl+0xb1/0xd0
[ 1297.007770][T18332]  ? loop_remove+0xb0/0xb0
[ 1297.012161][T18332]  __se_sys_ioctl+0x115/0x190
[ 1297.016812][T18332]  __x64_sys_ioctl+0x7b/0x90
[ 1297.021376][T18332]  do_syscall_64+0x34/0x70
[ 1297.025768][T18332]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1297.031635][T18332] RIP: 0033:0x7f6ee1968169
[ 1297.036026][T18332] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1297.055605][T18332] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1297.063992][T18332] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1297.071939][T18332] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
[ 1297.079886][T18332] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
[ 1297.087832][T18332] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1297.095782][T18332] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
[ 1297.104261][T18332] ------------[ cut here ]------------
[ 1297.109740][T18332] WARNING: CPU: 0 PID: 18332 at block/genhd.c:821 __device_add_disk+0xe7c/0x11d0
[ 1297.118864][T18332] Modules linked in:
[ 1297.122777][T18332] CPU: 0 PID: 18332 Comm: syz-executor.4 Tainted: G        W         5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1297.134490][T18332] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1297.144656][T18332] RIP: 0010:__device_add_disk+0xe7c/0x11d0
[ 1297.150464][T18332] Code: ff ff e8 b7 ee 2b ff 0f 0b e9 28 f3 ff ff e8 ab ee 2b ff 0f 0b 42 80 3c 33 00 0f 85 db f8 ff ff e9 de f8 ff ff e8 94 ee 2b ff <0f> 0b e9 60 f7 ff ff e8 88 ee 2b ff e9 13 ff ff ff 44 89 f1 80 e1
[ 1297.170135][T18332] RSP: 0018:ffffc90002df7bc0 EFLAGS: 00010283
[ 1297.176219][T18332] RAX: ffffffff8241331c RBX: 00000000fffffff4 RCX: 0000000000040000
[ 1297.184220][T18332] RDX: ffffc90004706000 RSI: 000000000002fa22 RDI: 000000000002fa23
[ 1297.192216][T18332] RBP: ffffc90002df7d08 R08: ffffffff82412a76 R09: ffffc90002df7610
[ 1297.200181][T18332] R10: 0000000000000013 R11: ffffffff84c00596 R12: 0000000000000007
[ 1297.208159][T18332] R13: ffff888113040000 R14: ffff888113044338 R15: ffff888113044000
[ 1297.216229][T18332] FS:  00007f6ee0699700(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[ 1297.225171][T18332] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1297.231766][T18332] CR2: 00007f6ee0698ff8 CR3: 00000001145d2000 CR4: 00000000003506b0
[ 1297.239743][T18332] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1297.247719][T18332] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1297.255727][T18332] Call Trace:
[ 1297.259022][T18332]  ? device_add_disk+0x40/0x40
[ 1297.263796][T18332]  ? loop_add+0x400/0x760
[ 1297.268124][T18332]  ? vsprintf+0x40/0x40
[ 1297.272291][T18332]  device_add_disk+0x2a/0x40
[ 1297.277402][T18332]  loop_add+0x58f/0x760
[ 1297.281566][T18332]  loop_control_ioctl+0x564/0x740
[ 1297.286597][T18332]  ? loop_remove+0xb0/0xb0
[ 1297.291006][T18332]  ? __fget_files+0x310/0x370
[ 1297.295704][T18332]  ? security_file_ioctl+0xb1/0xd0
[ 1297.300814][T18332]  ? loop_remove+0xb0/0xb0
[ 1297.305236][T18332]  __se_sys_ioctl+0x115/0x190
[ 1297.309912][T18332]  __x64_sys_ioctl+0x7b/0x90
[ 1297.314518][T18332]  do_syscall_64+0x34/0x70
[ 1297.318937][T18332]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1297.324835][T18332] RIP: 0033:0x7f6ee1968169
[ 1297.329247][T18332] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1297.348855][T18332] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1297.357286][T18332] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1297.365264][T18332] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
[ 1297.373270][T18332] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
[ 1297.381240][T18332] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1297.389214][T18332] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
[ 1297.397213][T18332] ---[ end trace c3340b11af948375 ]---
02:01:13 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x117, 0x0)

02:01:13 executing program 5:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
execveat(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000840)=[&(0x7f00000006c0)='\x00', 0x0], 0x100)
socket$inet_udplite(0x2, 0x2, 0x88)
setuid(0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff})
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000002a00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
setxattr$trusted_overlay_upper(0x0, &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

[ 1297.431495][T22520] udevd[22520]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory
02:01:14 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c81f909b50b"], 0x15)
r0 = dup(0xffffffffffffffff)
write$FUSE_BMAP(r0, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
r1 = dup(r0)
splice(r1, &(0x7f0000000040)=0x98a, 0xffffffffffffffff, &(0x7f0000000080)=0x3ff, 0x8, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:01:14 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x119, 0x0)

02:01:14 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xc7, 0x0)

[ 1297.686041][T18352] 9pnet: Insufficient options for proto=fd
02:01:14 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c81f909b50b"], 0x15)
r0 = dup(0xffffffffffffffff)
write$FUSE_BMAP(r0, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
r1 = dup(r0)
splice(r1, &(0x7f0000000040)=0x98a, 0xffffffffffffffff, &(0x7f0000000080)=0x3ff, 0x8, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) (async)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c81f909b50b"], 0x15) (async)
dup(0xffffffffffffffff) (async)
write$FUSE_BMAP(r0, &(0x7f00000002c0)={0x18}, 0x18) (async)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0x14c}, 0x137) (async)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX]) (async)
socketpair$unix(0x1, 0x0, 0x0, 0x0) (async)
dup(r0) (async)
splice(r1, &(0x7f0000000040)=0x98a, 0xffffffffffffffff, &(0x7f0000000080)=0x3ff, 0x8, 0x0) (async)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0) (async)

[ 1297.794725][T18364] 9pnet: Insufficient options for proto=fd
[ 1297.830977][T18367] 9pnet: Insufficient options for proto=fd
02:01:14 executing program 3:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000002a0000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:01:14 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x11b, 0x0)

02:01:14 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000))
connect$unix(0xffffffffffffffff, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000008c0)='net/mcfilter6\x00')
r0 = socket$key(0xf, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x176}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(0x0, 0x0, &(0x7f0000000480)=0x3008)
sched_setscheduler(r1, 0x1, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$loop_ctrl(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413e850000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
chdir(&(0x7f00000001c0)='./bus\x00')
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0) (fail_nth: 56)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
setfsuid(0x0)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)
r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
recvmmsg(r7, &(0x7f0000002e80)=[{{&(0x7f00000003c0)=@nl=@proc, 0x80, &(0x7f0000000340)=[{0x0}, {&(0x7f00000013c0)=""/78, 0x4e}], 0x2, &(0x7f0000001740)=""/229, 0xe5}, 0x5}, {{&(0x7f0000001440)=@caif=@util, 0x80, &(0x7f0000001d80)=[{&(0x7f0000001840)=""/236, 0xec}, {&(0x7f0000000440)=""/20, 0x14}, {&(0x7f00000014c0)=""/43, 0x2b}, {&(0x7f0000001b80)=""/197, 0xc5}, {&(0x7f0000001940)=""/101, 0x65}, {&(0x7f00000016c0)=""/55, 0x37}, {&(0x7f0000001c80)=""/229, 0xe5}], 0x7, &(0x7f0000001e00)=""/1, 0x1}, 0x24000}, {{&(0x7f0000001e40)=@in6={0xa, 0x0, 0x0, @private2}, 0x80, &(0x7f0000001f80)=[{&(0x7f0000001ec0)=""/151, 0x97}, {&(0x7f0000002480)=""/184, 0xb8}, {&(0x7f0000002540)=""/151, 0x97}, {&(0x7f0000002780)=""/248, 0xf8}], 0x4, &(0x7f0000002880)=""/127, 0x7f}, 0xa9}, {{&(0x7f0000002900)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x80, &(0x7f0000001fc0)=[{&(0x7f0000002980)=""/98, 0x62}], 0x1, &(0x7f0000002140)=""/1, 0x1}, 0x3}, {{&(0x7f0000002a00)=@nl=@proc, 0x80, &(0x7f0000002c80)=[{&(0x7f0000002a80)=""/88, 0x58}, {&(0x7f0000002b00)=""/198, 0xc6}, {&(0x7f0000002c00)=""/106, 0x6a}], 0x3, &(0x7f0000002cc0)=""/36, 0x24}, 0x7}], 0x5, 0x1, &(0x7f0000002e40)={0x77359400})
sendmsg$key(r0, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)

02:01:14 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xc9, 0x0)

02:01:14 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) (async)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c81f909b50b"], 0x15) (async)
r0 = dup(0xffffffffffffffff)
write$FUSE_BMAP(r0, &(0x7f00000002c0)={0x18}, 0x18) (async)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0x14c}, 0x137) (async)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX]) (async)
socketpair$unix(0x1, 0x0, 0x0, 0x0) (async)
r1 = dup(r0)
splice(r1, &(0x7f0000000040)=0x98a, 0xffffffffffffffff, &(0x7f0000000080)=0x3ff, 0x8, 0x0) (async)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:01:14 executing program 1:
r0 = openat$incfs(0xffffffffffffffff, &(0x7f0000000000)='.pending_reads\x00', 0x284202, 0x10)
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r3 = dup(r2)
write$FUSE_BMAP(r3, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:01:14 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xcb, 0x0)

[ 1298.003961][T18325] 9pnet: bogus RWRITE count (2 > 1)
[ 1298.021104][T18385] 9pnet: Insufficient options for proto=fd
[ 1298.139140][T18395] FAULT_INJECTION: forcing a failure.
[ 1298.139140][T18395] name failslab, interval 1, probability 0, space 0, times 0
[ 1298.151872][T18395] CPU: 0 PID: 18395 Comm: syz-executor.4 Tainted: G        W         5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1298.163564][T18395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1298.173606][T18395] Call Trace:
[ 1298.176877][T18395]  dump_stack_lvl+0x1e2/0x24b
[ 1298.181532][T18395]  ? panic+0x7d7/0x7d7
[ 1298.185574][T18395]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1298.191009][T18395]  dump_stack+0x15/0x17
[ 1298.195140][T18395]  should_fail+0x3c0/0x510
[ 1298.199533][T18395]  ? kobject_get_path+0xb8/0x1a0
[ 1298.204447][T18395]  __should_failslab+0x9f/0xe0
[ 1298.209201][T18395]  should_failslab+0x9/0x20
[ 1298.213692][T18395]  __kmalloc+0x60/0x360
[ 1298.217827][T18395]  kobject_get_path+0xb8/0x1a0
[ 1298.222568][T18395]  kobject_uevent_env+0x282/0x730
[ 1298.227570][T18395]  ? __kasan_check_write+0x14/0x20
[ 1298.232666][T18395]  kobject_uevent+0x1f/0x30
[ 1298.237144][T18395]  device_add+0x79c/0xbd0
[ 1298.241450][T18395]  device_create+0x258/0x2e0
[ 1298.246019][T18395]  ? root_device_unregister+0x80/0x80
[ 1298.251364][T18395]  ? number+0xd9b/0x1040
[ 1298.255582][T18395]  bdi_register_va+0x94/0x600
[ 1298.260243][T18395]  bdi_register+0xd1/0x120
[ 1298.264639][T18395]  ? __device_add_disk+0x536/0x11d0
[ 1298.269815][T18395]  ? bdi_register_va+0x600/0x600
[ 1298.274740][T18395]  ? vsnprintf+0x1bfd/0x1cd0
[ 1298.279309][T18395]  ? __kasan_check_read+0x11/0x20
[ 1298.284309][T18395]  ? blk_alloc_devt+0xd4/0x320
[ 1298.289050][T18395]  __device_add_disk+0x5cb/0x11d0
[ 1298.294052][T18395]  ? device_add_disk+0x40/0x40
[ 1298.298795][T18395]  ? loop_add+0x400/0x760
[ 1298.303098][T18395]  ? vsprintf+0x40/0x40
[ 1298.307229][T18395]  device_add_disk+0x2a/0x40
[ 1298.311796][T18395]  loop_add+0x58f/0x760
[ 1298.315932][T18395]  loop_control_ioctl+0x564/0x740
[ 1298.320935][T18395]  ? loop_remove+0xb0/0xb0
[ 1298.325345][T18395]  ? __fget_files+0x310/0x370
[ 1298.330001][T18395]  ? security_file_ioctl+0xb1/0xd0
[ 1298.335086][T18395]  ? loop_remove+0xb0/0xb0
[ 1298.339498][T18395]  __se_sys_ioctl+0x115/0x190
[ 1298.344149][T18395]  __x64_sys_ioctl+0x7b/0x90
[ 1298.348713][T18395]  do_syscall_64+0x34/0x70
[ 1298.353108][T18395]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1298.358975][T18395] RIP: 0033:0x7f6ee1968169
[ 1298.363373][T18395] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1298.382964][T18395] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1298.391355][T18395] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1298.399301][T18395] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
[ 1298.407248][T18395] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
[ 1298.415198][T18395] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1298.423147][T18395] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
02:01:14 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x11d, 0x0)

02:01:14 executing program 5:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
execveat(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000840)=[&(0x7f00000006c0)='\x00', 0x0], 0x100)
socket$inet_udplite(0x2, 0x2, 0x88)
setuid(0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff})
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000002a00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', 0x0, &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:01:14 executing program 1:
r0 = openat$incfs(0xffffffffffffffff, &(0x7f0000000000)='.pending_reads\x00', 0x284202, 0x10)
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15) (async)
r3 = dup(r2)
write$FUSE_BMAP(r3, &(0x7f00000002c0)={0x18}, 0x18) (async)
write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000000c0)={0x14c}, 0x137) (async)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) (async, rerun: 32)
socketpair$unix(0x1, 0x0, 0x0, 0x0) (async, rerun: 32)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async, rerun: 32)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0) (rerun: 32)

02:01:15 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xcd, 0x0)

02:01:15 executing program 1:
r0 = openat$incfs(0xffffffffffffffff, &(0x7f0000000000)='.pending_reads\x00', 0x284202, 0x10)
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15) (async, rerun: 64)
r3 = dup(r2) (rerun: 64)
write$FUSE_BMAP(r3, &(0x7f00000002c0)={0x18}, 0x18) (async)
write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000000c0)={0x14c}, 0x137) (async)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) (async, rerun: 32)
socketpair$unix(0x1, 0x0, 0x0, 0x0) (rerun: 32)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) (async, rerun: 32)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async, rerun: 32)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:01:15 executing program 3:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000002a000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:01:15 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x11f, 0x0)

02:01:15 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r1 = dup(r0)
write$FUSE_BMAP(r1, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r1, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trins=fd,rfdno=', @ANYRES32=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r0])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:01:15 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xcf, 0x0)

02:01:15 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000))
connect$unix(0xffffffffffffffff, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000008c0)='net/mcfilter6\x00')
r0 = socket$key(0xf, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x176}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(0x0, 0x0, &(0x7f0000000480)=0x3008)
sched_setscheduler(r1, 0x1, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$loop_ctrl(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413e850000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
chdir(&(0x7f00000001c0)='./bus\x00')
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0) (fail_nth: 57)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
setfsuid(0x0)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)
r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
recvmmsg(r7, &(0x7f0000002e80)=[{{&(0x7f00000003c0)=@nl=@proc, 0x80, &(0x7f0000000340)=[{0x0}, {&(0x7f00000013c0)=""/78, 0x4e}], 0x2, &(0x7f0000001740)=""/229, 0xe5}, 0x5}, {{&(0x7f0000001440)=@caif=@util, 0x80, &(0x7f0000001d80)=[{&(0x7f0000001840)=""/236, 0xec}, {&(0x7f0000000440)=""/20, 0x14}, {&(0x7f00000014c0)=""/43, 0x2b}, {&(0x7f0000001b80)=""/197, 0xc5}, {&(0x7f0000001940)=""/101, 0x65}, {&(0x7f00000016c0)=""/55, 0x37}, {&(0x7f0000001c80)=""/229, 0xe5}], 0x7, &(0x7f0000001e00)=""/1, 0x1}, 0x24000}, {{&(0x7f0000001e40)=@in6={0xa, 0x0, 0x0, @private2}, 0x80, &(0x7f0000001f80)=[{&(0x7f0000001ec0)=""/151, 0x97}, {&(0x7f0000002480)=""/184, 0xb8}, {&(0x7f0000002540)=""/151, 0x97}, {&(0x7f0000002780)=""/248, 0xf8}], 0x4, &(0x7f0000002880)=""/127, 0x7f}, 0xa9}, {{&(0x7f0000002900)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x80, &(0x7f0000001fc0)=[{&(0x7f0000002980)=""/98, 0x62}], 0x1, &(0x7f0000002140)=""/1, 0x1}, 0x3}, {{&(0x7f0000002a00)=@nl=@proc, 0x80, &(0x7f0000002c80)=[{&(0x7f0000002a80)=""/88, 0x58}, {&(0x7f0000002b00)=""/198, 0xc6}, {&(0x7f0000002c00)=""/106, 0x6a}], 0x3, &(0x7f0000002cc0)=""/36, 0x24}, 0x7}], 0x5, 0x1, &(0x7f0000002e40)={0x77359400})
sendmsg$key(r0, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)

02:01:15 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) (async)
pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r1 = dup(r0)
write$FUSE_BMAP(r1, &(0x7f00000002c0)={0x18}, 0x18) (async)
write$FUSE_NOTIFY_RETRIEVE(r1, &(0x7f00000000c0)={0x14c}, 0x137) (async)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trins=fd,rfdno=', @ANYRES32=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r0])
socketpair$unix(0x1, 0x0, 0x0, 0x0) (async)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:01:15 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x121, 0x0)

02:01:15 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r1 = dup(r0)
write$FUSE_BMAP(r1, &(0x7f00000002c0)={0x18}, 0x18) (async)
write$FUSE_NOTIFY_RETRIEVE(r1, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trins=fd,rfdno=', @ANYRES32=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r0]) (async)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

[ 1299.035263][T18453] FAULT_INJECTION: forcing a failure.
[ 1299.035263][T18453] name failslab, interval 1, probability 0, space 0, times 0
[ 1299.047920][T18453] CPU: 1 PID: 18453 Comm: syz-executor.4 Tainted: G        W         5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1299.059614][T18453] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1299.069646][T18453] Call Trace:
[ 1299.072920][T18453]  dump_stack_lvl+0x1e2/0x24b
[ 1299.077570][T18453]  ? panic+0x7d7/0x7d7
[ 1299.081620][T18453]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1299.087054][T18453]  dump_stack+0x15/0x17
[ 1299.091187][T18453]  should_fail+0x3c0/0x510
[ 1299.095594][T18453]  ? kobject_get_path+0xb8/0x1a0
[ 1299.100506][T18453]  __should_failslab+0x9f/0xe0
[ 1299.105264][T18453]  should_failslab+0x9/0x20
[ 1299.109764][T18453]  __kmalloc+0x60/0x360
[ 1299.113897][T18453]  kobject_get_path+0xb8/0x1a0
[ 1299.118636][T18453]  kobject_uevent_env+0x282/0x730
[ 1299.123638][T18453]  ? __kasan_check_write+0x14/0x20
[ 1299.128722][T18453]  kobject_uevent+0x1f/0x30
[ 1299.133203][T18453]  device_add+0x79c/0xbd0
[ 1299.137509][T18453]  device_create+0x258/0x2e0
[ 1299.142165][T18453]  ? root_device_unregister+0x80/0x80
[ 1299.147514][T18453]  ? number+0xd9b/0x1040
[ 1299.151734][T18453]  bdi_register_va+0x94/0x600
[ 1299.156387][T18453]  bdi_register+0xd1/0x120
[ 1299.160783][T18453]  ? __device_add_disk+0x536/0x11d0
[ 1299.165953][T18453]  ? bdi_register_va+0x600/0x600
[ 1299.170866][T18453]  ? vsnprintf+0x1bfd/0x1cd0
[ 1299.175433][T18453]  ? __kasan_check_read+0x11/0x20
[ 1299.180433][T18453]  ? blk_alloc_devt+0xd4/0x320
[ 1299.185173][T18453]  __device_add_disk+0x5cb/0x11d0
[ 1299.190185][T18453]  ? device_add_disk+0x40/0x40
[ 1299.194925][T18453]  ? loop_add+0x400/0x760
[ 1299.199243][T18453]  ? vsprintf+0x40/0x40
[ 1299.203379][T18453]  device_add_disk+0x2a/0x40
[ 1299.207945][T18453]  loop_add+0x58f/0x760
[ 1299.212078][T18453]  loop_control_ioctl+0x564/0x740
[ 1299.217078][T18453]  ? loop_remove+0xb0/0xb0
[ 1299.221474][T18453]  ? __fget_files+0x310/0x370
[ 1299.226127][T18453]  ? security_file_ioctl+0xb1/0xd0
[ 1299.231232][T18453]  ? loop_remove+0xb0/0xb0
[ 1299.235623][T18453]  __se_sys_ioctl+0x115/0x190
[ 1299.240288][T18453]  __x64_sys_ioctl+0x7b/0x90
[ 1299.244852][T18453]  do_syscall_64+0x34/0x70
[ 1299.249248][T18453]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1299.255117][T18453] RIP: 0033:0x7f6ee1968169
[ 1299.259508][T18453] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1299.279086][T18453] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1299.287476][T18453] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1299.295441][T18453] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
[ 1299.303387][T18453] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
[ 1299.311333][T18453] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1299.319287][T18453] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
[ 1299.355644][T22520] udevd[22520]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory
02:01:15 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xd1, 0x0)

02:01:15 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
r2 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000100), 0x8000, 0x0)
r3 = syz_open_dev$vcsa(&(0x7f00000003c0), 0x1, 0x181200)
renameat2(r2, &(0x7f0000000280)='./file0\x00', r3, &(0x7f0000000400)='./file0\x00', 0x1)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
getpid()
r4 = dup(r1)
write$FUSE_BMAP(r4, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="741209df3bdf9b760c8c1c5d0adda6726664ab6f3d", @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)
r6 = signalfd4(r5, &(0x7f0000000080)={[0x3]}, 0x8, 0x80000)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x2140008, &(0x7f0000000340)={'trans=fd,', {'rfdno', 0x3d, r6}, 0x2c, {'wfdno', 0x3d, r5}, 0x2c, {[{@privport}, {@cache_fscache}, {@msize={'msize', 0x3d, 0x5}}], [{@smackfsdef={'smackfsdef', 0x3d, '+'}}]}})

02:01:15 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x123, 0x0)

02:01:15 executing program 5:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
execveat(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000840)=[&(0x7f00000006c0)='\x00', 0x0], 0x100)
socket$inet_udplite(0x2, 0x2, 0x88)
setuid(0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff})
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000002a00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', 0x0, &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:01:16 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xd3, 0x0)

02:01:16 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
openat$vcsa(0xffffffffffffff9c, &(0x7f0000000100), 0x8000, 0x0) (async)
r2 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000100), 0x8000, 0x0)
r3 = syz_open_dev$vcsa(&(0x7f00000003c0), 0x1, 0x181200)
renameat2(r2, &(0x7f0000000280)='./file0\x00', r3, &(0x7f0000000400)='./file0\x00', 0x1)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
getpid()
dup(r1) (async)
r4 = dup(r1)
write$FUSE_BMAP(r4, &(0x7f00000002c0)={0x18}, 0x18) (async)
write$FUSE_BMAP(r4, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="741209df3bdf9b760c8c1c5d0adda6726664ab6f3d", @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0) (async)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)
r6 = signalfd4(r5, &(0x7f0000000080)={[0x3]}, 0x8, 0x80000)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x2140008, &(0x7f0000000340)={'trans=fd,', {'rfdno', 0x3d, r6}, 0x2c, {'wfdno', 0x3d, r5}, 0x2c, {[{@privport}, {@cache_fscache}, {@msize={'msize', 0x3d, 0x5}}], [{@smackfsdef={'smackfsdef', 0x3d, '+'}}]}})

02:01:16 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x125, 0x0)

02:01:16 executing program 3:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000002a000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:01:16 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000))
connect$unix(0xffffffffffffffff, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000008c0)='net/mcfilter6\x00')
r0 = socket$key(0xf, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x176}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(0x0, 0x0, &(0x7f0000000480)=0x3008)
sched_setscheduler(r1, 0x1, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$loop_ctrl(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413e850000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
chdir(&(0x7f00000001c0)='./bus\x00')
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0) (fail_nth: 58)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
setfsuid(0x0)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)
r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
recvmmsg(r7, &(0x7f0000002e80)=[{{&(0x7f00000003c0)=@nl=@proc, 0x80, &(0x7f0000000340)=[{0x0}, {&(0x7f00000013c0)=""/78, 0x4e}], 0x2, &(0x7f0000001740)=""/229, 0xe5}, 0x5}, {{&(0x7f0000001440)=@caif=@util, 0x80, &(0x7f0000001d80)=[{&(0x7f0000001840)=""/236, 0xec}, {&(0x7f0000000440)=""/20, 0x14}, {&(0x7f00000014c0)=""/43, 0x2b}, {&(0x7f0000001b80)=""/197, 0xc5}, {&(0x7f0000001940)=""/101, 0x65}, {&(0x7f00000016c0)=""/55, 0x37}, {&(0x7f0000001c80)=""/229, 0xe5}], 0x7, &(0x7f0000001e00)=""/1, 0x1}, 0x24000}, {{&(0x7f0000001e40)=@in6={0xa, 0x0, 0x0, @private2}, 0x80, &(0x7f0000001f80)=[{&(0x7f0000001ec0)=""/151, 0x97}, {&(0x7f0000002480)=""/184, 0xb8}, {&(0x7f0000002540)=""/151, 0x97}, {&(0x7f0000002780)=""/248, 0xf8}], 0x4, &(0x7f0000002880)=""/127, 0x7f}, 0xa9}, {{&(0x7f0000002900)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x80, &(0x7f0000001fc0)=[{&(0x7f0000002980)=""/98, 0x62}], 0x1, &(0x7f0000002140)=""/1, 0x1}, 0x3}, {{&(0x7f0000002a00)=@nl=@proc, 0x80, &(0x7f0000002c80)=[{&(0x7f0000002a80)=""/88, 0x58}, {&(0x7f0000002b00)=""/198, 0xc6}, {&(0x7f0000002c00)=""/106, 0x6a}], 0x3, &(0x7f0000002cc0)=""/36, 0x24}, 0x7}], 0x5, 0x1, &(0x7f0000002e40)={0x77359400})
sendmsg$key(r0, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)

02:01:16 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0) (async)
r2 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000100), 0x8000, 0x0) (async)
r3 = syz_open_dev$vcsa(&(0x7f00000003c0), 0x1, 0x181200)
renameat2(r2, &(0x7f0000000280)='./file0\x00', r3, &(0x7f0000000400)='./file0\x00', 0x1)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15) (async)
getpid()
r4 = dup(r1)
write$FUSE_BMAP(r4, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="741209df3bdf9b760c8c1c5d0adda6726664ab6f3d", @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) (async)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0) (async)
r6 = signalfd4(r5, &(0x7f0000000080)={[0x3]}, 0x8, 0x80000)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x2140008, &(0x7f0000000340)={'trans=fd,', {'rfdno', 0x3d, r6}, 0x2c, {'wfdno', 0x3d, r5}, 0x2c, {[{@privport}, {@cache_fscache}, {@msize={'msize', 0x3d, 0x5}}], [{@smackfsdef={'smackfsdef', 0x3d, '+'}}]}})

[ 1299.943515][T18440] 9pnet: bogus RWRITE count (2 > 1)
02:01:16 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x127, 0x0)

02:01:16 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xd5, 0x0)

02:01:16 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
write$P9_RAUTH(r1, &(0x7f0000000800)={0x14, 0x67, 0x2, {0x80, 0x4, 0x4}}, 0x14)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(r2, &(0x7f0000005480)=[{{&(0x7f0000000000)=@pppoe, 0x80, &(0x7f0000000100)=[{&(0x7f0000000340)=""/132, 0x84}, {&(0x7f0000000080)=""/44, 0x2c}], 0x2, &(0x7f0000000400)=""/162, 0xa2}, 0x8}, {{&(0x7f00000004c0)=@ethernet={0x0, @broadcast}, 0x80, &(0x7f0000000840)=[{&(0x7f00000005c0)=""/205, 0xcd}, {&(0x7f0000000280)=""/47, 0x2f}, {&(0x7f00000006c0)=""/147, 0x93}, {&(0x7f0000000780)=""/122, 0x7a}, {&(0x7f0000000540)=""/63, 0x3f}, {&(0x7f0000000800)}], 0x6, &(0x7f00000008c0)=""/38, 0x26}, 0x20}, {{&(0x7f0000000900)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001f00)=[{&(0x7f0000000980)=""/250, 0xfa}, {&(0x7f0000000a80)=""/163, 0xa3}, {&(0x7f0000000b40)=""/132, 0x84}, {&(0x7f0000000c00)=""/85, 0x55}, {&(0x7f0000000c80)=""/70, 0x46}, {&(0x7f0000000d00)=""/198, 0xc6}, {&(0x7f0000000e00)=""/117, 0x75}, {&(0x7f0000000e80)=""/122, 0x7a}, {&(0x7f0000000f00)=""/4096, 0x1000}], 0x9, &(0x7f0000001fc0)=""/18, 0x12}, 0x7}, {{0x0, 0x0, &(0x7f0000002000)=[{&(0x7f0000002080)=""/105, 0x69}], 0x1, &(0x7f0000002100)=""/4096, 0x1000}, 0x5}, {{&(0x7f0000003100)=@x25, 0x80, &(0x7f0000003280)=[{&(0x7f0000003180)=""/248, 0xf8}], 0x1, &(0x7f00000032c0)=""/151, 0x97}, 0x80000001}, {{0x0, 0x0, &(0x7f00000038c0)=[{&(0x7f0000003380)=""/187, 0xbb}, {&(0x7f0000003440)=""/206, 0xce}, {&(0x7f0000003540)=""/157, 0x9d}, {&(0x7f0000003600)=""/90, 0x5a}, {&(0x7f0000003680)=""/19, 0x13}, {&(0x7f00000036c0)=""/203, 0xcb}, {&(0x7f00000037c0)=""/223, 0xdf}], 0x7, &(0x7f0000003940)=""/154, 0x9a}, 0x1}, {{0x0, 0x0, &(0x7f0000003b00)=[{&(0x7f0000003a00)=""/217, 0xd9}], 0x1, &(0x7f0000003b40)=""/245, 0xf5}, 0x3}, {{&(0x7f0000003c40)=@in6={0xa, 0x0, 0x0, @private1}, 0x80, &(0x7f0000004e80)=[{&(0x7f0000003cc0)=""/102, 0x66}, {&(0x7f0000003d40)=""/227, 0xe3}, {&(0x7f0000003e40)=""/62, 0x3e}, {&(0x7f0000003e80)=""/4096, 0x1000}], 0x4, &(0x7f0000004ec0)=""/184, 0xb8}, 0x1}, {{&(0x7f0000004f80)=@ieee802154={0x24, @long}, 0x80, &(0x7f0000005340)=[{&(0x7f0000005000)=""/245, 0xf5}, {&(0x7f0000005100)=""/165, 0xa5}, {&(0x7f00000051c0)=""/135, 0x87}, {&(0x7f0000005280)=""/91, 0x5b}, {&(0x7f0000005300)=""/20, 0x14}], 0x5, &(0x7f00000053c0)=""/156, 0x9c}}], 0x9, 0x41, &(0x7f00000056c0)={0x77359400})
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

[ 1300.068292][T18503] FAULT_INJECTION: forcing a failure.
[ 1300.068292][T18503] name failslab, interval 1, probability 0, space 0, times 0
[ 1300.080986][T18503] CPU: 0 PID: 18503 Comm: syz-executor.4 Tainted: G        W         5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1300.092676][T18503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1300.102711][T18503] Call Trace:
[ 1300.105979][T18503]  dump_stack_lvl+0x1e2/0x24b
[ 1300.110633][T18503]  ? panic+0x7d7/0x7d7
[ 1300.114678][T18503]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1300.120124][T18503]  dump_stack+0x15/0x17
[ 1300.124269][T18503]  should_fail+0x3c0/0x510
[ 1300.128659][T18503]  ? alloc_uevent_skb+0x7f/0x230
[ 1300.133567][T18503]  __should_failslab+0x9f/0xe0
[ 1300.138326][T18503]  should_failslab+0x9/0x20
[ 1300.142816][T18503]  __kmalloc_track_caller+0x5f/0x350
[ 1300.148073][T18503]  ? kmem_cache_alloc+0x1a4/0x300
[ 1300.153071][T18503]  ? __alloc_skb+0x7e/0x580
[ 1300.157548][T18503]  ? alloc_uevent_skb+0x7f/0x230
[ 1300.162460][T18503]  __alloc_skb+0xbe/0x580
[ 1300.166764][T18503]  alloc_uevent_skb+0x7f/0x230
[ 1300.171504][T18503]  kobject_uevent_net_broadcast+0x321/0x5a0
[ 1300.177375][T18503]  kobject_uevent_env+0x540/0x730
[ 1300.182372][T18503]  kobject_uevent+0x1f/0x30
[ 1300.186849][T18503]  device_add+0x79c/0xbd0
[ 1300.191154][T18503]  device_create+0x258/0x2e0
[ 1300.195728][T18503]  ? root_device_unregister+0x80/0x80
[ 1300.201076][T18503]  ? number+0xd9b/0x1040
[ 1300.205294][T18503]  bdi_register_va+0x94/0x600
[ 1300.209950][T18503]  bdi_register+0xd1/0x120
[ 1300.214345][T18503]  ? __device_add_disk+0x536/0x11d0
[ 1300.219602][T18503]  ? bdi_register_va+0x600/0x600
[ 1300.224512][T18503]  ? vsnprintf+0x1bfd/0x1cd0
[ 1300.229076][T18503]  ? __kasan_check_read+0x11/0x20
[ 1300.234088][T18503]  ? blk_alloc_devt+0xd4/0x320
[ 1300.238857][T18503]  __device_add_disk+0x5cb/0x11d0
[ 1300.243858][T18503]  ? device_add_disk+0x40/0x40
[ 1300.248602][T18503]  ? loop_add+0x400/0x760
[ 1300.252912][T18503]  ? vsprintf+0x40/0x40
[ 1300.257059][T18503]  device_add_disk+0x2a/0x40
[ 1300.261622][T18503]  loop_add+0x58f/0x760
[ 1300.265753][T18503]  loop_control_ioctl+0x564/0x740
[ 1300.270752][T18503]  ? loop_remove+0xb0/0xb0
[ 1300.275142][T18503]  ? __fget_files+0x310/0x370
[ 1300.279795][T18503]  ? security_file_ioctl+0xb1/0xd0
[ 1300.284895][T18503]  ? loop_remove+0xb0/0xb0
[ 1300.289289][T18503]  __se_sys_ioctl+0x115/0x190
[ 1300.293942][T18503]  __x64_sys_ioctl+0x7b/0x90
[ 1300.298511][T18503]  do_syscall_64+0x34/0x70
[ 1300.302905][T18503]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1300.308770][T18503] RIP: 0033:0x7f6ee1968169
[ 1300.313162][T18503] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1300.332744][T18503] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1300.341132][T18503] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1300.349078][T18503] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
[ 1300.357027][T18503] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
02:01:16 executing program 5:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
execveat(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000840)=[&(0x7f00000006c0)='\x00', 0x0], 0x100)
socket$inet_udplite(0x2, 0x2, 0x88)
setuid(0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff})
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000002a00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', 0x0, &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

