be1c0a79796c5c12298f0a9883f27bdfc570937c413cfa0b44427f09a8071b5dede0f2d04aea0f4b56d6fc0e7fff6bd266ffdf35de2dfe50b11af09eaff0ca19428eb6c5d0e7d8b21ace24dfa7e607d666e691e9926c9043f4067a695875962cb49f60213148c79c12d57795e376c7651e021ce859a22df8d5408a26008795d146e12f4474a3513c2ab4ff3db9c65cc592ca84a8d28f306f299ba0ad266b1e34764cdab1fdf5e16ee9edbf2ca8b8eef86f6e41c8c0fefca368e1b21f83c5df281d8ace341ceaf7eb66f22dab4ccd0f9d1286650f39a6024dc875d3b8cc828c8c70cd34ab1ac982e200e7b48741f168435b5f84ecb36fe7d92b62ef961eb7afea577bd38004368b7e3e4af68f0f17aad7115073ce5bd128ee68a88b2511ce34a1e358e50348e75f6cd287065f07bf3e11209ae8cf3114656bb7ebcc8424bf4fa86d1bbd953acec44459dac8362a1250f116629698dd6f79da0c390647eb385f89d055e6634f827ae80acbcf24343b35e472dcd9e00f8eb8a54fb04b5ebe6af08c92123add15e4cd7301ce300b66825b2eb4e8d9dba30ebefb48464d83f5bd882793f1f5cde2e5d3d31979a5c5e4b3b9b1643dd229dfef182653992c4398330053bd6ef16cc24aaaadec79eb583df5fdd11fa0a667f60a507d89cc11c6e3f71fcc134e277d056e647f2d38e7099f849e4f227d89cbdc7c748c8cf29dac3d16bfb23daecb5d2f67fee081c7e20916da4a1dad79a267224776071bf5b840a36aa293d8709c815b040b4e9008eb6f7c789599f27a7716fc818c46246eb5d9b905b5b808297e69d336e80ec986d6380c94ddd27959bb4c004fb7e46931649a3220370f1d10dc00052981935916d18a4a670824fa73c23790399dcf3a89d5673b4f8923c575bd14ca0eda1f8c4bbecb5e2a3d577c6148190b04458e8e026ce00c209b9dad6bbeaac37bc0d9b97d15f57a0d83ff0e25db882a8339c7d993e30e3b7ae07e40d46f0362a78b3b0bcb2f0fba6fa82e55da574b0ef0437ffe66affbefc3d734b24ef51b1b47468b328909cb9d30bca296a7e709fc35dd9e0acdd60d74adb9148bfd2f77b1bddb6e7a3c1f36651c0f1f207f679c5c1c0b57d243e775cee60257a86bbdcf521a22dcf939a1050db2f7c51a3d8fd6375d41d3c463b1a7f1f8f51657272581d07f738d3de8f5f7db115901078d0621d9bb100361a92ce4ffbc7f255e4cd9cf828bcde63f6fc073b1ecf7586f90ef27d12e07ea4be43be3487f08fb7def771b2eefa6604630e8dd166960a9cebe34ee393f7a81fb48cfe38a9dd2aa633a0682d7cf48af59564887026d21b1f034048c1a3d45cd02bfb5012dd9875444e4892b1aa56b4493a8c82739715f535b2ac46e922b4ccaeb4729ed7abafc4a3090a76d3fdc63453e2e72068e4ae29c2d8c1a9829da329ec1701cff79156850948c65d9ffd018f717a083bab13e5f2d426e26ff66d9e43ef7968fb779756fcc8e11dc39d6f6c9e7d1cd9c157bbcc722084ed3b3c9a297bca90b00850c2d8f1b0331ba85449bdc6f0cab7d413c80381783d0e2f20e550c008fcb95231e8ad386bfd2ea3599c8ab91db53b233cf39da2caf00b40c170892d9ebf7a073de5470dfd90c123a2bec7ca7e33743a85bee08fb75f50673acab35dacefc0a91e2dc2168d33d181825113e4418c180cc7858704bf42e8606d28fb3b1d0cdf07aa7397c4ed2dc4409a59bd0aed3d439ff6835fe81c8072c2964a864a5ce690ff376b29524c9083f8e6d6c3ac9069a027817b80268ab88a9b271755af147ab0e8e3719d89007dc36ee03eaa3ec0bd765870d0d1466767014905d29a7f28b0aaecf25a1aca001a1718996f204e00a26a64a271193c596d55ceb3a1a76b85e81c98bd942f17960fd69eefb102dca35a2d6adc5c8c015c2fa4bb6cb1239d73cd2a8f1eee594c414b358a4bfd9b3864c9f020a3f2da9f3f6276f364195208de5b2d97129d19172886cc0161639d59c138cfcbe26d6298b1d58d259977db0411ba4ef35a140f46022ab76e6e3103873b3c4f3e5a33bed28f5d95ef1c33524afed45a67078f78dde98ddfe0892a065e311a131a257ae91dbdfb1f41537bd861c830fb7827e71316c714f124b191b08aad6b746166cd76c63d30de668cde7fe2611c67d8d15ea5275a2b21b7171ba14a457802210eb68dbd8c40c58411b49a7a6abb0e893508451595b0fab2f35c86e3b9b5321d83084f4f7cac60003b4e3bce027240410f5135bc4664e429cb79d6fb4e6d08847c6cbef1ef58b8583b93daeef4a42a25fc32e1964a238c43b96d4194177c09d6a204e12d7223bb2cf7e9418bb2ccc567b7faefa2805d251463d0b8cf24b81d8453de0f399b16c1099b8bde67ea71401f8dbb5e12cccd7ee26f563ecccfc88f61bc5d9688841159d853bff20b83f48e8026076b29cfbd00ef8ba7ed6f003af7975ba53143cdf5cda0511357a51dac2150006d88e6ad7f1fc2ff1b4557943d6b80360877cb75177b2bee65ee5d7a6e14928f28e403f90fb161b8a0c2c06f7a292f5e5963656a428c8fe01357bf572580ad94a67a7aea508160decfbf88b7ad5b040d94f16296087390fd7aa6e3ca49b56989ad5b9ce000a547d7fefbcc37a39ac2bd9078c075d0ff0b402029eb75ff55ecf61af5be6fb3c69897e6d29bac6bfd9af5cd7949fe4b6c921553ed6a45c268fc30bdcfe148893c559b1737412d1d3067d8d0364810d62bd9b50a3c3db74050db1983f5a54871b4b1ba9e6782c217dc1c7c1abdbb417088ea9492f3b199f957ae5016a9d8d4ba9ba4d6eff756d57414327300a7aa8b45b16508deafcbca2dd10a3474bc59c99af62f04ee6c18dded7704bd620639bb3ba4b839db205712e331c595464f79f52d85ea5df1ec2999c9ac6fc64dfb73608ffece940aeac194c9e231bed6364df3492316b9e77188d96a3fa6287ec337760a92d5dcb63088b9b32582eb21aab877872c2521ae04544e3eab1c37ff7398cdbf66312556e15de99f7b6b2062b7d2eb97881727e26b6e63772064a283d882fe3537d84d32603c56baf532a23be20efaf8fe60ef9c37a61f77e0ec04800d4b8da88a77a3d7e63ab36e5f40b80e8d7cadf5fff6528b058aaac0c5cc47d774e5fd01caf044948d5c26ec3cd84f5db107deceb44258d5270b2da3d0fab332441cfc8fe6938e177aa9239adbcb2c62a32708b1591436c1aed383e8b125e943ae576f8ba392bae256578a1e0d05bf1c75d306391d130f77a7ef20a144ee232ccfd38b4f05d9a94ffd701e284ad3773176ca31617e8a758179ebfb8c613ed6ef1a0442c0ea7429108c8f34fabb4013b06471b795cc92f1220ec5c525345c8b63ec20cff2b31b8a0f0c7fc363d13a451b026da87f201ed1e71750d812ced9c584c821157826692a7ea1c393e424b50a1cfec2d3809616a70cba18e9b2bf02c7949e78176d89fbda968001efd5e1699a5f1ced4b33f062769fa31edd4e301cd031ce024dad0040177c767a8900acbce73c95e498c49a61d6162f39c7248632a5c8a6af534a61c995453f6ccd969f00b782138ca638e481abc658a7c65401b49c63abb3fd338a0f1e73ff6514d4c3caa8dfe9f7c9243c5d302265186e663a891f7dd7b7448f24b1a6022841e978509404cd05a38d26f4dcc8a1a6d2e4325abdd31edc0210e3c78669254d4418cc9796b29249e39f39efee639629697dacff79a31ae920ac5c4d056d117920a9f7eacaa3dadce14d55dc110c7639a64870d29887408f63fca74db429bca9ac1abb448cb0fcd1bb6b398ee0509c077a2dd38b4c33ce5474cd655572cdd89473cc0f35ab23724c15004392aaaadfeacf409bf119680ef8e9acb26415b958fd8cbd59b9517e8703ba99d6c4282283eadaf2a9644f3fbfbf9319d09ce793375286f4bc56296d88d7a0a851ab5066cdeb5fe4ae82a381c4cda13530b0885891010c162594bac229e058a8fd2add9b24fda926daa10ba11dc5e7f8931481f2bd7e8c05ab3e8ae7d184b585f8d17d86cd0e56e4b97203c648e9023273ba82f3424bca6cc0fe871f7645e4b46af7fe4817f9d12ccaf280d961eab86f42cbaad1baedb3878ab1bf9619edf05ac96f5c7d140099c1ede50ef772ae6830532e86610ae757ce92434acafe0ac1c57a32c336a2a7a4397bf91a7bca00147b56adb8f1dc2c3c75e9149ffd973f0b0999f74694db9e5a99006bc00e10921c07b35e1cbab65fae3212d536346a7ba168ccd136fdd0a8d59f8c337fd547a91932c03fefa6c3467ebf165e6f6b3d829214afe643f44e4f3c39b3bf1ebd0b"}, {0xe0, 0x0, 0xfffffffa, "db34c5171d039db119d425932627fcafde5a464264eb912c2d06a93d415a129e87aad396884837015dab92f5eb9722f746b08bdee4528e80d800e6c167c2c63adcec83ba2985dad48f3a16f566494bea231e6e749beaca2a43183f791671477d0da5f0959a60c258b4ddac9ffccd36d35c1ac214d13c6ed0317f7e7b165fa655ea111182eadbfd153b8e252ff72707dccc8a294f1768a7011ba48c019be883e6c071d012acadc4aea04d6b44114e1a46a9e87462b8b9e7b8eb67579f64580efb475284cb0e9bebf2e072e3c56b93"}, {0x1010, 0x0, 0xc1d, "49b681faf3a67dc390e318e47ba7021552c1a08f8cad3e74524a63923dbfb24ff76922b31c89c21c4b6e5ee29009200031a1dcf765d1b50f7625de7f2bfc875ecb393b4c7e25886d381498c0ecef4bc604cbd15fc544ed90310f22d64807ca1b2e477a8922eaa9eb0207b44b6c292f282aab372734ae251e8a6f273bee527c0ac0eb9f4ef74a580038b32936c4cb23d340421c153b6ff0a3e846fb37b725a95148f22d92b94bc2d808584cfca2c024552951fb01e46efc3aa384144932c5ff48af49a7233a72d1498c89b06f8ead8bb5859c8a49b3e155138b6351eb0d987d1ee2181615cb3ccecd349933f9d1a6d712b5d7b41d7959a7bd343792c28149532334a16a26757b4b2a3a624f745c828592f17c7ab79c9b4bb63f8afe94ae7cbb7e6bff79926bb8e9b45d66ea61297dcbbbe9efb0b68fbae35b1cb72f6cf3232628b490be96aec480e7214c5c13e9a79ef02b9d70391d27fa27f96b936e0796087e8743ba78220bc3ada7907e8e14ca99decb158b6ed87226e29fc22571576c173d5977311e0e038a5ae4a18c2bd8a06c51305312c64aa729b2477a1815c8f1f8297c7e847627d9f69b777fce446eb98255e43dddc4b4b1917363e63d9f8a2299243cebb9bec81e4ae9bd5dae9a240755395ea5aff06e2584f0b800249b39b8f1a4f4feb3fc9030effa0420fdb1ae654c5bca8214e34c9e99e890496b7067a1d8579030ed14c3ce43b9cfb7216ebf9684e2486498912d5247d6548a79b71b5d9d2a1ff317633b835cbc875136ac595d1c08eab010c8acb162d229c01ea348e2693312895309c58a0135dfe8c6ca58e504980c79fc528a0a6c9fedcca9d3d8b71ee7a7ac9764e09aea8b0b12500e150aac5b3f27d34725618015f70b22bc4ec61a9148edc9a7f89a8e7251fda4b67b786d49de356f97f0c3130180c321b82760fe388b6ba091ecd31561c7e03b050514b7fdf44edd49bb146a27aa9955174b39d4b19d5ec700ae5e9d947a1832a9c8b94bc3d07313ee6dee3cd559e5999ceca0111525fdf3a73bc626bca3e137e8665d8c32e61113ee6b81d3d8400057b5d658b7954df714ce2f0f77a241dd450d308bf702a88c32d182c009e73de3005433bede342bef87d204ff9bd35f05f90865a71322c6aa3cca449097e71fd83c4344d77bfe2100c6dc047a7f966c5db9f04a1ff41e0ac7a6cc626c48356d72aa4713ab08383976a071cdd635a6013c4105565d491063216433ff2b512a1509a7ff8ad188175bb8b93fff0f15de7ce26c4c3a19810380f9a45861dbf6ab2a806a98d9a2a022da9dcc1e5c70ab354ddcd60a5fc5502ad5fba5bdb8e7fa0ecd5a4e429b0e923e40afc600557fc212b8282869e1e5189fc628cd9f72d5403c56a08a8a15e0f7a53a029121f1f7482076e610723d59f1416937c43e4f64796e37bbf7ffda5f8608b06a883bc8611c4b570f44c66e59ad9bd22abcc97fc082da887e7ccf30cab033ee614bfaf0cdaac645ec7d245c89f83dd9dbe0f6f888f053d383a033c1574c08217aa6ccfb348b9b071d89eba99132468036e4127a9e6310e0d7cd21912376844ff8db6a9ba62617ed8fe06ade988d509cd207cdc314ac89317bf45d63f38869037b84a0b75be7d87b4bb5015ca6da72c86c8066f162e13e9e9b85b42ea34c948cd40269e36211d693f04ac27ddd3aac9cd6ef5728c90f9801f7b0afc27eadf7d66c5f8558a37206211d68644d4869d26614f6ec61d594b91ddae5762ffc77618c8fd0c53a0147913afb560502832ad6dbaa9981e505f8c8e3989e38d23c917dad09c8b11164c6404e72c0fc13915c7b578db444503389c6e5ac2690ff420a4bf99a2b6b271d55fdf3bb2745897b8d80a7024fb8e82ca203acde886ac56d9e1d3bcd821cbd1e4594350b6c07904d89321a3569114dcf0ccb9c5fd2604460267f3e94041322f240a4ed25e4feac89251f1181ca5e2aa58d64fbede31429bdccb94024a50bcd5fe80b8f2a83590576164f133f46c9314e4307b1b88ffad8d8a5fb738e4885e171f84e9b588bd0d422c1575b33a165d62b987e483e385e6e851674223c47bc2d5e7011d543fc060d0c8e11193aa05fb0a9cd880fc91cf336d560c48a2053f6fc77b4119c8a261f8fb1fff75a31e832a131ad7112a5932fa8a2a60473a7c8f6f2903a46a5baa2fefe2366667852c681980c73949b9db55c0aa6d09d2a1d8d09c3124541ef0d16087617e1d173c73a9d406759ac9d7d463d258021c782382441b0314c19e9bc50c6c4b7af0755000cd180368c7c4f2c0b46671756399da27031736a1a64dbe02541b9f2fbf9aafa5e84d4a5ccc9226af515c85dbd14815c7cba2bd56cd25078123f9d21fba694211a9d94beb3bc8f305e44b0517e37c9ba0c41fdbcea4b243aa3388b0b1e253157a1c3234481d925687a1df34ba71150379d3d0cfc42850e29a917f6fbd6b3462a0a0bd1dae8a18cc9a160fa9575928c9ddb57bb988249d4c4ca799a104828300b864558deb553ac213f54c3dc468ccc5d9acb95b20741625d68100de24f42da62fff1bf01293c3d5669657cab1b3cd3d8d81f250a1294b2040102a5737837b22109efdf58cc631bd5834604ed786e61448c749f88f994a7f38348c04f56fc721cba0946a8fa30b188f4220255345d111db11d364777daee10291ed8c492adc651e7c164fd30ff1001712583c43df594d56585a129a2bf844aaf7f9155dd6417d11465e6cdd818b1d9e3d8ad3c3f3774173dd7bbda52e8c7fb37ef923a84986d32cb5a100a8886aaf79be898b28a5cba366ac3b563e86fff0a6627a6196bb8921a95c8e29a613d73f23ed2d4c3b416d7eb35d86bb9e677cb1023a6d610e489d2d3660ca6fe9f330163bea2523f0bbbb6789067b6512c51ab38f214778534a1c06dc370f72e31507f9bbbd6962356717f221e2d4f2f12fe7f395d76710bbc3477733889c9f293215dcff737d70538035706170567936a68ee42f513f704e4d39f49762ea64cfa0c3a3b232beb6654c9a43b12ad9a81ee9feb5486f24668bcadb0d89f492aa9db1277a46d33c5a862bdca545babd3aa3e200c270ae73d6596b1bcce73a6ecfbd6403dca87d5ffb21d609d3b13c49633e7c2d4019fa78f5d44953780e9be0e4856a215d2429f06e873213bde643fc42a6e6367d03855da93ab355718bb3e68822c0bd9f51f2e84632eec140fd5c09d4e6db2b68631dcf4cf6a4938f188ca961e7575a72a55d4f85548ae43df1464c89149c46ea59c4aad70653d13573cb4ac372a51ba2655e55f1e9684d95daad06d39b3407a29b2b2d16cd69d9c892eef0737d09fc8209a580ce69d49d152cbf3214b3b67e628489248202d680ede4b70e31ce6168a2d97b8f03d90b03039150be1ad8d5d69a24c310d3aa92e2ba32cd2aec4bd2bf655b9039e61a5908588f7c4543c3d8d1779a612a73de014dfd4443b04a00d5af5906d0ed4b5d4f7f54943122fe6907e34c013482456ae8f7c58455a6d9064994bc924a2fdc4ba55b3e99d1f05852345b33ef11a6499953a73229fc93cf52a7f65d8f5bc1917883f0bbd9d5c680b42b1558874b18461c745be2974bc8e76661e8b9a5edf193406de6175c844a4e8063c71df19e70e7cedb6e10f39246f5018f4bb098d34fc38cd20747e1bf11795a6295c214dfbffcad7299e6e258d6ace772732b8fb87768683ad88d26199a8eeae9cb0ebc77068f070701c385e72f1c17f3dcba5cb9ad153dce4e19f4601c1106e924f7c420e3d24df511ef4aa0c3913fe0df82578e35464ac28504ad07b02c1c23d6553cb2b0e5b961c03bd11c1b7e85e9b5c0eb17e18df40371af6daabce6e08fb9deaa46412b98873416b77e95f2af2cab958ebfeaf792052ca8f05e0db5c3050edd2bc6a0aba716b2e5233c7c8e1989ae92072b6c3c657608fcece73737b1536a66fc03221afc8450e7e648a583e4c7f7cdc5d7463a1c16580d1ee0af076383b202b42ee3d5dc93e5e4a34d78cfb8b1c0fb37e20d0829d2994454efe4fdeb37fc4f45e67c8a86e24382fbc847344a07f1e7c4fd15f2db7ec38742fc2dbd8802eae6495ef57e0d0bb9f109cf8b71e6355c705bfbfc5b19fb34f319d26033b85eee268f0790b3791ef3b1d53f238eb6128b8a461a12dd3a8b8aec9c41846ed537836abd84a4f2b0148b27e3ad8b3d3618b5effabd712aca4676fcfb1330cf35045c4a5a1f99e45484f166666bec8b585922934a394a2a36ab9ad56775897ed875c6c0689f93958a74bf6f761b3a4988826a5a7d55accaf4af7f325168704066eaf14903319f4a3db3634d309d21381d60bc7147d94e8f5a7bd8e51919371e9bc803f8f2582ca12313ebdc62b5b9b540f840544cd40b2f8b37c28fb6a395caf413e5a00cde2b965bc104c340f8bf3795d1958bab0787e51e879e2d68c258fb5f5f608932dd43227727615ac30bd3942f60cc80c44ae235ebe3131685541e1be5ad435e0edce3cb36780c288560c771b2f41f76f9cecb1d957056d570f6b87df15be4906a0616c04fc4727d4562ee6bd15853132334ed1d3d8891a1318e2c661701176257014c8821dc1a0cd41a2f58c301beb8f40734d7a2929ee5c6728ce3648d40f6b43e0b881f488ad5862b16b95fa8081e5e9dd5de581f896c672647567d6ed7a71d2e4b562cc4eb505e6cd6f63a2cbbec50e4bf935dbf62d0f7fd8411c7c74f66b78904e7169e829053af1bd64b376d82b8ed4fbea64fbcdc2a607b8cba5fd56c1afd8fa2363e2ce5bc3331bf54a2b5fccb791a911c64bdf1aa7830709b0048818edd2284796f6f84661e464dc3571d365079075f48cf34704b72034717e17380afa810ced9d1c7c653fe13c6cda6988b401bd50d9dcfcc61186a5ea2b9bf43656d6659520fe90342adb82af285f343a99d7008e24f034bb5697310667ebc3e9c6218a2fa18e789ab60ccf002ab7371736e536c667356cf23df445de7b7a1283db084baade6a6547424fa014305f0179710d71b4613aa2517270a99fbe0e312c5a2f39085f2e3377d09f2537d6f234ed2549e5915aca3b1d6639f3c1bfa966705fbfac914184f15c94cd488ec6afa6a999001b33b82b173fa15ed2de45c0207c6124c82da3365bf32f764aa040f24aa42c1c7c88451b5708e5e3c83989a55ebb93e6ac348447fb1fe8ecbb04de15771806add6c7cf0525478adad2ce215c7401f8e8d1a2a63349b9735f527543f6835b054bad79c069c518e69f9c917daa346a5596bb230dea2930d59c7a1f4844f4afe6cf55b77d99e067c0506b38a41e67c7676d0a27009a06e1eb14d074fd73b4d02e7545e9eed3c0e0eff7ed8d5bffec18040521e92ee8f8f5494a6c610dbd728220c8ba2501e4d7bd56add77f29eea90719d27a75b0a86177a7a05666b4443f635fa9000ce1e9484790b36587a7e8685a5e3a1167ae1c6b095e092f80f1db94f6b0d30c27bb6b734dc3bc9c7ed69bbe12ec7ab89c2841d96fa253ca67d9c64205663f82adae9ccc226594ebb1762e6cbb7711d2de5593d05defb3532cdc546424c9dedfe1107b750a9fc02ed781520ce39197fb4831b82f2b827b98378197359f90cce3bc07a2010c5f7b181e1a404d450bde45d1dca33820dc1aba91dba90a0122e740ccea58c943d858a484cf4dcd0c9cb8f79c4e739227c8a5b4476d16f2cdcef8e3ffb4f3e20a980c4842f214abbfcbaf8232860b50251fd1345a67c587a019c255fbc62aae097cee3597fc01f3c959865dda2392190298d95cffdf5e2842df19609e65e563"}, {0xe8, 0x116, 0x3, "a29b5984ff535fb38f3fdfff9f3f9400799d1a0fa9fea4e7aafb045f6ffefc7deb9121b2b69d63d0ccded8142f1f5d2e19d7ca934bdf4bf289750af29c359f48e1dbe2149dc18bcbc2a4aa1c92045ca32ca991b13696e37412d543c4c3e37670216601d709d8e74ef48627fba5e3adcab47348f7d0895459ddf7a21497c358fa87f262953182aa1b581064e57a6187668bec34ab1d03a55344373a649de8ce1bc514e578b230935d82994766d3ba7380c7a273bb1c019b73d5a4e218eab5a09a8a32fead566aeb818b387670b10a7828439c4b2337c5bb62"}, {0x1010, 0x5, 0x9, "7edbf1b0d998af3ddb7404f9da520411011e472590b0e94161396bc64fccde4da53206475c7ccbd3c6765b3a73f741ed0f8e2cf704a4617e2e61951058f36a05f4676d868038b8217fd069de086374e3fabb87e02d019ad3dfc238423aec36b2a6cdb56e514536ac2acb2429a450271373ab0d047acd16c45148149a103fc56365ee69397597f09d2b8cda4f9bc5746625904439e8209c4af3f54cb7992353bc32a339a87bd74606a823bf85fbc56e5c91877d205c8c3366bc1ebc919ad056d130989b5e2e7cc8b02b4089ef18735e6aded4a52bf86bb6bbb17fd19e3e9799d3f56dda81a9b7995ca22d330a0cd182099ccc85bb7b904f4905e6d46c00517f4d3d5b0f9d52c478a0d0bbb03333dc4a7adecca8fe4d92904c8b4f062bc280074b7f181014f48894e8f5541c765f5b152140b9dec5120cfefd59d1c68159442b9b54d516cd10c7fa5c44590f9e8c47290102f65b36df0696934511e96b76e1c074c358e3cabf47613939c425f1501493f4041efcbbf33c1dd847844f237d0304b75252aaac440ecd8f616c58bd99b427705e694ed9377114db2e4c3f90ecff954144fda47459464eb621be889797e415dc323d96d6dd1a1f28e18b385c46879130003ba30f24b92f60104dcff3277d4469a6735d5f42a4ece9162d1792c8ffc253f106d04b0ea5366a2efa77a22892f077ca9782714501b1204f05c2648cb7ecda1a01b1001c03f7db363991f170a6a5c48478c0ac8520df3db4b5346263c63acc1326327cb8c01257eeff0a232c5ef3ddf06131fbca95221e1af30172e04bdda159b62a90d08b34429aa5f5fd4615a7dda1f005f305e5ad5d4334b493448255a7ddf3a734cf8f4471074a0bc3be7bf3c2930a7e737ba888c272a58b74bd2f6239270b665937be0fe44fa3bec31abff013457f49af51a58cfcf0f67cb0b104b91cd8ccf0ce11f09393ab982b47f361e38ffcccded275f31a2e785a00c383ce97bcaae7abe81b14c74af306b5dcad6d9a04db0d401ddd3a7e81a824e8e033ede0aa5810acd2f632421776f17cb2583c66e7e33540b96babef29607ab210c57c4f231a0440fd498b085a440e8abe2afb137e6298210e8c506ab3faf3ca2cc1c777d55c1fd7ef294ed10b7d3ea54cd5c23118a1b9512be76e7cc4d7bf9e48bac631e94acae3dab363f1c54b4efd0e446255796ddf72a62020d53a286e11f64ec662e539b08e57b77d857d19f368e7708efd337485f1f4c75fdbd0c00e75ce43c5c673daa41f73fb0f907d178e1bebcfd250a3f205d1796536bc69b615241808465b45e95b4c5a764c02d156009509f7da06bb123302d0d5a883d9a59503a229b4d5a6e8df979d19d72c53f29d4b50d817c39cdaa6a39f2439ed0ece422933e0b124ed5686ba852baacadfee01e281945a5e3f13a6e9e4440a0e7164b58169b2ee7dabe587aa99ffba6110e7e8124af5db588160b0da1d1869b4eae67c6bd146bb2b14ba05a846c8bbb07a00cae6f2a906301e48ba7e19941537e83994d16d4c9815221e710460d01dd8aabf4e61c6dbab3dfc81cd3c29dc648441ca0eb38ac5313d6f7a1fdf8faa17fb0b74ba60819cf38ae75dfa5d147897ba3a334e55ccaeaa5b1159a601a9b5dab6c9cfcb32a22d37a2b6d40b9fe9081e2dab711901fb36ac74aa5a1d95a1049a78560eab126b2daf24fc36ee4e513f23aa45050a94da8b4d82e3afba68d15f19198b23b158c11d1d7668b166531246a19a9ff87e1209803a50eaa841ffdb5d331e3cb28d0544f2d1c56a6ca0350c2bb7a7bad66bb194864e77360b0375fbd4d89eba098ffd75ca957e7a77c3591f8d19e8d96be7ac95