[ 1300.365066][T18503] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1300.373015][T18503] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
[ 1300.408983][T22520] udevd[22520]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory
02:01:16 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x129, 0x0)

02:01:16 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) (async)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
write$P9_RAUTH(r1, &(0x7f0000000800)={0x14, 0x67, 0x2, {0x80, 0x4, 0x4}}, 0x14)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0) (async)
recvmmsg(r2, &(0x7f0000005480)=[{{&(0x7f0000000000)=@pppoe, 0x80, &(0x7f0000000100)=[{&(0x7f0000000340)=""/132, 0x84}, {&(0x7f0000000080)=""/44, 0x2c}], 0x2, &(0x7f0000000400)=""/162, 0xa2}, 0x8}, {{&(0x7f00000004c0)=@ethernet={0x0, @broadcast}, 0x80, &(0x7f0000000840)=[{&(0x7f00000005c0)=""/205, 0xcd}, {&(0x7f0000000280)=""/47, 0x2f}, {&(0x7f00000006c0)=""/147, 0x93}, {&(0x7f0000000780)=""/122, 0x7a}, {&(0x7f0000000540)=""/63, 0x3f}, {&(0x7f0000000800)}], 0x6, &(0x7f00000008c0)=""/38, 0x26}, 0x20}, {{&(0x7f0000000900)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001f00)=[{&(0x7f0000000980)=""/250, 0xfa}, {&(0x7f0000000a80)=""/163, 0xa3}, {&(0x7f0000000b40)=""/132, 0x84}, {&(0x7f0000000c00)=""/85, 0x55}, {&(0x7f0000000c80)=""/70, 0x46}, {&(0x7f0000000d00)=""/198, 0xc6}, {&(0x7f0000000e00)=""/117, 0x75}, {&(0x7f0000000e80)=""/122, 0x7a}, {&(0x7f0000000f00)=""/4096, 0x1000}], 0x9, &(0x7f0000001fc0)=""/18, 0x12}, 0x7}, {{0x0, 0x0, &(0x7f0000002000)=[{&(0x7f0000002080)=""/105, 0x69}], 0x1, &(0x7f0000002100)=""/4096, 0x1000}, 0x5}, {{&(0x7f0000003100)=@x25, 0x80, &(0x7f0000003280)=[{&(0x7f0000003180)=""/248, 0xf8}], 0x1, &(0x7f00000032c0)=""/151, 0x97}, 0x80000001}, {{0x0, 0x0, &(0x7f00000038c0)=[{&(0x7f0000003380)=""/187, 0xbb}, {&(0x7f0000003440)=""/206, 0xce}, {&(0x7f0000003540)=""/157, 0x9d}, {&(0x7f0000003600)=""/90, 0x5a}, {&(0x7f0000003680)=""/19, 0x13}, {&(0x7f00000036c0)=""/203, 0xcb}, {&(0x7f00000037c0)=""/223, 0xdf}], 0x7, &(0x7f0000003940)=""/154, 0x9a}, 0x1}, {{0x0, 0x0, &(0x7f0000003b00)=[{&(0x7f0000003a00)=""/217, 0xd9}], 0x1, &(0x7f0000003b40)=""/245, 0xf5}, 0x3}, {{&(0x7f0000003c40)=@in6={0xa, 0x0, 0x0, @private1}, 0x80, &(0x7f0000004e80)=[{&(0x7f0000003cc0)=""/102, 0x66}, {&(0x7f0000003d40)=""/227, 0xe3}, {&(0x7f0000003e40)=""/62, 0x3e}, {&(0x7f0000003e80)=""/4096, 0x1000}], 0x4, &(0x7f0000004ec0)=""/184, 0xb8}, 0x1}, {{&(0x7f0000004f80)=@ieee802154={0x24, @long}, 0x80, &(0x7f0000005340)=[{&(0x7f0000005000)=""/245, 0xf5}, {&(0x7f0000005100)=""/165, 0xa5}, {&(0x7f00000051c0)=""/135, 0x87}, {&(0x7f0000005280)=""/91, 0x5b}, {&(0x7f0000005300)=""/20, 0x14}], 0x5, &(0x7f00000053c0)=""/156, 0x9c}}], 0x9, 0x41, &(0x7f00000056c0)={0x77359400})
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:01:17 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xd7, 0x0)

02:01:17 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) (async)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15) (async)
write$P9_RAUTH(r1, &(0x7f0000000800)={0x14, 0x67, 0x2, {0x80, 0x4, 0x4}}, 0x14) (async)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18) (async)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) (async)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) (async)
socketpair$unix(0x1, 0x0, 0x0, 0x0) (async)
recvmmsg(r2, &(0x7f0000005480)=[{{&(0x7f0000000000)=@pppoe, 0x80, &(0x7f0000000100)=[{&(0x7f0000000340)=""/132, 0x84}, {&(0x7f0000000080)=""/44, 0x2c}], 0x2, &(0x7f0000000400)=""/162, 0xa2}, 0x8}, {{&(0x7f00000004c0)=@ethernet={0x0, @broadcast}, 0x80, &(0x7f0000000840)=[{&(0x7f00000005c0)=""/205, 0xcd}, {&(0x7f0000000280)=""/47, 0x2f}, {&(0x7f00000006c0)=""/147, 0x93}, {&(0x7f0000000780)=""/122, 0x7a}, {&(0x7f0000000540)=""/63, 0x3f}, {&(0x7f0000000800)}], 0x6, &(0x7f00000008c0)=""/38, 0x26}, 0x20}, {{&(0x7f0000000900)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001f00)=[{&(0x7f0000000980)=""/250, 0xfa}, {&(0x7f0000000a80)=""/163, 0xa3}, {&(0x7f0000000b40)=""/132, 0x84}, {&(0x7f0000000c00)=""/85, 0x55}, {&(0x7f0000000c80)=""/70, 0x46}, {&(0x7f0000000d00)=""/198, 0xc6}, {&(0x7f0000000e00)=""/117, 0x75}, {&(0x7f0000000e80)=""/122, 0x7a}, {&(0x7f0000000f00)=""/4096, 0x1000}], 0x9, &(0x7f0000001fc0)=""/18, 0x12}, 0x7}, {{0x0, 0x0, &(0x7f0000002000)=[{&(0x7f0000002080)=""/105, 0x69}], 0x1, &(0x7f0000002100)=""/4096, 0x1000}, 0x5}, {{&(0x7f0000003100)=@x25, 0x80, &(0x7f0000003280)=[{&(0x7f0000003180)=""/248, 0xf8}], 0x1, &(0x7f00000032c0)=""/151, 0x97}, 0x80000001}, {{0x0, 0x0, &(0x7f00000038c0)=[{&(0x7f0000003380)=""/187, 0xbb}, {&(0x7f0000003440)=""/206, 0xce}, {&(0x7f0000003540)=""/157, 0x9d}, {&(0x7f0000003600)=""/90, 0x5a}, {&(0x7f0000003680)=""/19, 0x13}, {&(0x7f00000036c0)=""/203, 0xcb}, {&(0x7f00000037c0)=""/223, 0xdf}], 0x7, &(0x7f0000003940)=""/154, 0x9a}, 0x1}, {{0x0, 0x0, &(0x7f0000003b00)=[{&(0x7f0000003a00)=""/217, 0xd9}], 0x1, &(0x7f0000003b40)=""/245, 0xf5}, 0x3}, {{&(0x7f0000003c40)=@in6={0xa, 0x0, 0x0, @private1}, 0x80, &(0x7f0000004e80)=[{&(0x7f0000003cc0)=""/102, 0x66}, {&(0x7f0000003d40)=""/227, 0xe3}, {&(0x7f0000003e40)=""/62, 0x3e}, {&(0x7f0000003e80)=""/4096, 0x1000}], 0x4, &(0x7f0000004ec0)=""/184, 0xb8}, 0x1}, {{&(0x7f0000004f80)=@ieee802154={0x24, @long}, 0x80, &(0x7f0000005340)=[{&(0x7f0000005000)=""/245, 0xf5}, {&(0x7f0000005100)=""/165, 0xa5}, {&(0x7f00000051c0)=""/135, 0x87}, {&(0x7f0000005280)=""/91, 0x5b}, {&(0x7f0000005300)=""/20, 0x14}], 0x5, &(0x7f00000053c0)=""/156, 0x9c}}], 0x9, 0x41, &(0x7f00000056c0)={0x77359400})
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:01:17 executing program 3:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000002a000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:01:17 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff098000004c000000000000000000"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:01:17 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x12b, 0x0)

02:01:17 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xd9, 0x0)

02:01:17 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000))
connect$unix(0xffffffffffffffff, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000008c0)='net/mcfilter6\x00')
r0 = socket$key(0xf, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x176}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(0x0, 0x0, &(0x7f0000000480)=0x3008)
sched_setscheduler(r1, 0x1, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$loop_ctrl(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413e850000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
chdir(&(0x7f00000001c0)='./bus\x00')
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0) (fail_nth: 59)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
setfsuid(0x0)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)
r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
recvmmsg(r7, &(0x7f0000002e80)=[{{&(0x7f00000003c0)=@nl=@proc, 0x80, &(0x7f0000000340)=[{0x0}, {&(0x7f00000013c0)=""/78, 0x4e}], 0x2, &(0x7f0000001740)=""/229, 0xe5}, 0x5}, {{&(0x7f0000001440)=@caif=@util, 0x80, &(0x7f0000001d80)=[{&(0x7f0000001840)=""/236, 0xec}, {&(0x7f0000000440)=""/20, 0x14}, {&(0x7f00000014c0)=""/43, 0x2b}, {&(0x7f0000001b80)=""/197, 0xc5}, {&(0x7f0000001940)=""/101, 0x65}, {&(0x7f00000016c0)=""/55, 0x37}, {&(0x7f0000001c80)=""/229, 0xe5}], 0x7, &(0x7f0000001e00)=""/1, 0x1}, 0x24000}, {{&(0x7f0000001e40)=@in6={0xa, 0x0, 0x0, @private2}, 0x80, &(0x7f0000001f80)=[{&(0x7f0000001ec0)=""/151, 0x97}, {&(0x7f0000002480)=""/184, 0xb8}, {&(0x7f0000002540)=""/151, 0x97}, {&(0x7f0000002780)=""/248, 0xf8}], 0x4, &(0x7f0000002880)=""/127, 0x7f}, 0xa9}, {{&(0x7f0000002900)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x80, &(0x7f0000001fc0)=[{&(0x7f0000002980)=""/98, 0x62}], 0x1, &(0x7f0000002140)=""/1, 0x1}, 0x3}, {{&(0x7f0000002a00)=@nl=@proc, 0x80, &(0x7f0000002c80)=[{&(0x7f0000002a80)=""/88, 0x58}, {&(0x7f0000002b00)=""/198, 0xc6}, {&(0x7f0000002c00)=""/106, 0x6a}], 0x3, &(0x7f0000002cc0)=""/36, 0x24}, 0x7}], 0x5, 0x1, &(0x7f0000002e40)={0x77359400})
sendmsg$key(r0, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)

02:01:17 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) (async)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff098000004c000000000000000000"], 0x15) (async, rerun: 64)
r2 = dup(r1) (rerun: 64)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18) (async, rerun: 32)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) (async, rerun: 32)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0) (async)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

[ 1301.019699][T18492] 9pnet: bogus RWRITE count (2 > 1)
02:01:17 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x12d, 0x0)

[ 1301.141428][T18561] FAULT_INJECTION: forcing a failure.
[ 1301.141428][T18561] name failslab, interval 1, probability 0, space 0, times 0
[ 1301.154064][T18561] CPU: 0 PID: 18561 Comm: syz-executor.4 Tainted: G        W         5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1301.165752][T18561] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1301.175780][T18561] Call Trace:
[ 1301.179048][T18561]  dump_stack_lvl+0x1e2/0x24b
[ 1301.183699][T18561]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1301.189132][T18561]  ? do_syscall_64+0x34/0x70
[ 1301.193696][T18561]  dump_stack+0x15/0x17
[ 1301.197849][T18561]  should_fail+0x3c0/0x510
[ 1301.202243][T18561]  __should_failslab+0x9f/0xe0
[ 1301.206988][T18561]  should_failslab+0x9/0x20
[ 1301.211465][T18561]  kmem_cache_alloc+0x3f/0x300
[ 1301.216205][T18561]  ? skb_ext_add+0x13d/0x7e0
[ 1301.220773][T18561]  skb_ext_add+0x13d/0x7e0
[ 1301.225166][T18561]  ? kasan_unpoison+0x61/0x80
[ 1301.229830][T18561]  __alloc_skb+0x3c7/0x580
[ 1301.234226][T18561]  alloc_uevent_skb+0x7f/0x230
[ 1301.238964][T18561]  kobject_uevent_net_broadcast+0x321/0x5a0
[ 1301.244853][T18561]  kobject_uevent_env+0x540/0x730
[ 1301.249853][T18561]  kobject_uevent+0x1f/0x30
[ 1301.254337][T18561]  device_add+0x79c/0xbd0
[ 1301.258641][T18561]  device_create+0x258/0x2e0
[ 1301.263223][T18561]  ? root_device_unregister+0x80/0x80
[ 1301.268567][T18561]  ? number+0xd9b/0x1040
[ 1301.272874][T18561]  bdi_register_va+0x94/0x600
[ 1301.277523][T18561]  bdi_register+0xd1/0x120
[ 1301.281917][T18561]  ? __device_add_disk+0x536/0x11d0
[ 1301.287089][T18561]  ? bdi_register_va+0x600/0x600
[ 1301.291999][T18561]  ? vsnprintf+0x1bfd/0x1cd0
[ 1301.296574][T18561]  ? __kasan_check_read+0x11/0x20
[ 1301.301571][T18561]  ? blk_alloc_devt+0xd4/0x320
[ 1301.306309][T18561]  __device_add_disk+0x5cb/0x11d0
[ 1301.311310][T18561]  ? device_add_disk+0x40/0x40
[ 1301.316046][T18561]  ? loop_add+0x400/0x760
[ 1301.320349][T18561]  ? vsprintf+0x40/0x40
[ 1301.324481][T18561]  device_add_disk+0x2a/0x40
[ 1301.329044][T18561]  loop_add+0x58f/0x760
[ 1301.333189][T18561]  loop_control_ioctl+0x564/0x740
[ 1301.338191][T18561]  ? loop_remove+0xb0/0xb0
[ 1301.342585][T18561]  ? __fget_files+0x310/0x370
[ 1301.347238][T18561]  ? security_file_ioctl+0xb1/0xd0
[ 1301.352326][T18561]  ? loop_remove+0xb0/0xb0
[ 1301.356719][T18561]  __se_sys_ioctl+0x115/0x190
[ 1301.361371][T18561]  __x64_sys_ioctl+0x7b/0x90
[ 1301.365951][T18561]  do_syscall_64+0x34/0x70
[ 1301.370357][T18561]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1301.376223][T18561] RIP: 0033:0x7f6ee1968169
[ 1301.380616][T18561] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1301.400198][T18561] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1301.408585][T18561] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1301.416535][T18561] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
[ 1301.424483][T18561] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
[ 1301.432441][T18561] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
02:01:17 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xdb, 0x0)

02:01:17 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff098000004c000000000000000000"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) (async)
pipe2$9p(&(0x7f00000001c0), 0x0) (async)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff098000004c000000000000000000"], 0x15) (async)
dup(r1) (async)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18) (async)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) (async)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) (async)
socketpair$unix(0x1, 0x0, 0x0, 0x0) (async)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0) (async)

02:01:17 executing program 5:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
execveat(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000840)=[&(0x7f00000006c0)='\x00', 0x0], 0x100)
socket$inet_udplite(0x2, 0x2, 0x88)
setuid(0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff})
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000002a00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), 0x0, 0x2000, 0x0)

[ 1301.440401][T18561] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
[ 1301.469641][T22520] udevd[22520]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory
02:01:18 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xdd, 0x0)

02:01:18 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x50dd80, 0x0)
getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000340)={{{@in6=@local, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0, <r5=>0x0}}, {{@in6=@private2}, 0x0, @in6=@private0}}, &(0x7f0000000280)=0xe8)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x11, &(0x7f0000000440)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@cachetag={'cachetag', 0x3d, 'trusted.overlay.upper\x00'}}], [{@smackfshat={'smackfshat', 0x3d, 'trusted.overlay.upper\x00'}}, {@euid_lt={'euid<', r5}}, {@obj_type={'obj_type', 0x3d, 'trusted.overlay.upper\x00'}}]}})
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
r7 = signalfd4(r6, &(0x7f0000000380)={[0xe5]}, 0x8, 0x0)
execveat(r7, &(0x7f0000000440)='./bus\x00', 0x0, &(0x7f0000000840)=[&(0x7f00000006c0)='\x00', 0x0], 0x100)
read$FUSE(r2, &(0x7f0000002080)={0x2020, 0x0, 0x0, <r8=>0x0}, 0x2020)
mount$fuse(0x0, &(0x7f00000006c0)='./file0\x00', &(0x7f0000000700), 0x22050, &(0x7f0000000740)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r7, @ANYBLOB=',rootmode=00000000000000000120000,user_id=', @ANYRESDEC=r8, @ANYBLOB=',group_id<', @ANYRESDEC=0xee00, @ANYBLOB="2c6d61785f726561643d3078303030303030303030303030303166662c64656661756c745f7065726d697373696f6e732c626c6b73697a653d3078303030303030303030303030303830302c66736e616d653d2c7375626a5f747970653d747275737465642e6f7665726c61792e7570706572002c736d61636b6673726f6f743d241c2d2c61756469742c6173796e632c00"])
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f00000005c0)={'syztnl1\x00', &(0x7f0000000500)={'ip6gre0\x00', <r9=>r4, 0x2f, 0x6, 0x80, 0x8, 0x18, @ipv4={'\x00', '\xff\xff', @multicast2}, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x7800, 0x20, 0x7, 0x1f}})
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000680)={'sit0\x00', &(0x7f0000000600)={'sit0\x00', r9, 0x8000, 0x7, 0x100, 0x8, {{0xe, 0x4, 0x2, 0x5, 0x38, 0x67, 0x0, 0xff, 0x29, 0x0, @multicast1, @empty, {[@timestamp={0x44, 0x18, 0xdc, 0x0, 0x9, [0x53, 0x9baf, 0xf0, 0x8515, 0x4]}, @noop, @rr={0x7, 0xb, 0xb5, [@loopback, @multicast1]}]}}}}})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)
pipe2$9p(&(0x7f0000000000), 0x80)

[ 1301.757979][T18585] 9pnet: Insufficient options for proto=fd
02:01:18 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x12f, 0x0)

02:01:18 executing program 3:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000002a00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:01:18 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xdf, 0x0)

02:01:18 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000))
connect$unix(0xffffffffffffffff, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000008c0)='net/mcfilter6\x00')
r0 = socket$key(0xf, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x176}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(0x0, 0x0, &(0x7f0000000480)=0x3008)
sched_setscheduler(r1, 0x1, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$loop_ctrl(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413e850000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
chdir(&(0x7f00000001c0)='./bus\x00')
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0) (fail_nth: 60)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
setfsuid(0x0)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)
r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
recvmmsg(r7, &(0x7f0000002e80)=[{{&(0x7f00000003c0)=@nl=@proc, 0x80, &(0x7f0000000340)=[{0x0}, {&(0x7f00000013c0)=""/78, 0x4e}], 0x2, &(0x7f0000001740)=""/229, 0xe5}, 0x5}, {{&(0x7f0000001440)=@caif=@util, 0x80, &(0x7f0000001d80)=[{&(0x7f0000001840)=""/236, 0xec}, {&(0x7f0000000440)=""/20, 0x14}, {&(0x7f00000014c0)=""/43, 0x2b}, {&(0x7f0000001b80)=""/197, 0xc5}, {&(0x7f0000001940)=""/101, 0x65}, {&(0x7f00000016c0)=""/55, 0x37}, {&(0x7f0000001c80)=""/229, 0xe5}], 0x7, &(0x7f0000001e00)=""/1, 0x1}, 0x24000}, {{&(0x7f0000001e40)=@in6={0xa, 0x0, 0x0, @private2}, 0x80, &(0x7f0000001f80)=[{&(0x7f0000001ec0)=""/151, 0x97}, {&(0x7f0000002480)=""/184, 0xb8}, {&(0x7f0000002540)=""/151, 0x97}, {&(0x7f0000002780)=""/248, 0xf8}], 0x4, &(0x7f0000002880)=""/127, 0x7f}, 0xa9}, {{&(0x7f0000002900)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x80, &(0x7f0000001fc0)=[{&(0x7f0000002980)=""/98, 0x62}], 0x1, &(0x7f0000002140)=""/1, 0x1}, 0x3}, {{&(0x7f0000002a00)=@nl=@proc, 0x80, &(0x7f0000002c80)=[{&(0x7f0000002a80)=""/88, 0x58}, {&(0x7f0000002b00)=""/198, 0xc6}, {&(0x7f0000002c00)=""/106, 0x6a}], 0x3, &(0x7f0000002cc0)=""/36, 0x24}, 0x7}], 0x5, 0x1, &(0x7f0000002e40)={0x77359400})
sendmsg$key(r0, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)

02:01:18 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x131, 0x0)

02:01:18 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xe1, 0x0)

[ 1302.050258][T18609] FAULT_INJECTION: forcing a failure.
[ 1302.050258][T18609] name failslab, interval 1, probability 0, space 0, times 0
[ 1302.062896][T18609] CPU: 0 PID: 18609 Comm: syz-executor.4 Tainted: G        W         5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1302.074588][T18609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1302.084619][T18609] Call Trace:
[ 1302.087997][T18609]  dump_stack_lvl+0x1e2/0x24b
[ 1302.092666][T18609]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1302.098359][T18609]  dump_stack+0x15/0x17
[ 1302.102493][T18609]  should_fail+0x3c0/0x510
[ 1302.106897][T18609]  __should_failslab+0x9f/0xe0
[ 1302.111637][T18609]  should_failslab+0x9/0x20
[ 1302.116127][T18609]  kmem_cache_alloc+0x3f/0x300
[ 1302.120864][T18609]  ? skb_clone+0x1d6/0x3b0
[ 1302.125254][T18609]  skb_clone+0x1d6/0x3b0
[ 1302.129475][T18609]  netlink_broadcast_filtered+0x654/0x1200
[ 1302.135259][T18609]  netlink_broadcast+0x3a/0x50
[ 1302.139999][T18609]  kobject_uevent_net_broadcast+0x3b1/0x5a0
[ 1302.145867][T18609]  kobject_uevent_env+0x540/0x730
[ 1302.150867][T18609]  kobject_uevent+0x1f/0x30
[ 1302.155344][T18609]  device_add+0x79c/0xbd0
[ 1302.159648][T18609]  device_create+0x258/0x2e0
[ 1302.164217][T18609]  ? root_device_unregister+0x80/0x80
[ 1302.169564][T18609]  ? number+0xd9b/0x1040
[ 1302.173782][T18609]  bdi_register_va+0x94/0x600
[ 1302.178434][T18609]  bdi_register+0xd1/0x120
[ 1302.182827][T18609]  ? __device_add_disk+0x536/0x11d0
[ 1302.187998][T18609]  ? bdi_register_va+0x600/0x600
[ 1302.192909][T18609]  ? vsnprintf+0x1bfd/0x1cd0
[ 1302.197476][T18609]  ? __kasan_check_read+0x11/0x20
[ 1302.202475][T18609]  ? blk_alloc_devt+0xd4/0x320
[ 1302.207217][T18609]  __device_add_disk+0x5cb/0x11d0
[ 1302.212216][T18609]  ? device_add_disk+0x40/0x40
[ 1302.216956][T18609]  ? loop_add+0x400/0x760
[ 1302.221261][T18609]  ? vsprintf+0x40/0x40
[ 1302.225391][T18609]  device_add_disk+0x2a/0x40
[ 1302.229956][T18609]  loop_add+0x58f/0x760
[ 1302.234098][T18609]  loop_control_ioctl+0x564/0x740
[ 1302.239103][T18609]  ? loop_remove+0xb0/0xb0
[ 1302.243498][T18609]  ? __fget_files+0x310/0x370
[ 1302.248151][T18609]  ? security_file_ioctl+0xb1/0xd0
[ 1302.253238][T18609]  ? loop_remove+0xb0/0xb0
[ 1302.257629][T18609]  __se_sys_ioctl+0x115/0x190
[ 1302.262284][T18609]  __x64_sys_ioctl+0x7b/0x90
[ 1302.266848][T18609]  do_syscall_64+0x34/0x70
[ 1302.271238][T18609]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1302.277109][T18609] RIP: 0033:0x7f6ee1968169
[ 1302.281500][T18609] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1302.301102][T18609] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1302.309505][T18609] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1302.317455][T18609] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
[ 1302.325400][T18609] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
[ 1302.333350][T18609] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1302.341298][T18609] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
02:01:18 executing program 5:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
execveat(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000840)=[&(0x7f00000006c0)='\x00', 0x0], 0x100)
socket$inet_udplite(0x2, 0x2, 0x88)
setuid(0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff})
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000002a00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), 0x0, 0x2000, 0x0)

02:01:18 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xe3, 0x0)

02:01:18 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x133, 0x0)

02:01:19 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x50dd80, 0x0) (async)
getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000340)={{{@in6=@local, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0, <r5=>0x0}}, {{@in6=@private2}, 0x0, @in6=@private0}}, &(0x7f0000000280)=0xe8)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x11, &(0x7f0000000440)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@cachetag={'cachetag', 0x3d, 'trusted.overlay.upper\x00'}}], [{@smackfshat={'smackfshat', 0x3d, 'trusted.overlay.upper\x00'}}, {@euid_lt={'euid<', r5}}, {@obj_type={'obj_type', 0x3d, 'trusted.overlay.upper\x00'}}]}}) (async)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) (async)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0) (async)
r7 = signalfd4(r6, &(0x7f0000000380)={[0xe5]}, 0x8, 0x0)
execveat(r7, &(0x7f0000000440)='./bus\x00', 0x0, &(0x7f0000000840)=[&(0x7f00000006c0)='\x00', 0x0], 0x100) (async)
read$FUSE(r2, &(0x7f0000002080)={0x2020, 0x0, 0x0, <r8=>0x0}, 0x2020)
mount$fuse(0x0, &(0x7f00000006c0)='./file0\x00', &(0x7f0000000700), 0x22050, &(0x7f0000000740)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r7, @ANYBLOB=',rootmode=00000000000000000120000,user_id=', @ANYRESDEC=r8, @ANYBLOB=',group_id<', @ANYRESDEC=0xee00, @ANYBLOB="2c6d61785f726561643d3078303030303030303030303030303166662c64656661756c745f7065726d697373696f6e732c626c6b73697a653d3078303030303030303030303030303830302c66736e616d653d2c7375626a5f747970653d747275737465642e6f7665726c61792e7570706572002c736d61636b6673726f6f743d241c2d2c61756469742c6173796e632c00"]) (async)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f00000005c0)={'syztnl1\x00', &(0x7f0000000500)={'ip6gre0\x00', <r9=>r4, 0x2f, 0x6, 0x80, 0x8, 0x18, @ipv4={'\x00', '\xff\xff', @multicast2}, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x7800, 0x20, 0x7, 0x1f}})
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000680)={'sit0\x00', &(0x7f0000000600)={'sit0\x00', r9, 0x8000, 0x7, 0x100, 0x8, {{0xe, 0x4, 0x2, 0x5, 0x38, 0x67, 0x0, 0xff, 0x29, 0x0, @multicast1, @empty, {[@timestamp={0x44, 0x18, 0xdc, 0x0, 0x9, [0x53, 0x9baf, 0xf0, 0x8515, 0x4]}, @noop, @rr={0x7, 0xb, 0xb5, [@loopback, @multicast1]}]}}}}}) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)
pipe2$9p(&(0x7f0000000000), 0x80)

02:01:19 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xe5, 0x0)

[ 1302.738031][T18635] 9pnet: Insufficient options for proto=fd
02:01:19 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xe7, 0x0)

02:01:19 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000))
connect$unix(0xffffffffffffffff, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000008c0)='net/mcfilter6\x00')
r0 = socket$key(0xf, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x176}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(0x0, 0x0, &(0x7f0000000480)=0x3008)
sched_setscheduler(r1, 0x1, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$loop_ctrl(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413e850000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
chdir(&(0x7f00000001c0)='./bus\x00')
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0) (fail_nth: 61)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
setfsuid(0x0)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)
r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
recvmmsg(r7, &(0x7f0000002e80)=[{{&(0x7f00000003c0)=@nl=@proc, 0x80, &(0x7f0000000340)=[{0x0}, {&(0x7f00000013c0)=""/78, 0x4e}], 0x2, &(0x7f0000001740)=""/229, 0xe5}, 0x5}, {{&(0x7f0000001440)=@caif=@util, 0x80, &(0x7f0000001d80)=[{&(0x7f0000001840)=""/236, 0xec}, {&(0x7f0000000440)=""/20, 0x14}, {&(0x7f00000014c0)=""/43, 0x2b}, {&(0x7f0000001b80)=""/197, 0xc5}, {&(0x7f0000001940)=""/101, 0x65}, {&(0x7f00000016c0)=""/55, 0x37}, {&(0x7f0000001c80)=""/229, 0xe5}], 0x7, &(0x7f0000001e00)=""/1, 0x1}, 0x24000}, {{&(0x7f0000001e40)=@in6={0xa, 0x0, 0x0, @private2}, 0x80, &(0x7f0000001f80)=[{&(0x7f0000001ec0)=""/151, 0x97}, {&(0x7f0000002480)=""/184, 0xb8}, {&(0x7f0000002540)=""/151, 0x97}, {&(0x7f0000002780)=""/248, 0xf8}], 0x4, &(0x7f0000002880)=""/127, 0x7f}, 0xa9}, {{&(0x7f0000002900)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x80, &(0x7f0000001fc0)=[{&(0x7f0000002980)=""/98, 0x62}], 0x1, &(0x7f0000002140)=""/1, 0x1}, 0x3}, {{&(0x7f0000002a00)=@nl=@proc, 0x80, &(0x7f0000002c80)=[{&(0x7f0000002a80)=""/88, 0x58}, {&(0x7f0000002b00)=""/198, 0xc6}, {&(0x7f0000002c00)=""/106, 0x6a}], 0x3, &(0x7f0000002cc0)=""/36, 0x24}, 0x7}], 0x5, 0x1, &(0x7f0000002e40)={0x77359400})
sendmsg$key(r0, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)

02:01:19 executing program 3:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000002a00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:01:19 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x700, 0x0)

02:01:19 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xe9, 0x0)

[ 1302.987285][T18653] FAULT_INJECTION: forcing a failure.
[ 1302.987285][T18653] name failslab, interval 1, probability 0, space 0, times 0
[ 1302.999933][T18653] CPU: 0 PID: 18653 Comm: syz-executor.4 Tainted: G        W         5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1303.011625][T18653] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1303.021654][T18653] Call Trace:
[ 1303.024924][T18653]  dump_stack_lvl+0x1e2/0x24b
[ 1303.029579][T18653]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1303.035017][T18653]  dump_stack+0x15/0x17
[ 1303.039148][T18653]  should_fail+0x3c0/0x510
[ 1303.043540][T18653]  __should_failslab+0x9f/0xe0
[ 1303.048286][T18653]  should_failslab+0x9/0x20
[ 1303.052764][T18653]  kmem_cache_alloc+0x3f/0x300
[ 1303.057507][T18653]  ? skb_clone+0x1d6/0x3b0
[ 1303.061900][T18653]  skb_clone+0x1d6/0x3b0
[ 1303.066120][T18653]  netlink_broadcast_filtered+0x654/0x1200
[ 1303.071904][T18653]  netlink_broadcast+0x3a/0x50
[ 1303.076642][T18653]  kobject_uevent_net_broadcast+0x3b1/0x5a0
[ 1303.082509][T18653]  kobject_uevent_env+0x540/0x730
[ 1303.087509][T18653]  kobject_uevent+0x1f/0x30
[ 1303.092077][T18653]  device_add+0x79c/0xbd0
[ 1303.096385][T18653]  device_create+0x258/0x2e0
[ 1303.100951][T18653]  ? root_device_unregister+0x80/0x80
[ 1303.106318][T18653]  ? number+0xd9b/0x1040
[ 1303.110537][T18653]  bdi_register_va+0x94/0x600
[ 1303.115188][T18653]  bdi_register+0xd1/0x120
[ 1303.119592][T18653]  ? __device_add_disk+0x536/0x11d0
[ 1303.124765][T18653]  ? bdi_register_va+0x600/0x600
[ 1303.129692][T18653]  ? vsnprintf+0x1bfd/0x1cd0
[ 1303.134259][T18653]  ? __kasan_check_read+0x11/0x20
[ 1303.139261][T18653]  ? blk_alloc_devt+0xd4/0x320
[ 1303.144001][T18653]  __device_add_disk+0x5cb/0x11d0
[ 1303.149004][T18653]  ? device_add_disk+0x40/0x40
[ 1303.153745][T18653]  ? loop_add+0x400/0x760
[ 1303.158049][T18653]  ? vsprintf+0x40/0x40
[ 1303.162181][T18653]  device_add_disk+0x2a/0x40
[ 1303.166750][T18653]  loop_add+0x58f/0x760
[ 1303.170883][T18653]  loop_control_ioctl+0x564/0x740
[ 1303.175880][T18653]  ? loop_remove+0xb0/0xb0
[ 1303.180274][T18653]  ? __fget_files+0x310/0x370
[ 1303.184928][T18653]  ? security_file_ioctl+0xb1/0xd0
[ 1303.190029][T18653]  ? loop_remove+0xb0/0xb0
[ 1303.194419][T18653]  __se_sys_ioctl+0x115/0x190
[ 1303.199072][T18653]  __x64_sys_ioctl+0x7b/0x90
[ 1303.203641][T18653]  do_syscall_64+0x34/0x70
[ 1303.208044][T18653]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1303.213910][T18653] RIP: 0033:0x7f6ee1968169
[ 1303.218300][T18653] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1303.237881][T18653] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1303.246268][T18653] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1303.254216][T18653] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
[ 1303.262164][T18653] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
[ 1303.270112][T18653] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1303.278058][T18653] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
02:01:19 executing program 5:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
execveat(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000840)=[&(0x7f00000006c0)='\x00', 0x0], 0x100)
socket$inet_udplite(0x2, 0x2, 0x88)
setuid(0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff})
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000002a00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), 0x0, 0x2000, 0x0)

02:01:19 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xeb, 0x0)

02:01:20 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15) (async)
r2 = dup(r1)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x50dd80, 0x0) (async)
getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000340)={{{@in6=@local, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0, <r5=>0x0}}, {{@in6=@private2}, 0x0, @in6=@private0}}, &(0x7f0000000280)=0xe8)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x11, &(0x7f0000000440)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@cachetag={'cachetag', 0x3d, 'trusted.overlay.upper\x00'}}], [{@smackfshat={'smackfshat', 0x3d, 'trusted.overlay.upper\x00'}}, {@euid_lt={'euid<', r5}}, {@obj_type={'obj_type', 0x3d, 'trusted.overlay.upper\x00'}}]}}) (async)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18) (async)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) (async)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) (async)
socketpair$unix(0x1, 0x0, 0x0, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
r7 = signalfd4(r6, &(0x7f0000000380)={[0xe5]}, 0x8, 0x0)
execveat(r7, &(0x7f0000000440)='./bus\x00', 0x0, &(0x7f0000000840)=[&(0x7f00000006c0)='\x00', 0x0], 0x100)
read$FUSE(r2, &(0x7f0000002080)={0x2020, 0x0, 0x0, <r8=>0x0}, 0x2020)
mount$fuse(0x0, &(0x7f00000006c0)='./file0\x00', &(0x7f0000000700), 0x22050, &(0x7f0000000740)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r7, @ANYBLOB=',rootmode=00000000000000000120000,user_id=', @ANYRESDEC=r8, @ANYBLOB=',group_id<', @ANYRESDEC=0xee00, @ANYBLOB="2c6d61785f726561643d3078303030303030303030303030303166662c64656661756c745f7065726d697373696f6e732c626c6b73697a653d3078303030303030303030303030303830302c66736e616d653d2c7375626a5f747970653d747275737465642e6f7665726c61792e7570706572002c736d61636b6673726f6f743d241c2d2c61756469742c6173796e632c00"]) (async)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f00000005c0)={'syztnl1\x00', &(0x7f0000000500)={'ip6gre0\x00', <r9=>r4, 0x2f, 0x6, 0x80, 0x8, 0x18, @ipv4={'\x00', '\xff\xff', @multicast2}, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x7800, 0x20, 0x7, 0x1f}})
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000680)={'sit0\x00', &(0x7f0000000600)={'sit0\x00', r9, 0x8000, 0x7, 0x100, 0x8, {{0xe, 0x4, 0x2, 0x5, 0x38, 0x67, 0x0, 0xff, 0x29, 0x0, @multicast1, @empty, {[@timestamp={0x44, 0x18, 0xdc, 0x0, 0x9, [0x53, 0x9baf, 0xf0, 0x8515, 0x4]}, @noop, @rr={0x7, 0xb, 0xb5, [@loopback, @multicast1]}]}}}}}) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0) (async)
pipe2$9p(&(0x7f0000000000), 0x80)

[ 1303.680409][T18675] 9pnet: Insufficient options for proto=fd
[ 1303.690491][T18646] 9pnet: bogus RWRITE count (2 > 1)
02:01:20 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000))
connect$unix(0xffffffffffffffff, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000008c0)='net/mcfilter6\x00')
r0 = socket$key(0xf, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x176}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(0x0, 0x0, &(0x7f0000000480)=0x3008)
sched_setscheduler(r1, 0x1, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$loop_ctrl(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413e850000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
chdir(&(0x7f00000001c0)='./bus\x00')
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0) (fail_nth: 62)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
setfsuid(0x0)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)
r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
recvmmsg(r7, &(0x7f0000002e80)=[{{&(0x7f00000003c0)=@nl=@proc, 0x80, &(0x7f0000000340)=[{0x0}, {&(0x7f00000013c0)=""/78, 0x4e}], 0x2, &(0x7f0000001740)=""/229, 0xe5}, 0x5}, {{&(0x7f0000001440)=@caif=@util, 0x80, &(0x7f0000001d80)=[{&(0x7f0000001840)=""/236, 0xec}, {&(0x7f0000000440)=""/20, 0x14}, {&(0x7f00000014c0)=""/43, 0x2b}, {&(0x7f0000001b80)=""/197, 0xc5}, {&(0x7f0000001940)=""/101, 0x65}, {&(0x7f00000016c0)=""/55, 0x37}, {&(0x7f0000001c80)=""/229, 0xe5}], 0x7, &(0x7f0000001e00)=""/1, 0x1}, 0x24000}, {{&(0x7f0000001e40)=@in6={0xa, 0x0, 0x0, @private2}, 0x80, &(0x7f0000001f80)=[{&(0x7f0000001ec0)=""/151, 0x97}, {&(0x7f0000002480)=""/184, 0xb8}, {&(0x7f0000002540)=""/151, 0x97}, {&(0x7f0000002780)=""/248, 0xf8}], 0x4, &(0x7f0000002880)=""/127, 0x7f}, 0xa9}, {{&(0x7f0000002900)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x80, &(0x7f0000001fc0)=[{&(0x7f0000002980)=""/98, 0x62}], 0x1, &(0x7f0000002140)=""/1, 0x1}, 0x3}, {{&(0x7f0000002a00)=@nl=@proc, 0x80, &(0x7f0000002c80)=[{&(0x7f0000002a80)=""/88, 0x58}, {&(0x7f0000002b00)=""/198, 0xc6}, {&(0x7f0000002c00)=""/106, 0x6a}], 0x3, &(0x7f0000002cc0)=""/36, 0x24}, 0x7}], 0x5, 0x1, &(0x7f0000002e40)={0x77359400})
sendmsg$key(r0, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)

02:01:20 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xed, 0x0)

02:01:20 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x1001, 0x0)

[ 1303.909071][T18690] FAULT_INJECTION: forcing a failure.
[ 1303.909071][T18690] name failslab, interval 1, probability 0, space 0, times 0
[ 1303.921764][T18690] CPU: 1 PID: 18690 Comm: syz-executor.4 Tainted: G        W         5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1303.933455][T18690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1303.943484][T18690] Call Trace:
[ 1303.946752][T18690]  dump_stack_lvl+0x1e2/0x24b
[ 1303.951405][T18690]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1303.956835][T18690]  ? kmem_cache_free+0xa9/0x1f0
[ 1303.961661][T18690]  dump_stack+0x15/0x17
[ 1303.965792][T18690]  should_fail+0x3c0/0x510
[ 1303.970184][T18690]  __should_failslab+0x9f/0xe0
[ 1303.974929][T18690]  should_failslab+0x9/0x20
[ 1303.979410][T18690]  kmem_cache_alloc+0x3f/0x300
[ 1303.984150][T18690]  ? __d_alloc+0x2d/0x6b0
[ 1303.988452][T18690]  __d_alloc+0x2d/0x6b0
[ 1303.992583][T18690]  ? avc_has_perm_noaudit+0x358/0x4c0
[ 1303.997927][T18690]  d_alloc_parallel+0xe6/0x1330
[ 1304.002759][T18690]  ? avc_has_perm_noaudit+0x2ed/0x4c0
[ 1304.008108][T18690]  ? avc_denied+0x1b0/0x1b0
[ 1304.012584][T18690]  ? kfree+0xc3/0x290
[ 1304.016542][T18690]  ? d_hash_and_lookup+0x200/0x200
[ 1304.021630][T18690]  ? selinux_inode_permission+0x439/0x670
[ 1304.027322][T18690]  ? selinux_inode_follow_link+0x3c0/0x3c0
[ 1304.033100][T18690]  ? kobject_uevent_env+0x348/0x730
[ 1304.038270][T18690]  __lookup_slow+0x14e/0x400
[ 1304.042834][T18690]  ? __d_lookup+0x4da/0x530
[ 1304.047318][T18690]  ? lookup_one_len+0x6a0/0x6a0
[ 1304.052161][T18690]  lookup_one_len+0x43d/0x6a0
[ 1304.056811][T18690]  ? try_lookup_one_len+0x660/0x660
[ 1304.061986][T18690]  ? device_create+0x2bc/0x2e0
[ 1304.066726][T18690]  ? mntput+0x63/0xc0
[ 1304.070684][T18690]  start_creating+0x166/0x320
[ 1304.075351][T18690]  debugfs_create_dir+0x27/0x450
[ 1304.080261][T18690]  bdi_register_va+0x260/0x600
[ 1304.085003][T18690]  bdi_register+0xd1/0x120
[ 1304.089398][T18690]  ? __device_add_disk+0x536/0x11d0
[ 1304.094569][T18690]  ? bdi_register_va+0x600/0x600
[ 1304.099503][T18690]  ? vsnprintf+0x1bfd/0x1cd0
[ 1304.104072][T18690]  ? __kasan_check_read+0x11/0x20
[ 1304.109072][T18690]  ? blk_alloc_devt+0xd4/0x320
[ 1304.113817][T18690]  __device_add_disk+0x5cb/0x11d0
[ 1304.118820][T18690]  ? device_add_disk+0x40/0x40
[ 1304.123558][T18690]  ? loop_add+0x400/0x760
[ 1304.127861][T18690]  ? vsprintf+0x40/0x40
[ 1304.131991][T18690]  device_add_disk+0x2a/0x40
[ 1304.136553][T18690]  loop_add+0x58f/0x760
[ 1304.140686][T18690]  loop_control_ioctl+0x564/0x740
[ 1304.145699][T18690]  ? loop_remove+0xb0/0xb0
[ 1304.150088][T18690]  ? __fget_files+0x310/0x370
[ 1304.154744][T18690]  ? security_file_ioctl+0xb1/0xd0
[ 1304.159831][T18690]  ? loop_remove+0xb0/0xb0
[ 1304.164220][T18690]  __se_sys_ioctl+0x115/0x190
[ 1304.168872][T18690]  __x64_sys_ioctl+0x7b/0x90
[ 1304.173437][T18690]  do_syscall_64+0x34/0x70
[ 1304.177830][T18690]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1304.183696][T18690] RIP: 0033:0x7f6ee1968169
[ 1304.188088][T18690] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
02:01:20 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xef, 0x0)

[ 1304.207666][T18690] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1304.216057][T18690] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1304.224003][T18690] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
[ 1304.231951][T18690] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
[ 1304.239898][T18690] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1304.247849][T18690] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
02:01:20 executing program 5:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
execveat(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000840)=[&(0x7f00000006c0)='\x00', 0x0], 0x100)
socket$inet_udplite(0x2, 0x2, 0x88)
setuid(0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff})
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000002a00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), 0x0, 0x2000, 0x0)

02:01:20 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xf1, 0x0)

02:01:21 executing program 3:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000002a00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:01:21 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = socket(0x10, 0x802, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x450401, 0x4)
connect$netlink(r5, &(0x7f00000001c0)=@proc, 0xc)
getsockname$packet(r5, &(0x7f00000003c0)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r6, @ANYBLOB="e522c8ffac000062270012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000007c0)={0x0, 0xf1ffffff, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x6180}]}}]}, 0x40}, 0x7, 0x11000000}, 0x0)
writev(r3, &(0x7f0000000500)=[{&(0x7f0000000000)="a489c7966fbf45ff8f1630ca74bc9d8a3ad1dece41077bfdb233b09c741619720bc80be18b6c292ae124d2febc6426245be64ebdca8b75d214794ea14ae28c79db264b58c6d490b7a9ad29f7993ce5102bd079b914735231c32770b4ed078a4525c9efec1197d30f0409406ce5fa13f65b422e0b908a4126c084", 0x7a}, {&(0x7f0000000340)="9ecb314ca704144464dbcdb7445d573b24f58974c7b78d9950da5381b02f220de2a248f983615b6b324dc080d5d536da7ba028ca099e400e0647ac40c818a48f70a1cac8ce8d49b94ea90c73d25abff6e3279bf21bbdc057c9f28f16bcafcfa401a8685e4e2d69fc848044c43f090141c2b0232a713945f7fe335237673c34dd5b9b74078708", 0x86}, {&(0x7f0000000400)="aca4ca54c46169af71c863b9da53e6ce8fb20d70961d665da4b35b22df4162f21ddd9de4289c7051f0152923abdfa66e9d9ad62e8b471e565b2617bb40a712613593fb0c32fde06159690f7c5eaf9a08cc2c61adea955d3a8fc8532640d8e1b71e1ad1414f3b3d67e3ab694e8a7132c6fec24f50a664ed22367d341a9fc72ce2f2f29b1342f31ef1fb16ab2dbc7e7d1a15cd3edc8011f9bb657a3d93a503270adcca513776fa728cb553d0ce90d6d013069f1c008477944accbcd0325dfa15e7c9f0b4deede2de", 0xc7}, {&(0x7f00000005c0)="61cb6ef20cb8a22549239bf4f5aecabd0a5d57812860108656b941a53b91d62c32a98b3fabf6a06aaee6848355d10d37d7d35db14c95181e2862f535d155c19c55990ebd56933fcff2ca59b759ff8390ea69a4dc08ab636544a82faacb1af5bec7a882a510a72469995949ccad47f97ab3101b521495fb89f2eb315227f39d61498d858f136a94db65365f329964dcfef2d713cd6edf085b4292775f51fbc4ca9932f481e05db4d14d81dec35256daef73742f16dd5bf1e0e7224e63c91446916382d86a53a2b4066beab48dd5ab6ad73df68582520dd2bf7b67d3194ddecb904bb64cba777a3ba0f2c1eb6402fd", 0xee}, {&(0x7f0000000080)="bfbba26ea4220aa95c6d6a72a74128feff3eee84560d8975b03e7381a9", 0x1d}, {&(0x7f00000006c0)="65e0b257e785596aa77ad718eb383e84c2eaf1d103b3923786db4f87ddd9d0af9404f772f9b62140831d5ffef5fad74076146cb7944158e6410685a5731f896be3e2c70b00a0b2a14d8a509a809a76aba82afba5fb3b7922f478d3ab7482530cf4127f2990ebe8a8a35a8b8e5e6b24ecec56135148e732f12f1f0fadc367a4e851d09956bf0f5f302997c8e10a2d3fb7cd2bf99bfe", 0x95}, {&(0x7f0000000780)="d8afdebdf6ae1fec79735774fe3a52b5751e4e14426c03131e53d6847af6c80f73696cba243b5e4da429eacc8835b0139ee795ef2e1479549ba61f8b1e39346d66fd3153dca61fb68b8f2e7195940de141fd28cce5a83b29a730ed696d67725a50c15b8ca82575439ec66ad17748a99cb7a35d647cc081df51e45dcd6db5c336eab873927d6675d22ac612fbaece04c9ae814ddc3c31a99e406bd40a7899d322c5fab1aacbb2cb0a9e7129538085f537d323e4290b618155d9d6ee7fad26ead63d427ffe643ea5d40329525b", 0xcc}, {&(0x7f0000000880)="326399b46582a1b5fc9833be76cafa99cf2d27af5c9c9542f84a9da3a869671095e664f0646e60bc3df60e272d968f01298ae1f1c7659b17a95ca934a5fe63d7befb837bf8b2b476c86f1e83fe9867d4abff42cc960ebd1f142e71686c7f04e8b340c5915f578684ebd2333d5560639ae672d080f9cb2d0751676814ff937a7bc6e4c64f2c18a64051ab0c6f8c2666e28ec0", 0x92}], 0x8)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:01:21 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xf3, 0x0)

02:01:21 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000))
connect$unix(0xffffffffffffffff, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000008c0)='net/mcfilter6\x00')
r0 = socket$key(0xf, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x176}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(0x0, 0x0, &(0x7f0000000480)=0x3008)
sched_setscheduler(r1, 0x1, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$loop_ctrl(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413e850000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
chdir(&(0x7f00000001c0)='./bus\x00')
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0) (fail_nth: 63)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
setfsuid(0x0)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)
r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
recvmmsg(r7, &(0x7f0000002e80)=[{{&(0x7f00000003c0)=@nl=@proc, 0x80, &(0x7f0000000340)=[{0x0}, {&(0x7f00000013c0)=""/78, 0x4e}], 0x2, &(0x7f0000001740)=""/229, 0xe5}, 0x5}, {{&(0x7f0000001440)=@caif=@util, 0x80, &(0x7f0000001d80)=[{&(0x7f0000001840)=""/236, 0xec}, {&(0x7f0000000440)=""/20, 0x14}, {&(0x7f00000014c0)=""/43, 0x2b}, {&(0x7f0000001b80)=""/197, 0xc5}, {&(0x7f0000001940)=""/101, 0x65}, {&(0x7f00000016c0)=""/55, 0x37}, {&(0x7f0000001c80)=""/229, 0xe5}], 0x7, &(0x7f0000001e00)=""/1, 0x1}, 0x24000}, {{&(0x7f0000001e40)=@in6={0xa, 0x0, 0x0, @private2}, 0x80, &(0x7f0000001f80)=[{&(0x7f0000001ec0)=""/151, 0x97}, {&(0x7f0000002480)=""/184, 0xb8}, {&(0x7f0000002540)=""/151, 0x97}, {&(0x7f0000002780)=""/248, 0xf8}], 0x4, &(0x7f0000002880)=""/127, 0x7f}, 0xa9}, {{&(0x7f0000002900)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x80, &(0x7f0000001fc0)=[{&(0x7f0000002980)=""/98, 0x62}], 0x1, &(0x7f0000002140)=""/1, 0x1}, 0x3}, {{&(0x7f0000002a00)=@nl=@proc, 0x80, &(0x7f0000002c80)=[{&(0x7f0000002a80)=""/88, 0x58}, {&(0x7f0000002b00)=""/198, 0xc6}, {&(0x7f0000002c00)=""/106, 0x6a}], 0x3, &(0x7f0000002cc0)=""/36, 0x24}, 0x7}], 0x5, 0x1, &(0x7f0000002e40)={0x77359400})
sendmsg$key(r0, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)

02:01:21 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x1eea, 0x0)

[ 1305.080361][T18649] 9pnet: bogus RWRITE count (2 > 1)
02:01:21 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xf5, 0x0)

[ 1305.115187][T18719] __nla_validate_parse: 1 callbacks suppressed
[ 1305.115196][T18719] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1305.213815][T18728] FAULT_INJECTION: forcing a failure.
[ 1305.213815][T18728] name failslab, interval 1, probability 0, space 0, times 0
[ 1305.226448][T18728] CPU: 0 PID: 18728 Comm: syz-executor.4 Tainted: G        W         5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1305.238139][T18728] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1305.248169][T18728] Call Trace:
[ 1305.251439][T18728]  dump_stack_lvl+0x1e2/0x24b
[ 1305.256094][T18728]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1305.261527][T18728]  dump_stack+0x15/0x17
[ 1305.265660][T18728]  should_fail+0x3c0/0x510
[ 1305.270053][T18728]  __should_failslab+0x9f/0xe0
[ 1305.274796][T18728]  should_failslab+0x9/0x20
[ 1305.279359][T18728]  kmem_cache_alloc+0x3f/0x300
[ 1305.284103][T18728]  ? security_inode_alloc+0x29/0x140
[ 1305.289361][T18728]  security_inode_alloc+0x29/0x140
[ 1305.294451][T18728]  inode_init_always+0x710/0x970
[ 1305.299361][T18728]  new_inode_pseudo+0x93/0x220
[ 1305.304101][T18728]  new_inode+0x28/0x1c0
[ 1305.308233][T18728]  ? start_creating+0x206/0x320
[ 1305.313058][T18728]  debugfs_create_dir+0xf3/0x450
[ 1305.317968][T18728]  bdi_register_va+0x260/0x600
[ 1305.322706][T18728]  bdi_register+0xd1/0x120
[ 1305.327099][T18728]  ? __device_add_disk+0x536/0x11d0
[ 1305.332277][T18728]  ? bdi_register_va+0x600/0x600
[ 1305.337189][T18728]  ? vsnprintf+0x1bfd/0x1cd0
[ 1305.341757][T18728]  ? __kasan_check_read+0x11/0x20
[ 1305.347027][T18728]  ? blk_alloc_devt+0xd4/0x320
[ 1305.351765][T18728]  __device_add_disk+0x5cb/0x11d0
[ 1305.356764][T18728]  ? device_add_disk+0x40/0x40
[ 1305.361508][T18728]  ? loop_add+0x400/0x760
[ 1305.365816][T18728]  ? vsprintf+0x40/0x40
[ 1305.369948][T18728]  device_add_disk+0x2a/0x40
[ 1305.374512][T18728]  loop_add+0x58f/0x760
[ 1305.378642][T18728]  loop_control_ioctl+0x564/0x740
[ 1305.383645][T18728]  ? loop_remove+0xb0/0xb0
[ 1305.388038][T18728]  ? __fget_files+0x310/0x370
[ 1305.392694][T18728]  ? security_file_ioctl+0xb1/0xd0
[ 1305.397793][T18728]  ? loop_remove+0xb0/0xb0
[ 1305.402187][T18728]  __se_sys_ioctl+0x115/0x190
[ 1305.406841][T18728]  __x64_sys_ioctl+0x7b/0x90
[ 1305.411407][T18728]  do_syscall_64+0x34/0x70
[ 1305.415799][T18728]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1305.421670][T18728] RIP: 0033:0x7f6ee1968169
[ 1305.426060][T18728] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1305.445638][T18728] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1305.454027][T18728] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
02:01:21 executing program 5:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x700, 0x0)

[ 1305.461991][T18728] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
[ 1305.469958][T18728] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
[ 1305.477918][T18728] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1305.485955][T18728] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
[ 1305.494033][T18728] debugfs: out of free dentries, can not create directory '7:0'
02:01:22 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15) (async)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18) (async)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) (async)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) (async, rerun: 64)
r3 = socket$netlink(0x10, 0x3, 0x0) (async, rerun: 64)
r4 = socket$netlink(0x10, 0x3, 0x0) (async, rerun: 64)
r5 = socket(0x10, 0x802, 0x0) (rerun: 64)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x450401, 0x4) (async)
connect$netlink(r5, &(0x7f00000001c0)=@proc, 0xc)
getsockname$packet(r5, &(0x7f00000003c0)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r6, @ANYBLOB="e522c8ffac000062270012000c00010076657468"], 0x48}}, 0x0) (async)
sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) (async)
sendmsg$nl_route_sched(r3, &(0x7f00000007c0)={0x0, 0xf1ffffff, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x6180}]}}]}, 0x40}, 0x7, 0x11000000}, 0x0) (async)
writev(r3, &(0x7f0000000500)=[{&(0x7f0000000000)="a489c7966fbf45ff8f1630ca74bc9d8a3ad1dece41077bfdb233b09c741619720bc80be18b6c292ae124d2febc6426245be64ebdca8b75d214794ea14ae28c79db264b58c6d490b7a9ad29f7993ce5102bd079b914735231c32770b4ed078a4525c9efec1197d30f0409406ce5fa13f65b422e0b908a4126c084", 0x7a}, {&(0x7f0000000340)="9ecb314ca704144464dbcdb7445d573b24f58974c7b78d9950da5381b02f220de2a248f983615b6b324dc080d5d536da7ba028ca099e400e0647ac40c818a48f70a1cac8ce8d49b94ea90c73d25abff6e3279bf21bbdc057c9f28f16bcafcfa401a8685e4e2d69fc848044c43f090141c2b0232a713945f7fe335237673c34dd5b9b74078708", 0x86}, {&(0x7f0000000400)="aca4ca54c46169af71c863b9da53e6ce8fb20d70961d665da4b35b22df4162f21ddd9de4289c7051f0152923abdfa66e9d9ad62e8b471e565b2617bb40a712613593fb0c32fde06159690f7c5eaf9a08cc2c61adea955d3a8fc8532640d8e1b71e1ad1414f3b3d67e3ab694e8a7132c6fec24f50a664ed22367d341a9fc72ce2f2f29b1342f31ef1fb16ab2dbc7e7d1a15cd3edc8011f9bb657a3d93a503270adcca513776fa728cb553d0ce90d6d013069f1c008477944accbcd0325dfa15e7c9f0b4deede2de", 0xc7}, {&(0x7f00000005c0)="61cb6ef20cb8a22549239bf4f5aecabd0a5d57812860108656b941a53b91d62c32a98b3fabf6a06aaee6848355d10d37d7d35db14c95181e2862f535d155c19c55990ebd56933fcff2ca59b759ff8390ea69a4dc08ab636544a82faacb1af5bec7a882a510a72469995949ccad47f97ab3101b521495fb89f2eb315227f39d61498d858f136a94db65365f329964dcfef2d713cd6edf085b4292775f51fbc4ca9932f481e05db4d14d81dec35256daef73742f16dd5bf1e0e7224e63c91446916382d86a53a2b4066beab48dd5ab6ad73df68582520dd2bf7b67d3194ddecb904bb64cba777a3ba0f2c1eb6402fd", 0xee}, {&(0x7f0000000080)="bfbba26ea4220aa95c6d6a72a74128feff3eee84560d8975b03e7381a9", 0x1d}, {&(0x7f00000006c0)="65e0b257e785596aa77ad718eb383e84c2eaf1d103b3923786db4f87ddd9d0af9404f772f9b62140831d5ffef5fad74076146cb7944158e6410685a5731f896be3e2c70b00a0b2a14d8a509a809a76aba82afba5fb3b7922f478d3ab7482530cf4127f2990ebe8a8a35a8b8e5e6b24ecec56135148e732f12f1f0fadc367a4e851d09956bf0f5f302997c8e10a2d3fb7cd2bf99bfe", 0x95}, {&(0x7f0000000780)="d8afdebdf6ae1fec79735774fe3a52b5751e4e14426c03131e53d6847af6c80f73696cba243b5e4da429eacc8835b0139ee795ef2e1479549ba61f8b1e39346d66fd3153dca61fb68b8f2e7195940de141fd28cce5a83b29a730ed696d67725a50c15b8ca82575439ec66ad17748a99cb7a35d647cc081df51e45dcd6db5c336eab873927d6675d22ac612fbaece04c9ae814ddc3c31a99e406bd40a7899d322c5fab1aacbb2cb0a9e7129538085f537d323e4290b618155d9d6ee7fad26ead63d427ffe643ea5d40329525b", 0xcc}, {&(0x7f0000000880)="326399b46582a1b5fc9833be76cafa99cf2d27af5c9c9542f84a9da3a869671095e664f0646e60bc3df60e272d968f01298ae1f1c7659b17a95ca934a5fe63d7befb837bf8b2b476c86f1e83fe9867d4abff42cc960ebd1f142e71686c7f04e8b340c5915f578684ebd2333d5560639ae672d080f9cb2d0751676814ff937a7bc6e4c64f2c18a64051ab0c6f8c2666e28ec0", 0x92}], 0x8) (async, rerun: 32)
socketpair$unix(0x1, 0x0, 0x0, 0x0) (async, rerun: 32)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:01:22 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xf7, 0x0)

02:01:22 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xf9, 0x0)

02:01:22 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15) (async)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18) (async)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) (async)
r3 = socket$netlink(0x10, 0x3, 0x0) (async)
r4 = socket$netlink(0x10, 0x3, 0x0) (async)
r5 = socket(0x10, 0x802, 0x0) (async)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x450401, 0x4)
connect$netlink(r5, &(0x7f00000001c0)=@proc, 0xc) (async)
getsockname$packet(r5, &(0x7f00000003c0)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000004000000000", @ANYRES32=r6, @ANYBLOB="e522c8ffac000062270012000c00010076657468"], 0x48}}, 0x0) (async)
sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000007c0)={0x0, 0xf1ffffff, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x6180}]}}]}, 0x40}, 0x7, 0x11000000}, 0x0)
writev(r3, &(0x7f0000000500)=[{&(0x7f0000000000)="a489c7966fbf45ff8f1630ca74bc9d8a3ad1dece41077bfdb233b09c741619720bc80be18b6c292ae124d2febc6426245be64ebdca8b75d214794ea14ae28c79db264b58c6d490b7a9ad29f7993ce5102bd079b914735231c32770b4ed078a4525c9efec1197d30f0409406ce5fa13f65b422e0b908a4126c084", 0x7a}, {&(0x7f0000000340)="9ecb314ca704144464dbcdb7445d573b24f58974c7b78d9950da5381b02f220de2a248f983615b6b324dc080d5d536da7ba028ca099e400e0647ac40c818a48f70a1cac8ce8d49b94ea90c73d25abff6e3279bf21bbdc057c9f28f16bcafcfa401a8685e4e2d69fc848044c43f090141c2b0232a713945f7fe335237673c34dd5b9b74078708", 0x86}, {&(0x7f0000000400)="aca4ca54c46169af71c863b9da53e6ce8fb20d70961d665da4b35b22df4162f21ddd9de4289c7051f0152923abdfa66e9d9ad62e8b471e565b2617bb40a712613593fb0c32fde06159690f7c5eaf9a08cc2c61adea955d3a8fc8532640d8e1b71e1ad1414f3b3d67e3ab694e8a7132c6fec24f50a664ed22367d341a9fc72ce2f2f29b1342f31ef1fb16ab2dbc7e7d1a15cd3edc8011f9bb657a3d93a503270adcca513776fa728cb553d0ce90d6d013069f1c008477944accbcd0325dfa15e7c9f0b4deede2de", 0xc7}, {&(0x7f00000005c0)="61cb6ef20cb8a22549239bf4f5aecabd0a5d57812860108656b941a53b91d62c32a98b3fabf6a06aaee6848355d10d37d7d35db14c95181e2862f535d155c19c55990ebd56933fcff2ca59b759ff8390ea69a4dc08ab636544a82faacb1af5bec7a882a510a72469995949ccad47f97ab3101b521495fb89f2eb315227f39d61498d858f136a94db65365f329964dcfef2d713cd6edf085b4292775f51fbc4ca9932f481e05db4d14d81dec35256daef73742f16dd5bf1e0e7224e63c91446916382d86a53a2b4066beab48dd5ab6ad73df68582520dd2bf7b67d3194ddecb904bb64cba777a3ba0f2c1eb6402fd", 0xee}, {&(0x7f0000000080)="bfbba26ea4220aa95c6d6a72a74128feff3eee84560d8975b03e7381a9", 0x1d}, {&(0x7f00000006c0)="65e0b257e785596aa77ad718eb383e84c2eaf1d103b3923786db4f87ddd9d0af9404f772f9b62140831d5ffef5fad74076146cb7944158e6410685a5731f896be3e2c70b00a0b2a14d8a509a809a76aba82afba5fb3b7922f478d3ab7482530cf4127f2990ebe8a8a35a8b8e5e6b24ecec56135148e732f12f1f0fadc367a4e851d09956bf0f5f302997c8e10a2d3fb7cd2bf99bfe", 0x95}, {&(0x7f0000000780)="d8afdebdf6ae1fec79735774fe3a52b5751e4e14426c03131e53d6847af6c80f73696cba243b5e4da429eacc8835b0139ee795ef2e1479549ba61f8b1e39346d66fd3153dca61fb68b8f2e7195940de141fd28cce5a83b29a730ed696d67725a50c15b8ca82575439ec66ad17748a99cb7a35d647cc081df51e45dcd6db5c336eab873927d6675d22ac612fbaece04c9ae814ddc3c31a99e406bd40a7899d322c5fab1aacbb2cb0a9e7129538085f537d323e4290b618155d9d6ee7fad26ead63d427ffe643ea5d40329525b", 0xcc}, {&(0x7f0000000880)="326399b46582a1b5fc9833be76cafa99cf2d27af5c9c9542f84a9da3a869671095e664f0646e60bc3df60e272d968f01298ae1f1c7659b17a95ca934a5fe63d7befb837bf8b2b476c86f1e83fe9867d4abff42cc960ebd1f142e71686c7f04e8b340c5915f578684ebd2333d5560639ae672d080f9cb2d0751676814ff937a7bc6e4c64f2c18a64051ab0c6f8c2666e28ec0", 0x92}], 0x8) (async)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:01:22 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000))
connect$unix(0xffffffffffffffff, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000008c0)='net/mcfilter6\x00')
r0 = socket$key(0xf, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x176}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(0x0, 0x0, &(0x7f0000000480)=0x3008)
sched_setscheduler(r1, 0x1, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$loop_ctrl(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413e850000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
chdir(&(0x7f00000001c0)='./bus\x00')
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0) (fail_nth: 64)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
setfsuid(0x0)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)
r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
recvmmsg(r7, &(0x7f0000002e80)=[{{&(0x7f00000003c0)=@nl=@proc, 0x80, &(0x7f0000000340)=[{0x0}, {&(0x7f00000013c0)=""/78, 0x4e}], 0x2, &(0x7f0000001740)=""/229, 0xe5}, 0x5}, {{&(0x7f0000001440)=@caif=@util, 0x80, &(0x7f0000001d80)=[{&(0x7f0000001840)=""/236, 0xec}, {&(0x7f0000000440)=""/20, 0x14}, {&(0x7f00000014c0)=""/43, 0x2b}, {&(0x7f0000001b80)=""/197, 0xc5}, {&(0x7f0000001940)=""/101, 0x65}, {&(0x7f00000016c0)=""/55, 0x37}, {&(0x7f0000001c80)=""/229, 0xe5}], 0x7, &(0x7f0000001e00)=""/1, 0x1}, 0x24000}, {{&(0x7f0000001e40)=@in6={0xa, 0x0, 0x0, @private2}, 0x80, &(0x7f0000001f80)=[{&(0x7f0000001ec0)=""/151, 0x97}, {&(0x7f0000002480)=""/184, 0xb8}, {&(0x7f0000002540)=""/151, 0x97}, {&(0x7f0000002780)=""/248, 0xf8}], 0x4, &(0x7f0000002880)=""/127, 0x7f}, 0xa9}, {{&(0x7f0000002900)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x80, &(0x7f0000001fc0)=[{&(0x7f0000002980)=""/98, 0x62}], 0x1, &(0x7f0000002140)=""/1, 0x1}, 0x3}, {{&(0x7f0000002a00)=@nl=@proc, 0x80, &(0x7f0000002c80)=[{&(0x7f0000002a80)=""/88, 0x58}, {&(0x7f0000002b00)=""/198, 0xc6}, {&(0x7f0000002c00)=""/106, 0x6a}], 0x3, &(0x7f0000002cc0)=""/36, 0x24}, 0x7}], 0x5, 0x1, &(0x7f0000002e40)={0x77359400})
sendmsg$key(r0, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)

02:01:22 executing program 3:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000002a00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:01:22 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x1eec, 0x0)

02:01:22 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xfb, 0x0)

[ 1306.036967][T18764] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'.
02:01:22 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/keys\x00', 0x0, 0x0)
renameat2(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', r2, &(0x7f0000000080)='./file0\x00', 0x2)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYRESDEC=r2], 0x15)
r3 = dup(r1)
write$FUSE_BMAP(r3, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
rmdir(&(0x7f0000000100)='./file0\x00')
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