188d9803690c98f632dfb3a7f09b58183fe1bf0722fa228581463c599fe8aa1ae08ab0892ff58d744cd62daed9b54729aab27ff9585e2a700bc0463825715f27422acf5700c1cb85b5e4bfc85055ccdd85d9af9f089c2e6cdf14cbf5fe3fe6214814c9e70634e9866249a23779d89b2b8edfc3fdcaabd2e918319f8d886d13ed685e21ed81b8e6524dfae479fa6f28455d8b26e189ccc3b6c1d9d4a1c520a2613190945eadc44606cec5a1c3396ef205698980f668a0ae2f303ae9da9a987f9c87e390500dd0d94f21d71fb22e136ae1dcd0dd43f079ba64111a9cd451d6a50e8a4e16aec6b8fbac582d89febb6c74a96f8c0a89690ed44aa358b1444f0c31272aa03b665a0e6173f7ba6ddb76b63884addb2973a90cabbd301fee82ea19ce38ca63ce168edc804d304b262a5a826a3e743ecac43018d9d17f5a4792635b1ff917285e658002f82a2a6cd12d2137bb55039bac3008dbdfe3ee69cea545bb261399b1ed69a4b0e2f627908fcbbfe5329028793311a1854d7d9c9a31dccc4a46e8c3a401e26ece0ba306f0dc5edcea34ef99a55ba2babde1c2b7d13bae87adf9ee769afba101695c6dcebde5495c25a23f54bc77f1580bd9be9d8800d4128e3aa1b0c49ada9d6a4a640ae703b8a5cc3badd4299a655cacbae26e4e8290cb300fa08e507a3860851bbefe8a70ab806342d3bdae4a4d9c150a3bcf02738f08504600f6f16fb944d2df3363bde4d5f6a8ce4e44a009eccdad20a7149259655a88bfb8bffdc5d1b4a9e809f04e5ba00ff05dc00a8fce3bb7c4e9ab05d706fd950c16f08cec75d5c8a514aeaa1d15502260d1ea8f95a2d528da22864412463c15cdcdd4e29b9e153da1d111c2a210be409dd465f458b90f64c635633d64e92fb469ff121bd80362072efa9a54ca480b911473f09a439d5a41993f17634d2901d03c11771968fd5b64854396a7779a8b04548b7fc7263a033d2fd63c8199b2e4884347ea531da37e2542923c0840c079adadbac88073c1648570536295a9758c26b9baa30bf5161b1e43ff08dc52c77cfff4756c2cb4320404233cdd98d32c36cb22c57463510cf812e21bd80071c6acfdfb55b08977e8d759f201106d4c977e6e75455532d5f116bda6fd427e34448879c46a9c899d40b54b6e0ef9238c23ac77b4fee80e203e95f4b27041d98fd5c16a09b5857c9676dee39cf0b7075c62645d5487fb8acafbfce48a4d1a40b1eebdf34d527baf0b0e4822e85e0131b124fad80fd69ec9c26f48ece41465ae648f44b11fa77451e59d337be10079f59c5cac66b10e8b19f9a81e5c39c46984347a4b398c921413c6990637436931ff751ddf472a672431b58fdeb32026fdcc116471c9bbd46f64872f450473c02ed63a1c8cc4f3957e6c8256303391135a53720851775ba853496698d1d9ff06b7d918004f2af9e2ec072755336e60900a9a7e1c895b6d611930db436503eba1b9610145d83b379c067523518642a4570bf771053d4ba923197fcd3b4dc377896b9100c410b88865f9ec03d5a13b662d0d849437a310b987bb97596edaaafeed40444c1ede11b10aab77eb50bab0c3cf5375eb31580c2ca3cc9b94b7c8aa053162ac9a174846b305117874ddc2f20af24f508c5133eb36cfe02e97fe260cd58f1a3db4622550c80f3460c6bb65d98f90ab970aed7e0d379b9d20bbcfd1f97fbf097cca718f18076074b0b1dbd6a808552bd410345e7d1c905b7debc5f3a5e9846362b64019dac9cdef4868e93774fe0e14f91f45aea137e430c20adc97ca72a976a77c73d88e88d3c1bb46c2fc561c96ad2f74a305a3b579aa12422b9362449c12a34d62a5cca258b537d45a69a79528a9f9227bf386f6ff1d7a3788d7f69606edb56dfe2cf6054c2e0f96e95991c37f65bd597dc4042ef591ae1e08dac47744c5e1b1ca03c6d52deb0da35280bdc6d7eeb10bf91bda6761932260c3a9adb2d43da00c699fce5182d5a28cab756fa748af96f022900cb04f8eafb92a2830000415dc7339c8e8e91ede016c2cf2d97c1768a91376cc2f054e8ccbd6a59e01ca479707f96e4ad2953226681cb7b35b469900ba6a8765dd6b821080befafebf070a86dcf80a0c6d53ba591eed33b2d7ba4f33c8f1faf238823d1fd4e59c6418747703b055ccac5fafc2fd296a2839d08fdc2dab22c8ad65209de687554cf940bf4e95234c53eb2f0bdaaa60a220dfb38842692408be2c60a011bd3c671a5edd67c4ffe416af3fe71b746ca0d067bb690af05a5fbdbe75879e589695a767c259977b597ebea8a8bde61afdb90351773a5581df43fe3a257028ef5dc75008556b5e7f39f0f7e43552776dd6b673e7064e04beccafa649b549f16b01a3ddda6eedf912d9b05b00da1971aa3b92845a668f5d0e89aa14174a816fa5b5386f47d7f1c7bc5cb5c7f2887e39b0c5781b905662d11dbc8239527b767661cdba1fe562b98da9459ad1b3cd18e27dfb855d80ec09b1565b132e2bf6423d34e9f11c133f8767d48ce82a164bba48b79ee58f4b76f3a8200e0d9ed4d9e3fb4ce3b9f83c22b8909858f81db1e1b5c6954d98632bf50296eb22a557abd007bf6657962595c6c837eca41f652199f52e8f5a25269e8e5ceb7cbd1e29c45077cb4b37777c67322e128098d6d3964dfe5b6014dc58a4bedfef44aace21c34c5d37912d3fe497b4bbd768252da6a306c8c8dd273221b9b0eb9408795b6bea6a2b5295e70d3e4bde9c54f17339aed23fbb96207a988c376b316d5ecf322e1f04080e03585a9b5e1fddd423ef3a7417dd20ae5bb2598af0049ec8b56e67afe3ccf0dfccd3263cc53d08370fbec8ecd920cdf94b035a65945509013c4035bc62bf7e68712cb5af86b1ed0dc732ce4cf613e0611c36551e0fedbc9fd07ea05ef7455108d482758a2e4c403a4027087ce8a76e1621b50071ac9868519053c37f828e4c38d6150b9262eafc0d1dc81ab0641824c2198444c9d86d80186ab4961a575a1c334e6440c18ab703d4ee2d13ebd524ff3ac975a1a0b638c20a3f2cba9e81fb6d9c41e86a2952e57e2d8468f7210df35737e2f1d060c44a3dfd418c2debd204a7d9851a8e4c809617b093ec8f0aabd185a0bf35b875fab4e88dae5130f8245ade132cb622ff4f9002acc6dc8edad6ddeb230cbc5cac1299745fb367ed749a8705100c230362e05c631d02a6654be435445db682470d421342c703bf6512a2221239faefe134d4824e1bdbed9b36977b3129a404b10f16150ffc977147e6977883851654a69cf500b479fb854692e7757e02ce4d9d05e1911e5df7c2615af85f1dd0e4dcd4e5d3662512962a24764d9b71c9335b738c7f6b9c526830f746a6a75559ab0aa158085fd555a452dfad6612a2d3d133f38b377e5f23e2fccbe8c4b91f4c1d826ddec26ec85a6237496c8036c202e9d94c951e547c6a502ac0a2f214b2bd8f781765278d8229a261f14f85c7333734aa402ddadc82936eb216545b229cd1d736b21fa828c668258524c74522b53e28080ec7be2e80475794fe512634147c514ca1f360ce71dc85e00d917b6250e3373e45bd12cbf06c975e114fb60f88d945c3c192ebdf68333b3d6d37525db832b4927b18a006efadeb0d1bbb3b9f8a3481fea00f2ef3e933ecd1e65ec3b726df386fdf96a193c96ae76335295fd7544bd5f4896243eac82e1cc0af3a7bc65869d33e42693adc676252cce78736cc03e3f6e80bfa3e6d796385377dee5a860971900128b045c5ffa5d344b1d6f3b71b775647be22d777b9a04beb79b49033cf41011df31a762bc059ad26b7ccfbcc6e9818f56bae801a6299336bdb24ba17d6cc42d441efd3a7a5edde397b49a9a2fa819b746ccae4deb170c0829dec785b5c654779d768586a320695e024a5c2b3bef727923260ac3d5c05af4eb60c447e6bf66e21ac653e9e"}, {0xe8, 0x110, 0x6, "fdc68bc554297c83592768bc203bb0470efd39bb47d36d17856c3591923171e4e8d692caa9a2b3b58a79e8f29926c396f1ddaab2a9a3539d9ad94680e6c9c732023bd1bff205b1cb104caf195fa3340acd1c02cc7685b1cced81d2515c8dff5358b47317eb89f7424fed027e0267f5a7e8a7f8210f4d6910d4cc1e1466dd0c1fc6369d1eb0f93efa2b19d6984b71b9eac4f34d9fb3f6d5b062ac467113ae03b31ed603c6809b3d5784d29c05676c96a1f48c82eb191c6dcbca2ab181cc107182d6e42c4a4fa8fd4940bde6e15b4c75ccb58fffa449"}, {0x1020, 0x100, 0x7ff, "b55799d720c4953ddf4ca4dc84b5a8d0732851b528a7ad2f6ff0a920f73bfb6f8587d3f2c0c86e135b0152a7c95a71803df466a2d6bdea356f7bc4dfbd0d877ec11de1e40d3c939da9337bb4487099edf79d51f929e90a4a88cb0f26aea314e392d10b801b80d87ea86bc2e336acff7148f9e48be2714929219c6529e77c7ace8fafedabdeb9ec095bb925ae14c0b3e6d4cd131dda36e3506ba93d1e8d9c77a588b72615f98055e2ba2be1cc8cbd448fa5cd3fb27963255e6043366fa0bd8ede4e5690897c24f27012e7c2386c18d6f261403ea2e8fd8f236b59d2d26a508c8a0086c058937ff30347180c08d5810183ff94710f4e4ed08ef194d99877c4cc1473b1d71c02e44d7fe63ffb9574daa997dbcfcec4977a72bcf5ab47714a1dcd9d3c22a86c18c2db180a94aac0f7c37ecfb0755b7b97ada6a78fa4abf4a24af6e5ed08d94453477e6cd25bf41f3b2354005629754c1713d273c24ff62e733f972c1f584a8e552e99580195108d92a511368ff80faa4ccde98b4b8801e5200caac6fc0d4d0d0766ca7092debda1d92f8b78084bf6c119f53f593fed4c561ff9a98a799f76b5d090c05c385d4264e2248d55503a60ca69961b2f283b11aa93bfbf806164bf44644573720d7aa2d9a4ab8aabe11acc163b4811744363435038c0718b65782cc79a2b4d7d26ea5c3ac81138348222950ec2a354bf215c7ee915f54737211e456b4d4979ea658adf4b516188bf611365cdf2b347fac65753aa9828f9889ba14f6902effe4458fa12b407ec125a20273cc5d9e38c06ca8c61bb31799a62fbfac40378e1ee648e7100f76a6f0085e491511d46e7b409d734018dc7b50b0958ef019610ad51b1c0672b7be41b100b55700d7336035d0848aab507c98d1497be63ead072bbe1448d9e30cb40918de7ba62b024cbf19b3aeb56bd7aae60ae4c96ea2f04feac93e98cbba195c6b9e6a028cb989f9fdadb49274783f108f7071f265cbb7b4a4215c49aeb1f47579331077945f0a2b6ad6e950e72a38a561f7a1a5acfc5abd028526d2d69125810eca74558789607fd7d7bb8276409ead63fb7c0eba9378e8f18850eea02280ba65984ed0460d1bfcf73a7da2e9bf98008e040d716f29de1f1e42459e18890c0c26f1a5bc1d94437679212699e2bcc7d05947612e0e080cf44cce7d31ed695363c32fd9af66d0a1352496fdff8670a77bb36837337bcae540293679a49d3c97668714de7d926b499108369465c07d87698b2b94c2dfedc2535121b689cf36badcb475cc40d19de827e196371e93893d31636767af093a6046b495e6e96e075f89e036104760c364618d020553882e914d55ee606f8725aeecd3933ddde37d515961a2d97183606084933cd604c9cd13654015a2d15c753f708801d0074cb147cb9e29782655190dfa10f81915a7ac03152ba7620e4cf2e6698bddab4156ac9eb0e639508fb4c73a125aa48ae4afbadbccb66dae652c4a5350442e6b554d0749e2b938b21f1e308d82a035967bd25d8c88034fa80d3eda0de63b50f3954fb65948f3dc9f93476ee4272998c082f9dc0aa2c846a1eb83cd9585ccb34d569d8b25bd844f6e4879c89a007498e2df29d7d619e61f1e8882890b7880ec7c1416fbce062ab0cd97369c3b609c118e6f5feae9c2766a958bfd11d57636c7ef1e2e930fd4316bb5b0c42b1edeb1f5335a2976d3daeaa0cb9f477a246f36a82e0bc64fdce30e5693b7706e591f12b417c87933f9ea3aab2ebfa020679c32b785afe7d6711d0e1e91490c5eb1ee8a4bb09563146c2dc682e2e6c95558f8b34f80e4dfc0f87eb385a9fec7d6fce41740601fb995bd1e21683bb65b6c8bde33a6ee29a6943044ffd6e532b42675be372d8f428f75acbbda5ade5f0b78fd9017c7186d1cf7de9b4287953f86af59e5cde6d369e5de53cd447feb4a36c047d5bf8a8770b58a96704b1726f7e8afba8cc04a662706359bb3c191b0dd6247e7b852ba36fb6825d40d0b9bcb2c2cd60f8499b7866ed0eecc175d9beecb9f3390883f09537bc8a34ebcf2400a0c6cae46fa0d34b7659ec60ec34c68af317ba97b38153b99d096b0dd5aefc91e6e0a911b3ca5cb1dee794da9680e9319739542c1ba30d94de70f2410be5ff6fbf05d9848492279c619391507d48475cd9a837c95668461251e9cc2ae5c53e6da53aa3db6e60ab8931913710e4e5d13f5311466b3c077551e439d1aef1eb10ad9bf16cbf12f1b09bbb7f6ba99805a92b841b7e3970dc01724cc03c7314ad55281337819630e9830ecb019100cfa32b495e2226d18d5b369283a06748f49f694ff901170d2a28a3a7f272b91475cdde97c43424c0ffebb2b9fa32e502844ec73a0df1dffda87fde9360948e4bde74cb3990a062abc3ad58d4cc6152a37bfe3ed3f362a836aba10ff9c5d57d3561703a42b9dc9f22413bd5a8b54f0c4839302bab1190a15b9efd0f81ab3a87cdac379fe41a0e706099c2921ef24da3753d428cc2a501fc0a35dcbcf389dc1e8f68718f582f902230e8f010197f4bc38f939304a2681c5924b575bb7cb4e85709d98fd2f8621ddde9cfd8e28b45968f0540ca4f0db659f7d75d6849f1d878796f519b9dfca89ef7e5823d6a0b9a39e77d7979eebebb49069d2214970ac97e06fe507ddc8395a88c112164e2915bc71018ec08fdca35db91f5130162378e1cfb392b0a2325b4b0c9d4f1659786415cb6bd64723c32c3069b7fa371c3a6e1f28db0bf2afbad2bc480b9ff25f065652f1277ff06ee1f32fb950007a21a8f732a478e77c3fdf3765f672691a44986041d7fe43912e2a9c144d847ee45e1371919a9c785524c3982360e1ce1caa07e372e98c89e66f452a7e76f68aa343bf80b003a65ea1600797c993a058d2672f3b014110a5f8d72301ef97591d1bc3c87726cacafc45a1df7ba23b30da6092f598520f62db7d521b8d80b2e90b42c89c073da70258529fce7460a85127a6afd2761cbba8454510b5d0181237c77aadacc9e2c8a64c5c1d5c867f3135d056926e8f496a8ebc48eea81bd3884fb71cdee142292d8f5febd4851dc7b47cefc885247715fcbed253cb8bf16206fdbc6a2005205ad054ec30e9ec04d423f0b5ba5e410671d65a25e15530fe4ac5bb0a38234bc66f630e21b2b504c4159cc235c3d349e30db733b2ee112f7f48d6d924f344c3bf9bd32f4b218aaa6dde504d732a1fedc6aff1c2d154c8d5a2a6234b79cbf5e0013c579773c699f85f2099333150309085a5ea4b66328e9f3db24d0e6a69d1f37c82d49737a99d02c0dbd1cb6cca665f2d77eb5e5e0f0062f875b7e520ab58adb930ceea26457ba3bc7496cc753464a7c0e174fad6712eca1e84315bbef365e8604805a23f6e4aa3aed23b20c6d88c35a1762bb1ef8c9633ee5c118c9d2c1e5dbd04b9f817b97864c9e9b2253d3535933aab19719c04ecbfeaad452a43745792bc0eace1d89c238605e0e06f21931ad9a8cec2a7fc8b2cc590a54df6220f2afad8e6d1cb61f3a98e8b771bd7d1585138f83770f1cea19f58528d34edf24be75c3ba2c149e465206c7a7bd625ef7e6bb8d98b07b9667ee4a6dad7965a848f647e0cef7b0dc5811fab81faa1c33dc8d25c32f253d797e2b88d280880a9bd530937c32a1ed1b79611b6052434b618aef232355481183855d429270e5050bfcaddd7f0c80453a382d2988659678601dab34c1092cd48c0959a9612337b117fc8e3e567c487c39c4678b683b2248a2e1622a0e9b168abab06914c83463b484c8a91035c6c312807816c01e6199cebed2021a6bfbc77957579c505e58cd2cd67f5d14cc0d1bd71d43bc3511092fe6cd0f346ddbf67b6f236e941f39e2818b7e9cf3fd4cc61651ef409e7a344d1eb1e5cb46daa4433759e14409bb56213b6c2f4a039936225c6d0eda326ad2006fa24a677706e722851939dafe121de817992900f739c03b9eff3ea406af98afec85c04d2d06affd34990ef1ab20df657a5bbfb511498bb9600859a4ce78ca2b4cab66d90acec357a5dc1cfd8b5810eec0d59a96d72b1de1873dc49c3004207775bc37acfa89477e28ae5b87c68854eb9a4d151f7bab488783a311f6a9de9c6ab76ac71a059698b520fee062ae5b678d0b08ee3f0099f33ce58905538195218db3201ce0d33dcd2786501a812a2d9ce7b47ba9f3707f454879e0ebd9745cddae78ea6addae11d817a8c5957f1ccad923e35dc83f2f2f5d1d551eebd6036dbb725b519e650819cf0d5d948df8065f4d15af82344ab9a4dc60f565e783a7b022abf0e3b8d578cb565af1438e4082a33744e7ba752d5ca53114a65314da90e1a3c7d1f1a2a2fc135e702cee0ab25aae92c5ad651dc7f1715fbaec8f4ea5b3fddb941c1aeab8488a94d75123f77044c8a0cd03c97cf2729a53a09e792cd0254ecd89ef6c44226f045300ce501fcc815164c3cd5c1ea4b3e79db19add1e052ef4da583f2e04076c817fa7fe07cd2aa2453edb6ec5fc213d7f7b5e2475523ff8ad82c93aa33c78417e0eadaad86d93de6324ef3b4e680f63951306068c5b162f08ada868f9b5e2209a08abdef2400984a81ee7da4d7673365872fc4e5adc910e5b21566c5f968da7ba9799409ec0cc382e7c5688e60b4fce1ce20371121856a1179514d9c103ad607ac23ef9c324ba86c11c1e72693b1071c82aae281d190e9d9770455fbfd7b8ea92b73a448d20230ffebc9942401411371c4c40f2b76da7a658fb59dcfe555e656ca5add89d741aec8ea21fcc76fb2ec204e0b513be524274deffc32971d75725dc6c540f41c493482c36ef0f09a51e2081223b17677a1fc4bb129f61cd9bc2aa627f4d9e1f9d6b3234a3d88cd83df5b28c61e42259c7823bebd0f83b761ea0efb54aa6abd0dc2b4ac770d96e17bf3a03998efc6e8073046a098105777812053f67b68a7cc3c30811b9502bd116543ca8a8eef3452b07608430f1a56a7e5e6d1c15f4ddb3b922f696a5f4d6766b40f93b022224a4498c00cdd221b83b11ec5ed0643e68548c9343843efe498f82b4742ca6c23c1ee59d981763709408dc47e9214ae0d273bd9d36d876ba53a228fe07e748b00d582f632490ca7018ebe0a61d2a062aaad580af7307f36daadb10490e0342cc9a12c0211bcb0e399202844b74fa185fd2f9a2fed5e6ab22e67e9e9e34fc57f113a7241c5475ebf308e0b2aca2317ff14e2a221ad4ce5780c0057f948c340a1d6cdcecc550690ec9c0f3769186804764b20819ca0b4bdcb9d4c1b869903b4355e91fd7a0027a17506046b2392e3e57995d4d8d4df556cfcd4f62951dc5ecdd1850679ac8f2fcec118f5ad51dc1be2750edfb1356aaa5c30c5f6b66a09ced9773185205f91aa4186e2e79b3e381774ab0ccfd11dc6b64f1c25c06a42050f4e36b44f4b0a3c24b31e767434565d50e3452a02f5fee2241354b4be27f507d4193462f2c504eab91f9cc26b339b5a5c27fe1f0ab19fc9b520c20f8fff72f75390c0a9cbcedd6518b9c07466bdfbda988c580c55e367ba7dde72dacfb3d95bd3d24c787f012b09c6d56f182a5555789c6b49236a0c7472b5332853548f5c3e3bf7ec0e30697c9c02dc9b05cbf5addfaf8dab8f5095107b2df0b2d9536eea5548a60fd78715b5c3eea4a9fe245990f8e6da897652be46be82eb0065f6aecd15aaf6093b1c5c7ad11b0686f2e1cfd58c8286c2ab7700506fb269fc49d6897cbd04e1f0c7247c295919576bc48d589078f51373d1ee82f3143e115f2dd4539ede71a06461e4d71154774e6f639d418a95fb7ab6ee708fef389"}, {0xf0, 0x16, 0x2, "b5c941ec6c933571f9e84e46e55085d04391f332f0a8e4a38539381ac96e73c55c0aec56ffd977755e2850305b9089e697c92053ea504a029fabfccf920b4e7c35894227b6071df63b448d49891328aa93aaa45d3fd176c1ea6503ecd8f5c34b7016ef12eee9e9299563b60bd0b49b738c6d0868e03cc574cab62b6cd2c1199d301a82639f6ce933f61a6f3042ea0d311d81e4cd0ce65fbb3e894739e0d322b8e711168e03daa1afbdd3df9c7b69312874aeb18a8dd345d806a435566f09f05fb814fa1d4b18b3d2158c11cee16e4f4b7e013e1a43d2a7215df589"}, {0x1010, 0x100, 0x401, "6394ac9a676b16423559cff2de963dd0fbd682d0abb4a18d2bb78d9b5a4035ceea23ab22e166366091461c69ddd903064ec4ffe168ebfebeb44af77574a93a58b1a19616a37fba30d0cb012a3c4be344bc6a0ecb137c8c77f12add2ef5611ea2eb32fe991e10c856995eb4d9c0694a4e4d238b9238da82e04f5dcd5f4a1fbeb2676c04629f3ee516bb4a6845644cfbf385e5823a07966cbce2df6b2bb1f1a6bd8bd30131d24ab9eec5996daf40a0c334702309cb0c9e98db8fd773d96d94c078955b06d0738c12585701ddd5f94d819a85b5559ca0c944198ee7cf8cac83678b3be158abe7357a368696a7ba4ea8ac152b4370e850b92c0d31901710cd88eb6a0c4c4161715f5c6190e02561d9188cd165285b59ac17d48571525727ba060267876bdb88ccd154662a944f596ca860424031e541b477dcf2a867d024f92e11402537f330254a00f19cf983e55c8fb08177fe13ac5d1865b169a4e3aa8af4f6512cc423c7808e18e92f6fc25f3c735f463ab769bf0d7242a30c639fa145539ebb483571d27789605324e151ff50f2046237a0a51f2b0db2aa73c537be453dc47152ae36b39598205353abffbe15013ba95c36cfd0c3de9835234fdc956648beba6fb5b0525420c6436f3a7bd1183e0b8163fa5ef2a9694f5ec96df0f0c4e337ab2fe86b616d5565b8a6fbf0376ce849db56f10dc57da84e1867a0190a59bb91df0b46b3a12b3bc65d2bb375e51cb3e7a6a896937a4145811449a2f6b364b4ba3b8f3908f8d41548fdfa1f03e1b48e4bda6e2ba132f7d6c2b31e3f8f6da4845b3257cf43b32222c62771a9a5ea67ccd5329e1bc024dc807c762a2c78ec119a44131523997a17735a9a0a3897c141c7c4f228ae95ce7c221b44a1bd0a1c9f71414969e6da4a2544d2d4ea29cd7c7b495aed7f4817dabd7548149d1b56c6a98b4bb503ceb6489ee63e827574f0730a298280dc617a4930220f117d30daf42033a426db5bd0eee18c353294d7289cfeb0960bddfa47e92dd70015a03c99c6f0d6f172ee675dfe318e800ba832b3553cbfd7bd90b22273f7d91147971127a12813a6d4af5822df0f369714b2d55059ab1def02021411c03fc41756359f8ce27adc2c7c01af670706549ed9162777f001e64e3ff1e5d6a9c2192fd7e5c9abaf651b1986bcc6d68968720d484ac5f9dd15509a8776c7b5946c4f30f7b888ba72725236e27fdf7c328438e20c564f8d52049e6caa3c717c4591ecf9cbed616051c8432f4b5e043662a0d08846d9f01677c500b3827b4e278ec101377a3bba4dc6ab8c8a7f2473783d24bd66e40d2000b256590cc2b4167a13610398a827591f7b67007aaf450028fbd8490c3e80409016677f79dede451add60232f429533796ef09d6cdf414fcdbf738d2a24f6f23ce9b8f43829129486880be338f3d1e0f0f8930031296bc666b80b182d65f297d03ca364bd020a7f29e6bea86cba638e6ab6a16ad85fb7b36766e006078690b170a421855e8f7760a2107056b2684707173bd339917e275c4643fe27d2d5d3d5011898aef77078c98b5332b78b74e963cf5399a730a6cd2968e1cf33ad5cab2d6ed6265af9df791359bd77064c2baf4c03f206bedafbe34569515adae9f3eaf04315e0141e9d77ff362e386384a686685ebafc20330b4fbf024ab18829a824e0a5b59381bf289ae49754bda1339110860d124c9a6d22e64d909287bb9ea3e0be1b60432cf3a25ddbcfa51df48dadfc8b5d3088a8c9e3c4b990402132f81a6b63b0f4b74b8aec2759298a35bba2c7404cb9e57504aa3cf7c9dd256f4a66ad68c154fb2215810e8be61097da1b2aaa96cd8bf070478b995eda6d0a72f3da01928c2b69673775b659ff9d943ee01ba8c32a77617a12f74df7d45ed49ff0615b9afa5c54fbabf622314acf3e1d0f6e69e6fa77292c3e82a7c89aa99b8ac9cb3d4939bc7b7188a933bbdfeaa8a5e68ae2fb3710e8b352d6fa8fe01a601116df6352273c05d955fdcbe1baef2b6a8ab2cebc96a0a831f99bdb644d899fa146abce6b7f45730b97a8a9d205536f99e180e230de531808ca633e0716161c8c9fae89e09ed812b0b844aa936292227e80878b054110e3a4727851a6943d6f75a53a679e120322303c2b4431ec48514258ad33d4b8295c8141caaf5f9f964e489c9fb0e841ff0f3f81c65e5272dd3e2807f28d07873dbbfb9cc4c70eb4e1e8e0e65aabea26e4f26fea266ade79b8cd2ea23670350bfb1b06d317b70527be10226905129bff143056b33b09e17e5d6ab7d7e3323b8bf3ef542dd562e99802db574a756100b6371a8ee9418d26f1816843f7842fcbb4f05de549e761e62246caaead6d1a936cdc326d12e14e5a31f18ab6c47e266a6a62103e6bd4252727fded523c5f85a3bdae3957296913a5efa1bb562cba94313bd2df1a3b3d75d33be622a3463d2b109fb57a7201aadc5161d48e22d9cb5dd6e390dfd08bb428f0fdb3edfd6873727c4857f0f7c30fef51ddc276d2fa4cc1cffccd004364477a033436f9da6b00d214796ebddd40696594f7f454ef7c2db036f6534ba9ada4acabe30564f9c7aad34c22e880e8ee3f22a2dd59ffdc6e93563647566c9b39cdeb236eb9d90026bca1d3e500b36691bf3e112fb1f3cbc431465f54e5893400ef33d3bea3ccb41e854bf48f861504d63b6048f92fdcf681f50b2e8ca7a76219829f6793fcf35c1df816bcf61d57955bff416084b684abca5531450bcd57456560d822b805907a181f1821c6be5ebb348d0570f7661bfdc1a645801ae7da77d9d032ae4f8a2c85226904ceedb74467c46ef855bee48b092d283963208769cc49fb39bd6bc1e6a4013d1e8413e86a34ce5695e2df281e77af3630081cf188ea929e743dda7c63bc7ec8b8401570d897eb0e197f56a3d0db5a4e31b068917688417f717cab1381f39d050d4e0f080404ee57380f3e0684e58152af145c058cf26040e6b7e04dcea416d532683a6a87a9c77dfed86bc0fb32ad59905afd4281f531411edda77efa906b751a875e63240bfb5e42a6b0fdcbd3a6ab8cd3314b82b2c99d49142ae110c3502ce032137f1791898461181f612a95928e2d22b812232aac1205681f94d8eeb0dcf030593b240a816e42567f22bd675e4a5aa314b5138c9096779d73d3bd657222a7fcb73575c4b967f7242fb7ce23095235b8be4b9c8d4f26551a9c8892397748bca63f53f57bae97556baef678aa2228a788e72327d508f47ebde0cc7b5bd735daeeb65548b254a54464df96d3907713faf413f48a14d461e1556579461719855ed066e20477321ed0d25139355bbffbdcf1dfeed98fb9164835c32c04ec59f3cff76c4dfd4f025091c479571fc9f0d8a42f353aadebf04181330e659a6732806e0ac8ba1fc15f96d515d2fc6e76bd1cac10dbaa0dd1afa70a25ab15f7937d79f7aebbb13371f2ec40276d29bd7e56a66327887f1b505e75a7d0d2f9615051336113226b79b5eaea24341a13609d1ff63c4515e26f24fab44201fa4cd6dbedaa3fea2a2abaeac7f1df71cd4fc93e5a7d5133a35f988f4659cf8b202213ec1b200e2cd516e1f88d9187d9d121335d8ea88dc77397985adb87ba0e703e7090ca3b4a6d4746df5b630e647623fbca3c021cb5f4d591cd2283865393ef0b1bf5f97ce1e7ab575b4f82ccb6a039f183743f53e87e58cfae4d726bdb3c9337dd3798dd7fefda4923a7e64ff8275ee2a3b42289fbebe9f5378fee768d6c41dd149e91a918b99f0ed198f90ac0d8d6df40f5b56430d69b3e426040d013802953ef0b7cca6abb18dfaefc29e7b7492c2ffa78e62c8e54b448a494b1d8a320743ccdd453890f9d921029e2cd5d4d1391cd2b0faae28d5e55a360aaf609c8cbb215a3cc13397e9aa83aed6a833c5bf3fec51f7d87797d7035acdc848711050952dd131a6b3aaf64b3baf02213a772efec4ab7a57a4943c63ef9408d0b92faa66eaa0fe33a7fd9e60298a219c91ede3a312ea6cfdb25de5f235ad270f2daacd749e1613c5faa196c2a4b5587897aaa824abd2e25472f34a03348e5ab75d8e75328cc2afabcfcf928d14e4a5de4c8d68a320ce200603f666713011e2c9c640cd9f4da3d7ae9fc77b24132a78b3532da6c02146d8bb18b9d2cae2922a6f9db5f26511df65a7a133597b89fb6757f11a264b95eafaf0758bc49aaf16f6812711d7a75301b536bb524faa1b198a6e4429d1d789405beacf8b845d83ffb19234f905c782c345e8f18ec56197565bf41cb1e9bc7208b60e8bf495944b60b9d128e620608f5599df67f283822691dce71c8387232105c69c1ce6238e4ce0a4f97bb7844e84e9b09d9db5c6632b7af2a782fc614bace472eda76c4efc972bc9cce0b1fd886080a93791a0f0989de449961d24b7a27131fbbbab0debdccc3db9ce05805cba55ea94a46565b0ab61440723cfcb1b8745b29b9a349c36dc06aa826e49ed747c8a39cad3baaadadadf25c813b00da30d4be1640979ef14d440f542a1289c6c9771e0a6707927348840a79a573b07b9917d59136ad63918d6667ed29e05b4e369c9795478c86479693ce9956b70b987b5c19e43edd67a10eefd941861d71aedefb8c329768c5b25753aad8f524e427673cb921e9c2c0ef87955cd6a690544c48efb72c072b537b6239f3b23485c9d78e36036e3fca84d3dd80c6fdcea715e9adaf00e5aff3d06cf5480db0d8ade5ce0911135e45eb6739b20a9262a53341fa78295e9b5a6858116d29b6dd40d929ff1e9ea585910df68b45b56563ccab66db9e573a2d8af66a149178bde5ee445347f2155d042393891c9a03f6a24b0536a32062833f63387c30c60562847245c2d808766e7277d21a09d1077f634f5ce7d8241135fb75eab10b1c989996dea5bd0c1087a64351973c33a79069b5ee7d5a03a36542cf4e32a68c63dcb1c4d1f1b7e581427f97f587f3ed5a97b1fb35bac4e48d559a93cd3a5419e240966476b9f7deb1f36917e32205f160817550d2d0830a798532139bfcf758a7274bd155b832b905a69e67335fe79d2653a95bc5a6a2444cbf5157d9f4ef7f758e186ce11144336141b4bf92a8ab1645344426d4283e4247354672ee5ed7bd53276f52a37152dcc299b5bf831ab1b155243554f0cf3b300713f7437b10352eadaed334d495e4d90eafb3a4ef5959a3f85f830c7ca9bc973040b066ddfef0ef4f52b2211a7acb4b5eefaab21adafd6bf939c2ff537e649a5e108002eb92e22392af4c19c421a862ff3731f1b525c86ed7df73367737aa88b16f30f089a7f246e9bbd1dcf2eb2f1378ff8ffb7397f6134cce84d8a870c9ffae25df2cd39f34a09b4df433363695f5b84b6cda2b6c2ca15df295c177007fc156cffdd11f76964e756afa1bc4824c1d214e1768c1ff8e85be0f1474b1b00669559d3ce5f3baa77e30f4edff13d03e1ea065a38f344095fd6e4ecf9f8953c0232eed744b27575a0369ef0d394ab84fa67e00562f34af4d5f52affd16e2f8bd9acb7ac5bcebd69513eb49d76ad9baa6c9660b81360d00e412af73aca2dbe97e91880e946397c0c64eec05105cba6278c5a9449ff6514438a2f9e1b458555c754475bc8a051a72eb6a95b01702d87c7d82380496110fe21d28d9f81218c42bfd46b93a65bce8203a5ae794c4627aca7f9c9e0e73538313c48d49e05e1ce1298f4f76fb3ff334efc8bd18af52f71d6b49d1751c9857feeea905a81ab0438f1e0eba06ee46e2c5dd78483af7887466340c9048fc134e685ca93ddfdf1fe8981e86f0"}], 0x5400}}], 0x2, 0x10) r8 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r8, 0x0) preadv(r8, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x10}}], 0x10}], 0x1, 0x0) io_uring_enter(r1, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 301.157520][T31414] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 301.165639][T31414] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 301.173754][T31414] RBP: 00007fa4266331d0 R08: 0000000000000000 R09: 0000000000000000 [ 301.181722][T31414] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 301.189888][T31414] R13: 00007fffc1f3ec1f R14: 00007fa426633300 R15: 0000000000022000 14:04:16 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:16 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000005c0)={0x0, 0x0, 0x10, 0x0, 0x15d}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000400)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) openat(r4, &(0x7f0000000080)='./file0\x00', 0x101000, 0x158) recvmmsg(r3, &(0x7f0000000380)=[{{&(0x7f0000000140)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast1}}}, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000240)=""/110, 0x6e}, {&(0x7f00000002c0)=""/165, 0xa5}], 0x2, &(0x7f00000004c0)=""/222, 0xde}, 0x6}], 0x1, 0x1, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) r5 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r5, 0x8914, &(0x7f00000003c0)={'vxcan1\x00'}) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="10dfffffff0000001cfff2f356535fc0"], 0x10}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 301.213115][T31415] loop3: detected capacity change from 0 to 270 [ 301.234141][T31415] FAT-fs (loop3): bogus number of directory entries (972) [ 301.241313][T31415] FAT-fs (loop3): Can't find a valid FAT filesystem 14:04:16 executing program 1 (fault-call:9 fault-nth:48): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:16 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:16 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0xc000) 14:04:16 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0xeffdffff, 0x0, 0x0, 0x0) [ 301.332607][T31445] FAULT_INJECTION: forcing a failure. [ 301.332607][T31445] name failslab, interval 1, probability 0, space 0, times 0 [ 301.345446][T31445] CPU: 0 PID: 31445 Comm: syz-executor.1 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 301.355881][T31445] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 301.366030][T31445] Call Trace: [ 301.369317][T31445] dump_stack+0x137/0x19d [ 301.373664][T31445] should_fail+0x23c/0x250 [ 301.378126][T31445] __should_failslab+0x81/0x90 14:04:16 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e666174000280010002cd030004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:16 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 301.382947][T31445] should_failslab+0x5/0x20 [ 301.387466][T31445] kmem_cache_alloc_node_trace+0x58/0x2e0 [ 301.393187][T31445] ? __kmalloc_node_track_caller+0x30/0x40 [ 301.399033][T31445] ? kmem_cache_alloc_node+0x1da/0x2b0 14:04:16 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x10002, 0x0) vmsplice(r4, &(0x7f0000000300)=[{&(0x7f0000000140)="b0c7eb8bddd3617d1433bf2932ab2f668f83cd352bb5f2fdf80bd8137a4364e61cf5eed0a77500aeadd3967ba96f06a6515a323605e530f92fd9c15db181cd01b7529ef2440b0bc0fd9bedfc6a57d29f91621bdcc9", 0x55}, {&(0x7f0000000240)="b1f37c6dfc3a67a6d46d07dfb06ee1b3a5c35af7a9a3a72e6c5cd84c107e69501880ad9a31592d221ae73e2e4da84ed6a087b917207c801d949198006ba14b01066435ba11e653f9b4cdabac7b70177fe4d5ee9651bfdf3f6e6efffaa781622eacdba28643f966dae275755f08cb67b45adb5e770d69840362db57afb8c4bce79ee118a91a08a70a5cb5a1423ec8f673cd63e0c86de6", 0x96}, {&(0x7f00000001c0)="22e13f4ea387381c7618ac", 0xb}], 0x3, 0x1) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r5, 0x0) preadv(r5, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x10}}], 