[ 1306.168159][T18776] FAULT_INJECTION: forcing a failure.
[ 1306.168159][T18776] name failslab, interval 1, probability 0, space 0, times 0
[ 1306.180806][T18776] CPU: 0 PID: 18776 Comm: syz-executor.4 Tainted: G        W         5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1306.192500][T18776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1306.202529][T18776] Call Trace:
[ 1306.205804][T18776]  dump_stack_lvl+0x1e2/0x24b
[ 1306.210457][T18776]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1306.215978][T18776]  dump_stack+0x15/0x17
[ 1306.220107][T18776]  should_fail+0x3c0/0x510
[ 1306.224500][T18776]  __should_failslab+0x9f/0xe0
[ 1306.229241][T18776]  should_failslab+0x9/0x20
[ 1306.233720][T18776]  kmem_cache_alloc+0x3f/0x300
[ 1306.238486][T18776]  ? security_inode_alloc+0x29/0x140
[ 1306.244873][T18776]  security_inode_alloc+0x29/0x140
[ 1306.249976][T18776]  inode_init_always+0x710/0x970
[ 1306.254890][T18776]  new_inode_pseudo+0x93/0x220
[ 1306.259627][T18776]  new_inode+0x28/0x1c0
[ 1306.263760][T18776]  ? start_creating+0x206/0x320
[ 1306.268587][T18776]  debugfs_create_dir+0xf3/0x450
[ 1306.273514][T18776]  bdi_register_va+0x260/0x600
[ 1306.278253][T18776]  bdi_register+0xd1/0x120
[ 1306.282645][T18776]  ? __device_add_disk+0x536/0x11d0
[ 1306.287815][T18776]  ? bdi_register_va+0x600/0x600
[ 1306.292726][T18776]  ? vsnprintf+0x1bfd/0x1cd0
[ 1306.297295][T18776]  ? __kasan_check_read+0x11/0x20
[ 1306.302309][T18776]  ? blk_alloc_devt+0xd4/0x320
[ 1306.307052][T18776]  __device_add_disk+0x5cb/0x11d0
[ 1306.312050][T18776]  ? device_add_disk+0x40/0x40
[ 1306.316814][T18776]  ? loop_add+0x400/0x760
[ 1306.321121][T18776]  ? vsprintf+0x40/0x40
[ 1306.325251][T18776]  device_add_disk+0x2a/0x40
[ 1306.329816][T18776]  loop_add+0x58f/0x760
[ 1306.333948][T18776]  loop_control_ioctl+0x564/0x740
[ 1306.338949][T18776]  ? loop_remove+0xb0/0xb0
[ 1306.343343][T18776]  ? __fget_files+0x310/0x370
[ 1306.347996][T18776]  ? security_file_ioctl+0xb1/0xd0
[ 1306.353081][T18776]  ? loop_remove+0xb0/0xb0
[ 1306.357470][T18776]  __se_sys_ioctl+0x115/0x190
[ 1306.362128][T18776]  __x64_sys_ioctl+0x7b/0x90
[ 1306.366692][T18776]  do_syscall_64+0x34/0x70
[ 1306.371087][T18776]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1306.376955][T18776] RIP: 0033:0x7f6ee1968169
[ 1306.381346][T18776] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1306.401010][T18776] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1306.409401][T18776] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1306.417351][T18776] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
[ 1306.425296][T18776] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
[ 1306.433349][T18776] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1306.441298][T18776] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
[ 1306.449385][T18776] debugfs: out of free dentries, can not create directory '7:0'
[ 1306.482615][T18738] 9pnet: bogus RWRITE count (2 > 1)
02:01:23 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0) (async)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/keys\x00', 0x0, 0x0)
renameat2(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', r2, &(0x7f0000000080)='./file0\x00', 0x2) (async)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYRESDEC=r2], 0x15)
r3 = dup(r1)
write$FUSE_BMAP(r3, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0) (async)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
rmdir(&(0x7f0000000100)='./file0\x00')
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:01:23 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0xfd, 0x0)

02:01:23 executing program 5:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x700, 0x0)

02:01:23 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/keys\x00', 0x0, 0x0) (async)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/keys\x00', 0x0, 0x0)
renameat2(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', r2, &(0x7f0000000080)='./file0\x00', 0x2) (async)
renameat2(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', r2, &(0x7f0000000080)='./file0\x00', 0x2)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYRESDEC=r2], 0x15) (async)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYRESDEC=r2], 0x15)
r3 = dup(r1)
write$FUSE_BMAP(r3, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
rmdir(&(0x7f0000000100)='./file0\x00')
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:01:23 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000))
connect$unix(0xffffffffffffffff, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000008c0)='net/mcfilter6\x00')
r0 = socket$key(0xf, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x176}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(0x0, 0x0, &(0x7f0000000480)=0x3008)
sched_setscheduler(r1, 0x1, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$loop_ctrl(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413e850000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
chdir(&(0x7f00000001c0)='./bus\x00')
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0) (fail_nth: 65)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
setfsuid(0x0)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)
r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
recvmmsg(r7, &(0x7f0000002e80)=[{{&(0x7f00000003c0)=@nl=@proc, 0x80, &(0x7f0000000340)=[{0x0}, {&(0x7f00000013c0)=""/78, 0x4e}], 0x2, &(0x7f0000001740)=""/229, 0xe5}, 0x5}, {{&(0x7f0000001440)=@caif=@util, 0x80, &(0x7f0000001d80)=[{&(0x7f0000001840)=""/236, 0xec}, {&(0x7f0000000440)=""/20, 0x14}, {&(0x7f00000014c0)=""/43, 0x2b}, {&(0x7f0000001b80)=""/197, 0xc5}, {&(0x7f0000001940)=""/101, 0x65}, {&(0x7f00000016c0)=""/55, 0x37}, {&(0x7f0000001c80)=""/229, 0xe5}], 0x7, &(0x7f0000001e00)=""/1, 0x1}, 0x24000}, {{&(0x7f0000001e40)=@in6={0xa, 0x0, 0x0, @private2}, 0x80, &(0x7f0000001f80)=[{&(0x7f0000001ec0)=""/151, 0x97}, {&(0x7f0000002480)=""/184, 0xb8}, {&(0x7f0000002540)=""/151, 0x97}, {&(0x7f0000002780)=""/248, 0xf8}], 0x4, &(0x7f0000002880)=""/127, 0x7f}, 0xa9}, {{&(0x7f0000002900)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x80, &(0x7f0000001fc0)=[{&(0x7f0000002980)=""/98, 0x62}], 0x1, &(0x7f0000002140)=""/1, 0x1}, 0x3}, {{&(0x7f0000002a00)=@nl=@proc, 0x80, &(0x7f0000002c80)=[{&(0x7f0000002a80)=""/88, 0x58}, {&(0x7f0000002b00)=""/198, 0xc6}, {&(0x7f0000002c00)=""/106, 0x6a}], 0x3, &(0x7f0000002cc0)=""/36, 0x24}, 0x7}], 0x5, 0x1, &(0x7f0000002e40)={0x77359400})
sendmsg$key(r0, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)

02:01:23 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x103, 0x0)

02:01:23 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="15000001c2fd156d002e4c00000002000000000000000000000e1a92ebaae8"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18, 0xfffffffffffffffe, 0x0, {0x40000000001}}, 0x18)
r3 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000040), 0x28000, 0x0)
write$P9_RMKDIR(r3, &(0x7f0000000080)={0x14, 0x49, 0x2, {0x30}}, 0x14)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r4 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0)
fsetxattr(r4, &(0x7f0000000280)=@known='trusted.overlay.opaque\x00', &(0x7f0000000300)='**[%,)##\x00', 0x9, 0x3)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

[ 1307.093474][T18814] FAULT_INJECTION: forcing a failure.
[ 1307.093474][T18814] name failslab, interval 1, probability 0, space 0, times 0
[ 1307.106100][T18814] CPU: 0 PID: 18814 Comm: syz-executor.4 Tainted: G        W         5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1307.117809][T18814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1307.127843][T18814] Call Trace:
[ 1307.131116][T18814]  dump_stack_lvl+0x1e2/0x24b
[ 1307.135774][T18814]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1307.141212][T18814]  ? __se_sys_ioctl+0x115/0x190
[ 1307.146043][T18814]  dump_stack+0x15/0x17
[ 1307.150175][T18814]  should_fail+0x3c0/0x510
[ 1307.154571][T18814]  __should_failslab+0x9f/0xe0
[ 1307.159311][T18814]  should_failslab+0x9/0x20
[ 1307.163793][T18814]  kmem_cache_alloc+0x3f/0x300
[ 1307.168531][T18814]  ? __d_alloc+0x2d/0x6b0
[ 1307.172837][T18814]  ? __reset_page_owner+0x35/0x160
[ 1307.177926][T18814]  __d_alloc+0x2d/0x6b0
[ 1307.182058][T18814]  ? __reset_page_owner+0x160/0x160
[ 1307.187234][T18814]  ? avc_has_perm_noaudit+0x358/0x4c0
[ 1307.192582][T18814]  d_alloc_parallel+0xe6/0x1330
[ 1307.197410][T18814]  ? avc_has_perm_noaudit+0x2ed/0x4c0
[ 1307.202758][T18814]  ? avc_denied+0x1b0/0x1b0
[ 1307.207251][T18814]  ? __reset_page_owner+0x80/0x160
[ 1307.212351][T18814]  ? d_hash_and_lookup+0x200/0x200
[ 1307.217451][T18814]  ? selinux_inode_permission+0x439/0x670
[ 1307.223146][T18814]  ? selinux_inode_follow_link+0x3c0/0x3c0
[ 1307.228927][T18814]  __lookup_slow+0x14e/0x400
[ 1307.233508][T18814]  ? __d_lookup+0x4da/0x530
[ 1307.237996][T18814]  ? lookup_one_len+0x6a0/0x6a0
[ 1307.242826][T18814]  lookup_one_len+0x43d/0x6a0
[ 1307.247486][T18814]  ? try_lookup_one_len+0x660/0x660
[ 1307.252663][T18814]  start_creating+0x166/0x320
[ 1307.257317][T18814]  __debugfs_create_file+0x75/0x4a0
[ 1307.262750][T18814]  ? up_write+0x19/0xd0
[ 1307.266888][T18814]  debugfs_create_file+0x4a/0x60
[ 1307.271805][T18814]  bdi_register_va+0x2ab/0x600
[ 1307.276553][T18814]  bdi_register+0xd1/0x120
[ 1307.281038][T18814]  ? __device_add_disk+0x536/0x11d0
[ 1307.286215][T18814]  ? bdi_register_va+0x600/0x600
[ 1307.291129][T18814]  ? vsnprintf+0x1bfd/0x1cd0
[ 1307.295704][T18814]  ? __kasan_check_read+0x11/0x20
[ 1307.300729][T18814]  ? blk_alloc_devt+0xd4/0x320
[ 1307.305484][T18814]  __device_add_disk+0x5cb/0x11d0
[ 1307.310496][T18814]  ? device_add_disk+0x40/0x40
[ 1307.315246][T18814]  ? loop_add+0x400/0x760
[ 1307.319566][T18814]  ? vsprintf+0x40/0x40
[ 1307.323704][T18814]  device_add_disk+0x2a/0x40
[ 1307.328286][T18814]  loop_add+0x58f/0x760
[ 1307.332421][T18814]  loop_control_ioctl+0x564/0x740
[ 1307.337431][T18814]  ? loop_remove+0xb0/0xb0
[ 1307.341826][T18814]  ? __fget_files+0x310/0x370
[ 1307.346479][T18814]  ? security_file_ioctl+0xb1/0xd0
[ 1307.351567][T18814]  ? loop_remove+0xb0/0xb0
[ 1307.355960][T18814]  __se_sys_ioctl+0x115/0x190
[ 1307.360628][T18814]  __x64_sys_ioctl+0x7b/0x90
[ 1307.365214][T18814]  do_syscall_64+0x34/0x70
[ 1307.369609][T18814]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1307.375492][T18814] RIP: 0033:0x7f6ee1968169
[ 1307.379888][T18814] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1307.399538][T18814] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1307.408015][T18814] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1307.415963][T18814] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
[ 1307.423910][T18814] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
[ 1307.431869][T18814] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
02:01:23 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) (async)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="15000001c2fd156d002e4c00000002000000000000000000000e1a92ebaae8"], 0x15) (async)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18, 0xfffffffffffffffe, 0x0, {0x40000000001}}, 0x18)
r3 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000040), 0x28000, 0x0)
write$P9_RMKDIR(r3, &(0x7f0000000080)={0x14, 0x49, 0x2, {0x30}}, 0x14)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) (async)
socketpair$unix(0x1, 0x0, 0x0, 0x0) (async)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r4 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0)
fsetxattr(r4, &(0x7f0000000280)=@known='trusted.overlay.opaque\x00', &(0x7f0000000300)='**[%,)##\x00', 0x9, 0x3)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

[ 1307.440171][T18814] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
[ 1307.944237][T18803] 9pnet: bogus RWRITE count (2 > 1)
02:01:24 executing program 3:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000002a00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:01:24 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x105, 0x0)

02:01:24 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) (async, rerun: 32)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0) (rerun: 32)
write$P9_RVERSION(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="15000001c2fd156d002e4c00000002000000000000000000000e1a92ebaae8"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18, 0xfffffffffffffffe, 0x0, {0x40000000001}}, 0x18) (async)
r3 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000040), 0x28000, 0x0)
write$P9_RMKDIR(r3, &(0x7f0000000080)={0x14, 0x49, 0x2, {0x30}}, 0x14)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) (async)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r4 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0)
fsetxattr(r4, &(0x7f0000000280)=@known='trusted.overlay.opaque\x00', &(0x7f0000000300)='**[%,)##\x00', 0x9, 0x3) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:01:24 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000))
connect$unix(0xffffffffffffffff, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000008c0)='net/mcfilter6\x00')
r0 = socket$key(0xf, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x176}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(0x0, 0x0, &(0x7f0000000480)=0x3008)
sched_setscheduler(r1, 0x1, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$loop_ctrl(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413e850000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
chdir(&(0x7f00000001c0)='./bus\x00')
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0) (fail_nth: 66)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
setfsuid(0x0)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)
r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
recvmmsg(r7, &(0x7f0000002e80)=[{{&(0x7f00000003c0)=@nl=@proc, 0x80, &(0x7f0000000340)=[{0x0}, {&(0x7f00000013c0)=""/78, 0x4e}], 0x2, &(0x7f0000001740)=""/229, 0xe5}, 0x5}, {{&(0x7f0000001440)=@caif=@util, 0x80, &(0x7f0000001d80)=[{&(0x7f0000001840)=""/236, 0xec}, {&(0x7f0000000440)=""/20, 0x14}, {&(0x7f00000014c0)=""/43, 0x2b}, {&(0x7f0000001b80)=""/197, 0xc5}, {&(0x7f0000001940)=""/101, 0x65}, {&(0x7f00000016c0)=""/55, 0x37}, {&(0x7f0000001c80)=""/229, 0xe5}], 0x7, &(0x7f0000001e00)=""/1, 0x1}, 0x24000}, {{&(0x7f0000001e40)=@in6={0xa, 0x0, 0x0, @private2}, 0x80, &(0x7f0000001f80)=[{&(0x7f0000001ec0)=""/151, 0x97}, {&(0x7f0000002480)=""/184, 0xb8}, {&(0x7f0000002540)=""/151, 0x97}, {&(0x7f0000002780)=""/248, 0xf8}], 0x4, &(0x7f0000002880)=""/127, 0x7f}, 0xa9}, {{&(0x7f0000002900)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x80, &(0x7f0000001fc0)=[{&(0x7f0000002980)=""/98, 0x62}], 0x1, &(0x7f0000002140)=""/1, 0x1}, 0x3}, {{&(0x7f0000002a00)=@nl=@proc, 0x80, &(0x7f0000002c80)=[{&(0x7f0000002a80)=""/88, 0x58}, {&(0x7f0000002b00)=""/198, 0xc6}, {&(0x7f0000002c00)=""/106, 0x6a}], 0x3, &(0x7f0000002cc0)=""/36, 0x24}, 0x7}], 0x5, 0x1, &(0x7f0000002e40)={0x77359400})
sendmsg$key(r0, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)

02:01:24 executing program 5:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x700, 0x0)

02:01:24 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x1eee, 0x0)

[ 1308.329437][T18770] 9pnet: bogus RWRITE count (2 > 1)
[ 1308.343450][T18772] 9pnet: bogus RWRITE count (2 > 1)
02:01:24 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
r3 = signalfd4(r2, &(0x7f0000000000)={[0x4]}, 0x8, 0x80000)
read$FUSE(0xffffffffffffffff, &(0x7f0000002080)={0x2020, 0x0, <r4=>0x0}, 0x2020)
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000340)={{{@in6=@empty, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0}}, {{@in=@private}, 0x0, @in=@initdev}}, &(0x7f0000000040)=0xe8)
write$FUSE_DIRENTPLUS(r3, &(0x7f00000005c0)={0x338, 0x0, r4, [{{0x0, 0x3, 0x400, 0x101, 0x9, 0xfffeffff, {0x6, 0x8000000000000000, 0x3, 0x7fff, 0x8001, 0xffffffffffffffff, 0x7, 0x1, 0x4, 0xc000, 0x1, r5, 0xee01, 0x9, 0x3}}, {0x1, 0xdb, 0x7, 0x8, '^[!-\xe5**'}}, {{0x3, 0x0, 0xcff, 0xff, 0x7, 0x1, {0x3, 0xffffffffffffff7f, 0x9, 0x1, 0x4c1, 0x3, 0x6, 0x2, 0x8, 0xa000, 0x6d, 0x0, 0xee01, 0x0, 0x200}}, {0x0, 0xffffffffffff0000, 0x3, 0xffffffff, '\'#]'}}, {{0x0, 0x2, 0xbf66, 0x7ff, 0x9, 0x7, {0x7ff, 0x7fffffffffffffff, 0xffffffff00000001, 0x2094, 0x4, 0x3, 0xffffff6d, 0xfffff800, 0x5, 0xa000, 0x80, 0xffffffffffffffff, 0x0, 0xff, 0x7}}, {0x2, 0x8a0, 0x16, 0xfffffff8, 'trusted.overlay.upper\x00'}}, {{0x3, 0x0, 0x7fffffffffffffff, 0x2, 0x8001, 0x4, {0x1, 0xdb, 0x94b, 0x1b, 0x0, 0x2, 0x800, 0x80000000, 0x40, 0x1000, 0x3, 0x0, 0xffffffffffffffff, 0x2e, 0x80000000}}, {0x4, 0x81, 0x0, 0x4}}, {{0x4, 0x1, 0x5, 0xbe, 0x80000000, 0x2, {0x4, 0x8000000000000000, 0x5, 0x8, 0x7, 0x1, 0x3ff, 0x7, 0x7f, 0xc000, 0x80, 0x0, 0xee00, 0x8, 0x4}}, {0x6, 0x8000000000000001, 0x2, 0x81, '[}'}}]}, 0x338)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

[ 1308.482256][T18853] FAULT_INJECTION: forcing a failure.
[ 1308.482256][T18853] name failslab, interval 1, probability 0, space 0, times 0
[ 1308.494882][T18853] CPU: 0 PID: 18853 Comm: syz-executor.4 Tainted: G        W         5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1308.506581][T18853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1308.516629][T18853] Call Trace:
[ 1308.519908][T18853]  dump_stack_lvl+0x1e2/0x24b
[ 1308.524575][T18853]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1308.530014][T18853]  ? __se_sys_ioctl+0x115/0x190
[ 1308.534844][T18853]  dump_stack+0x15/0x17
[ 1308.538976][T18853]  should_fail+0x3c0/0x510
[ 1308.543374][T18853]  __should_failslab+0x9f/0xe0
[ 1308.548114][T18853]  should_failslab+0x9/0x20
[ 1308.552595][T18853]  kmem_cache_alloc+0x3f/0x300
[ 1308.557335][T18853]  ? __d_alloc+0x2d/0x6b0
[ 1308.561656][T18853]  ? __reset_page_owner+0x35/0x160
[ 1308.566745][T18853]  __d_alloc+0x2d/0x6b0
[ 1308.570883][T18853]  ? __reset_page_owner+0x160/0x160
[ 1308.576057][T18853]  ? avc_has_perm_noaudit+0x358/0x4c0
[ 1308.581422][T18853]  d_alloc_parallel+0xe6/0x1330
[ 1308.586248][T18853]  ? avc_has_perm_noaudit+0x2ed/0x4c0
[ 1308.591601][T18853]  ? avc_denied+0x1b0/0x1b0
[ 1308.596132][T18853]  ? __reset_page_owner+0x80/0x160
[ 1308.601237][T18853]  ? d_hash_and_lookup+0x200/0x200
[ 1308.606361][T18853]  ? selinux_inode_permission+0x439/0x670
[ 1308.612088][T18853]  ? selinux_inode_follow_link+0x3c0/0x3c0
[ 1308.617877][T18853]  __lookup_slow+0x14e/0x400
[ 1308.622446][T18853]  ? __d_lookup+0x4da/0x530
[ 1308.626927][T18853]  ? lookup_one_len+0x6a0/0x6a0
[ 1308.631841][T18853]  lookup_one_len+0x43d/0x6a0
[ 1308.636512][T18853]  ? try_lookup_one_len+0x660/0x660
[ 1308.641697][T18853]  start_creating+0x166/0x320
[ 1308.646443][T18853]  __debugfs_create_file+0x75/0x4a0
[ 1308.651627][T18853]  ? up_write+0x19/0xd0
[ 1308.655761][T18853]  debugfs_create_file+0x4a/0x60
[ 1308.660690][T18853]  bdi_register_va+0x2ab/0x600
[ 1308.665435][T18853]  bdi_register+0xd1/0x120
[ 1308.669919][T18853]  ? __device_add_disk+0x536/0x11d0
[ 1308.675093][T18853]  ? bdi_register_va+0x600/0x600
[ 1308.680016][T18853]  ? vsnprintf+0x1bfd/0x1cd0
[ 1308.684585][T18853]  ? __kasan_check_read+0x11/0x20
[ 1308.689587][T18853]  ? blk_alloc_devt+0xd4/0x320
[ 1308.694327][T18853]  __device_add_disk+0x5cb/0x11d0
[ 1308.699330][T18853]  ? device_add_disk+0x40/0x40
[ 1308.704088][T18853]  ? loop_add+0x400/0x760
[ 1308.708403][T18853]  ? vsprintf+0x40/0x40
[ 1308.712566][T18853]  device_add_disk+0x2a/0x40
[ 1308.717155][T18853]  loop_add+0x58f/0x760
[ 1308.721291][T18853]  loop_control_ioctl+0x564/0x740
[ 1308.726309][T18853]  ? loop_remove+0xb0/0xb0
[ 1308.730709][T18853]  ? __fget_files+0x310/0x370
[ 1308.735365][T18853]  ? security_file_ioctl+0xb1/0xd0
[ 1308.740466][T18853]  ? loop_remove+0xb0/0xb0
[ 1308.744875][T18853]  __se_sys_ioctl+0x115/0x190
[ 1308.749549][T18853]  __x64_sys_ioctl+0x7b/0x90
[ 1308.754139][T18853]  do_syscall_64+0x34/0x70
[ 1308.758536][T18853]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1308.764421][T18853] RIP: 0033:0x7f6ee1968169
[ 1308.768821][T18853] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1308.788405][T18853] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1308.796798][T18853] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1308.804772][T18853] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
[ 1308.812745][T18853] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
[ 1308.820718][T18853] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
02:01:25 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x107, 0x0)

[ 1308.828694][T18853] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
02:01:25 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15) (async)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18) (async)
r3 = signalfd4(r2, &(0x7f0000000000)={[0x4]}, 0x8, 0x80000)
read$FUSE(0xffffffffffffffff, &(0x7f0000002080)={0x2020, 0x0, <r4=>0x0}, 0x2020)
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000340)={{{@in6=@empty, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0}}, {{@in=@private}, 0x0, @in=@initdev}}, &(0x7f0000000040)=0xe8)
write$FUSE_DIRENTPLUS(r3, &(0x7f00000005c0)={0x338, 0x0, r4, [{{0x0, 0x3, 0x400, 0x101, 0x9, 0xfffeffff, {0x6, 0x8000000000000000, 0x3, 0x7fff, 0x8001, 0xffffffffffffffff, 0x7, 0x1, 0x4, 0xc000, 0x1, r5, 0xee01, 0x9, 0x3}}, {0x1, 0xdb, 0x7, 0x8, '^[!-\xe5**'}}, {{0x3, 0x0, 0xcff, 0xff, 0x7, 0x1, {0x3, 0xffffffffffffff7f, 0x9, 0x1, 0x4c1, 0x3, 0x6, 0x2, 0x8, 0xa000, 0x6d, 0x0, 0xee01, 0x0, 0x200}}, {0x0, 0xffffffffffff0000, 0x3, 0xffffffff, '\'#]'}}, {{0x0, 0x2, 0xbf66, 0x7ff, 0x9, 0x7, {0x7ff, 0x7fffffffffffffff, 0xffffffff00000001, 0x2094, 0x4, 0x3, 0xffffff6d, 0xfffff800, 0x5, 0xa000, 0x80, 0xffffffffffffffff, 0x0, 0xff, 0x7}}, {0x2, 0x8a0, 0x16, 0xfffffff8, 'trusted.overlay.upper\x00'}}, {{0x3, 0x0, 0x7fffffffffffffff, 0x2, 0x8001, 0x4, {0x1, 0xdb, 0x94b, 0x1b, 0x0, 0x2, 0x800, 0x80000000, 0x40, 0x1000, 0x3, 0x0, 0xffffffffffffffff, 0x2e, 0x80000000}}, {0x4, 0x81, 0x0, 0x4}}, {{0x4, 0x1, 0x5, 0xbe, 0x80000000, 0x2, {0x4, 0x8000000000000000, 0x5, 0x8, 0x7, 0x1, 0x3ff, 0x7, 0x7f, 0xc000, 0x80, 0x0, 0xee00, 0x8, 0x4}}, {0x6, 0x8000000000000001, 0x2, 0x81, '[}'}}]}, 0x338) (async)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) (async, rerun: 64)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) (async, rerun: 64)
socketpair$unix(0x1, 0x0, 0x0, 0x0) (async)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) (async, rerun: 64)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (rerun: 64)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:01:25 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x1ef0, 0x0)

02:01:25 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x109, 0x0)

02:01:25 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18) (async)
r3 = signalfd4(r2, &(0x7f0000000000)={[0x4]}, 0x8, 0x80000) (async)
read$FUSE(0xffffffffffffffff, &(0x7f0000002080)={0x2020, 0x0, <r4=>0x0}, 0x2020) (async)
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000340)={{{@in6=@empty, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0}}, {{@in=@private}, 0x0, @in=@initdev}}, &(0x7f0000000040)=0xe8)
write$FUSE_DIRENTPLUS(r3, &(0x7f00000005c0)={0x338, 0x0, r4, [{{0x0, 0x3, 0x400, 0x101, 0x9, 0xfffeffff, {0x6, 0x8000000000000000, 0x3, 0x7fff, 0x8001, 0xffffffffffffffff, 0x7, 0x1, 0x4, 0xc000, 0x1, r5, 0xee01, 0x9, 0x3}}, {0x1, 0xdb, 0x7, 0x8, '^[!-\xe5**'}}, {{0x3, 0x0, 0xcff, 0xff, 0x7, 0x1, {0x3, 0xffffffffffffff7f, 0x9, 0x1, 0x4c1, 0x3, 0x6, 0x2, 0x8, 0xa000, 0x6d, 0x0, 0xee01, 0x0, 0x200}}, {0x0, 0xffffffffffff0000, 0x3, 0xffffffff, '\'#]'}}, {{0x0, 0x2, 0xbf66, 0x7ff, 0x9, 0x7, {0x7ff, 0x7fffffffffffffff, 0xffffffff00000001, 0x2094, 0x4, 0x3, 0xffffff6d, 0xfffff800, 0x5, 0xa000, 0x80, 0xffffffffffffffff, 0x0, 0xff, 0x7}}, {0x2, 0x8a0, 0x16, 0xfffffff8, 'trusted.overlay.upper\x00'}}, {{0x3, 0x0, 0x7fffffffffffffff, 0x2, 0x8001, 0x4, {0x1, 0xdb, 0x94b, 0x1b, 0x0, 0x2, 0x800, 0x80000000, 0x40, 0x1000, 0x3, 0x0, 0xffffffffffffffff, 0x2e, 0x80000000}}, {0x4, 0x81, 0x0, 0x4}}, {{0x4, 0x1, 0x5, 0xbe, 0x80000000, 0x2, {0x4, 0x8000000000000000, 0x5, 0x8, 0x7, 0x1, 0x3ff, 0x7, 0x7f, 0xc000, 0x80, 0x0, 0xee00, 0x8, 0x4}}, {0x6, 0x8000000000000001, 0x2, 0x81, '[}'}}]}, 0x338) (async)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) (async)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) (async)
socketpair$unix(0x1, 0x0, 0x0, 0x0) (async)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

[ 1309.455747][T18839] 9pnet: bogus RWRITE count (2 > 1)
02:01:26 executing program 3:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000002a00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:01:26 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000))
connect$unix(0xffffffffffffffff, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000008c0)='net/mcfilter6\x00')
r0 = socket$key(0xf, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x176}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(0x0, 0x0, &(0x7f0000000480)=0x3008)
sched_setscheduler(r1, 0x1, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$loop_ctrl(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413e850000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
chdir(&(0x7f00000001c0)='./bus\x00')
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0) (fail_nth: 67)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
setfsuid(0x0)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)
r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
recvmmsg(r7, &(0x7f0000002e80)=[{{&(0x7f00000003c0)=@nl=@proc, 0x80, &(0x7f0000000340)=[{0x0}, {&(0x7f00000013c0)=""/78, 0x4e}], 0x2, &(0x7f0000001740)=""/229, 0xe5}, 0x5}, {{&(0x7f0000001440)=@caif=@util, 0x80, &(0x7f0000001d80)=[{&(0x7f0000001840)=""/236, 0xec}, {&(0x7f0000000440)=""/20, 0x14}, {&(0x7f00000014c0)=""/43, 0x2b}, {&(0x7f0000001b80)=""/197, 0xc5}, {&(0x7f0000001940)=""/101, 0x65}, {&(0x7f00000016c0)=""/55, 0x37}, {&(0x7f0000001c80)=""/229, 0xe5}], 0x7, &(0x7f0000001e00)=""/1, 0x1}, 0x24000}, {{&(0x7f0000001e40)=@in6={0xa, 0x0, 0x0, @private2}, 0x80, &(0x7f0000001f80)=[{&(0x7f0000001ec0)=""/151, 0x97}, {&(0x7f0000002480)=""/184, 0xb8}, {&(0x7f0000002540)=""/151, 0x97}, {&(0x7f0000002780)=""/248, 0xf8}], 0x4, &(0x7f0000002880)=""/127, 0x7f}, 0xa9}, {{&(0x7f0000002900)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x80, &(0x7f0000001fc0)=[{&(0x7f0000002980)=""/98, 0x62}], 0x1, &(0x7f0000002140)=""/1, 0x1}, 0x3}, {{&(0x7f0000002a00)=@nl=@proc, 0x80, &(0x7f0000002c80)=[{&(0x7f0000002a80)=""/88, 0x58}, {&(0x7f0000002b00)=""/198, 0xc6}, {&(0x7f0000002c00)=""/106, 0x6a}], 0x3, &(0x7f0000002cc0)=""/36, 0x24}, 0x7}], 0x5, 0x1, &(0x7f0000002e40)={0x77359400})
sendmsg$key(r0, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)

02:01:26 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x10b, 0x0)

02:01:26 executing program 5:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x700, 0x0)

02:01:26 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYRES16=r1, @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = socket$netlink(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r5, 0x8933, &(0x7f0000000040)={'team0\x00', <r6=>0x0})
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="48000000100005ff00000000000000000000004a", @ANYRES32=0x0, @ANYBLOB="00036cc900000000140012800b00010062617461647600000400028008000a00", @ANYRES32=r6], 0x48}}, 0x0)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
r8 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000280), 0x1, 0x0)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000002a00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sched_switch\x00', r9}, 0x10)
sendmmsg$unix(r2, &(0x7f0000001940)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000480)="76a83a40e20131f10482162c8c85175f079cac6d44ff870e6c91f1098b2775d0bacd3c6f1f2456d0d88c4b3b0db6ee28e2793e47f3eaeafa776465ad5be5adf08837243109935e1032690063cf45613828a3956974ce0b134ad8088f883eac616b8ced042aefdd239a8bbf757eea0199b431864fff88b2a42f56438cd748b11ef97a46bfc5b4461dbec2912c8006c60d7f8768b41594eb666954f3acf117036b4d5799968d2ad7241b4bfe4d38d873bb3b673895b3ffeb886a7b72d5c1ded7d89152", 0xc2}, {&(0x7f00000005c0)="4873f053726bc13a1218f361d988a6ea82000342c100db368510d68f76606978c6a5096876fd988a1a66eec937dc0f5073bc6ae84209f8936f25984549801d639e3d584b64a2539134bb60d594729ea03423730c175356563f70fa7e010e1b827ba95adaab606a9318b8b1fb14b16bb9", 0x70}, {&(0x7f0000000880)="515923081a8c1a408c117a1720a23a81f532f44acee997673e9c6e6d86d4374c6ba090b7b3a43ad2af6681e3dc258f9b6a30eebf5d5e2901b81106995da1eee8a0c5318d2013e8d621674ceada1732b01c4cf4af3cb790760b78187ab6d25427a86c5d45b97faf7d47b771a89ae98382731711b6713138ddb32d77a78273483efd237f3b1bc8cc09fb3106af354c76f848a95f0bece252a843fa9dc760b7a00fa1bfa5e2c372420f69f342f0ea34afbbba7e039067d120e491be81f54e621a7deba4b67bac7c26880b11184de45defe819d15404c457652be2a607c4363d40224867dbfd6a62173d50960eebc0d32ae19504a11397f5546f5e35707da025c1a81d3b293e03ef530aba9fd915de8e21b5ea0989be5c8190114e58f110f26cdea441be1de35dbeab0e0f78dd506eb8c53cce82cd1c3dca04416f5cd4c6e26333fc2d5c3a79e7d22fe3cef58125beb371c775ec013e430f3bca4f5fae40d4c411aa1581f94f94eaa818ae2fa9220d14e28690a8cf2c8a1bb8d721dd20e576a6fdce5a7ba69af51d92a469a132a1965f96e3c9bd99fe261d62803a81810637e7f1a64f8b3537539d014b2289ba627ca6d55fd132ec26e9897fc296d1a75884d59a180fad2bf5a76b3d6d3c2a540e20258736c8eaf1ee54203761ef44a6cb4cd0e559648ca716e29c2ff67e5392780caa2e9395b329151082557817d83cf86ec1d66ca296dfd799a8cce3e6bf9ee944462f291e1ad4b4586ade1d4197ae2a899af90af8f4011c2e8219d65acf7654af30c52a09e412ae18181f81a282177d84912bd15321d8235caec582427d7856428cbd0ea78dc6cd929f832bf880613b09e919c32099f51ccb5d4fc7dcca77cfe20f4607dc0accc7392c52e6b51c9c30f645604e27205f82d1c5ed673ea3c0fc0a064268ff493b04f91e1e4bb6703b8f43844836a9fa4ab9110ef383e7876c5b1d6a970df2443b71eee4130dc43b037135d1ce7dcb2f78a5a59806c779087a424208580e3021649d27e048f09bb3d2d6816963845948260db720293393f5f3dc18c3c92d02c39793f9354473f11b1bf230adb9cf533a95ec885292bf6b59c9262d1d7d91eba62746a8b98d5da267b4ed4c5fc31aced49680307ff2ea2e5ae49387788313dc4df9c57393aefc7c6293ac91f0520d92e4e17c112f566f17b16dd851af72c1d5f4347018b01e24b8b3fb197c0334da49d0cbcabce6a93ecad1963fc92a9f04ccaa58519d5c6e9e20cdda6a3bc1b388c5faee2a86e53a625f936c0be8bc812ed0f43d9c4dd5065dc41269a3603e026fc439c222d72802ed413796f942b54cbd23aa398dc94dd943e395c741202f14ad8eeb94cf5c97fcc13c6e5e118518575e269a5b03c15d7028a49aedf1e93fd7b289d7bc5ababa85b291cd556836174c2d42f3474c2b19a064b415fc2bc3096918b938faeb31fa8167fcac7e9899060d8b023f607e750815299113b24efcc7368d3e179bcfb2e627c988f675d413d3968c05c0c3eaa168e1e22ed52530636dd1e79f8363dc61a38a2c4f0fdba056bf84e8c1bbfaf1ff67a86d4853a9db99281c1558b5cbce19e59304e3569d3f5fab2d53f51d8524349b03ebd679fc1fdac33597f8cec686d4b732c86d96228a9a00ebbd6cd7a80643a566dde47610f19c148dd450a9179a4b135849da3c69ab301d4ca9fd8b0755c15a53fa6ea2729fe35c786d5718c605eb1914b60d5a64aa506636f1b75bb3cdfcae7db2ded99e5556e6667f7f851d2cc8afc5aecb6597f8f82ba8d6fcc4dbb579d9053b22cc5c99ed7e4ef6278dad595b1f9d88ec207019955b165b5df4aae9cf440745a3001db4696784d8ba7ae506177ccf8e310c55f45654d566aea3b4c2b0fad6c27d5acdf73e7758f0d52cce7b0aca9b75d822b23ef32c9ad4aa37175c11a6167b486b010b4e108fd72256a88244922714c7117ad6f917b907bb7ffb7487a642356b9744e99f23c6fb288b9eb6a426853245ba0c83975ed711e4f2933a1982b3af2b0143b47bed0d7da14e54ba3699147d8e514e62a10fd663c8851a304a693710fdd655e6af65f8967ac855c43b6a991ecc05e23cca82604417af6964615ab73484e8c5a06b04effceba58639b23710dc454be48711d8153773bc226b02cf0c89c13409f736fa9a6c10bee7b2de7bc64772b8c69f4e393c71a0611b76a63562801eb3629148a909a547f1c40680cc0644b40112a3ccc1c6aa73167da66387a474291ffd3f342e075f3d6bfd6e7c35ad688fd3c2040e8aa49ae31d79f995ab2f508ad44d76485d45540da5224857930d1328c7049b125b9b911783d51d8a59bbb8277960779e2fa4f81f564ead5aae6fcb2ce16c57bd35afcbbbeb76401e8508b4086beb70f06945769548cef5dda3af03be06a19974ffd5cf399b3f5421df065dd1382de88abd242e1893533315de6d1a679a16b591dcb8eeb400ed895f3e566f97c824bcff001a5912de353d1c932225cba6725fa056c15bd494acc9df1815f453563c819c9eac65e18b576d7e5b19e7c62be0391583a497f71713a80d327535eae558a9fbc7a694896766068fbbeb6fdb825db2f87f9bc001fbbfc1b4fe7ee41d525669893240452f9143465529366fdac017f56adc040324192076488270cf35ec6caf835d80cb289076d41832341b71fbede3d15eb9a349b78ef18d5ed8b013457b6d029633560cfc8aed9a5ae8ecc47d6eb6cb7495539bd319fea83071ed25fad8aace152585f88a67800bbafae1d6baa9df9d8b3ef0aeaca4e09bf31ff76fc011efaa03d6f825e11d84e649f3ce6f4c0f26ff43c5dfae1408dbd95814d9b2ab83b5d857d8e07953b691b0e5719b29a44cbc1ad711fe4ba6184fc0cf424d260e5bed4caed462a9294fe363f496a445a1b9de91720275eafbbba2d7b56b16bd1c118f9e0d1a1f604cdb4e13a750413acc21232c5b0cbe43f3ccc76046f06f57a023c9b7e77b8666873571f8c4dbc42f02da68419e6ab40252fc451562b2f7a4e3b74ef0054815c20bccfff20fcae388fc8bbbe9bfce212d43061d0a7bb252cfd38c368ddb0400950ebd0fbd94a38db126e9472fc840a76c8aa3ee743ecf110bc2bca2e5d2d3d3be99429534559901c0e8fee63572b009a27183fc2c3a0a84b52430f13ce3e04b95d0f5fc73a90647bf735b244b4595ee7cfbffa8dda2011b47cfc3ad55a43be436fcc2628a492341ba1f0341eb882394ccef93d517b9997a0615153d26604da6471a9cf5f26fd30154c8a8cfed227d0dfee97d71c26a5167dc738a439bb5a11a093e2fd18145d0d3b0d3d1a26c57fccf204ed63b8d6916e8095f89212346b51f9c7831e85b836bbc16caffc3207842501b1250148a0db92e1b6c847607ed044b3f59c07ba02e497923851ccdd2959d402dd6b4da316744b4c8e0a5878290535889934995d9f6eb8dd52d8684b5289b06fb54cf710d3c78c1df088f727a700d7038afd0f917aaaea9d123b7277fe9d6f8eddf108a18a425cfed2c988144b63ed89918469c2e60567b7fa2070250f587290224c2835a4c591a8d3ae15dba7f9ca1ea06e89903c58ec698b6868e21ebf8d7b84ffb6a93fb37493c92cad256110d1c1e33709e8f129a7034b0f4b3c86450fc53ecfa38e9116743c166b852d3c41aa3ee1c6d64bab538c1b4ec998a8760954f2e11190929961e827f3488aafa45377523d6e08621ff05408d551ba4f8344501c6b4c7f1b89dd192ca71b84c72f4dbec796af6b40820b2ffd0d44a15e90963ef47fbfb97310c4506953414bbdbecb5fd8d0825c78182a97e80e904d2e28f4e974b565aaadcc966422ef8f63d6b31ae028d31c5c736e801a8c3ba70d011e52410c335f5e65bcaa2538d8971a82cc8fe9804b9df0299e287adcb79e8814113d86b1ba0365018e0b3254f0cd994dd55f61c37c0338017fed90b4076821126fb26082b8ef45dd8d3d69a8855596b61f5bfb770fae52fc02cfcf7313a79ff44071aaf8da22f9dd99a974f9565a13196a9afe6cd49e86de1f05926b61c8a039868b2969fedc54b06bbd080907799ef2fc245cb4cf173a3524dd7d9a2827573321ed90465b6acf740ba790b55a292410446db8c1b63aaba608c9e255b7341a56eef02dad5f7dbb81e5a888e725a18e6cb8a236c2d77cc7cdc01dff5d967d78112d7bcd54c6344b331976ab2de0a0a271898afea107d3fb52e48857c0d2dbb17b5ae81c914de4550d5ef161d15483177be1630646983b09615a443c6d8a956433ec9082c6eb8941069de964f8e71006a11956b62ff65360f46036e8852d5908ebc795bf270073241bd90bfb813d0e9fc81346c5fb8fb870c08877ca8be407cd85537eeac968185fdd4e5fbea24c9bcbeb683e0b4c8d33f5efe2f1617f29d68f2271dd3b20a8fcc42b93b0be6619879448234099c9c8787c911958169361706bbda279afd1b475b069e8996136c6c54cc853f3af838d6553b09da2baebb4a555ba655422e78169b94ccc8cf5f8b13c6146a8892f1f6435c956e561b3c7a0be59f4660da527d4680f512fb845e2a6211d1c74a4cdfac2cea65b236d8f708f9ae035c5d99759fd86ef853ffdb50eec67a2d0c919bfb340b934d7087eee6f25f5d1a812205785f651be2a25aaad9faed653130f3c7953593801593125d17399243e3fa602cb7b8591012d9ac469c804912fcbf6b7be92336cf6829be38837384a1fae1a6442f95aee2e3d6abda09312fe8a8a054d0f26676831fdf5c93c6630c4bfed18eeffb54fe24573fb1556523cb3146481e3a0b723e0fe44092464c5de3a9a040a93d342b91e45f9ce8300abe8f8268b19ade0bf800771c329b81c74ee56c99d39fefc79b67732ed5a12ac0145d7cec05563c0f7860837d8425ee867c15175e7c1c1f32debb8e63503fd7acb414fb14628c2c2644f0ead343ead426e19fd643f0a14eb29658232a202c422d9a9b3bb34937eab5d84a92cf84f22536c42f6ce91d0e6b70f30fc3b1a8f91660410a4528a5a58e32ef2be2f7e382508440d16e7709edc913f97946b2acfdc53b2144ba5b7ba94a3c34f80f3e5b5f2953ca3b61c8ab413590c86886a55840dc4dcba4fc6010120aaeb34644f7871a71b2b388732672a9803faafa86edfd76ac213764775d933cf0ee618a0e6b5aad39a73ab45aeebfa410aa12a47fcc74004b5a1c46e02ad4ac08f630b39dece61990ee4a3a67d7a09f46758c7dfd4c022e85a5910ba3221db353b79bdac6725eebb81c5d7c50a30ad808479f44a33db88f0b501ef65a999385b9bbb966849ff8d2a80dc3bad0d53bfc89476ea0f7895dd9fe4093366c5b832b998688eb942d044cdafe78f0f7e2098c6662cb73de5e975452b1498a43d672b0ff62b450a43208c336916c26a98c897ff80b797021f5f368e07ae651a336c156cc763fe3dff9e884f5ce34d04716b9151eea14a3f0633e36af181a45696d5a463d699b5bb6f72c4627cead29bf7d82168b6914ce28e65232f36b9f18baa41a393eb5d22a0f19005a8ee5b47b4771bdbff4a948719de717a04ab9f14db11a5a3b8d34e1e10da98bac83bfdebe41c2d019dc9ea412967498c023c21e32e3082c7091adeb0f9cdda895f5e9b1dd0975b00dafa8b6bf310523b350dbe88fc298c145e47b86ae28e4d0fedc6834c7969b42d0bae44d9ec5218829dc679d4623826f1a078147e5bc2924dea14d26ffcf3ffa72f334eefc1a69ce2f0cee5bf4ddfc38469bdfc34ff1638486dacec761e8bff291e2de1d43b3f571df6feaa6673a0b19b5a63c", 0x1000}, {&(0x7f0000000640)="64e0c78fc21abc9594d7100862ce630eff252bb28f697084904ea3cbf734a7737455636c7447862f867bc5b731785f0d5ef143a768d8f351642210487b95f7c60b68a3", 0x43}], 0x4, &(0x7f0000001880)=[@rights={{0x2c, 0x1, 0x1, [r3, r5, r0, r7, r8, r4, r9]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, r4]}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r1, r3, r4, r1]}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [r1, r2]}}], 0xb0, 0x4000}}], 0x1, 0x0)
r10 = signalfd4(r4, &(0x7f0000000380)={[0xe5]}, 0x8, 0x0)
execveat(r10, &(0x7f0000000440)='./bus\x00', 0x0, &(0x7f0000000840)=[&(0x7f00000006c0)='\x00', 0x0], 0x100)
r11 = socket$bt_hidp(0x1f, 0x3, 0x6)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x2061885, &(0x7f0000000340)={'trans=fd,', {'rfdno', 0x3d, r10}, 0x2c, {'wfdno', 0x3d, r11}, 0x2c, {[{@dfltgid={'dfltgid', 0x3d, 0xee01}}, {@mmap}, {@msize={'msize', 0x3d, 0x2}}, {@version_u}, {@version_9p2000}], [{@defcontext={'defcontext', 0x3d, 'unconfined_u'}}]}})
r12 = socket$netlink(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r12, 0x8933, &(0x7f0000000040)={'team0\x00', <r13=>0x0})
sendmsg$nl_route(r12, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="48000000100005ff00000000000000000000004a", @ANYRES32=0x0, @ANYBLOB="00036cc900000000140012800b00010062617461647600000400028008000a00", @ANYRES32=r13], 0x48}}, 0x0)
fcntl$setstatus(r12, 0x4, 0x46000)
ioctl$F2FS_IOC_RELEASE_VOLATILE_WRITE(0xffffffffffffffff, 0xf504, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

[ 1309.978615][T18849] 9pnet: bogus RWRITE count (2 > 1)
02:01:26 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x10d, 0x0)

[ 1310.016299][T18881] 9pnet: bogus RWRITE count (2 > 1)
[ 1310.024043][T18897] 9pnet: Insufficient options for proto=fd
[ 1310.042561][T18897] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1310.117182][T18904] FAULT_INJECTION: forcing a failure.
[ 1310.117182][T18904] name failslab, interval 1, probability 0, space 0, times 0
[ 1310.129863][T18904] CPU: 0 PID: 18904 Comm: syz-executor.4 Tainted: G        W         5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1310.141648][T18904] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1310.151700][T18904] Call Trace:
[ 1310.154977][T18904]  dump_stack_lvl+0x1e2/0x24b
[ 1310.159719][T18904]  ? panic+0x7d7/0x7d7
[ 1310.163795][T18904]  ? entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1310.170193][T18904]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1310.175676][T18904]  dump_stack+0x15/0x17
[ 1310.179827][T18904]  should_fail+0x3c0/0x510
[ 1310.184222][T18904]  __should_failslab+0x9f/0xe0
[ 1310.188964][T18904]  should_failslab+0x9/0x20
[ 1310.193618][T18904]  kmem_cache_alloc+0x3f/0x300
[ 1310.198359][T18904]  ? security_inode_alloc+0x29/0x140
[ 1310.203632][T18904]  security_inode_alloc+0x29/0x140
[ 1310.208720][T18904]  inode_init_always+0x710/0x970
[ 1310.213636][T18904]  new_inode_pseudo+0x93/0x220
[ 1310.218499][T18904]  new_inode+0x28/0x1c0
[ 1310.222695][T18904]  ? start_creating+0x206/0x320
[ 1310.227631][T18904]  __debugfs_create_file+0x143/0x4a0
[ 1310.232895][T18904]  ? up_write+0x19/0xd0
[ 1310.237035][T18904]  debugfs_create_file+0x4a/0x60
[ 1310.241965][T18904]  bdi_register_va+0x2ab/0x600
[ 1310.246706][T18904]  bdi_register+0xd1/0x120
[ 1310.251102][T18904]  ? __device_add_disk+0x536/0x11d0
[ 1310.256279][T18904]  ? bdi_register_va+0x600/0x600
[ 1310.261195][T18904]  ? vsnprintf+0x1bfd/0x1cd0
[ 1310.265768][T18904]  ? __kasan_check_read+0x11/0x20
[ 1310.270772][T18904]  ? blk_alloc_devt+0xd4/0x320
[ 1310.275526][T18904]  __device_add_disk+0x5cb/0x11d0
[ 1310.280532][T18904]  ? device_add_disk+0x40/0x40
[ 1310.285276][T18904]  ? loop_add+0x400/0x760
[ 1310.289583][T18904]  ? vsprintf+0x40/0x40
[ 1310.293719][T18904]  device_add_disk+0x2a/0x40
[ 1310.298294][T18904]  loop_add+0x58f/0x760
[ 1310.302444][T18904]  loop_control_ioctl+0x564/0x740
[ 1310.307448][T18904]  ? loop_remove+0xb0/0xb0
[ 1310.311844][T18904]  ? __fget_files+0x310/0x370
[ 1310.316503][T18904]  ? security_file_ioctl+0xb1/0xd0
[ 1310.321957][T18904]  ? loop_remove+0xb0/0xb0
[ 1310.326352][T18904]  __se_sys_ioctl+0x115/0x190
[ 1310.331011][T18904]  __x64_sys_ioctl+0x7b/0x90
[ 1310.335669][T18904]  do_syscall_64+0x34/0x70
[ 1310.340150][T18904]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1310.346020][T18904] RIP: 0033:0x7f6ee1968169
[ 1310.350443][T18904] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1310.370119][T18904] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1310.378612][T18904] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1310.386587][T18904] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
[ 1310.394545][T18904] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
[ 1310.402503][T18904] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1310.410492][T18904] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
02:01:26 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x1ef2, 0x0)

[ 1310.418660][T18904] debugfs: out of free dentries, can not create file 'stats'
[ 1310.447280][T18897] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
02:01:26 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) (async)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15) (async)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18) (async, rerun: 64)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) (rerun: 64)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYRES16=r1, @ANYRESHEX=r1]) (async, rerun: 64)
socketpair$unix(0x1, 0x0, 0x0, 0x0) (async, rerun: 64)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = socket$netlink(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r5, 0x8933, &(0x7f0000000040)={'team0\x00', <r6=>0x0})
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="48000000100005ff00000000000000000000004a", @ANYRES32=0x0, @ANYBLOB="00036cc900000000140012800b00010062617461647600000400028008000a00", @ANYRES32=r6], 0x48}}, 0x0)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6) (async)
r8 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000280), 0x1, 0x0) (async)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000002a00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sched_switch\x00', r9}, 0x10) (async)
sendmmsg$unix(r2, &(0x7f0000001940)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000480)="76a83a40e20131f10482162c8c85175f079cac6d44ff870e6c91f1098b2775d0bacd3c6f1f2456d0d88c4b3b0db6ee28e2793e47f3eaeafa776465ad5be5adf08837243109935e1032690063cf45613828a3956974ce0b134ad8088f883eac616b8ced042aefdd239a8bbf757eea0199b431864fff88b2a42f56438cd748b11ef97a46bfc5b4461dbec2912c8006c60d7f8768b41594eb666954f3acf117036b4d5799968d2ad7241b4bfe4d38d873bb3b673895b3ffeb886a7b72d5c1ded7d89152", 0xc2}, {&(0x7f00000005c0)="4873f053726bc13a1218f361d988a6ea82000342c100db368510d68f76606978c6a5096876fd988a1a66eec937dc0f5073bc6ae84209f8936f25984549801d639e3d584b64a2539134bb60d594729ea03423730c175356563f70fa7e010e1b827ba95adaab606a9318b8b1fb14b16bb9", 0x70}, {&(0x7f0000000880)="515923081a8c1a408c117a1720a23a81f532f44acee997673e9c6e6d86d4374c6ba090b7b3a43ad2af6681e3dc258f9b6a30eebf5d5e2901b81106995da1eee8a0c5318d2013e8d621674ceada1732b01c4cf4af3cb790760b78187ab6d25427a86c5d45b97faf7d47b771a89ae98382731711b6713138ddb32d77a78273483efd237f3b1bc8cc09fb3106af354c76f848a95f0bece252a843fa9dc760b7a00fa1bfa5e2c372420f69f342f0ea34afbbba7e039067d120e491be81f54e621a7deba4b67bac7c26880b11184de45defe819d15404c457652be2a607c4363d40224867dbfd6a62173d50960eebc0d32ae19504a11397f5546f5e35707da025c1a81d3b293e03ef530aba9fd915de8e21b5ea0989be5c8190114e58f110f26cdea441be1de35dbeab0e0f78dd506eb8c53cce82cd1c3dca04416f5cd4c6e26333fc2d5c3a79e7d22fe3cef58125beb371c775ec013e430f3bca4f5fae40d4c411aa1581f94f94eaa818ae2fa9220d14e28690a8cf2c8a1bb8d721dd20e576a6fdce5a7ba69af51d92a469a132a1965f96e3c9bd99fe261d62803a81810637e7f1a64f8b3537539d014b2289ba627ca6d55fd132ec26e9897fc296d1a75884d59a180fad2bf5a76b3d6d3c2a540e20258736c8eaf1ee54203761ef44a6cb4cd0e559648ca716e29c2ff67e5392780caa2e9395b329151082557817d83cf86ec1d66ca296dfd799a8cce3e6bf9ee944462f291e1ad4b4586ade1d4197ae2a899af90af8f4011c2e8219d65acf7654af30c52a09e412ae18181f81a282177d84912bd15321d8235caec582427d7856428cbd0ea78dc6cd929f832bf880613b09e919c32099f51ccb5d4fc7dcca77cfe20f4607dc0accc7392c52e6b51c9c30f645604e27205f82d1c5ed673ea3c0fc0a064268ff493b04f91e1e4bb6703b8f43844836a9fa4ab9110ef383e7876c5b1d6a970df2443b71eee4130dc43b037135d1ce7dcb2f78a5a59806c779087a424208580e3021649d27e048f09bb3d2d6816963845948260db720293393f5f3dc18c3c92d02c39793f9354473f11b1bf230adb9cf533a95ec885292bf6b59c9262d1d7d91eba62746a8b98d5da267b4ed4c5fc31aced49680307ff2ea2e5ae49387788313dc4df9c57393aefc7c6293ac91f0520d92e4e17c112f566f17b16dd851af72c1d5f4347018b01e24b8b3fb197c0334da49d0cbcabce6a93ecad1963fc92a9f04ccaa58519d5c6e9e20cdda6a3bc1b388c5faee2a86e53a625f936c0be8bc812ed0f43d9c4dd5065dc41269a3603e026fc439c222d72802ed413796f942b54cbd23aa398dc94dd943e395c741202f14ad8eeb94cf5c97fcc13c6e5e118518575e269a5b03c15d7028a49aedf1e93fd7b289d7bc5ababa85b291cd556836174c2d42f3474c2b19a064b415fc2bc3096918b938faeb31fa8167fcac7e9899060d8b023f607e750815299113b24efcc7368d3e179bcfb2e627c988f675d413d3968c05c0c3eaa168e1e22ed52530636dd1e79f8363dc61a38a2c4f0fdba056bf84e8c1bbfaf1ff67a86d4853a9db99281c1558b5cbce19e59304e3569d3f5fab2d53f51d8524349b03ebd679fc1fdac33597f8cec686d4b732c86d96228a9a00ebbd6cd7a80643a566dde47610f19c148dd450a9179a4b135849da3c69ab301d4ca9fd8b0755c15a53fa6ea2729fe35c786d5718c605eb1914b60d5a64aa506636f1b75bb3cdfcae7db2ded99e5556e6667f7f851d2cc8afc5aecb6597f8f82ba8d6fcc4dbb579d9053b22cc5c99ed7e4ef6278dad595b1f9d88ec207019955b165b5df4aae9cf440745a3001db4696784d8ba7ae506177ccf8e310c55f45654d566aea3b4c2b0fad6c27d5acdf73e7758f0d52cce7b0aca9b75d822b23ef32c9ad4aa37175c11a6167b486b010b4e108fd72256a88244922714c7117ad6f917b907bb7ffb7487a642356b9744e99f23c6fb288b9eb6a426853245ba0c83975ed711e4f2933a1982b3af2b0143b47bed0d7da14e54ba3699147d8e514e62a10fd663c8851a304a693710fdd655e6af65f8967ac855c43b6a991ecc05e23cca82604417af6964615ab73484e8c5a06b04effceba58639b23710dc454be48711d8153773bc226b02cf0c89c13409f736fa9a6c10bee7b2de7bc64772b8c69f4e393c71a0611b76a63562801eb3629148a909a547f1c40680cc0644b40112a3ccc1c6aa73167da66387a474291ffd3f342e075f3d6bfd6e7c35ad688fd3c2040e8aa49ae31d79f995ab2f508ad44d76485d45540da5224857930d1328c7049b125b9b911783d51d8a59bbb8277960779e2fa4f81f564ead5aae6fcb2ce16c57bd35afcbbbeb76401e8508b4086beb70f06945769548cef5dda3af03be06a19974ffd5cf399b3f5421df065dd1382de88abd242e1893533315de6d1a679a16b591dcb8eeb400ed895f3e566f97c824bcff001a5912de353d1c932225cba6725fa056c15bd494acc9df1815f453563c819c9eac65e18b576d7e5b19e7c62be0391583a497f71713a80d327535eae558a9fbc7a694896766068fbbeb6fdb825db2f87f9bc001fbbfc1b4fe7ee41d525669893240452f9143465529366fdac017f56adc040324192076488270cf35ec6caf835d80cb289076d41832341b71fbede3d15eb9a349b78ef18d5ed8b013457b6d029633560cfc8aed9a5ae8ecc47d6eb6cb7495539bd319fea83071ed25fad8aace152585f88a67800bbafae1d6baa9df9d8b3ef0aeaca4e09bf31ff76fc011efaa03d6f825e11d84e649f3ce6f4c0f26ff43c5dfae1408dbd95814d9b2ab83b5d857d8e07953b691b0e5719b29a44cbc1ad711fe4ba6184fc0cf424d260e5bed4caed462a9294fe363f496a445a1b9de91720275eafbbba2d7b56b16bd1c118f9e0d1a1f604cdb4e13a750413acc21232c5b0cbe43f3ccc76046f06f57a023c9b7e77b8666873571f8c4dbc42f02da68419e6ab40252fc451562b2f7a4e3b74ef0054815c20bccfff20fcae388fc8bbbe9bfce212d43061d0a7bb252cfd38c368ddb0400950ebd0fbd94a38db126e9472fc840a76c8aa3ee743ecf110bc2bca2e5d2d3d3be99429534559901c0e8fee63572b009a27183fc2c3a0a84b52430f13ce3e04b95d0f5fc73a90647bf735b244b4595ee7cfbffa8dda2011b47cfc3ad55a43be436fcc2628a492341ba1f0341eb882394ccef93d517b9997a0615153d26604da6471a9cf5f26fd30154c8a8cfed227d0dfee97d71c26a5167dc738a439bb5a11a093e2fd18145d0d3b0d3d1a26c57fccf204ed63b8d6916e8095f89212346b51f9c7831e85b836bbc16caffc3207842501b1250148a0db92e1b6c847607ed044b3f59c07ba02e497923851ccdd2959d402dd6b4da316744b4c8e0a5878290535889934995d9f6eb8dd52d8684b5289b06fb54cf710d3c78c1df088f727a700d7038afd0f917aaaea9d123b7277fe9d6f8eddf108a18a425cfed2c988144b63ed89918469c2e60567b7fa2070250f587290224c2835a4c591a8d3ae15dba7f9ca1ea06e89903c58ec698b6868e21ebf8d7b84ffb6a93fb37493c92cad256110d1c1e33709e8f129a7034b0f4b3c86450fc53ecfa38e9116743c166b852d3c41aa3ee1c6d64bab538c1b4ec998a8760954f2e11190929961e827f3488aafa45377523d6e08621ff05408d551ba4f8344501c6b4c7f1b89dd192ca71b84c72f4dbec796af6b40820b2ffd0d44a15e90963ef47fbfb97310c4506953414bbdbecb5fd8d0825c78182a97e80e904d2e28f4e974b565aaadcc966422ef8f63d6b31ae028d31c5c736e801a8c3ba70d011e52410c335f5e65bcaa2538d8971a82cc8fe9804b9df0299e287adcb79e8814113d86b1ba0365018e0b3254f0cd994dd55f61c37c0338017fed90b4076821126fb26082b8ef45dd8d3d69a8855596b61f5bfb770fae52fc02cfcf7313a79ff44071aaf8da22f9dd99a974f9565a13196a9afe6cd49e86de1f05926b61c8a039868b2969fedc54b06bbd080907799ef2fc245cb4cf173a3524dd7d9a2827573321ed90465b6acf740ba790b55a292410446db8c1b63aaba608c9e255b7341a56eef02dad5f7dbb81e5a888e725a18e6cb8a236c2d77cc7cdc01dff5d967d78112d7bcd54c6344b331976ab2de0a0a271898afea107d3fb52e48857c0d2dbb17b5ae81c914de4550d5ef161d15483177be1630646983b09615a443c6d8a956433ec9082c6eb8941069de964f8e71006a11956b62ff65360f46036e8852d5908ebc795bf270073241bd90bfb813d0e9fc81346c5fb8fb870c08877ca8be407cd85537eeac968185fdd4e5fbea24c9bcbeb683e0b4c8d33f5efe2f1617f29d68f2271dd3b20a8fcc42b93b0be6619879448234099c9c8787c911958169361706bbda279afd1b475b069e8996136c6c54cc853f3af838d6553b09da2baebb4a555ba655422e78169b94ccc8cf5f8b13c6146a8892f1f6435c956e561b3c7a0be59f4660da527d4680f512fb845e2a6211d1c74a4cdfac2cea65b236d8f708f9ae035c5d99759fd86ef853ffdb50eec67a2d0c919bfb340b934d7087eee6f25f5d1a812205785f651be2a25aaad9faed653130f3c7953593801593125d17399243e3fa602cb7b8591012d9ac469c804912fcbf6b7be92336cf6829be38837384a1fae1a6442f95aee2e3d6abda09312fe8a8a054d0f26676831fdf5c93c6630c4bfed18eeffb54fe24573fb1556523cb3146481e3a0b723e0fe44092464c5de3a9a040a93d342b91e45f9ce8300abe8f8268b19ade0bf800771c329b81c74ee56c99d39fefc79b67732ed5a12ac0145d7cec05563c0f7860837d8425ee867c15175e7c1c1f32debb8e63503fd7acb414fb14628c2c2644f0ead343ead426e19fd643f0a14eb29658232a202c422d9a9b3bb34937eab5d84a92cf84f22536c42f6ce91d0e6b70f30fc3b1a8f91660410a4528a5a58e32ef2be2f7e382508440d16e7709edc913f97946b2acfdc53b2144ba5b7ba94a3c34f80f3e5b5f2953ca3b61c8ab413590c86886a55840dc4dcba4fc6010120aaeb34644f7871a71b2b388732672a9803faafa86edfd76ac213764775d933cf0ee618a0e6b5aad39a73ab45aeebfa410aa12a47fcc74004b5a1c46e02ad4ac08f630b39dece61990ee4a3a67d7a09f46758c7dfd4c022e85a5910ba3221db353b79bdac6725eebb81c5d7c50a30ad808479f44a33db88f0b501ef65a999385b9bbb966849ff8d2a80dc3bad0d53bfc89476ea0f7895dd9fe4093366c5b832b998688eb942d044cdafe78f0f7e2098c6662cb73de5e975452b1498a43d672b0ff62b450a43208c336916c26a98c897ff80b797021f5f368e07ae651a336c156cc763fe3dff9e884f5ce34d04716b9151eea14a3f0633e36af181a45696d5a463d699b5bb6f72c4627cead29bf7d82168b6914ce28e65232f36b9f18baa41a393eb5d22a0f19005a8ee5b47b4771bdbff4a948719de717a04ab9f14db11a5a3b8d34e1e10da98bac83bfdebe41c2d019dc9ea412967498c023c21e32e3082c7091adeb0f9cdda895f5e9b1dd0975b00dafa8b6bf310523b350dbe88fc298c145e47b86ae28e4d0fedc6834c7969b42d0bae44d9ec5218829dc679d4623826f1a078147e5bc2924dea14d26ffcf3ffa72f334eefc1a69ce2f0cee5bf4ddfc38469bdfc34ff1638486dacec761e8bff291e2de1d43b3f571df6feaa6673a0b19b5a63c", 0x1000}, {&(0x7f0000000640)="64e0c78fc21abc9594d7100862ce630eff252bb28f697084904ea3cbf734a7737455636c7447862f867bc5b731785f0d5ef143a768d8f351642210487b95f7c60b68a3", 0x43}], 0x4, &(0x7f0000001880)=[@rights={{0x2c, 0x1, 0x1, [r3, r5, r0, r7, r8, r4, r9]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, r4]}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r1, r3, r4, r1]}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [r1, r2]}}], 0xb0, 0x4000}}], 0x1, 0x0)
r10 = signalfd4(r4, &(0x7f0000000380)={[0xe5]}, 0x8, 0x0)
execveat(r10, &(0x7f0000000440)='./bus\x00', 0x0, &(0x7f0000000840)=[&(0x7f00000006c0)='\x00', 0x0], 0x100) (async)
r11 = socket$bt_hidp(0x1f, 0x3, 0x6)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x2061885, &(0x7f0000000340)={'trans=fd,', {'rfdno', 0x3d, r10}, 0x2c, {'wfdno', 0x3d, r11}, 0x2c, {[{@dfltgid={'dfltgid', 0x3d, 0xee01}}, {@mmap}, {@msize={'msize', 0x3d, 0x2}}, {@version_u}, {@version_9p2000}], [{@defcontext={'defcontext', 0x3d, 'unconfined_u'}}]}}) (async)
r12 = socket$netlink(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r12, 0x8933, &(0x7f0000000040)={'team0\x00', <r13=>0x0})
sendmsg$nl_route(r12, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="48000000100005ff00000000000000000000004a", @ANYRES32=0x0, @ANYBLOB="00036cc900000000140012800b00010062617461647600000400028008000a00", @ANYRES32=r13], 0x48}}, 0x0) (async)
fcntl$setstatus(r12, 0x4, 0x46000) (async)
ioctl$F2FS_IOC_RELEASE_VOLATILE_WRITE(0xffffffffffffffff, 0xf504, 0x0) (async)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:01:27 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x10f, 0x0)