0x10}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 301.399056][T31445] __kmalloc_node_track_caller+0x30/0x40 [ 301.399076][T31445] ? alloc_skb_with_frags+0x90/0x390 [ 301.399098][T31445] __alloc_skb+0x187/0x420 [ 301.399156][T31445] alloc_skb_with_frags+0x90/0x390 14:04:16 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) getsockname(r3, &(0x7f0000000680)=@ieee802154={0x24, @long}, &(0x7f0000000700)=0x80) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="10000000000000000100000001000000"], 0x10}], 0x1, 0x0) r5 = socket$inet(0x2, 0x1, 0x0) setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000000)=[{0x6}]}, 0x10) getsockopt$sock_buf(r5, 0x1, 0x1a, &(0x7f0000000100)=""/206, &(0x7f0000000200)=0xce) r6 = socket$inet(0x2, 0x1, 0x0) setsockopt$SO_ATTACH_FILTER(r6, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000000)=[{0x6}]}, 0x10) getsockopt$sock_buf(r6, 0x1, 0x1a, &(0x7f0000000100)=""/206, &(0x7f0000000200)=0xce) recvmsg(r6, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f00000002c0)=""/76, 0x4c}, {&(0x7f0000000340)=""/128, 0x80}, {&(0x7f00000004c0)=""/254, 0xfe}], 0x3, &(0x7f00000005c0)=""/69, 0x45}, 0x0) preadv(r5, &(0x7f0000000080)=[{&(0x7f0000000140)=""/101, 0x65}], 0x1, 0x10001, 0x4) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) r7 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r7, 0x208200) connect$unix(r7, &(0x7f0000000240)=@file={0x0, './file0\x00'}, 0x6e) [ 301.399177][T31445] ? kmem_cache_alloc_trace+0x215/0x310 [ 301.399273][T31445] ? __scm_send+0x3d5/0xa40 [ 301.399292][T31445] sock_alloc_send_pskb+0x436/0x4e0 [ 301.399400][T31445] unix_dgram_sendmsg+0x478/0x1610 [ 301.399416][T31445] ? sock_kmalloc+0x77/0xb0 [ 301.399431][T31445] ? __kmalloc+0x23d/0x340 [ 301.399447][T31445] unix_seqpacket_sendmsg+0xc2/0x100 [ 301.399460][T31445] ? unix_dgram_peer_wake_me+0x310/0x310 [ 301.399474][T31445] ____sys_sendmsg+0x360/0x4d0 [ 301.399487][T31445] ? sendmsg_copy_msghdr+0xc4/0xf0 14:04:16 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 301.399565][T31445] __sys_sendmsg_sock+0x25/0x30 [ 301.399581][T31445] io_issue_sqe+0x231a/0x6750 [ 301.399599][T31445] ? avc_has_perm+0x59/0x150 [ 301.399620][T31445] ? avc_has_perm+0xc8/0x150 [ 301.399647][T31445] ? __fsnotify_parent+0x32f/0x430 [ 301.399677][T31445] ? mntput_no_expire+0x64/0x730 [ 301.399696][T31445] ? terminate_walk+0x261/0x270 [ 301.399775][T31445] ? kcsan_setup_watchpoint+0x26e/0x470 [ 301.399798][T31445] ? fget_many+0x178/0x1a0 [ 301.399814][T31445] __io_queue_sqe+0xe9/0x360 [ 301.399827][T31445] io_submit_sqe+0x1887/0x3360 [ 301.399930][T31445] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 301.400011][T31445] io_submit_sqes+0x5bd/0xbd0 [ 301.400029][T31445] __se_sys_io_uring_enter+0x1e1/0xa80 [ 301.400133][T31445] ? fput+0x2d/0x130 [ 301.400149][T31445] __x64_sys_io_uring_enter+0x74/0x80 [ 301.400239][T31445] do_syscall_64+0x4a/0x90 [ 301.400263][T31445] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 301.400284][T31445] RIP: 0033:0x4665d9 14:04:16 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) mmap$IORING_OFF_CQ_RING(&(0x7f0000356000/0x1000)=nil, 0x1000, 0x4, 0x2010, r0, 0x8000000) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x10}}], 0x10}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:16 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:16 executing program 1 (fault-call:9 fault-nth:49): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 301.400297][T31445] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 301.400312][T31445] RSP: 002b:00007fa426633188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 301.400331][T31445] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 301.400344][T31445] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 301.400357][T31445] RBP: 00007fa4266331d0 R08: 0000000000000000 R09: 0000000000000000 14:04:16 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0xc03e) 14:04:16 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000140)=@abs={0x0, 0x0, 0x4e22}, 0x6e) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) r5 = openat$autofs(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$FS_IOC_MEASURE_VERITY(r5, 0xc0046686, &(0x7f0000000240)={0x0, 0xc0, "529acf0b3322b5d0b21fbd60de7ee318df1ea3e794d17486bbca06a749812175f2968bd7bf98d493313a6143141b67973d9ae2ab7f2c6cd8fcd388cce6ea69d5e2515dbd309015b3b12b1a988cafcd142378f5a8561617bc8d84591a25fe4f579096597d344fdb3701c9a23828a4ae78576b3af5372920196ddfb06d9c64ee89b3831891cdc5040b952d25b2f2e968d31d532188c295d3b7277eb73be9df45f2b610e56b5c2c46d0e42ca346bbfe70dd9a3c264b2595a984c0f619b68f37be3d"}) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x10}}], 0x10}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:16 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 301.400370][T31445] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 301.400456][T31445] R13: 00007fffc1f3ec1f R14: 00007fa426633300 R15: 0000000000022000 [ 301.485364][T31469] loop3: detected capacity change from 0 to 270 [ 301.704102][T31469] FAT-fs (loop3): bogus number of directory entries (973) [ 301.711252][T31469] FAT-fs (loop3): Can't find a valid FAT filesystem 14:04:16 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0xf5ffffff, 0x0, 0x0, 0x0) 14:04:16 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e666174000280010002ce030004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) [ 301.759433][T31492] FAULT_INJECTION: forcing a failure. [ 301.759433][T31492] name failslab, interval 1, probability 0, space 0, times 0 [ 301.772218][T31492] CPU: 0 PID: 31492 Comm: syz-executor.1 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 301.782371][T31492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 301.792433][T31492] Call Trace: [ 301.792443][T31492] dump_stack+0x137/0x19d [ 301.792468][T31492] should_fail+0x23c/0x250 [ 301.792488][T31492] ? scm_fp_dup+0x3a/0x150 14:04:16 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:16 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000080)=0x0) fstat(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f00000001c0)={r4, 0xee01, r5}, 0xc) r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r6, 0x0) preadv(r6, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r7 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r7, 0x0) ioctl$FS_IOC_FSSETXATTR(r7, 0x401c5820, &(0x7f0000000040)={0x8}) openat(r7, &(0x7f0000000240)='./file0\x00', 0x44a01, 0xd6) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="10f1fffff70000000100001d01000000362e1de7801e86b21ddf0594e5f2731dfe1af64815560b407d3a202ec2d6b226137c25cb4867ef8b35"], 0x10}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 301.792529][T31492] __should_failslab+0x81/0x90 [ 301.792553][T31492] should_failslab+0x5/0x20 [ 301.792577][T31492] __kmalloc_track_caller+0x64/0x340 [ 301.792629][T31492] ? skb_set_owner_w+0x17e/0x220 [ 301.792730][T31492] kmemdup+0x21/0x50 [ 301.792747][T31492] scm_fp_dup+0x3a/0x150 [ 301.792764][T31492] unix_attach_fds+0xa5/0x1e0 [ 301.792778][T31492] unix_dgram_sendmsg+0x5cb/0x1610 [ 301.792792][T31492] ? sock_kmalloc+0x77/0xb0 [ 301.851566][T31492] unix_seqpacket_sendmsg+0xc2/0x100 [ 301.856893][T31492] ? unix_dgram_peer_wake_me+0x310/0x310 [ 301.862540][T31492] ____sys_sendmsg+0x360/0x4d0 [ 301.867314][T31492] ? sendmsg_copy_msghdr+0xc4/0xf0 [ 301.872558][T31492] __sys_sendmsg_sock+0x25/0x30 [ 301.877415][T31492] io_issue_sqe+0x231a/0x6750 [ 301.882245][T31492] ? avc_has_perm+0x59/0x150 [ 301.882266][T31492] ? avc_has_perm+0xc8/0x150 14:04:16 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 301.882282][T31492] ? __fsnotify_parent+0x32f/0x430 [ 301.882306][T31492] ? mntput_no_expire+0x64/0x730 [ 301.882378][T31492] ? terminate_walk+0x261/0x270 [ 301.882465][T31492] ? path_openat+0x19ab/0x20b0 [ 301.882482][T31492] ? fget_many+0x178/0x1a0 [ 301.882499][T31492] __io_queue_sqe+0xe9/0x360 [ 301.882577][T31492] io_submit_sqe+0x1887/0x3360 [ 301.882595][T31492] ? kmem_cache_alloc_bulk+0x28c/0x340 14:04:16 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:16 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x10}}], 0x10}], 0x1, 0x0) r5 = socket$inet(0x2, 0x1, 0x0) setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000000)=[{0x6}]}, 0x10) getsockopt$sock_buf(r5, 0x1, 0x1a, &(0x7f0000000100)=""/206, &(0x7f0000000200)=0xce) ioctl$BTRFS_IOC_GET_FEATURES(r5, 0x80189439, &(0x7f0000000080)) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) setsockopt$SO_ATTACH_FILTER(r6, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000000)=[{0x6}]}, 0x10) getsockopt$sock_buf(r6, 0x1, 0x1a, &(0x7f0000000100)=""/206, &(0x7f0000000200)=0xce) open_by_handle_at(r6, &(0x7f0000000240)=@raw={0xc, 0x0, {"69a12e8e7c2753c5b6ba085e"}}, 0x310042) [ 301.882618][T31492] io_submit_sqes+0x5bd/0xbd0 [ 301.882637][T31492] __se_sys_io_uring_enter+0x1e1/0xa80 [ 301.882738][T31492] ? fput+0x2d/0x130 [ 301.882750][T31492] __x64_sys_io_uring_enter+0x74/0x80 [ 301.882769][T31492] do_syscall_64+0x4a/0x90 [ 301.882802][T31492] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 301.882826][T31492] RIP: 0033:0x4665d9 [ 301.882840][T31492] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 14:04:16 executing program 1 (fault-call:9 fault-nth:50): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 301.882854][T31492] RSP: 002b:00007fa426633188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 301.882869][T31492] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 301.882879][T31492] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 301.882964][T31492] RBP: 00007fa4266331d0 R08: 0000000000000000 R09: 0000000000000000 [ 301.882973][T31492] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 301.882981][T31492] R13: 00007fffc1f3ec1f R14: 00007fa426633300 R15: 0000000000022000 14:04:16 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:16 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x20000) [ 301.924549][T31517] loop3: detected capacity change from 0 to 270 [ 302.077254][T31517] FAT-fs (loop3): bogus number of directory entries (974) [ 302.077279][T31517] FAT-fs (loop3): Can't find a valid FAT filesystem [ 302.101995][T31530] FAULT_INJECTION: forcing a failure. [ 302.101995][T31530] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 302.115290][T31530] CPU: 1 PID: 31530 Comm: syz-executor.1 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 302.125676][T31530] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 302.135768][T31530] Call Trace: [ 302.139134][T31530] dump_stack+0x137/0x19d [ 302.143469][T31530] should_fail+0x23c/0x250 [ 302.148120][T31530] should_fail_usercopy+0x16/0x20 [ 302.153483][T31530] _copy_from_user+0x1c/0xd0 [ 302.158072][T31530] __copy_msghdr_from_user+0x44/0x350 [ 302.163440][T31530] ? sock_kfree_s+0x24/0x40 [ 302.167944][T31530] ? ____sys_sendmsg+0x421/0x4d0 [ 302.173011][T31530] sendmsg_copy_msghdr+0x4f/0xf0 [ 302.177939][T31530] io_issue_sqe+0x250b/0x6750 [ 302.182607][T31530] ? avc_has_perm+0x59/0x150 [ 302.187272][T31530] ? avc_has_perm+0xc8/0x150 [ 302.192030][T31530] ? __fsnotify_parent+0x32f/0x430 [ 302.197223][T31530] ? mntput_no_expire+0x64/0x730 [ 302.202231][T31530] ? terminate_walk+0x261/0x270 [ 302.207093][T31530] ? path_openat+0x19ab/0x20b0 [ 302.211889][T31530] ? fget_many+0x178/0x1a0 [ 302.216301][T31530] __io_queue_sqe+0xe9/0x360 [ 302.220897][T31530] io_submit_sqe+0x1887/0x3360 [ 302.225652][T31530] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 302.231108][T31530] io_submit_sqes+0x5bd/0xbd0 [ 302.235843][T31530] __se_sys_io_uring_enter+0x1e1/0xa80 [ 302.241298][T31530] ? fput+0x2d/0x130 [ 302.245183][T31530] __x64_sys_io_uring_enter+0x74/0x80 [ 302.250548][T31530] do_syscall_64+0x4a/0x90 [ 302.254957][T31530] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 302.260847][T31530] RIP: 0033:0x4665d9 [ 302.264733][T31530] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 302.284509][T31530] RSP: 002b:00007fa426633188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 302.293034][T31530] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 302.301009][T31530] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 14:04:17 executing program 0: syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(0xffffffffffffffff, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:17 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0xf7ffffff, 0x0, 0x0, 0x0) [ 302.309142][T31530] RBP: 00007fa4266331d0 R08: 0000000000000000 R09: 0000000000000000 [ 302.317126][T31530] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 302.325092][T31530] R13: 00007fffc1f3ec1f R14: 00007fa426633300 R15: 0000000000022000 14:04:17 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e666174000280010002cf030004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:17 executing program 0: syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(0xffffffffffffffff, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:17 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x33fe0) 14:04:17 executing program 0: syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(0xffffffffffffffff, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 302.399957][T31553] loop3: detected capacity change from 0 to 270 [ 302.409712][T31553] FAT-fs (loop3): bogus number of directory entries (975) [ 302.416888][T31553] FAT-fs (loop3): Can't find a valid FAT filesystem 14:04:17 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0xfffffdef, 0x0, 0x0, 0x0) 14:04:17 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000202040004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:17 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$inet(0x2, 0x1, 0x0) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000000)=[{0x6}]}, 0x10) getsockopt$sock_buf(r4, 0x1, 0x1a, &(0x7f0000000100)=""/206, &(0x7f0000000200)=0xce) clock_gettime(0x0, &(0x7f0000004200)={0x0, 0x0}) recvmmsg(r4, &(0x7f0000003fc0)=[{{&(0x7f0000000240)=@l2={0x1f, 0x0, @fixed}, 0x80, &(0x7f0000000400)=[{&(0x7f00000001c0)=""/49, 0x31}, {&(0x7f00000002c0)=""/237, 0xed}, {&(0x7f00000003c0)=""/56, 0x38}, {&(0x7f0000000540)=""/211, 0xd3}], 0x4}, 0x8}, {{&(0x7f0000000680)=@ieee802154={0x24, @short}, 0x80, &(0x7f0000000700)=[{&(0x7f00000004c0)}], 0x1, &(0x7f0000000740)=""/176, 0xb0}, 0x80000000}, {{&(0x7f0000000800)=@pptp={0x18, 0x2, {0x0, @multicast1}}, 0x80, &(0x7f0000000940)=[{&(0x7f0000000880)=""/156, 0x9c}], 0x1, &(0x7f0000000980)=""/158, 0x9e}, 0x800}, {{&(0x7f0000000a40)=@xdp, 0x80, &(0x7f0000000f00)=[{&(0x7f0000000ac0)=""/68, 0x44}, {&(0x7f0000000b40)=""/187, 0xbb}, {&(0x7f0000000c00)=""/148, 0x94}, {&(0x7f0000000cc0)=""/87, 0x57}, {&(0x7f0000000d40)=""/36, 0x24}, {&(0x7f0000000d80)=""/94, 0x5e}, {&(0x7f0000000e00)=""/213, 0xd5}], 0x7, &(0x7f0000000f80)=""/88, 0x58}, 0x1}, {{&(0x7f0000001000)=@hci, 0x80, &(0x7f0000002180)=[{&(0x7f0000001080)=""/20, 0x14}, {&(0x7f00000010c0)=""/74, 0x4a}, {&(0x7f0000001140)=""/7, 0x7}, {&(0x7f0000001180)=""/4096, 0x1000}], 0x4, &(0x7f00000021c0)=""/4096, 0x1000}, 0x7}, {{&(0x7f00000031c0)=@can, 0x80, &(0x7f00000034c0)=[{&(0x7f0000003240)=""/164, 0xa4}, {&(0x7f0000003300)=""/201, 0xc9}, {&(0x7f0000003400)=""/106, 0x6a}, {&(0x7f0000003480)=""/51, 0x33}], 0x4, &(0x7f0000003500)=""/207, 0xcf}, 0x7}, {{&(0x7f0000003600)=@xdp, 0x80, &(0x7f0000003880)=[{&(0x7f0000003680)=""/6, 0x6}, {&(0x7f00000036c0)=""/245, 0xf5}, {&(0x7f00000037c0)=""/130, 0x82}], 0x3, &(0x7f00000038c0)=""/68, 0x44}, 0x9}, {{&(0x7f0000003940)=@isdn, 0x80, &(0x7f0000003a40)=[{&(0x7f00000039c0)=""/87, 0x57}], 0x1, &(0x7f0000003a80)=""/84, 0x54}, 0x1}, {{&(0x7f0000003b00)=@alg, 0x80, &(0x7f0000003ec0)=[{&(0x7f0000003b80)}, {&(0x7f0000003bc0)=""/237, 0xed}, {&(0x7f0000003cc0)=""/210, 0xd2}, {&(0x7f0000003dc0)=""/59, 0x3b}, {&(0x7f0000003e00)=""/155, 0x9b}], 0x5, &(0x7f0000003f40)=""/95, 0x5f}, 0x5}], 0x9, 0x201, &(0x7f0000004240)={r5, r6+60000000}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r7 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r8 = mmap$IORING_OFF_SQ_RING(&(0x7f00002e1000/0x2000)=nil, 0x2000, 0xc, 0x1010, r0, 0x0) syz_io_uring_setup(0x6ad4, &(0x7f0000000080), &(0x7f0000ee8000/0x3000)=nil, &(0x7f00006d7000/0x1000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) r11 = open(&(0x7f0000000000)='./bus\x00', 0x103042, 0x0) syz_io_uring_submit(r9, r10, &(0x7f0000000000)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r11, 0x100000000000000, &(0x7f0000000500)=[{&(0x7f0000000180)=""/22, 0x16}], 0x1}, 0x0) r12 = syz_open_dev$rtc(&(0x7f0000000080), 0x8, 0x410400) syz_io_uring_submit(r8, r10, &(0x7f0000000140)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index=0x9, 0x0, 0x0, 0x9, 0x2, 0x0, {0x0, 0x0, r12}}, 0x4) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r7, 0x0) preadv(r7, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x10}}], 0x10}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 302.505864][T31573] loop3: detected capacity change from 0 to 270 [ 302.517332][T31573] FAT-fs (loop3): bogus number of directory entries (1026) 14:04:17 executing program 1 (fault-call:9 fault-nth:51): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:17 executing program 0: r0 = syz_io_uring_setup(0x0, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:17 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000206040004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:17 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x34000) [ 302.524825][T31573] FAT-fs (loop3): Can't find a valid FAT filesystem 14:04:17 executing program 0: r0 = syz_io_uring_setup(0x0, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 302.618419][T31592] FAULT_INJECTION: forcing a failure. [ 302.618419][T31592] name failslab, interval 1, probability 0, space 0, times 0 [ 302.631151][T31592] CPU: 0 PID: 31592 Comm: syz-executor.1 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 