[ 1310.676521][T18927] 9pnet: Insufficient options for proto=fd
[ 1310.714817][T18925] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1310.809017][T18928] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
02:01:27 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18) (async)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYRES16=r1, @ANYRESHEX=r1]) (async)
socketpair$unix(0x1, 0x0, 0x0, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}) (async, rerun: 64)
r5 = socket$netlink(0x10, 0x3, 0x0) (rerun: 64)
ioctl$ifreq_SIOCGIFINDEX_team(r5, 0x8933, &(0x7f0000000040)={'team0\x00', <r6=>0x0})
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="48000000100005ff00000000000000000000004a", @ANYRES32=0x0, @ANYBLOB="00036cc900000000140012800b00010062617461647600000400028008000a00", @ANYRES32=r6], 0x48}}, 0x0) (async)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6) (async)
r8 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000280), 0x1, 0x0) (async)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000002a00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sched_switch\x00', r9}, 0x10) (async)
sendmmsg$unix(r2, &(0x7f0000001940)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000480)="76a83a40e20131f10482162c8c85175f079cac6d44ff870e6c91f1098b2775d0bacd3c6f1f2456d0d88c4b3b0db6ee28e2793e47f3eaeafa776465ad5be5adf08837243109935e1032690063cf45613828a3956974ce0b134ad8088f883eac616b8ced042aefdd239a8bbf757eea0199b431864fff88b2a42f56438cd748b11ef97a46bfc5b4461dbec2912c8006c60d7f8768b41594eb666954f3acf117036b4d5799968d2ad7241b4bfe4d38d873bb3b673895b3ffeb886a7b72d5c1ded7d89152", 0xc2}, {&(0x7f00000005c0)="4873f053726bc13a1218f361d988a6ea82000342c100db368510d68f76606978c6a5096876fd988a1a66eec937dc0f5073bc6ae84209f8936f25984549801d639e3d584b64a2539134bb60d594729ea03423730c175356563f70fa7e010e1b827ba95adaab606a9318b8b1fb14b16bb9", 0x70}, {&(0x7f0000000880)="515923081a8c1a408c117a1720a23a81f532f44acee997673e9c6e6d86d4374c6ba090b7b3a43ad2af6681e3dc258f9b6a30eebf5d5e2901b81106995da1eee8a0c5318d2013e8d621674ceada1732b01c4cf4af3cb790760b78187ab6d25427a86c5d45b97faf7d47b771a89ae98382731711b6713138ddb32d77a78273483efd237f3b1bc8cc09fb3106af354c76f848a95f0bece252a843fa9dc760b7a00fa1bfa5e2c372420f69f342f0ea34afbbba7e039067d120e491be81f54e621a7deba4b67bac7c26880b11184de45defe819d15404c457652be2a607c4363d40224867dbfd6a62173d50960eebc0d32ae19504a11397f5546f5e35707da025c1a81d3b293e03ef530aba9fd915de8e21b5ea0989be5c8190114e58f110f26cdea441be1de35dbeab0e0f78dd506eb8c53cce82cd1c3dca04416f5cd4c6e26333fc2d5c3a79e7d22fe3cef58125beb371c775ec013e430f3bca4f5fae40d4c411aa1581f94f94eaa818ae2fa9220d14e28690a8cf2c8a1bb8d721dd20e576a6fdce5a7ba69af51d92a469a132a1965f96e3c9bd99fe261d62803a81810637e7f1a64f8b3537539d014b2289ba627ca6d55fd132ec26e9897fc296d1a75884d59a180fad2bf5a76b3d6d3c2a540e20258736c8eaf1ee54203761ef44a6cb4cd0e559648ca716e29c2ff67e5392780caa2e9395b329151082557817d83cf86ec1d66ca296dfd799a8cce3e6bf9ee944462f291e1ad4b4586ade1d4197ae2a899af90af8f4011c2e8219d65acf7654af30c52a09e412ae18181f81a282177d84912bd15321d8235caec582427d7856428cbd0ea78dc6cd929f832bf880613b09e919c32099f51ccb5d4fc7dcca77cfe20f4607dc0accc7392c52e6b51c9c30f645604e27205f82d1c5ed673ea3c0fc0a064268ff493b04f91e1e4bb6703b8f43844836a9fa4ab9110ef383e7876c5b1d6a970df2443b71eee4130dc43b037135d1ce7dcb2f78a5a59806c779087a424208580e3021649d27e048f09bb3d2d6816963845948260db720293393f5f3dc18c3c92d02c39793f9354473f11b1bf230adb9cf533a95ec885292bf6b59c9262d1d7d91eba62746a8b98d5da267b4ed4c5fc31aced49680307ff2ea2e5ae49387788313dc4df9c57393aefc7c6293ac91f0520d92e4e17c112f566f17b16dd851af72c1d5f4347018b01e24b8b3fb197c0334da49d0cbcabce6a93ecad1963fc92a9f04ccaa58519d5c6e9e20cdda6a3bc1b388c5faee2a86e53a625f936c0be8bc812ed0f43d9c4dd5065dc41269a3603e026fc439c222d72802ed413796f942b54cbd23aa398dc94dd943e395c741202f14ad8eeb94cf5c97fcc13c6e5e118518575e269a5b03c15d7028a49aedf1e93fd7b289d7bc5ababa85b291cd556836174c2d42f3474c2b19a064b415fc2bc3096918b938faeb31fa8167fcac7e9899060d8b023f607e750815299113b24efcc7368d3e179bcfb2e627c988f675d413d3968c05c0c3eaa168e1e22ed52530636dd1e79f8363dc61a38a2c4f0fdba056bf84e8c1bbfaf1ff67a86d4853a9db99281c1558b5cbce19e59304e3569d3f5fab2d53f51d8524349b03ebd679fc1fdac33597f8cec686d4b732c86d96228a9a00ebbd6cd7a80643a566dde47610f19c148dd450a9179a4b135849da3c69ab301d4ca9fd8b0755c15a53fa6ea2729fe35c786d5718c605eb1914b60d5a64aa506636f1b75bb3cdfcae7db2ded99e5556e6667f7f851d2cc8afc5aecb6597f8f82ba8d6fcc4dbb579d9053b22cc5c99ed7e4ef6278dad595b1f9d88ec207019955b165b5df4aae9cf440745a3001db4696784d8ba7ae506177ccf8e310c55f45654d566aea3b4c2b0fad6c27d5acdf73e7758f0d52cce7b0aca9b75d822b23ef32c9ad4aa37175c11a6167b486b010b4e108fd72256a88244922714c7117ad6f917b907bb7ffb7487a642356b9744e99f23c6fb288b9eb6a426853245ba0c83975ed711e4f2933a1982b3af2b0143b47bed0d7da14e54ba3699147d8e514e62a10fd663c8851a304a693710fdd655e6af65f8967ac855c43b6a991ecc05e23cca82604417af6964615ab73484e8c5a06b04effceba58639b23710dc454be48711d8153773bc226b02cf0c89c13409f736fa9a6c10bee7b2de7bc64772b8c69f4e393c71a0611b76a63562801eb3629148a909a547f1c40680cc0644b40112a3ccc1c6aa73167da66387a474291ffd3f342e075f3d6bfd6e7c35ad688fd3c2040e8aa49ae31d79f995ab2f508ad44d76485d45540da5224857930d1328c7049b125b9b911783d51d8a59bbb8277960779e2fa4f81f564ead5aae6fcb2ce16c57bd35afcbbbeb76401e8508b4086beb70f06945769548cef5dda3af03be06a19974ffd5cf399b3f5421df065dd1382de88abd242e1893533315de6d1a679a16b591dcb8eeb400ed895f3e566f97c824bcff001a5912de353d1c932225cba6725fa056c15bd494acc9df1815f453563c819c9eac65e18b576d7e5b19e7c62be0391583a497f71713a80d327535eae558a9fbc7a694896766068fbbeb6fdb825db2f87f9bc001fbbfc1b4fe7ee41d525669893240452f9143465529366fdac017f56adc040324192076488270cf35ec6caf835d80cb289076d41832341b71fbede3d15eb9a349b78ef18d5ed8b013457b6d029633560cfc8aed9a5ae8ecc47d6eb6cb7495539bd319fea83071ed25fad8aace152585f88a67800bbafae1d6baa9df9d8b3ef0aeaca4e09bf31ff76fc011efaa03d6f825e11d84e649f3ce6f4c0f26ff43c5dfae1408dbd95814d9b2ab83b5d857d8e07953b691b0e5719b29a44cbc1ad711fe4ba6184fc0cf424d260e5bed4caed462a9294fe363f496a445a1b9de91720275eafbbba2d7b56b16bd1c118f9e0d1a1f604cdb4e13a750413acc21232c5b0cbe43f3ccc76046f06f57a023c9b7e77b8666873571f8c4dbc42f02da68419e6ab40252fc451562b2f7a4e3b74ef0054815c20bccfff20fcae388fc8bbbe9bfce212d43061d0a7bb252cfd38c368ddb0400950ebd0fbd94a38db126e9472fc840a76c8aa3ee743ecf110bc2bca2e5d2d3d3be99429534559901c0e8fee63572b009a27183fc2c3a0a84b52430f13ce3e04b95d0f5fc73a90647bf735b244b4595ee7cfbffa8dda2011b47cfc3ad55a43be436fcc2628a492341ba1f0341eb882394ccef93d517b9997a0615153d26604da6471a9cf5f26fd30154c8a8cfed227d0dfee97d71c26a5167dc738a439bb5a11a093e2fd18145d0d3b0d3d1a26c57fccf204ed63b8d6916e8095f89212346b51f9c7831e85b836bbc16caffc3207842501b1250148a0db92e1b6c847607ed044b3f59c07ba02e497923851ccdd2959d402dd6b4da316744b4c8e0a5878290535889934995d9f6eb8dd52d8684b5289b06fb54cf710d3c78c1df088f727a700d7038afd0f917aaaea9d123b7277fe9d6f8eddf108a18a425cfed2c988144b63ed89918469c2e60567b7fa2070250f587290224c2835a4c591a8d3ae15dba7f9ca1ea06e89903c58ec698b6868e21ebf8d7b84ffb6a93fb37493c92cad256110d1c1e33709e8f129a7034b0f4b3c86450fc53ecfa38e9116743c166b852d3c41aa3ee1c6d64bab538c1b4ec998a8760954f2e11190929961e827f3488aafa45377523d6e08621ff05408d551ba4f8344501c6b4c7f1b89dd192ca71b84c72f4dbec796af6b40820b2ffd0d44a15e90963ef47fbfb97310c4506953414bbdbecb5fd8d0825c78182a97e80e904d2e28f4e974b565aaadcc966422ef8f63d6b31ae028d31c5c736e801a8c3ba70d011e52410c335f5e65bcaa2538d8971a82cc8fe9804b9df0299e287adcb79e8814113d86b1ba0365018e0b3254f0cd994dd55f61c37c0338017fed90b4076821126fb26082b8ef45dd8d3d69a8855596b61f5bfb770fae52fc02cfcf7313a79ff44071aaf8da22f9dd99a974f9565a13196a9afe6cd49e86de1f05926b61c8a039868b2969fedc54b06bbd080907799ef2fc245cb4cf173a3524dd7d9a2827573321ed90465b6acf740ba790b55a292410446db8c1b63aaba608c9e255b7341a56eef02dad5f7dbb81e5a888e725a18e6cb8a236c2d77cc7cdc01dff5d967d78112d7bcd54c6344b331976ab2de0a0a271898afea107d3fb52e48857c0d2dbb17b5ae81c914de4550d5ef161d15483177be1630646983b09615a443c6d8a956433ec9082c6eb8941069de964f8e71006a11956b62ff65360f46036e8852d5908ebc795bf270073241bd90bfb813d0e9fc81346c5fb8fb870c08877ca8be407cd85537eeac968185fdd4e5fbea24c9bcbeb683e0b4c8d33f5efe2f1617f29d68f2271dd3b20a8fcc42b93b0be6619879448234099c9c8787c911958169361706bbda279afd1b475b069e8996136c6c54cc853f3af838d6553b09da2baebb4a555ba655422e78169b94ccc8cf5f8b13c6146a8892f1f6435c956e561b3c7a0be59f4660da527d4680f512fb845e2a6211d1c74a4cdfac2cea65b236d8f708f9ae035c5d99759fd86ef853ffdb50eec67a2d0c919bfb340b934d7087eee6f25f5d1a812205785f651be2a25aaad9faed653130f3c7953593801593125d17399243e3fa602cb7b8591012d9ac469c804912fcbf6b7be92336cf6829be38837384a1fae1a6442f95aee2e3d6abda09312fe8a8a054d0f26676831fdf5c93c6630c4bfed18eeffb54fe24573fb1556523cb3146481e3a0b723e0fe44092464c5de3a9a040a93d342b91e45f9ce8300abe8f8268b19ade0bf800771c329b81c74ee56c99d39fefc79b67732ed5a12ac0145d7cec05563c0f7860837d8425ee867c15175e7c1c1f32debb8e63503fd7acb414fb14628c2c2644f0ead343ead426e19fd643f0a14eb29658232a202c422d9a9b3bb34937eab5d84a92cf84f22536c42f6ce91d0e6b70f30fc3b1a8f91660410a4528a5a58e32ef2be2f7e382508440d16e7709edc913f97946b2acfdc53b2144ba5b7ba94a3c34f80f3e5b5f2953ca3b61c8ab413590c86886a55840dc4dcba4fc6010120aaeb34644f7871a71b2b388732672a9803faafa86edfd76ac213764775d933cf0ee618a0e6b5aad39a73ab45aeebfa410aa12a47fcc74004b5a1c46e02ad4ac08f630b39dece61990ee4a3a67d7a09f46758c7dfd4c022e85a5910ba3221db353b79bdac6725eebb81c5d7c50a30ad808479f44a33db88f0b501ef65a999385b9bbb966849ff8d2a80dc3bad0d53bfc89476ea0f7895dd9fe4093366c5b832b998688eb942d044cdafe78f0f7e2098c6662cb73de5e975452b1498a43d672b0ff62b450a43208c336916c26a98c897ff80b797021f5f368e07ae651a336c156cc763fe3dff9e884f5ce34d04716b9151eea14a3f0633e36af181a45696d5a463d699b5bb6f72c4627cead29bf7d82168b6914ce28e65232f36b9f18baa41a393eb5d22a0f19005a8ee5b47b4771bdbff4a948719de717a04ab9f14db11a5a3b8d34e1e10da98bac83bfdebe41c2d019dc9ea412967498c023c21e32e3082c7091adeb0f9cdda895f5e9b1dd0975b00dafa8b6bf310523b350dbe88fc298c145e47b86ae28e4d0fedc6834c7969b42d0bae44d9ec5218829dc679d4623826f1a078147e5bc2924dea14d26ffcf3ffa72f334eefc1a69ce2f0cee5bf4ddfc38469bdfc34ff1638486dacec761e8bff291e2de1d43b3f571df6feaa6673a0b19b5a63c", 0x1000}, {&(0x7f0000000640)="64e0c78fc21abc9594d7100862ce630eff252bb28f697084904ea3cbf734a7737455636c7447862f867bc5b731785f0d5ef143a768d8f351642210487b95f7c60b68a3", 0x43}], 0x4, &(0x7f0000001880)=[@rights={{0x2c, 0x1, 0x1, [r3, r5, r0, r7, r8, r4, r9]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, r4]}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r1, r3, r4, r1]}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [r1, r2]}}], 0xb0, 0x4000}}], 0x1, 0x0) (async)
r10 = signalfd4(r4, &(0x7f0000000380)={[0xe5]}, 0x8, 0x0)
execveat(r10, &(0x7f0000000440)='./bus\x00', 0x0, &(0x7f0000000840)=[&(0x7f00000006c0)='\x00', 0x0], 0x100) (async, rerun: 64)
r11 = socket$bt_hidp(0x1f, 0x3, 0x6) (rerun: 64)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x2061885, &(0x7f0000000340)={'trans=fd,', {'rfdno', 0x3d, r10}, 0x2c, {'wfdno', 0x3d, r11}, 0x2c, {[{@dfltgid={'dfltgid', 0x3d, 0xee01}}, {@mmap}, {@msize={'msize', 0x3d, 0x2}}, {@version_u}, {@version_9p2000}], [{@defcontext={'defcontext', 0x3d, 'unconfined_u'}}]}}) (async)
r12 = socket$netlink(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r12, 0x8933, &(0x7f0000000040)={'team0\x00', <r13=>0x0})
sendmsg$nl_route(r12, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="48000000100005ff00000000000000000000004a", @ANYRES32=0x0, @ANYBLOB="00036cc900000000140012800b00010062617461647600000400028008000a00", @ANYRES32=r13], 0x48}}, 0x0)
fcntl$setstatus(r12, 0x4, 0x46000)
ioctl$F2FS_IOC_RELEASE_VOLATILE_WRITE(0xffffffffffffffff, 0xf504, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:01:27 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000))
connect$unix(0xffffffffffffffff, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000008c0)='net/mcfilter6\x00')
r0 = socket$key(0xf, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x176}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(0x0, 0x0, &(0x7f0000000480)=0x3008)
sched_setscheduler(r1, 0x1, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$loop_ctrl(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413e850000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
chdir(&(0x7f00000001c0)='./bus\x00')
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0) (fail_nth: 68)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
setfsuid(0x0)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)
r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
recvmmsg(r7, &(0x7f0000002e80)=[{{&(0x7f00000003c0)=@nl=@proc, 0x80, &(0x7f0000000340)=[{0x0}, {&(0x7f00000013c0)=""/78, 0x4e}], 0x2, &(0x7f0000001740)=""/229, 0xe5}, 0x5}, {{&(0x7f0000001440)=@caif=@util, 0x80, &(0x7f0000001d80)=[{&(0x7f0000001840)=""/236, 0xec}, {&(0x7f0000000440)=""/20, 0x14}, {&(0x7f00000014c0)=""/43, 0x2b}, {&(0x7f0000001b80)=""/197, 0xc5}, {&(0x7f0000001940)=""/101, 0x65}, {&(0x7f00000016c0)=""/55, 0x37}, {&(0x7f0000001c80)=""/229, 0xe5}], 0x7, &(0x7f0000001e00)=""/1, 0x1}, 0x24000}, {{&(0x7f0000001e40)=@in6={0xa, 0x0, 0x0, @private2}, 0x80, &(0x7f0000001f80)=[{&(0x7f0000001ec0)=""/151, 0x97}, {&(0x7f0000002480)=""/184, 0xb8}, {&(0x7f0000002540)=""/151, 0x97}, {&(0x7f0000002780)=""/248, 0xf8}], 0x4, &(0x7f0000002880)=""/127, 0x7f}, 0xa9}, {{&(0x7f0000002900)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x80, &(0x7f0000001fc0)=[{&(0x7f0000002980)=""/98, 0x62}], 0x1, &(0x7f0000002140)=""/1, 0x1}, 0x3}, {{&(0x7f0000002a00)=@nl=@proc, 0x80, &(0x7f0000002c80)=[{&(0x7f0000002a80)=""/88, 0x58}, {&(0x7f0000002b00)=""/198, 0xc6}, {&(0x7f0000002c00)=""/106, 0x6a}], 0x3, &(0x7f0000002cc0)=""/36, 0x24}, 0x7}], 0x5, 0x1, &(0x7f0000002e40)={0x77359400})
sendmsg$key(r0, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)

02:01:27 executing program 3:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000002a00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={0x0, r3}, 0x10)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:01:27 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x111, 0x0)

[ 1310.924300][T18938] 9pnet: Insufficient options for proto=fd
[ 1311.067669][T18896] 9pnet: bogus RWRITE count (2 > 1)
[ 1311.078254][T18952] FAULT_INJECTION: forcing a failure.
[ 1311.078254][T18952] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1311.091755][T18952] CPU: 0 PID: 18952 Comm: syz-executor.4 Tainted: G        W         5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1311.103453][T18952] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1311.113490][T18952] Call Trace:
[ 1311.116761][T18952]  dump_stack_lvl+0x1e2/0x24b
[ 1311.121433][T18952]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1311.126869][T18952]  dump_stack+0x15/0x17
[ 1311.131009][T18952]  should_fail+0x3c0/0x510
[ 1311.135402][T18952]  should_fail_alloc_page+0x50/0x60
[ 1311.140581][T18952]  __alloc_pages_nodemask+0x1c0/0x890
[ 1311.145930][T18952]  ? loop_add+0x58f/0x760
[ 1311.150419][T18952]  ? loop_control_ioctl+0x564/0x740
[ 1311.155597][T18952]  ? __se_sys_ioctl+0x115/0x190
[ 1311.160436][T18952]  ? gfp_pfmemalloc_allowed+0x120/0x120
[ 1311.166049][T18952]  ? __kasan_check_write+0x14/0x20
[ 1311.171136][T18952]  ? lockref_get+0x1b3/0x2a0
[ 1311.175712][T18952]  ? __kasan_check_write+0x14/0x20
[ 1311.180802][T18952]  __get_free_pages+0xe/0x30
[ 1311.185385][T18952]  selinux_genfs_get_sid+0x56/0x250
[ 1311.190565][T18952]  inode_doinit_with_dentry+0x858/0x1030
[ 1311.196178][T18952]  ? sb_finish_set_opts+0x7f0/0x7f0
[ 1311.201444][T18952]  ? current_time+0x1c4/0x310
[ 1311.206102][T18952]  selinux_d_instantiate+0x27/0x40
[ 1311.211193][T18952]  security_d_instantiate+0xa5/0x100
[ 1311.216561][T18952]  d_instantiate+0x55/0x90
[ 1311.220964][T18952]  __debugfs_create_file+0x2d7/0x4a0
[ 1311.226236][T18952]  ? up_write+0x19/0xd0
[ 1311.230370][T18952]  debugfs_create_file+0x4a/0x60
[ 1311.235285][T18952]  bdi_register_va+0x2ab/0x600
[ 1311.240027][T18952]  bdi_register+0xd1/0x120
[ 1311.244430][T18952]  ? __device_add_disk+0x536/0x11d0
[ 1311.249602][T18952]  ? bdi_register_va+0x600/0x600
[ 1311.254524][T18952]  ? vsnprintf+0x1bfd/0x1cd0
[ 1311.259105][T18952]  ? __kasan_check_read+0x11/0x20
[ 1311.264121][T18952]  ? blk_alloc_devt+0xd4/0x320
[ 1311.268949][T18952]  __device_add_disk+0x5cb/0x11d0
[ 1311.273959][T18952]  ? device_add_disk+0x40/0x40
[ 1311.278713][T18952]  ? loop_add+0x400/0x760
[ 1311.283020][T18952]  ? vsprintf+0x40/0x40
[ 1311.287172][T18952]  device_add_disk+0x2a/0x40
[ 1311.291739][T18952]  loop_add+0x58f/0x760
[ 1311.295873][T18952]  loop_control_ioctl+0x564/0x740
[ 1311.300875][T18952]  ? loop_remove+0xb0/0xb0
[ 1311.305269][T18952]  ? __fget_files+0x310/0x370
[ 1311.309924][T18952]  ? security_file_ioctl+0xb1/0xd0
[ 1311.315013][T18952]  ? loop_remove+0xb0/0xb0
[ 1311.319507][T18952]  __se_sys_ioctl+0x115/0x190
[ 1311.324160][T18952]  __x64_sys_ioctl+0x7b/0x90
[ 1311.328739][T18952]  do_syscall_64+0x34/0x70
[ 1311.333142][T18952]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1311.339023][T18952] RIP: 0033:0x7f6ee1968169
[ 1311.343441][T18952] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1311.363020][T18952] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1311.371411][T18952] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1311.379362][T18952] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
[ 1311.387484][T18952] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
[ 1311.395430][T18952] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1311.403396][T18952] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
02:01:27 executing program 5:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x700, 0x0)

02:01:27 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x113, 0x0)

02:01:27 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="f472616e733d66642c7266646e6f3d", @ANYRESHEX=r0, @ANYRESHEX=r0, @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000480), 0x103, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
r5 = signalfd4(r4, &(0x7f0000000380)={[0xe5]}, 0x8, 0x0)
execveat(r5, &(0x7f0000000440)='./bus\x00', 0x0, &(0x7f0000000840)=[&(0x7f00000006c0)='\x00', 0x0], 0x100)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x11, 0x4, &(0x7f0000000280)=@raw=[@map_fd={0x18, 0x1, 0x1, 0x0, 0x1}, @call={0x85, 0x0, 0x0, 0xbc}, @ldst={0x2, 0x1, 0x6, 0x8, 0xb, 0xffffffffffffffc0, 0x4}], &(0x7f0000000340)='GPL\x00', 0x0, 0xe0, &(0x7f0000000380)=""/224, 0x1f00, 0x11, '\x00', 0x0, 0x0, r3, 0x8, &(0x7f00000004c0)={0x3, 0x4}, 0x8, 0x10, &(0x7f0000000500)={0x3, 0x9, 0xfff, 0x6}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000540)=[r2, 0xffffffffffffffff, r0, r5]}, 0x80)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r6 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
ioctl$sock_SIOCBRADDBR(r6, 0x89a0, &(0x7f0000000100)='dvmrp0\x00')
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x18, 0xa, &(0x7f0000000600)=@raw=[@kfunc={0x85, 0x0, 0x2, 0x0, 0x5}, @map_val={0x18, 0x3, 0x2, 0x0, r5, 0x0, 0x0, 0x0, 0x40000000}, @cb_func={0x18, 0x5, 0x4, 0x0, 0xfffffffffffffffc}, @map_idx_val={0x18, 0x5, 0x6, 0x0, 0x2, 0x0, 0x0, 0x0, 0x200}, @jmp={0x5, 0x0, 0x1, 0x2, 0x1, 0x1, 0xffffffffffffffff}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0xe, 0x0, 0x0, 0x0, 0x6}], &(0x7f0000000680)='syzkaller\x00', 0x2, 0x0, 0x0, 0x41100, 0x7, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000000700)={0x8, 0x5}, 0x8, 0x10, &(0x7f0000000740)={0x4, 0xf, 0x7b, 0xc50d}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000780)=[r5]}, 0x80)
open_tree(r2, &(0x7f0000000000)='./file0\x00', 0x88000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:01:28 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x115, 0x0)

02:01:28 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x700, 0x0)

[ 1312.033873][T18963] 9pnet: bogus RWRITE count (2 > 1)
[ 1312.088568][T18980] 9pnet: bogus RWRITE count (2 > 1)
02:01:28 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x1ef4, 0x0)

02:01:28 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000))
connect$unix(0xffffffffffffffff, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000008c0)='net/mcfilter6\x00')
r0 = socket$key(0xf, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x176}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(0x0, 0x0, &(0x7f0000000480)=0x3008)
sched_setscheduler(r1, 0x1, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$loop_ctrl(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413e850000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
chdir(&(0x7f00000001c0)='./bus\x00')
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0) (fail_nth: 69)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
setfsuid(0x0)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)
r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
recvmmsg(r7, &(0x7f0000002e80)=[{{&(0x7f00000003c0)=@nl=@proc, 0x80, &(0x7f0000000340)=[{0x0}, {&(0x7f00000013c0)=""/78, 0x4e}], 0x2, &(0x7f0000001740)=""/229, 0xe5}, 0x5}, {{&(0x7f0000001440)=@caif=@util, 0x80, &(0x7f0000001d80)=[{&(0x7f0000001840)=""/236, 0xec}, {&(0x7f0000000440)=""/20, 0x14}, {&(0x7f00000014c0)=""/43, 0x2b}, {&(0x7f0000001b80)=""/197, 0xc5}, {&(0x7f0000001940)=""/101, 0x65}, {&(0x7f00000016c0)=""/55, 0x37}, {&(0x7f0000001c80)=""/229, 0xe5}], 0x7, &(0x7f0000001e00)=""/1, 0x1}, 0x24000}, {{&(0x7f0000001e40)=@in6={0xa, 0x0, 0x0, @private2}, 0x80, &(0x7f0000001f80)=[{&(0x7f0000001ec0)=""/151, 0x97}, {&(0x7f0000002480)=""/184, 0xb8}, {&(0x7f0000002540)=""/151, 0x97}, {&(0x7f0000002780)=""/248, 0xf8}], 0x4, &(0x7f0000002880)=""/127, 0x7f}, 0xa9}, {{&(0x7f0000002900)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x80, &(0x7f0000001fc0)=[{&(0x7f0000002980)=""/98, 0x62}], 0x1, &(0x7f0000002140)=""/1, 0x1}, 0x3}, {{&(0x7f0000002a00)=@nl=@proc, 0x80, &(0x7f0000002c80)=[{&(0x7f0000002a80)=""/88, 0x58}, {&(0x7f0000002b00)=""/198, 0xc6}, {&(0x7f0000002c00)=""/106, 0x6a}], 0x3, &(0x7f0000002cc0)=""/36, 0x24}, 0x7}], 0x5, 0x1, &(0x7f0000002e40)={0x77359400})
sendmsg$key(r0, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)

02:01:28 executing program 3:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000002a00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={0x0, r3}, 0x10)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:01:28 executing program 5:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x700, 0x0)

02:01:28 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x1001, 0x0)

[ 1312.234013][T18909] 9pnet: bogus RWRITE count (2 > 1)
[ 1312.376240][T18992] FAULT_INJECTION: forcing a failure.
[ 1312.376240][T18992] name failslab, interval 1, probability 0, space 0, times 0
[ 1312.389039][T18992] CPU: 1 PID: 18992 Comm: syz-executor.4 Tainted: G        W         5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1312.400732][T18992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1312.410765][T18992] Call Trace:
[ 1312.414038][T18992]  dump_stack_lvl+0x1e2/0x24b
[ 1312.418693][T18992]  ? panic+0x7d7/0x7d7
[ 1312.422736][T18992]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1312.428169][T18992]  ? _raw_spin_lock_bh+0xa3/0x1b0
[ 1312.433168][T18992]  ? _raw_spin_lock_irq+0x1b0/0x1b0
[ 1312.438355][T18992]  dump_stack+0x15/0x17
[ 1312.442489][T18992]  should_fail+0x3c0/0x510
[ 1312.446881][T18992]  ? kobj_map+0x72/0x6f0
[ 1312.451103][T18992]  __should_failslab+0x9f/0xe0
[ 1312.455841][T18992]  should_failslab+0x9/0x20
[ 1312.460329][T18992]  __kmalloc+0x60/0x360
[ 1312.464548][T18992]  ? __device_add_disk+0x536/0x11d0
[ 1312.469723][T18992]  kobj_map+0x72/0x6f0
[ 1312.473765][T18992]  ? exact_match+0x20/0x20
[ 1312.478157][T18992]  ? bdev_check_media_change+0x4c0/0x4c0
[ 1312.483765][T18992]  __device_add_disk+0x663/0x11d0
[ 1312.488766][T18992]  ? device_add_disk+0x40/0x40
[ 1312.493504][T18992]  ? loop_add+0x400/0x760
[ 1312.497811][T18992]  ? vsprintf+0x40/0x40
[ 1312.501979][T18992]  device_add_disk+0x2a/0x40
[ 1312.506554][T18992]  loop_add+0x58f/0x760
[ 1312.510686][T18992]  loop_control_ioctl+0x564/0x740
[ 1312.515684][T18992]  ? loop_remove+0xb0/0xb0
[ 1312.520080][T18992]  ? __fget_files+0x310/0x370
[ 1312.524744][T18992]  ? security_file_ioctl+0xb1/0xd0
[ 1312.529842][T18992]  ? loop_remove+0xb0/0xb0
[ 1312.534240][T18992]  __se_sys_ioctl+0x115/0x190
[ 1312.538900][T18992]  __x64_sys_ioctl+0x7b/0x90
[ 1312.543484][T18992]  do_syscall_64+0x34/0x70
[ 1312.547885][T18992]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1312.553750][T18992] RIP: 0033:0x7f6ee1968169
[ 1312.558144][T18992] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1312.577727][T18992] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1312.586119][T18992] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1312.594077][T18992] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
[ 1312.602050][T18992] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
[ 1312.610002][T18992] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1312.617952][T18992] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
02:01:29 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15) (async)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) (async)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="f472616e733d66642c7266646e6f3d", @ANYRESHEX=r0, @ANYRESHEX=r0, @ANYRESHEX=r1]) (async)
socketpair$unix(0x1, 0x0, 0x0, 0x0) (async)
r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000480), 0x103, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) (async)
r5 = signalfd4(r4, &(0x7f0000000380)={[0xe5]}, 0x8, 0x0)
execveat(r5, &(0x7f0000000440)='./bus\x00', 0x0, &(0x7f0000000840)=[&(0x7f00000006c0)='\x00', 0x0], 0x100)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x11, 0x4, &(0x7f0000000280)=@raw=[@map_fd={0x18, 0x1, 0x1, 0x0, 0x1}, @call={0x85, 0x0, 0x0, 0xbc}, @ldst={0x2, 0x1, 0x6, 0x8, 0xb, 0xffffffffffffffc0, 0x4}], &(0x7f0000000340)='GPL\x00', 0x0, 0xe0, &(0x7f0000000380)=""/224, 0x1f00, 0x11, '\x00', 0x0, 0x0, r3, 0x8, &(0x7f00000004c0)={0x3, 0x4}, 0x8, 0x10, &(0x7f0000000500)={0x3, 0x9, 0xfff, 0x6}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000540)=[r2, 0xffffffffffffffff, r0, r5]}, 0x80) (async)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r6 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
ioctl$sock_SIOCBRADDBR(r6, 0x89a0, &(0x7f0000000100)='dvmrp0\x00')
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x18, 0xa, &(0x7f0000000600)=@raw=[@kfunc={0x85, 0x0, 0x2, 0x0, 0x5}, @map_val={0x18, 0x3, 0x2, 0x0, r5, 0x0, 0x0, 0x0, 0x40000000}, @cb_func={0x18, 0x5, 0x4, 0x0, 0xfffffffffffffffc}, @map_idx_val={0x18, 0x5, 0x6, 0x0, 0x2, 0x0, 0x0, 0x0, 0x200}, @jmp={0x5, 0x0, 0x1, 0x2, 0x1, 0x1, 0xffffffffffffffff}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0xe, 0x0, 0x0, 0x0, 0x6}], &(0x7f0000000680)='syzkaller\x00', 0x2, 0x0, 0x0, 0x41100, 0x7, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000000700)={0x8, 0x5}, 0x8, 0x10, &(0x7f0000000740)={0x4, 0xf, 0x7b, 0xc50d}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000780)=[r5]}, 0x80) (async)
open_tree(r2, &(0x7f0000000000)='./file0\x00', 0x88000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:01:29 executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x1f08, 0x0)

02:01:29 executing program 5:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x700, 0x0)

02:01:29 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x1ef6, 0x0)

02:01:29 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000))
connect$unix(0xffffffffffffffff, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000008c0)='net/mcfilter6\x00')
r0 = socket$key(0xf, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x176}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(0x0, 0x0, &(0x7f0000000480)=0x3008)
sched_setscheduler(r1, 0x1, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$loop_ctrl(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413e850000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
chdir(&(0x7f00000001c0)='./bus\x00')
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0) (fail_nth: 70)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
setfsuid(0x0)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)
r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
recvmmsg(r7, &(0x7f0000002e80)=[{{&(0x7f00000003c0)=@nl=@proc, 0x80, &(0x7f0000000340)=[{0x0}, {&(0x7f00000013c0)=""/78, 0x4e}], 0x2, &(0x7f0000001740)=""/229, 0xe5}, 0x5}, {{&(0x7f0000001440)=@caif=@util, 0x80, &(0x7f0000001d80)=[{&(0x7f0000001840)=""/236, 0xec}, {&(0x7f0000000440)=""/20, 0x14}, {&(0x7f00000014c0)=""/43, 0x2b}, {&(0x7f0000001b80)=""/197, 0xc5}, {&(0x7f0000001940)=""/101, 0x65}, {&(0x7f00000016c0)=""/55, 0x37}, {&(0x7f0000001c80)=""/229, 0xe5}], 0x7, &(0x7f0000001e00)=""/1, 0x1}, 0x24000}, {{&(0x7f0000001e40)=@in6={0xa, 0x0, 0x0, @private2}, 0x80, &(0x7f0000001f80)=[{&(0x7f0000001ec0)=""/151, 0x97}, {&(0x7f0000002480)=""/184, 0xb8}, {&(0x7f0000002540)=""/151, 0x97}, {&(0x7f0000002780)=""/248, 0xf8}], 0x4, &(0x7f0000002880)=""/127, 0x7f}, 0xa9}, {{&(0x7f0000002900)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x80, &(0x7f0000001fc0)=[{&(0x7f0000002980)=""/98, 0x62}], 0x1, &(0x7f0000002140)=""/1, 0x1}, 0x3}, {{&(0x7f0000002a00)=@nl=@proc, 0x80, &(0x7f0000002c80)=[{&(0x7f0000002a80)=""/88, 0x58}, {&(0x7f0000002b00)=""/198, 0xc6}, {&(0x7f0000002c00)=""/106, 0x6a}], 0x3, &(0x7f0000002cc0)=""/36, 0x24}, 0x7}], 0x5, 0x1, &(0x7f0000002e40)={0x77359400})
sendmsg$key(r0, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)

[ 1313.347326][T19030] FAULT_INJECTION: forcing a failure.
[ 1313.347326][T19030] name failslab, interval 1, probability 0, space 0, times 0
[ 1313.359960][T19030] CPU: 0 PID: 19030 Comm: syz-executor.4 Tainted: G        W         5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1313.371653][T19030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1313.381700][T19030] Call Trace:
[ 1313.384977][T19030]  dump_stack_lvl+0x1e2/0x24b
[ 1313.389628][T19030]  ? panic+0x7d7/0x7d7
[ 1313.393675][T19030]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1313.399122][T19030]  ? _raw_spin_lock_bh+0xa3/0x1b0
[ 1313.404123][T19030]  ? _raw_spin_lock_irq+0x1b0/0x1b0
[ 1313.409298][T19030]  dump_stack+0x15/0x17
[ 1313.413432][T19030]  should_fail+0x3c0/0x510
[ 1313.417825][T19030]  ? kobj_map+0x72/0x6f0
[ 1313.422054][T19030]  __should_failslab+0x9f/0xe0
[ 1313.426792][T19030]  should_failslab+0x9/0x20
[ 1313.431266][T19030]  __kmalloc+0x60/0x360
[ 1313.435401][T19030]  ? __device_add_disk+0x536/0x11d0
[ 1313.440573][T19030]  kobj_map+0x72/0x6f0
[ 1313.444703][T19030]  ? exact_match+0x20/0x20
[ 1313.449100][T19030]  ? bdev_check_media_change+0x4c0/0x4c0
[ 1313.454712][T19030]  __device_add_disk+0x663/0x11d0
[ 1313.459731][T19030]  ? device_add_disk+0x40/0x40
[ 1313.464479][T19030]  ? loop_add+0x400/0x760
[ 1313.468792][T19030]  ? vsprintf+0x40/0x40
[ 1313.472932][T19030]  device_add_disk+0x2a/0x40
[ 1313.477537][T19030]  loop_add+0x58f/0x760
[ 1313.481678][T19030]  loop_control_ioctl+0x564/0x740
[ 1313.486683][T19030]  ? loop_remove+0xb0/0xb0
[ 1313.491079][T19030]  ? __fget_files+0x310/0x370
[ 1313.495737][T19030]  ? security_file_ioctl+0xb1/0xd0
[ 1313.500827][T19030]  ? loop_remove+0xb0/0xb0
[ 1313.505223][T19030]  __se_sys_ioctl+0x115/0x190
[ 1313.509881][T19030]  __x64_sys_ioctl+0x7b/0x90
[ 1313.514454][T19030]  do_syscall_64+0x34/0x70
[ 1313.518848][T19030]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1313.524740][T19030] RIP: 0033:0x7f6ee1968169
[ 1313.529138][T19030] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1313.548814][T19030] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1313.557222][T19030] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1313.565172][T19030] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
[ 1313.573120][T19030] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
[ 1313.581069][T19030] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1313.589020][T19030] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
02:01:30 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18) (async)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) (async)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="f472616e733d66642c7266646e6f3d", @ANYRESHEX=r0, @ANYRESHEX=r0, @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0) (async)
r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000480), 0x103, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
r5 = signalfd4(r4, &(0x7f0000000380)={[0xe5]}, 0x8, 0x0)
execveat(r5, &(0x7f0000000440)='./bus\x00', 0x0, &(0x7f0000000840)=[&(0x7f00000006c0)='\x00', 0x0], 0x100) (async, rerun: 64)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x11, 0x4, &(0x7f0000000280)=@raw=[@map_fd={0x18, 0x1, 0x1, 0x0, 0x1}, @call={0x85, 0x0, 0x0, 0xbc}, @ldst={0x2, 0x1, 0x6, 0x8, 0xb, 0xffffffffffffffc0, 0x4}], &(0x7f0000000340)='GPL\x00', 0x0, 0xe0, &(0x7f0000000380)=""/224, 0x1f00, 0x11, '\x00', 0x0, 0x0, r3, 0x8, &(0x7f00000004c0)={0x3, 0x4}, 0x8, 0x10, &(0x7f0000000500)={0x3, 0x9, 0xfff, 0x6}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000540)=[r2, 0xffffffffffffffff, r0, r5]}, 0x80) (async, rerun: 64)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r6 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
ioctl$sock_SIOCBRADDBR(r6, 0x89a0, &(0x7f0000000100)='dvmrp0\x00') (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x18, 0xa, &(0x7f0000000600)=@raw=[@kfunc={0x85, 0x0, 0x2, 0x0, 0x5}, @map_val={0x18, 0x3, 0x2, 0x0, r5, 0x0, 0x0, 0x0, 0x40000000}, @cb_func={0x18, 0x5, 0x4, 0x0, 0xfffffffffffffffc}, @map_idx_val={0x18, 0x5, 0x6, 0x0, 0x2, 0x0, 0x0, 0x0, 0x200}, @jmp={0x5, 0x0, 0x1, 0x2, 0x1, 0x1, 0xffffffffffffffff}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0xe, 0x0, 0x0, 0x0, 0x6}], &(0x7f0000000680)='syzkaller\x00', 0x2, 0x0, 0x0, 0x41100, 0x7, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000000700)={0x8, 0x5}, 0x8, 0x10, &(0x7f0000000740)={0x4, 0xf, 0x7b, 0xc50d}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000780)=[r5]}, 0x80) (async)
open_tree(r2, &(0x7f0000000000)='./file0\x00', 0x88000) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:01:30 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000))
connect$unix(0xffffffffffffffff, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000008c0)='net/mcfilter6\x00')
r0 = socket$key(0xf, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x176}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(0x0, 0x0, &(0x7f0000000480)=0x3008)
sched_setscheduler(r1, 0x1, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$loop_ctrl(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413e850000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
chdir(&(0x7f00000001c0)='./bus\x00')
ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0) (fail_nth: 71)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
setfsuid(0x0)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)
r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
recvmmsg(r7, &(0x7f0000002e80)=[{{&(0x7f00000003c0)=@nl=@proc, 0x80, &(0x7f0000000340)=[{0x0}, {&(0x7f00000013c0)=""/78, 0x4e}], 0x2, &(0x7f0000001740)=""/229, 0xe5}, 0x5}, {{&(0x7f0000001440)=@caif=@util, 0x80, &(0x7f0000001d80)=[{&(0x7f0000001840)=""/236, 0xec}, {&(0x7f0000000440)=""/20, 0x14}, {&(0x7f00000014c0)=""/43, 0x2b}, {&(0x7f0000001b80)=""/197, 0xc5}, {&(0x7f0000001940)=""/101, 0x65}, {&(0x7f00000016c0)=""/55, 0x37}, {&(0x7f0000001c80)=""/229, 0xe5}], 0x7, &(0x7f0000001e00)=""/1, 0x1}, 0x24000}, {{&(0x7f0000001e40)=@in6={0xa, 0x0, 0x0, @private2}, 0x80, &(0x7f0000001f80)=[{&(0x7f0000001ec0)=""/151, 0x97}, {&(0x7f0000002480)=""/184, 0xb8}, {&(0x7f0000002540)=""/151, 0x97}, {&(0x7f0000002780)=""/248, 0xf8}], 0x4, &(0x7f0000002880)=""/127, 0x7f}, 0xa9}, {{&(0x7f0000002900)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x80, &(0x7f0000001fc0)=[{&(0x7f0000002980)=""/98, 0x62}], 0x1, &(0x7f0000002140)=""/1, 0x1}, 0x3}, {{&(0x7f0000002a00)=@nl=@proc, 0x80, &(0x7f0000002c80)=[{&(0x7f0000002a80)=""/88, 0x58}, {&(0x7f0000002b00)=""/198, 0xc6}, {&(0x7f0000002c00)=""/106, 0x6a}], 0x3, &(0x7f0000002cc0)=""/36, 0x24}, 0x7}], 0x5, 0x1, &(0x7f0000002e40)={0x77359400})
sendmsg$key(r0, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x7, 0x2}, 0x10}}, 0x0)

02:01:30 executing program 5:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x700, 0x0)

02:01:30 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x1ef8, 0x0)

[ 1314.275500][T19063] FAULT_INJECTION: forcing a failure.
[ 1314.275500][T19063] name failslab, interval 1, probability 0, space 0, times 0
[ 1314.288145][T19063] CPU: 0 PID: 19063 Comm: syz-executor.4 Tainted: G        W         5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1314.299838][T19063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1314.309868][T19063] Call Trace:
[ 1314.313155][T19063]  dump_stack_lvl+0x1e2/0x24b
[ 1314.317807][T19063]  ? panic+0x7d7/0x7d7
[ 1314.321851][T19063]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1314.327285][T19063]  ? memcpy+0x56/0x70
[ 1314.331252][T19063]  dump_stack+0x15/0x17
[ 1314.335383][T19063]  should_fail+0x3c0/0x510
[ 1314.339775][T19063]  ? device_add+0xbe/0xbd0
[ 1314.344165][T19063]  __should_failslab+0x9f/0xe0
[ 1314.348903][T19063]  should_failslab+0x9/0x20
[ 1314.353393][T19063]  kmem_cache_alloc_trace+0x3a/0x330
[ 1314.358659][T19063]  ? __kasan_check_write+0x14/0x20
[ 1314.363751][T19063]  device_add+0xbe/0xbd0
[ 1314.367974][T19063]  __device_add_disk+0x77d/0x11d0
[ 1314.372994][T19063]  ? device_add_disk+0x40/0x40
[ 1314.377744][T19063]  ? vsprintf+0x40/0x40
[ 1314.381877][T19063]  device_add_disk+0x2a/0x40
[ 1314.386447][T19063]  loop_add+0x58f/0x760
[ 1314.390578][T19063]  loop_control_ioctl+0x564/0x740
[ 1314.395576][T19063]  ? loop_remove+0xb0/0xb0
[ 1314.399968][T19063]  ? __fget_files+0x310/0x370
[ 1314.404623][T19063]  ? security_file_ioctl+0xb1/0xd0
[ 1314.409709][T19063]  ? loop_remove+0xb0/0xb0
[ 1314.414102][T19063]  __se_sys_ioctl+0x115/0x190
[ 1314.418761][T19063]  __x64_sys_ioctl+0x7b/0x90
[ 1314.423342][T19063]  do_syscall_64+0x34/0x70
[ 1314.427737][T19063]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1314.433611][T19063] RIP: 0033:0x7f6ee1968169
[ 1314.438014][T19063] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1314.457594][T19063] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1314.465992][T19063] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1314.473939][T19063] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
[ 1314.481886][T19063] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
[ 1314.489847][T19063] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1314.497803][T19063] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
[ 1314.505929][T19063] kobject_add_internal failed for queue (error: -2 parent: loop0)
[ 1314.514025][T19063] ------------[ cut here ]------------
[ 1314.519499][T19063] WARNING: CPU: 0 PID: 19063 at fs/sysfs/file.c:328 sysfs_create_files+0x215/0x4a0
[ 1314.528787][T19063] Modules linked in:
[ 1314.532701][T19063] CPU: 0 PID: 19063 Comm: syz-executor.4 Tainted: G        W         5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1314.544433][T19063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1314.554512][T19063] RIP: 0010:sysfs_create_files+0x215/0x4a0
[ 1314.560332][T19063] Code: 24 04 48 b9 00 00 00 00 00 fc ff df 48 8b 54 24 08 4c 8b 74 24 20 eb 2b 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 e8 5b a2 9a ff <0f> 0b c7 44 24 04 ea ff ff ff 48 b9 00 00 00 00 00 fc ff df 48 8b
[ 1314.579966][T19063] RSP: 0018:ffffc90000ca7ae0 EFLAGS: 00010283
[ 1314.586053][T19063] RAX: ffffffff81d27fd1 RBX: ffff88811d0f3098 RCX: 0000000000040000
[ 1314.594034][T19063] RDX: ffffc90004706000 RSI: 000000000002161f RDI: 0000000000021620
[ 1314.602017][T19063] RBP: ffffc90000ca7bb0 R08: ffffffff826c6018 R09: ffffed102144ac0a
[ 1314.610262][T19063] R10: ffffed102144ac0a R11: 1ffff1102144ac09 R12: 0000000000000000
[ 1314.618249][T19063] R13: ffffffff85433120 R14: ffff88811d0f3068 R15: ffffffff8653acc0
[ 1314.626261][T19063] FS:  00007f6ee0699700(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[ 1314.635231][T19063] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1314.641830][T19063] CR2: 00007f6ee0698ff8 CR3: 0000000111ea8000 CR4: 00000000003506b0
[ 1314.649807][T19063] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1314.657802][T19063] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1314.665783][T19063] Call Trace:
[ 1314.669075][T19063]  ? sysfs_create_file_ns+0x2a0/0x2a0
[ 1314.674527][T19063]  ? __kasan_check_write+0x14/0x20
[ 1314.679657][T19063]  ? kobject_get+0xd2/0x120
[ 1314.684215][T19063]  __device_add_disk+0x9cb/0x11d0
[ 1314.689245][T19063]  ? device_add_disk+0x40/0x40
[ 1314.694044][T19063]  ? vsprintf+0x40/0x40
[ 1314.698223][T19063]  device_add_disk+0x2a/0x40
[ 1314.702829][T19063]  loop_add+0x58f/0x760
[ 1314.706988][T19063]  loop_control_ioctl+0x564/0x740
[ 1314.712021][T19063]  ? loop_remove+0xb0/0xb0
[ 1314.716438][T19063]  ? __fget_files+0x310/0x370
[ 1314.721118][T19063]  ? security_file_ioctl+0xb1/0xd0
[ 1314.726275][T19063]  ? loop_remove+0xb0/0xb0
[ 1314.730691][T19063]  __se_sys_ioctl+0x115/0x190
[ 1314.735377][T19063]  __x64_sys_ioctl+0x7b/0x90
[ 1314.739972][T19063]  do_syscall_64+0x34/0x70
[ 1314.744397][T19063]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1314.750548][T19063] RIP: 0033:0x7f6ee1968169
[ 1314.754994][T19063] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1314.774611][T19063] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1314.783041][T19063] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1314.791017][T19063] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
[ 1314.798992][T19063] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
[ 1314.806967][T19063] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1314.815043][T19063] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
[ 1314.823035][T19063] ---[ end trace c3340b11af948376 ]---
[ 1314.828492][T19063] ------------[ cut here ]------------
[ 1314.833946][T19063] kernfs: can not remove 'events', no directory
[ 1314.840297][T19063] WARNING: CPU: 0 PID: 19063 at fs/kernfs/dir.c:1515 kernfs_remove_by_name_ns+0xc0/0x110
[ 1314.850125][T19063] Modules linked in:
[ 1314.854038][T19063] CPU: 0 PID: 19063 Comm: syz-executor.4 Tainted: G        W         5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1314.865751][T19063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1314.875822][T19063] RIP: 0010:kernfs_remove_by_name_ns+0xc0/0x110
[ 1314.882068][T19063] Code: 48 89 df e8 72 ee ff ff 48 89 df e8 8a b1 ff ff 31 db eb 29 e8 c1 00 9b ff 48 c7 c7 40 2f 2d 85 4c 89 fe 31 c0 e8 70 17 6d ff <0f> 0b bb fe ff ff ff eb 16 e8 a2 00 9b ff bb fe ff ff ff 48 c7 c7
[ 1314.901684][T19063] RSP: 0018:ffffc90000ca7ab8 EFLAGS: 00010246
[ 1314.907783][T19063] RAX: 65870efda9817500 RBX: 0000000000000000 RCX: 0000000000040000
[ 1314.915783][T19063] RDX: ffffc90004706000 RSI: 000000000003ffff RDI: 0000000000040000
[ 1314.923762][T19063] RBP: ffffc90000ca7ad0 R08: ffffffff81540db8 R09: fffff52000194e7d
[ 1314.931751][T19063] R10: fffff52000194e7d R11: 1ffff92000194e7c R12: ffffffff8653acc0
[ 1314.940068][T19063] R13: 0000000000000000 R14: 0000000000000000 R15: ffffffff85433100
[ 1314.948044][T19063] FS:  00007f6ee0699700(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[ 1314.956979][T19063] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1314.963586][T19063] CR2: 00007f6ee0698ff8 CR3: 0000000111ea8000 CR4: 00000000003506b0
[ 1314.971559][T19063] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1314.979533][T19063] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1314.987510][T19063] Call Trace:
[ 1314.990799][T19063]  sysfs_create_files+0x40a/0x4a0
[ 1314.995847][T19063]  ? sysfs_create_file_ns+0x2a0/0x2a0
[ 1315.001214][T19063]  ? __kasan_check_write+0x14/0x20
[ 1315.006332][T19063]  ? kobject_get+0xd2/0x120
[ 1315.010840][T19063]  __device_add_disk+0x9cb/0x11d0
[ 1315.015875][T19063]  ? device_add_disk+0x40/0x40
[ 1315.020649][T19063]  ? vsprintf+0x40/0x40
[ 1315.024841][T19063]  device_add_disk+0x2a/0x40
[ 1315.029431][T19063]  loop_add+0x58f/0x760
[ 1315.033594][T19063]  loop_control_ioctl+0x564/0x740
[ 1315.038617][T19063]  ? loop_remove+0xb0/0xb0
[ 1315.043046][T19063]  ? __fget_files+0x310/0x370
[ 1315.047720][T19063]  ? security_file_ioctl+0xb1/0xd0
[ 1315.052842][T19063]  ? loop_remove+0xb0/0xb0
[ 1315.057259][T19063]  __se_sys_ioctl+0x115/0x190
[ 1315.061961][T19063]  __x64_sys_ioctl+0x7b/0x90
[ 1315.066547][T19063]  do_syscall_64+0x34/0x70
[ 1315.070957][T19063]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1315.076857][T19063] RIP: 0033:0x7f6ee1968169
[ 1315.081273][T19063] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1315.100922][T19063] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1315.109800][T19063] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1315.117782][T19063] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000007
[ 1315.125766][T19063] RBP: 00007f6ee06991d0 R08: 0000000000000000 R09: 0000000000000000
[ 1315.133776][T19063] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1315.142107][T19063] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
[ 1315.150101][T19063] ---[ end trace c3340b11af948377 ]---
[ 1315.155586][T19063] loop0: failed to create sysfs files for events
[ 1315.164846][T19063] ------------[ cut here ]------------
[ 1315.170298][T19063] kernfs: can not remove 'events', no directory
[ 1315.176617][T19063] WARNING: CPU: 0 PID: 19063 at fs/kernfs/dir.c:1515 kernfs_remove_by_name_ns+0xc0/0x110
[ 1315.186414][T19063] Modules linked in:
[ 1315.190325][T19063] CPU: 0 PID: 19063 Comm: syz-executor.4 Tainted: G        W         5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1315.202028][T19063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1315.212110][T19063] RIP: 0010:kernfs_remove_by_name_ns+0xc0/0x110
[ 1315.218353][T19063] Code: 48 89 df e8 72 ee ff ff 48 89 df e8 8a b1 ff ff 31 db eb 29 e8 c1 00 9b ff 48 c7 c7 40 2f 2d 85 4c 89 fe 31 c0 e8 70 17 6d ff <0f> 0b bb fe ff ff ff eb 16 e8 a2 00 9b ff bb fe ff ff ff 48 c7 c7
[ 1315.237971][T19063] RSP: 0018:ffffc90000ca7bf8 EFLAGS: 00010246
[ 1315.244063][T19063] RAX: 65870efda9817500 RBX: 0000000000000000 RCX: 0000000000040000
[ 1315.252047][T19063] RDX: ffffc90004706000 RSI: 00000000000015bd RDI: 00000000000015be
[ 1315.260020][T19063] RBP: ffffc90000ca7c10 R08: ffffffff81540db8 R09: fffff52000194ea5
[ 1315.267998][T19063] R10: fffff52000194ea5 R11: 1ffff92000194ea4 R12: 0000000000000000
[ 1315.276010][T19063] R13: ffffffff8653acc0 R14: 0000000000000000 R15: ffffffff85433100
[ 1315.283998][T19063] FS:  00007f6ee0699700(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[ 1315.293023][T19063] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1315.299601][T19063] CR2: 0000001b2ce25000 CR3: 0000000111ea8000 CR4: 00000000003506b0
[ 1315.307581][T19063] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1315.315732][T19063] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1315.323708][T19063] Call Trace:
[ 1315.327000][T19063]  sysfs_remove_files+0xab/0x110
[ 1315.331998][T19063]  del_gendisk+0x278/0xe20
[ 1315.336422][T19063]  ? device_add_disk_no_queue_reg+0x30/0x30
[ 1315.342597][T19063]  ? __radix_tree_delete+0x2ba/0x380
[ 1315.347898][T19063]  ? radix_tree_delete_item+0x261/0x360
[ 1315.353455][T19063]  loop_remove+0x46/0xb0
[ 1315.357875][T19063]  loop_control_ioctl+0x67f/0x740
[ 1315.362923][T19063]  ? loop_remove+0xb0/0xb0
[ 1315.367344][T19063]  ? __fget_files+0x310/0x370
[ 1315.372040][T19063]  ? security_file_ioctl+0xb1/0xd0
[ 1315.377219][T19063]  ? loop_remove+0xb0/0xb0
[ 1315.381642][T19063]  __se_sys_ioctl+0x115/0x190
[ 1315.386339][T19063]  __x64_sys_ioctl+0x7b/0x90
[ 1315.390928][T19063]  do_syscall_64+0x34/0x70
[ 1315.395407][T19063]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1315.401306][T19063] RIP: 0033:0x7f6ee1968169
[ 1315.405729][T19063] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1315.425344][T19063] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1315.433779][T19063] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1315.441763][T19063] RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000007
[ 1315.449729][T19063] RBP: 00007f6ee19c3ca1 R08: 0000000000000000 R09: 0000000000000000
[ 1315.457734][T19063] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1315.465725][T19063] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
[ 1315.473734][T19063] ---[ end trace c3340b11af948378 ]---
[ 1315.479178][T19063] ------------[ cut here ]------------
[ 1315.484636][T19063] kernfs: can not remove 'events_async', no directory
[ 1315.491498][T19063] WARNING: CPU: 0 PID: 19063 at fs/kernfs/dir.c:1515 kernfs_remove_by_name_ns+0xc0/0x110
[ 1315.501303][T19063] Modules linked in:
[ 1315.505216][T19063] CPU: 0 PID: 19063 Comm: syz-executor.4 Tainted: G        W         5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1315.516966][T19063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
02:01:32 executing program 3:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000002a00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={0x0, r3}, 0x10)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

02:01:32 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = getpid()
r4 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000005f40)=<r5=>0x0)
r6 = geteuid()
r7 = getegid()
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000005fc0)=[{{&(0x7f0000003500)=@file={0x1, './file1\x00'}, 0x6e, &(0x7f00000038c0)=[{&(0x7f0000003580)="95fe0e0558e821676c2330a657a21f9ce1d6ab75c0a835c0cb0281ec84b1be057ebebf725211", 0x26}, {&(0x7f00000035c0)="fca8236debb169774e43b53442b4f46fa518f62b66bb761a53a217b5e4518e8c2e511d7c4707094b7d4941d02f5bf00c64a028edfd4728703d1cb116392ac25d37016f22231ab3ee7e5d64de674380447bdb719923dd256f25ee0479944224f2237059d6a290d2ffcd82bb46d00d9cee3309348853fa95d37a2b52b7383ce5e00cd7e538a1531e7a0f377017881f9866a9d443233cbcef950bfebb25b27cbc999418ab606b3d3026b5e1904c4eb6d542aeaba58e581a5c71209866a7882aa5a6b33de987023d9fe4bb7012b9246dd6c3b7d5e47f56e70443163e6adc1f3e8a5fe0ecb91ed4cea514a8f05c91e031eb6c8d32f5b0", 0xf4}, {&(0x7f00000036c0)="004f34b94b2c1422f2931a12ed3e5217177a1b550dfb79e2839d154c100b5382a7dc0680cb8ed3954f151def0423f20478cce70c493b20ffe4676a7cd949cb99092eef90e81d30c22d3f42fb5813adc3d372f9d420051b1782dd15ffd3078b3af41622", 0x63}, {&(0x7f0000003740)="b04fea6e36b6feae330c6936af8ee2", 0xf}, {&(0x7f0000003780)="ea4722526a952e235b70cc339adb33f3b7cc5574846c8a202596d92945300de4910980031cfd0d182f114c6dda40296f3cb4fa19bfd0836dc3ee61992ab0e03486e41aacb2", 0x45}, {&(0x7f0000003800)="0e53b33bb377513453c4e350bda3c9f2a510489f8bf58dbf43459bdf63b149dd61e733bec38190291ea2a50b6ddf1d39f0519e6082cc3a36ba366d22a3d8db7d2bf470f1295c2835f9e39a062696097213ac41a719149a0a5201fe2452c7ac2454bb673414121d9b64a52b14dcd36a6b5a324c113dd94c8e8918a3527d3949880286d23ff56ba38c22150dc11ef8e6ac70b4a3b0391eddfcc5af2cc6ad16182b8193e5", 0xa3}], 0x6, 0x0, 0x0, 0x804}}, {{&(0x7f0000003940)=@abs={0x1, 0x0, 0x4e22}, 0x6e, &(0x7f0000003a00)=[{&(0x7f00000039c0)="4d6473334502733c649f9a72", 0xc}], 0x1, &(0x7f0000003b80)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xee01}}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xee00}}}, @cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {r3}}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, r4]}}], 0xa0, 0x8000}}, {{&(0x7f0000003c40)=@abs={0x1, 0x0, 0x2}, 0x6e, &(0x7f0000004e40)=[{&(0x7f0000003cc0)="545ee4e2f8f64a98b6a99561bebcc0d63cb200586e7347c8b07c1e7498ccd784290b77485f5804e78d3a641ee59d5e5b7869ad7ff53cb3a63b659dc988f89b25f701caecee238da56c3b780159529ebdbed3e4a117aec0a77d0bc8202063400fd3b1f0816684ccede65294566d79b4560daa11bf9082f8c0825311a8fef354b575c49fccfab1776ac8feca34f6a98f1711fe3239c17bd117e82f7859725c2cec6a13750501df48e74cf3c340b3064c90fa3025c50b4d068f7c4cce4f86aeea04b477aaef7809502edd098f12a0aa1e887230d787d7c8df1369b393f28f89e45c63cebc853e518459ff78", 0xea}, {&(0x7f0000003dc0)="0f52a88ef3cb1b768a7c30b0b0f23629c645e9637d6d1249244feec3bafa8104220f689e6338c4a61f86e31740b0be0e5f39a1a8cf210cb42fd6c8524327a3112a5c902c6de809d106c512780c3ac8746b2c4d25f8b496a280bfa8ae4d03b80d5bf23381b92ad0063102e77d1de9830fb06f20e92b849bba07df7232f5da287d726df4881a58ee9364723c12a9352f232a7bd8f9fe19d8c8ad1dee3ae18382d864691f0e66cd636e76db1961d5dbab61c4827bfa0cefe08fd4e64e80839b5a5778c5246bfc2c7046e0596e0e14bdff4c1696ee2736c5ced11952ff3fbd0d202fad8a399366b0e25c2c2af183605b0427ad473f06013308aa6ed00b4120199fe9806627576eadcdf37e3b5c755a73cf3c4f1c53f5c03c4b45e321d20f3e22df2d2430bcb5ea433d924d3fef963c14dc24a15638a9cd5828f96f887ed0d6001fef1249388d563c26a1828a049e99d1590173126326be2a18d83c969c4c16ad2112e0783f38528e225442aa2635019a05501d464691669c23c750cab891127ea73fcf87abd2ea84f30e02cf8fef516972f454f696ffff62b847974b007777c71acd8185f441a77e0e147b535954d8ab0c7a73896120d853bc87fb1b4754dad735fd0081414fdeae078f4f7b635a48a3bcbe978798d65b7e93f513ce40c0a36a2b78006ca39938f55651c9d9d45250650b148362fffd3333ab94d496f2ef4e9551adb6c4593e393af4837c85b93ab97a8cfc166cd03acd74aead3b668850389b27d589df17831b8648994c729d1fdd8da98d1828e43460d9bb46e37c1cf9264fb4874329c96981552ff1d983f13263c890a8d36fad0649db7a7826dc897c8d3edd69541ca156f1daa0a2556c474c3f4dd6e858c9dcbda664d746a4306de130829f275f85e4aaca2a43434e34e1f941d08d0678712f7bf4f63922e5cb22d317f47b9c51e52304e80934bf0caac40cb13f3c86f9cfaaedf63d208fd32301a75890b8676ca70b1b4ba959ed89e398643e5de7e66d206b6cd379690e6fc2ae593470202e2c8b0fb32f4a11f8684fe1e9f5d28d55f4d966a2b310bd036fb814b6d6d33e707ea37166cb97a1216fedf7c7cbf9f6152f32bf652e19c9c869ca063cd614d104c13ad8cd673ebb8f07a9749c0e38e83d6c77074d49e95862eb4bb25a2dfebd561751bc4be54336e770d4007d542a7662ce8330ca9c89ff9dc2e4c5124c03b2110efac61bb317cff9b48251e3f05d7b2c86a71162933d2083c3287b856f1e7afa18157fc600e3f7258594c7aaf50da7407d982eb202f324b2cbcd04b8fa60bfa050b1fe86b71b97bbade969bba470f5eeafb40ce22f00e17056a8f6dabad3521cff3907fd7b18926239fa5903415de0d5aeb33972b76f70a9b84274abe3e59db76e18f355f0c7886bdefeb2ffc3a6657525c38b0f15e791a94468c758b1109f0edbe91a0d20c1253856c80dec62e24db1fadfc34ab9871e9d3db642d19f01f7f79771819d1435a91944cd254fe092d3688c5a11344bfa33ce5d486a170639b1e8aa101140429f3b213bc09e03c0381341b9174ff07f90d70a7e62c44e12a5d72d2728c16904910c7b237b1f7f8cd8ffc87edf35948f62c40a5f3cd38a7f1832040b9d2b2ce8dbd66cf66147581219ab9223fd49dfa0bb29dba1a28dedf9aa94ea694601af0832e4fd35bdff67818a09930ffdb847613293be983666f6fa81d94a0a510afdbdcfa336dc9df5362790bbabe6dbf6ad62535e3793a7db8985e085405a935e039dfab2bedd9a3bb67b70eb16289d93e74c2aea6e3600d2c9f33e43b65b49c774184aa79d5408757898ee9799de86d6104b4051f85b586f657c1a4aba5806fb0ef31275a880d61b802f86e7641802dd55177d4418dcf22759c000c1fff49b0d407e5df29c1e3f3160ea948fa5c210b2c45000a2aada4f7774d6fea991e42a7d1b8720b247f7752a904809bb0760e68df082ce5a76462ab7f5935dddc10356ac9cd24af1cbb4d4d8e1c367569f7c13eb7416403dc2b7a8bb7457d06fc3e4e0482e23d6a39aafa11fe217700c636e99119e3907d0a6e2facf4b6b339c188ed6186c5f312b4740ea1a575376ae5ff11cb39d3bdd53675e57236554a28bd3c066a2f6905a78e4cb5a51d1972c2002d8894660f7c2ac7e8be15235173b103cc726244b02e4e597589fbc7739e92df36a672bf775fabafd464be32f4ceb0b96d2e5835129dda38bf3b45bb1c35df0f96e9278b27d64bc2deaf581fe65cd3d557d0b58ce1ca0e822178ef1ea002576e7c27fab23280f073605e597e3718aa26a8edc1dd2867638f972e83cd95724b0a371a77436a2a6beeffd3a47c9913f005278e183a1252ce89e436c7a978867c6691c148af89706194f131eecdf1b745000af8e532e145262798356ab7bad6a1128da34d0c8bffae021fc74f03287ef9e338b2f02162f4583f42202795c246bfb1af7c36aa8ce233b8b841475996f867bbafd1c499c7911494ac8a6b0367e0034aed1094642b1ba35198659484a7b2b178a49da394e93dbbfe23b8b49d3c021ce2039806e867e96a27ecebe96b7f9133337447465e9c61831969b3c810bc00796f172c893e5a587153632cf3ee191489e4b8ccc9515ac302399c826abfd6f51e365f311f3a5f8070e1e23e957e52844dbd1308af3c36dcfad5b3f7a5e2fd1082380f064ed6812d76f9452e24db8f4a1de08a96cb66849184e3fc619ba775078a4195556369b1f6944c4916ac53a984967ba052a5409558aa2388e457fd673aa1912106252a42eb7fc3dc9faca817956fcf553584f58e97141d8972604383b43f6fe19191f85e489bbca1fd9f70db9022dff70a4603df3c0efef5f5df53801c526f8cde99160dcb6d401f3831b0806eec4198f1a3869185554e5bba63b60ba888e85245b7872566482a2dc0bd6b5075c395cf652eccdb7a9dee368e815ea2ea7732554f812a0c61a808feebea1d5ad4bdb565814be243f1d6ce19183a0d50db24b76d5d22d8cd759aeaf7b1b5cc238808eab8c175cf689de9e66bee06191cf563746385c8168bd27ccf3a622aaaa1adc9ef56674b61746b6626248ad931016e59a4d9b221e34cd05463834471820448ece2225ae24533b078c5b538355c6600f302a39b04d7c195dc1a71e2629f0611614a8ef2d34d91a67b16f2505d421a529fa6d9dc88ff2fea7603f12dff096783c956fdf9dba45b1cd28ff36997180757f6b4913fb9cf7440d0f030e4b3d10ac51c5d5862017a6b23f3057579fffc97317169e4d5fe2f763f9765159abd8c34f59bb19b52771a7b8d959a4a45667fb200376311f61fbbaf1f23462f7dd828571aa6171429d948bb20f6449369ef420d6e2f9ac609e5770de7537f23ad9ce1c01253d95500e20c168973bea3bc4ee1ce306a0c72bfa9ddb8c2c5c6d2555975aa5028e7cba9e454881eebe672f272e6ab2b1ce10bef95a5b9f5bec9531878e2559b43027193037cb65f19f0e5fe045887128f3c13318531c5a4a26af45aa687d0a3ce061b52d74ba4bc6b800227d56fbf88497050ddc9647b18afb035172bec9c38432a4da5431d80a4ce62759cd56410e1d55ebc51639daaff692b96afcd40ac9dc3a71736705f281e7469e498e21b0bbc663d638d9c4465eae7cf952212079206f0d6af69cb7cb68a5d10e785ee314064657d532d5ad563174a4787e9c6320fd4e02e7d67f9eef7ae0e294c0ed16844a97a22e5ad4fd7142861058cd52a7fa0e9afb89c698076fc5335af299763a89a48fab62f0c9817625eb3a18f5127af6791d62961a17c855846b0fc5563b3fc5011828e274cc3e0b63017eac25d1fddbb68d0726257c1e9a790b3d7e18d25d9cd8a42b05f947bd0f2514a11a29bba37d08ffd380d9900fddfbf9b1e58fa73c38d4428219bd379632e218ba5f23cc2771d8967afe7ac4f4dcfd14ec44b0e583d4ae5dd1cdc6f989fede50851b6f71ed9bcfdd3f7a9ae96975e13b52e53cbfc33419fa077422c1e41e4f438e64c5727e83c7d06f52036cb2dfad0f1da2ff2743c6a31addab32858eb672c9e5e4ed68f45b509cb63773ed1a5f235973da12f01cd8a0699715e37277e3fc8ae3f1dffdfdc3d5106d294f727ab0b172dd68f7cc1b1a12253848e8a8906b683c84b39d723a89e260a8618961703a507f8fde6e5c0d9af9f04f82f715d1b947b9cd07a3d8c0b06f638a6a800958f01bc84bb54b1af1d4beaf3a67c47cedfd0fb0fe7858e7ee5ec215397b141a0826a761fedcdf18d88784a8c7fe7a776b9b095866d63a2701e13b62bf3cb8037f1721a080ea875237da22a6a738f8d4209338eaa91ecc3f0adc89df85ebfefec5eef07d5ee4fcb4f95fc3c39e7393ed06c4bf08eb9790a53dce70fa5bbca1967b30e40843b1e11b6d76075fd57d2f99b46469a9126f15bdf0064bd5bfb7ff635e990259f13eb244a90378a6887b4dacc7ca55b512ddd7e6fbe6b5dbdb0b7de864f9ca42292c7f01aeb98a39e6a50214b9d95e2e6c308a18453b89208f2fe5a073f9113a4afc12818640d03936db3636b7a1aef5f70e7bd27d0ae8fbd8250296054c992a4e8ef4b95c0b471291e53e7e7b9a772c201807f214006eb9390000ccecb33069a297ee927093ed6d77294496912e11e179f3ee590e52a5e73fe21543ccf007191dbd117aed03fa63443409f60fe219a04da6bb852ded6829cdcdb5166e999e7668c2f029dce281b4e57e33bc0eea02919788a09f31025f97437803a2cb02be71ed7b3eccdd1110f21419f338c85e489f68677e098c450d825d50412376b27856edc35498929f641da385b089623ce9887560b09fdf79e0b8202265b721a905a79b4f9d9a1b15e0bc4ffdcc6106b33c59a6ee9ffd847689f98bea12b5f367e87cd06b57cddfe85666cbc2b57456e6c3f61f386506ddd7dd8670a9c85195dbfb21d009fe97ab1e748011bb97797901d77d1b2d8bf27d321bb43be157b92e2c0d559417e4230d2725a70221a9913755f0b51d400a281c52f396cf018bb5d0e2ada1c0e850fbf30843f46937f8e7fc14aad520c195d22a5d6784cec43d62e72aaa645599c0ad59eb9da2919249a3137d4a9deec0a9de889ef8ba30fa983be2b54b006d76a17927b5ab2795beef6f3ed55a254828a240ae1873d02fcc1d7350eaffc989efb9b6e3aeecb5bb562461b7af9c2274b9035f751b7ee909a284757752b9486c7114aaffa33c7f2bb4106c7ce1b1f03f2bf5da688c0f3c79f1944892ebbc800a880a0c748cd55f76bb84c61a5d10fbece52847d42abe151dcb25130d5940b435d17c0f09567d6502be558f1beb900dffa7f0f97e60f94f8c8fa4fc73444400aa9b2f39ab076b025a3ef510928c5a7a851e2f2a5f9647b5d7e8c21d8a498f3bb12fc29069ec8c2971053842577ed7a5af3bbace06dc041b1a6ccdfd34963ef863147bf2dd726ff9690c42b9fd5f56cb7c5d8cd5adc8a5d6a2925e365644e7ec34dd521a71760c70e375902a6af497c5f45ccfb0cbcc9cea09ab01bc5f45ee77e25aa28f44a87cb70439c32c56698a4d6f4575e7a34bd8ba82706c93fb562604e464e3df42f6cf64683c5e926079e351d00d1145ad5e3a7ff72f56db6e3a529e6b7ef8d2eb797f24566d295ca6db8a24e788929652820e33afb8dffb7892b3febf407ebbe73948629bce548750f7e1b514e6715c88ea0e9e886775763921932c5d9c410b0e5e1d484c58f1aab0af9debef4998b3b03401f7ec6cf4e8787b092be6ddec0e12b5fd13778c5c18034d3faf731735a0684773fdd23a", 0x1000}, {&(0x7f0000004dc0)="52a0a7afaed365ec7a5d15d7b2e647ff0b135a25ee06f824f927abdac1c6", 0x1e}, {&(0x7f0000004e00)="b4eae2618199fcd36fa8", 0xa}], 0x4, 0x0, 0x0, 0x80c1}}, {{&(0x7f0000004e80)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000005f00)=[{&(0x7f0000004f00)="06210293fdd00a1a0e39782cccedab2d4a7c429bab5601cedfe630f2cfd341ee6a4ccc14801145f314c58e426b7e3ab1005e01784148ab7a51c8718638fb5886d03de79e94b0c85f9ac60ebfa6eb5e49aef173e17946a6a41314a13e75453f37c989d41a96ab15b527b7c2a0f4d6662351042043ccda093f4d2728917000c5693a5298d3f157ea12d2575276a9981e9b973ae0a183966c2fa773f9560d3f859377b371330e458876f5110e25c039d1cb1adf9d9f6a7143017580f0263ff6e6ac75bb28ca72b9ae609f4e9fa751c6e5c9e9a47bae598b430cbdf55428b2ff90fb81eacfd258fd40853a08118be03044894690ba69aedf1b82ab33f0d06f5bf98e7ee1a9b182dfe4bc449368135ea0bc2adb72efffc7940f027e23b46a093e5ca49657bffb980aaccc4b3d7306a097781890fdab026bc4f83228f117a8b4e28aaa9475ee2be235df716fad982152059843907b3ea4feda9f4041f4689e034e68164de8b4a037e3d1f314598988e2c11ef9ba3af66715ecd11a998b9ba2e2eba6ca8c8e63b3a346be5b105b396e3ecf3b446169a974412baa897d514f2562231743f204633d475e209117300590a88f4eb9432f926caca1f886353690ca0cfa813367e93324ef6152f9165cf14daf2a058534dd309f03934cdbbe3c90abb6b0e42e164196265e08282efc078e08d9e60087e8eedeb84ad4076c6b17f4209e962d5701d3edd36cfc1fcaf6c2699038b6cef661b83877cfd5808b6bf366cdffd8fdd2018d5836fed3a769286c29ac8f0266087e581d30e1a3bf97afacbe0d0374062110dd21428db2befd6067f7861519ef661c03a05038faca371eb5055cda61c69f65920f3c7408f5ae79ba20358bae7bb2938f8360f639b1b0da454b585c24af8946864e76795bdfe5df28ce07201c9ca6288d06a4fb4fc00f2382e2726a96550b8248073e250a8b44508c10f611c16cc63466e6dc84ee0334a5b86f7bd6e7c61843174a2917c256203ef8d684a0721ed338882d00fff9a1a0213eed614d74933fd7cdb122f7eda51e3210b33a43d54c7b68f6e319bccb37d0a1f55d9b485e7a783b5922edfdd34afc7d7a3cb5596f6148369e725845b0fe954be7e9a9861e6344b18983aa317e3520da0b9bb894e5a2e7777c3cb1c241df655e7d95dcac20fee7f24d2b762e2228f9a0c0379e3d47fe4db1cb46cf22a9346930503766e10ea86d47c6b5222f1cb70fca86c864fc978ba1115492d6d0830a73d12d242a74e853120a528b1c6aa306fdee4e4becf0d53c4086f288b93b728e07d7f7d182e9abc7311b17b9e9d9dbc030bdbba4347702d9e586c0ed0519c44acd39b92a134579d7b9aee9061ec055e1178d2f41523df4e18052397f5f16e8dcf0abda9ab96f463caa629c3bd046bd55b1fc5aad2c3189b9f4a88141f24da17623708235155d5a183e80cc342b77dc5c4f01a786052a9718bda8cdc6ce8ef65980320d4449b0dba3c9316ac362ba98aa14f23c3498d38ca39721e228863e7d59f35c6ab651697814b9290da29abaea70db6dec856ec2ada7e7d6d106754a358e941195e1d6346b9f00209f9eb3cc42732b2c9ae16f1db00509267f3e85f7afa823023154c83cfa698c2f6a8b90a978ed32e0fbdab42ddaf1d16b28836cc02a3bb5a9ac5b4e61f7f64d1da734166bf96fee6fce7ee69cd811e434bb67f2e3a413dfe5c3177e953da13f7895fd610e0e72c38759eeb6c2c12c6b493249fd577106bc5dd9889e76ec7d2707a0b0f8bbf6cebb1879e1bbd60cec65386940372006cd7834decc17c286943b3db0bf66fdd9e5c7af807946d6c9204ca566a9b8197a11010771235cedf1af5bd4f2f7de90e41698790992e4bbceafdc525e6ac25c5b38cb53df9e820d67cc7b65d2041f73e39c8c040fa5fa26b5f37db00c265f66f1bb12d1ca87cecd3c26e241f8be044995310c0e4e4a3a4596b3d69f93f7e463cbd8bf121544678e80f4b693a92a6f032dcf822e9deae8aedfe1e0096b1c4dd289de4bb076d786d42cc2e31f969eb18fe923db76e14b99965f44a818637757c0a063a03fa6355ff5454659abeade970e9ab3dd66ae27141520dfb3930a6ccee5188144f0ac84629e15d336bed44fb4a15e6ef40aa8c67873b32d041a905aec6a49fea5b3e9fccb669d3d087df1521a13e1378a34d813431a9c6c1bfc2ab6d92a47a61e80da93bebfae83cf36ac84690dfa929e3149c36051cf72019554520dc66dd4c27214c2012bf87811788d2fb080b10d3526000cd00bc65c74fda6c552c1ea070c0f392402553ef47449e4379e3cc241bdb957d0b265e6faceb007c74cfaa31664195297fa16e960e54163f6b17c0edfcafc47ae17f432181599bc3068ec5d212cede5ef5360c2980beeac06d63842654b3835e59a347c1398b5250ce9e61d7d357057b7800435606547b717439933cb8f3a20165210fa4f6dd9e96fd647b6bdb60fbb77640f7fad0f1e1f9b1646d24b613fca60b13d8fe63f5f41410fdedc1318a165f7276f69004bab4fa7c6e6da376d7431d099a3788272c4e5e436be26c11d4e4c56a881bbdce4b1f98cc4e79d0a2e786e90567fec19cd017fa9dcdb14b7ef77b9e73a4dcff779a2464c0d049529ec3c54cf980e185eb07ab9c550b74d2a4113f218ce56a0019a25bd0cc22ba6b2b78c8880fbcc768b99daf29c50194dc4482edcb4bea41541cfc1a8e55731113b8f6eab3752c9c5c5b244ab26530db4d933aa9ac9bb7fc0ae7de89ddca44c88e9253b92df1509543f4817140b6cc8f4553615c004b3d65a5f54907329557e18298b83bb92fd17b80bfff93f9b7a0e71f3dea47f88a5d204b1e216045872031739ec53faa42544f15fb67a3a6c6d9f251efbd8175134ddff7306d6fef3d0f802b789faedff8d87b41219af22a66766497a7714a991c5deead22d5ca37df2d1720427cb76606cc9616f6fee1dc772dd69e1fbdafdd12f6b5323d7a250344a3a4a08c1983e315aee7ad3110afc32b756023bdcd6391f36364b20dba2cdd4d831efd75e192636326bc3bbfdc4db963709d2c53291204640a95045c1455f5caa4babecf592f23c058d1616d72313b6acc505d4aea330ad624a41d73e40735ca6041aeaff34b66bd582db35ac23adef9d8f5395f95f60953554fdc8892d4fb3472e09b10e8ee6736a99d1290f5c57c024f8957c43dd1ab6a8e6789d4c62eff01788ee3bef2553967cd8eb1a4b9f476d44d0254326d1434d04e7ddfc4e628111a5b004705731bdb185b0f197282ce2e7d9ee753728e0b16d04c2e71a5ad1c666409b32d8b5972afca1c02d57ac16cb79c4a98f2814e342da6feb76708d8e8a340e4529ca21c63aae0fbf52928219e35f12274e62aa278f65a1c4efc57e60b1c218928e70af0ea6d2c3afb9bde5c1860492fef20c26aa70cfb8ee47a76cf751a07dd414003ea12276c52cc31d4641ef3c37bf029a64ae7a2d89d58490b91d7021ba42eef2100273c9bb7aa9f251f705c314f32f5bfdf24c85c17583755a692f701b44410a2281df5c62abe097a37cca9fcc95f352dfeb42a4177fdba0eab841aff2363424eaef156c7f6dab2ae1f88842fecc6222e68aef0f153d866803e87bebb9cdba4a7fb9b1595759272614626dedd999053b8617367088e00f45289c563866f11801bae372af85bccee613996c4074b18e107d341fd0cea672106eb06f3e7ddbe27b7c0e87681f614b2debc8fbf8d3336424a338176f8c0e325868800cb45814dfd75d97261ced55d70874a1061829610d0584599f6cb1ad81e619883e79d505021ad79c0bdd99195eb7968abfc47de6b60fda3b7352e1184f9abf97753a7781c7c332a2e0d41b04a8959ab64f2878bd7dcac94921a9ff079b84951fcbddf503cb8d7524297ff08430813a36ff677aed09739c42c72005b2f0a2dd03d875eb7781e8e4d12848312d96b2c3fe6eee74f80ae2c81b9d77b7c144e96a55552e4718b662569cf5c591f172338bb1d8197a0d63b3aae04fe6ad5421b1536315b51ce34a14c96d8aa00959091fa1805d7b31fb6e5cdfd49a1b95fd5a1b49038a84c963ed7d36d0cb9ca8b9c1bdafb51db40ea21f094dc05c8c4ffc5d998f6cd9a1a9d8a4bb5660ea9d1f7da65b854b68e6a2ce4b07b80e042aded47031d93a0746b35c3ac39daf55412ddf042dfde5020223652e16fd1a777bc81089eb4620becd09a6b1d7d614ea821134abd2b4a3f78861c5e471ebc20781990ac927f64c7967ba072e2dd9701ce458b9c481461c235edce80ff138e5f4e16d382c9d788bd77d3b8eed4814bfb88d4cc8d037e3cc3f0f34ee12e5965efeb11db6be4fcf3420293062eb1be53be459f260b496e1701969217674b454a321b63b1466cd9cbb21f35dbb1885348a3cb1928eecc52d1d03e14a0f3629ff0b11a21fe5f9f4d8e32f50b16520594bf440198841273c13d14688512c85d40726dfe1d92f22c4a62ba0d782c9ed9ec3ff19b3e5772272fcfd5ab33aaf132bd38cd0727d2fc3cff8db83ced8bacf05eb2bbe89e7adbb83ca467b7cf8416cb7f7bc7f24e79fef73dd6d247fde05e1ab24858296dc143d74b4421992016dcb5510ee837790438d1452c1574f9c409d410811def4d771133ec9fd64a2c9c70cb28678dccd92daa0de0a8495f963de02e78e43c28efacbf0c32737505564f29ec88487119aa69c6390ce5907b791fcb2458776331ab6c64c59051f5c98e6ad2db46406e5e4608de549b6ad4d0f6ded04e9d97e23113b6c95a1049c239be0672eb5c7fcaa42648230c9c80593ee59cbf81afb275443cfb597bdf346d1a448bc48e875e96bf8dbcd2b929269008ea0088edc70fceb70d34b62ae757e441ae4e57c987e12e6c608072876d512b2779784c3dd985e2ddacc874f654f5656b4ca4717aeda8546548641c8048755cb45dfe6bfa388c35927dea85d9f28fb213222fd0f2f6b8111d2923aaecce18ee3c26aa62922b5fb8ba3f5379f125fbaa7fa1ee84855500d3bbdc947a2ed79d04318fe038aaa62dcb909ac97079ec40c87b85f92f5000205be8b9e84b736e4e50559fc16c974dd6e0a23ce526e1834c6e1687c756d9d078ff8cd247fee42a57f8716a014db062480eb3d9e250e2b66da0b2af77dde3ccece5f914a68090e2ddb1a5e29ceaf43748089f60b35ba14960815c7dc6cb18e79fad971fa8d0567f1136f010733d72d235a435d598f630d02abd3220514bce38091b326853919fe6a9671a1d5fc6ab022bbc47855f4cc5694d8f4fc87cdaec3e9aa004cbfc67c27487fa6081aeaa062a21a9fce96ae7edbd6cddd1c7165bac6c968a53256006c03cac9d2a3fb109bd22e8434f64ab5acaac93b421d717ed1fdaf866e09d3b80698ede3897fb5edee33810e97236a84cb6d33f54c3c5a6bbb8266e100a1a99b0ae50be88c65be403d1a85859c9ba0dbf96c79fd7807c7c86bda6261e59b665b66c1d98c167ea919b776aee584d03e38beb73f0a2250deacc7617f004e7e183e0419b0fbd36f08fa646c7f915c5a5d3a2c31467d307e50c89633cb861a30936fc6886d9dbfa7c38fb13905ad148f3846e60b864dac56ae35e73c34083fa4eb3ed819ba50bb400f09fe9661a4a3ef921bda1d9b8d31520804b132acccfe28fb85be955c27c64dc87fe8aaeb3dedd00257846f6e1924eec562d2154c0e137a9cc1401045d65b7e2400422ac3b4d9787eb9aee2810ee4b68978a81ae5144b3cfe732b81bd7cb3d9a2345c6a5cdc613a91221e56ee449753c6cc9bc8b9c7621d64328952c2", 0x1000}], 0x1, &(0x7f0000005f80)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0xee00}}}, @cred={{0x1c, 0x1, 0x2, {r5, r6, r7}}}], 0x40, 0x800}}], 0x4, 0x4000000)
r8 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r8, 0x1, 0x11, &(0x7f0000000240)={0x0, <r9=>0x0}, &(0x7f0000000280)=0x5)
setuid(r9)
r10 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r10, 0x1, 0x11, &(0x7f0000000240)={0x0, <r11=>0x0}, &(0x7f0000000280)=0x5)
setuid(r11)
r12 = getgid()
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000005c0)={0x498, 0x0, 0x0, [{{0x3, 0x3, 0x6, 0x5, 0x0, 0xfff, {0x5, 0x4, 0x4, 0x5bfd8, 0x8, 0x3, 0x2, 0x2, 0x4, 0xa000, 0x0, 0xee01, 0x0, 0x5, 0x2}}, {0x6, 0x7, 0x16, 0x40, 'trusted.overlay.upper\x00'}}, {{0x0, 0x2, 0x2, 0x7, 0x2, 0x4, {0x4, 0x3, 0x6, 0xfffffffffffffffa, 0x7fff, 0xc322, 0x3, 0xffffffff, 0x5, 0xb92e6b076aaee030, 0x9, 0xee00, 0xffffffffffffffff, 0x574, 0x8000}}, {0x0, 0x1, 0x2, 0xfff, '$&'}}, {{0x5, 0x0, 0x7ff, 0x34, 0x2, 0xf78, {0x5, 0x1, 0xffff, 0xffff, 0x6, 0x5, 0x2, 0x2, 0x7f, 0x2000, 0x9f, 0x0, 0x0, 0x7, 0x3}}, {0x0, 0x100, 0x3, 0x5, '9p\x00'}}, {{0x1, 0x3, 0x0, 0x8, 0x8000, 0x1, {0x5, 0xbf, 0x3, 0x0, 0x20, 0x2, 0x7ff, 0xeba, 0xfffffff9, 0x8000, 0x1, 0x0, r7, 0x6, 0x9}}, {0x6, 0x8, 0x16, 0x5a27, 'trusted.overlay.upper\x00'}}, {{0x0, 0x0, 0x8, 0x3, 0x200, 0x1, {0x0, 0x9, 0x100000000, 0x6, 0x7, 0x4, 0x1, 0x3f9, 0x92, 0xa000, 0xffffffff, r9, 0xee00, 0x49fe, 0x4}}, {0x5, 0x1, 0x2, 0x80, '*{'}}, {{0x2, 0x0, 0x9a72, 0x20, 0x7, 0x40, {0x6, 0x100000001, 0x8, 0xfffffffffffffffb, 0x8, 0x7fffffff, 0x8, 0x7, 0x8, 0x0, 0x5, r11, 0xee00, 0x5, 0x9a}}, {0x6, 0x6, 0x3, 0x40, '9p\x00'}}, {{0x1, 0x0, 0x2, 0x4, 0x0, 0x80000001, {0x2, 0x800, 0x200, 0x101, 0x1, 0x0, 0x8, 0x2, 0x5, 0x2000, 0x1f, 0x0, r12, 0xf12, 0x2f5}}, {0x1, 0x0, 0x9, 0x0, ':*[:%[:X%'}}]}, 0x498)
r13 = dup(r1)
write$FUSE_BMAP(r13, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r13, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180), &(0x7f0000002700)=ANY=[], 0x2000, 0x0)

[ 1315.527053][T19063] RIP: 0010:kernfs_remove_by_name_ns+0xc0/0x110
[ 1315.533310][T19063] Code: 48 89 df e8 72 ee ff ff 48 89 df e8 8a b1 ff ff 31 db eb 29 e8 c1 00 9b ff 48 c7 c7 40 2f 2d 85 4c 89 fe 31 c0 e8 70 17 6d ff <0f> 0b bb fe ff ff ff eb 16 e8 a2 00 9b ff bb fe ff ff ff 48 c7 c7
[ 1315.552928][T19063] RSP: 0018:ffffc90000ca7bf8 EFLAGS: 00010246
[ 1315.559000][T19063] RAX: 65870efda9817500 RBX: 0000000000000000 RCX: 0000000000040000
[ 1315.612052][T19063] RDX: ffffc90004706000 RSI: 000000000002831a RDI: 000000000002831b
[ 1315.620395][T19063] RBP: ffffc90000ca7c10 R08: ffffffff81540db8 R09: fffff52000194ea5
[ 1315.628566][T19063] R10: fffff52000194ea5 R11: 1ffff92000194ea4 R12: 0000000000000000
[ 1315.636847][T19063] R13: ffffffff8653acc0 R14: 0000000000000000 R15: ffffffff854331e0
[ 1315.644853][T19063] FS:  00007f6ee0699700(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[ 1315.653792][T19063] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1315.660397][T19063] CR2: 0000555556726768 CR3: 0000000111ea8000 CR4: 00000000003506b0
[ 1315.668409][T19063] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1315.676396][T19063] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1315.684391][T19063] Call Trace:
[ 1315.687698][T19063]  sysfs_remove_files+0xab/0x110
[ 1315.692664][T19063]  del_gendisk+0x278/0xe20
[ 1315.697090][T19063]  ? device_add_disk_no_queue_reg+0x30/0x30
[ 1315.702996][T19063]  ? __radix_tree_delete+0x2ba/0x380
[ 1315.708302][T19063]  ? radix_tree_delete_item+0x261/0x360
[ 1315.713857][T19063]  loop_remove+0x46/0xb0
[ 1315.718105][T19063]  loop_control_ioctl+0x67f/0x740
[ 1315.723176][T19063]  ? loop_remove+0xb0/0xb0
[ 1315.727599][T19063]  ? __fget_files+0x310/0x370
[ 1315.732303][T19063]  ? security_file_ioctl+0xb1/0xd0
[ 1315.737420][T19063]  ? loop_remove+0xb0/0xb0
[ 1315.741845][T19063]  __se_sys_ioctl+0x115/0x190
[ 1315.746525][T19063]  __x64_sys_ioctl+0x7b/0x90
[ 1315.751114][T19063]  do_syscall_64+0x34/0x70
[ 1315.755542][T19063]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1315.761427][T19063] RIP: 0033:0x7f6ee1968169
[ 1315.765855][T19063] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1315.785522][T19063] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1315.793954][T19063] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1315.801934][T19063] RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000007
[ 1315.809903][T19063] RBP: 00007f6ee19c3ca1 R08: 0000000000000000 R09: 0000000000000000
[ 1315.817879][T19063] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1315.825859][T19063] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
[ 1315.833847][T19063] ---[ end trace c3340b11af948379 ]---
[ 1315.839292][T19063] ------------[ cut here ]------------
[ 1315.844762][T19063] kernfs: can not remove 'events_poll_msecs', no directory
[ 1315.852091][T19063] WARNING: CPU: 0 PID: 19063 at fs/kernfs/dir.c:1515 kernfs_remove_by_name_ns+0xc0/0x110
[ 1315.861891][T19063] Modules linked in:
[ 1315.865789][T19063] CPU: 0 PID: 19063 Comm: syz-executor.4 Tainted: G        W         5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1315.877519][T19063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1315.887599][T19063] RIP: 0010:kernfs_remove_by_name_ns+0xc0/0x110
[ 1315.893855][T19063] Code: 48 89 df e8 72 ee ff ff 48 89 df e8 8a b1 ff ff 31 db eb 29 e8 c1 00 9b ff 48 c7 c7 40 2f 2d 85 4c 89 fe 31 c0 e8 70 17 6d ff <0f> 0b bb fe ff ff ff eb 16 e8 a2 00 9b ff bb fe ff ff ff 48 c7 c7
[ 1315.913484][T19063] RSP: 0018:ffffc90000ca7bf8 EFLAGS: 00010246
[ 1315.919554][T19063] RAX: 65870efda9817500 RBX: 0000000000000000 RCX: 0000000000040000
[ 1315.927560][T19063] RDX: ffffc90004706000 RSI: 000000000003ffff RDI: 0000000000040000
[ 1315.935543][T19063] RBP: ffffc90000ca7c10 R08: ffffffff81540db8 R09: fffff52000194ea5
[ 1315.943528][T19063] R10: fffff52000194ea5 R11: 1ffff92000194ea4 R12: 0000000000000000
[ 1315.951497][T19063] R13: ffffffff8653acc0 R14: 0000000000000000 R15: ffffffff85433240
[ 1315.959473][T19063] FS:  00007f6ee0699700(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[ 1315.968410][T19063] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1315.975030][T19063] CR2: 0000555556726768 CR3: 0000000111ea8000 CR4: 00000000003506b0
[ 1315.983032][T19063] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1315.991002][T19063] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1315.998973][T19063] Call Trace:
[ 1316.002271][T19063]  sysfs_remove_files+0xab/0x110
[ 1316.007215][T19063]  del_gendisk+0x278/0xe20
[ 1316.011637][T19063]  ? device_add_disk_no_queue_reg+0x30/0x30
[ 1316.017535][T19063]  ? __radix_tree_delete+0x2ba/0x380
[ 1316.022830][T19063]  ? radix_tree_delete_item+0x261/0x360
[ 1316.028373][T19063]  loop_remove+0x46/0xb0
[ 1316.032652][T19063]  loop_control_ioctl+0x67f/0x740
[ 1316.037679][T19063]  ? loop_remove+0xb0/0xb0
[ 1316.042107][T19063]  ? __fget_files+0x310/0x370
[ 1316.046782][T19063]  ? security_file_ioctl+0xb1/0xd0
[ 1316.051902][T19063]  ? loop_remove+0xb0/0xb0
[ 1316.056317][T19063]  __se_sys_ioctl+0x115/0x190
[ 1316.060992][T19063]  __x64_sys_ioctl+0x7b/0x90
[ 1316.065589][T19063]  do_syscall_64+0x34/0x70
[ 1316.070009][T19063]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1316.075905][T19063] RIP: 0033:0x7f6ee1968169
[ 1316.080311][T19063] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1316.099946][T19063] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1316.108374][T19063] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1316.116357][T19063] RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000007
[ 1316.124338][T19063] RBP: 00007f6ee19c3ca1 R08: 0000000000000000 R09: 0000000000000000
[ 1316.132319][T19063] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1316.140284][T19063] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
[ 1316.148261][T19063] ---[ end trace c3340b11af94837a ]---
[ 1316.154173][T19063] ------------[ cut here ]------------
[ 1316.159627][T19063] kernfs: can not remove 'bdi', no directory
[ 1316.165722][T19063] WARNING: CPU: 0 PID: 19063 at fs/kernfs/dir.c:1515 kernfs_remove_by_name_ns+0xc0/0x110
[ 1316.175523][T19063] Modules linked in:
[ 1316.179423][T19063] CPU: 0 PID: 19063 Comm: syz-executor.4 Tainted: G        W         5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1316.191134][T19063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1316.201204][T19063] RIP: 0010:kernfs_remove_by_name_ns+0xc0/0x110
[ 1316.207446][T19063] Code: 48 89 df e8 72 ee ff ff 48 89 df e8 8a b1 ff ff 31 db eb 29 e8 c1 00 9b ff 48 c7 c7 40 2f 2d 85 4c 89 fe 31 c0 e8 70 17 6d ff <0f> 0b bb fe ff ff ff eb 16 e8 a2 00 9b ff bb fe ff ff ff 48 c7 c7
[ 1316.227086][T19063] RSP: 0018:ffffc90000ca7c18 EFLAGS: 00010246
[ 1316.233161][T19063] RAX: 65870efda9817500 RBX: 0000000000000000 RCX: 0000000000040000
[ 1316.241131][T19063] RDX: ffffc90004706000 RSI: 000000000003ffff RDI: 0000000000040000
[ 1316.249106][T19063] RBP: ffffc90000ca7c30 R08: ffffffff81540db8 R09: fffff52000194ea9
[ 1316.257089][T19063] R10: fffff52000194ea9 R11: 1ffff92000194ea8 R12: 0000000000000240
[ 1316.265068][T19063] R13: ffff88811d0f3030 R14: 0000000000000000 R15: ffffffff85432ae0
[ 1316.273052][T19063] FS:  00007f6ee0699700(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[ 1316.282020][T19063] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1316.288597][T19063] CR2: 0000555556726768 CR3: 0000000111ea8000 CR4: 00000000003506b0
[ 1316.296584][T19063] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1316.304570][T19063] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1316.312550][T19063] Call Trace:
[ 1316.315839][T19063]  sysfs_remove_link+0x50/0x60
[ 1316.320605][T19063]  del_gendisk+0x7cd/0xe20
[ 1316.325030][T19063]  ? device_add_disk_no_queue_reg+0x30/0x30
[ 1316.330921][T19063]  ? __radix_tree_delete+0x2ba/0x380
[ 1316.336220][T19063]  ? radix_tree_delete_item+0x261/0x360
[ 1316.342091][T19063]  loop_remove+0x46/0xb0
[ 1316.346335][T19063]  loop_control_ioctl+0x67f/0x740
[ 1316.351355][T19063]  ? loop_remove+0xb0/0xb0
[ 1316.355779][T19063]  ? __fget_files+0x310/0x370
[ 1316.360458][T19063]  ? security_file_ioctl+0xb1/0xd0
[ 1316.365579][T19063]  ? loop_remove+0xb0/0xb0
[ 1316.370017][T19063]  __se_sys_ioctl+0x115/0x190
[ 1316.374705][T19063]  __x64_sys_ioctl+0x7b/0x90
[ 1316.379304][T19063]  do_syscall_64+0x34/0x70
[ 1316.383723][T19063]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1316.389614][T19063] RIP: 0033:0x7f6ee1968169
[ 1316.394031][T19063] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1316.413723][T19063] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1316.422154][T19063] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1316.430121][T19063] RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000007
[ 1316.438105][T19063] RBP: 00007f6ee19c3ca1 R08: 0000000000000000 R09: 0000000000000000
[ 1316.446082][T19063] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1316.454081][T19063] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
[ 1316.462067][T19063] ---[ end trace c3340b11af94837b ]---
[ 1316.483445][T19063] general protection fault, probably for non-canonical address 0xdffffc000000001a: 0000 [#1] PREEMPT SMP KASAN
[ 1316.495160][T19063] KASAN: null-ptr-deref in range [0x00000000000000d0-0x00000000000000d7]
[ 1316.503547][T19063] CPU: 1 PID: 19063 Comm: syz-executor.4 Tainted: G        W         5.10.161-syzkaller-00019-g416c4356f372 #0
[ 1316.515249][T19063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 1316.525289][T19063] RIP: 0010:device_del+0xdf/0xf00
[ 1316.530396][T19063] Code: 20 42 80 3c 28 00 74 08 48 89 df e8 6b aa df fe 4c 89 7c 24 48 41 bf d0 00 00 00 48 89 5c 24 18 4c 03 3b 4d 89 fc 49 c1 ec 03 <43> 8a 04 2c 84 c0 0f 85 0d 0d 00 00 41 0f b6 1f 89 de 83 e6 01 31
[ 1316.549986][T19063] RSP: 0018:ffffc90000ca7b60 EFLAGS: 00010202
[ 1316.556033][T19063] RAX: 1ffff11023a1e61a RBX: ffff88811d0f30d0 RCX: ffff8881130d0000
[ 1316.563979][T19063] RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffc90000ca7ae0
[ 1316.571928][T19063] RBP: ffffc90000ca7c50 R08: dffffc0000000000 R09: fffff52000194f5d
[ 1316.579876][T19063] R10: fffff52000194f5d R11: 1ffff92000194f5c R12: 000000000000001a
[ 1316.587831][T19063] R13: dffffc0000000000 R14: ffff88811d0f3108 R15: 00000000000000d0
[ 1316.595784][T19063] FS:  00007f6ee0699700(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[ 1316.604693][T19063] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1316.611255][T19063] CR2: 000000002015c030 CR3: 0000000111ea8000 CR4: 00000000003506a0
[ 1316.619207][T19063] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1316.627156][T19063] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1316.635101][T19063] Call Trace:
[ 1316.638378][T19063]  ? _raw_spin_lock_irqsave+0x210/0x210
[ 1316.643898][T19063]  ? kernfs_name_hash+0x1f9/0x240
[ 1316.648896][T19063]  ? kill_device+0xd0/0xd0
[ 1316.653289][T19063]  del_gendisk+0xbf2/0xe20
[ 1316.657713][T19063]  ? device_add_disk_no_queue_reg+0x30/0x30
[ 1316.663598][T19063]  ? __radix_tree_delete+0x2ba/0x380
[ 1316.668863][T19063]  ? radix_tree_delete_item+0x261/0x360
[ 1316.674392][T19063]  loop_remove+0x46/0xb0
[ 1316.678613][T19063]  loop_control_ioctl+0x67f/0x740
[ 1316.683627][T19063]  ? loop_remove+0xb0/0xb0
[ 1316.688025][T19063]  ? __fget_files+0x310/0x370
[ 1316.692686][T19063]  ? security_file_ioctl+0xb1/0xd0
[ 1316.697779][T19063]  ? loop_remove+0xb0/0xb0
[ 1316.702179][T19063]  __se_sys_ioctl+0x115/0x190
[ 1316.706917][T19063]  __x64_sys_ioctl+0x7b/0x90
[ 1316.711483][T19063]  do_syscall_64+0x34/0x70
[ 1316.715875][T19063]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 1316.721740][T19063] RIP: 0033:0x7f6ee1968169
[ 1316.726136][T19063] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1316.745715][T19063] RSP: 002b:00007f6ee0699168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1316.754105][T19063] RAX: ffffffffffffffda RBX: 00007f6ee1a88120 RCX: 00007f6ee1968169
[ 1316.762050][T19063] RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000007
[ 1316.770019][T19063] RBP: 00007f6ee19c3ca1 R08: 0000000000000000 R09: 0000000000000000
[ 1316.777966][T19063] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1316.785914][T19063] R13: 00007fff5137308f R14: 00007f6ee0699300 R15: 0000000000022000
[ 1316.793859][T19063] Modules linked in:
[ 1316.797948][T19063] ---[ end trace c3340b11af94837c ]---
[ 1316.803478][T19063] RIP: 0010:device_del+0xdf/0xf00
[ 1316.808874][T19063] Code: 20 42 80 3c 28 00 74 08 48 89 df e8 6b aa df fe 4c 89 7c 24 48 41 bf d0 00 00 00 48 89 5c 24 18 4c 03 3b 4d 89 fc 49 c1 ec 03 <43> 8a 04 2c 84 c0 0f 85 0d 0d 00 00 41 0f b6 1f 89 de 83 e6 01 31
[ 1316.828503][T19063] RSP: 0018:ffffc90000ca7b60 EFLAGS: 00010202
[ 1316.834577][T19063] RAX: 1ffff11023a1e61a RBX: ffff88811d0f30d0 RCX: ffff8881130d0000
[ 1316.842546][T19063] RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffc90000ca7ae0
[ 1316.850506][T19063] RBP: ffffc90000ca7c50 R08: dffffc0000000000 R09: fffff52000194f5d
[ 1316.858542][T19063] R10: fffff52000194f5d R11: 1ffff92000194f5c R12: 000000000000001a
[ 1316.866517][T19063] R13: dffffc0000000000 R14: ffff88811d0f3108 R15: 00000000000000d0
[ 1316.874493][T19063] FS:  00007f6ee0699700(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[ 1316.883435][T19063] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1316.890005][T19063] CR2: 000000002015c030 CR3: 0000000111ea8000 CR4: 00000000003506a0
[ 1316.897976][T19063] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1316.905950][T19063] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1316.913924][T19063] Kernel panic - not syncing: Fatal exception
[ 1316.920118][T19063] Kernel Offset: disabled
[ 1316.924421][T19063] Rebooting in 86400 seconds..