302.641349][T31592] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 302.651646][T31592] Call Trace: [ 302.654928][T31592] dump_stack+0x137/0x19d [ 302.659401][T31592] should_fail+0x23c/0x250 [ 302.663863][T31592] ? sock_kmalloc+0x77/0xb0 14:04:17 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x40000) 14:04:17 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0xfffffff5, 0x0, 0x0, 0x0) [ 302.668391][T31592] __should_failslab+0x81/0x90 [ 302.673181][T31592] should_failslab+0x5/0x20 [ 302.677692][T31592] __kmalloc+0x66/0x340 [ 302.681870][T31592] sock_kmalloc+0x77/0xb0 [ 302.686274][T31592] ____sys_sendmsg+0x107/0x4d0 [ 302.691131][T31592] ? sendmsg_copy_msghdr+0xc4/0xf0 [ 302.691148][T31592] __sys_sendmsg_sock+0x25/0x30 [ 302.691162][T31592] io_issue_sqe+0x231a/0x6750 [ 302.691177][T31592] ? avc_has_perm+0x59/0x150 [ 302.691234][T31592] ? avc_has_perm+0xc8/0x150 14:04:17 executing program 0: r0 = syz_io_uring_setup(0x0, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:17 executing program 0: r0 = syz_io_uring_setup(0x187, 0x0, &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 302.691251][T31592] ? __fsnotify_parent+0x32f/0x430 [ 302.691324][T31592] ? mntput_no_expire+0x64/0x730 [ 302.691342][T31592] ? terminate_walk+0x261/0x270 [ 302.691357][T31592] ? path_openat+0x19ab/0x20b0 [ 302.691371][T31592] ? fget_many+0x178/0x1a0 [ 302.739505][T31592] __io_queue_sqe+0xe9/0x360 [ 302.744107][T31592] io_submit_sqe+0x1887/0x3360 [ 302.748938][T31592] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 302.754594][T31592] io_submit_sqes+0x5bd/0xbd0 [ 302.759281][T31592] __se_sys_io_uring_enter+0x1e1/0xa80 [ 302.764834][T31592] ? fput+0x2d/0x130 [ 302.768779][T31592] __x64_sys_io_uring_enter+0x74/0x80 [ 302.774169][T31592] do_syscall_64+0x4a/0x90 [ 302.778601][T31592] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 302.784498][T31592] RIP: 0033:0x4665d9 [ 302.788393][T31592] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 302.790125][T31599] loop3: detected capacity change from 0 to 270 [ 302.808083][T31592] RSP: 002b:00007fa426633188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 302.808106][T31592] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 302.808117][T31592] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 302.808128][T31592] RBP: 00007fa4266331d0 R08: 0000000000000000 R09: 0000000000000000 [ 302.846785][T31592] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 302.846799][T31592] R13: 00007fffc1f3ec1f R14: 00007fa426633300 R15: 0000000000022000 14:04:17 executing program 0: r0 = syz_io_uring_setup(0x187, 0x0, &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:17 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x400300) 14:04:17 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f0000548000/0x4000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = creat(&(0x7f0000000080)='./file0\x00', 0x8) signalfd(r4, &(0x7f0000000140), 0x8) r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r5, 0x0) preadv(r5, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x10}}], 0x10}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 302.855741][T31599] FAT-fs (loop3): bogus number of directory entries (1030) [ 302.870887][T31599] FAT-fs (loop3): Can't find a valid FAT filesystem 14:04:17 executing program 1 (fault-call:9 fault-nth:52): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:17 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000200050004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:17 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0xfffffff7, 0x0, 0x0, 0x0) 14:04:17 executing program 0: r0 = syz_io_uring_setup(0x187, 0x0, &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:17 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0xfeffff) [ 303.039464][T31644] FAULT_INJECTION: forcing a failure. [ 303.039464][T31644] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 303.052871][T31644] CPU: 1 PID: 31644 Comm: syz-executor.1 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 303.063185][T31644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 303.073341][T31644] Call Trace: [ 303.076624][T31644] dump_stack+0x137/0x19d [ 303.081199][T31644] should_fail+0x23c/0x250 [ 303.085725][T31644] should_fail_usercopy+0x16/0x20 [ 303.090900][T31644] _copy_from_user+0x1c/0xd0 [ 303.095572][T31644] ____sys_sendmsg+0x1a3/0x4d0 [ 303.100346][T31644] ? sendmsg_copy_msghdr+0xc4/0xf0 [ 303.105474][T31644] __sys_sendmsg_sock+0x25/0x30 [ 303.105502][T31644] io_issue_sqe+0x231a/0x6750 [ 303.105519][T31644] ? avc_has_perm+0x59/0x150 [ 303.105543][T31644] ? avc_has_perm+0xc8/0x150 [ 303.105566][T31644] ? __fsnotify_parent+0x32f/0x430 [ 303.105648][T31644] ? mntput_no_expire+0x64/0x730 [ 303.105743][T31644] ? terminate_walk+0x261/0x270 14:04:17 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, 0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(0x0, r1, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:17 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0xfffffffd}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000240)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r4, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) syz_io_uring_setup(0x610, &(0x7f0000000580)={0x0, 0xd055, 0x2, 0x3, 0x1b7}, &(0x7f000001b000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000280)=0x0, &(0x7f00000003c0)) r6 = mmap$IORING_OFF_SQES(&(0x7f00007bf000/0x2000)=nil, 0x2000, 0x100000a, 0x30, r0, 0x10000000) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000400)=@IORING_OP_POLL_ADD={0x6, 0x5, 0x0, @fd=r3, 0x0, 0x0, 0x0, {0x3}, 0x1, {0x0, r7}}, 0xfffffffa) r8 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r8, 0x0) preadv(r8, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="10000000000000000100000001000000cba315dc0f698d30793d8ead8ae0e66e1bfb967dc4b8b016150bc06eab1249436c36ec75d0667cc58d23a4f8fc9dec175c3976425d5b38be151e70d83a6be6a0b9ebc1471e0eeaa05277980a83d67c8da2704de8a21482ed5cbc1450b6d2ffbf40d15b55253d45710ac0ab8743b0f63ba062f938d71d0609f9f46f98fd5a4a019019d6f43bcd993cb9cbeb4ca418266c193d0c3f96df94500daded5578d38dc67c874b809c16a60621578cd595637f0cbeebd858"], 0x10}], 0x1, 0x0) r9 = syz_io_uring_setup(0xd1b, &(0x7f0000000840), &(0x7f0000ee4000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000800)=0x0) setsockopt$inet6_icmp_ICMP_FILTER(0xffffffffffffffff, 0x1, 0x1, &(0x7f0000000440)={0x7ff}, 0x4) r12 = socket$nl_netfilter(0x10, 0x3, 0xc) r13 = io_uring_register$IORING_REGISTER_PERSONALITY(r9, 0x9, 0x0, 0x0) r14 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000140), 0x8000, 0x0) dup2(r14, r9) syz_io_uring_submit(r10, r11, &(0x7f0000000100)=@IORING_OP_CONNECT={0x10, 0x4, 0x0, r12, 0x80, &(0x7f00000002c0)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0x0, 0x0, 0x0, {0x0, r13}}, 0x9) syz_io_uring_submit(0x0, r2, &(0x7f0000000080)=@IORING_OP_POLL_REMOVE={0x7, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r13}}, 0x558) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:17 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, 0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(0x0, r1, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:17 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, 0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(0x0, r1, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 303.105759][T31644] ? path_openat+0x19ab/0x20b0 [ 303.105772][T31644] ? fget_many+0x178/0x1a0 [ 303.105801][T31644] __io_queue_sqe+0xe9/0x360 [ 303.105814][T31644] io_submit_sqe+0x1887/0x3360 [ 303.105831][T31644] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 303.163879][T31644] io_submit_sqes+0x5bd/0xbd0 [ 303.163936][T31644] __se_sys_io_uring_enter+0x1e1/0xa80 [ 303.164032][T31644] ? fput+0x2d/0x130 14:04:18 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, 0x0, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 303.164051][T31644] __x64_sys_io_uring_enter+0x74/0x80 [ 303.164074][T31644] do_syscall_64+0x4a/0x90 [ 303.164091][T31644] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 303.164111][T31644] RIP: 0033:0x4665d9 [ 303.164196][T31644] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 14:04:18 executing program 1 (fault-call:9 fault-nth:53): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:18 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, 0x0, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:18 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, 0x0, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 303.164215][T31644] RSP: 002b:00007fa426633188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 303.164232][T31644] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 303.164245][T31644] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 303.164255][T31644] RBP: 00007fa4266331d0 R08: 0000000000000000 R09: 0000000000000000 [ 303.164264][T31644] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 303.164274][T31644] R13: 00007fffc1f3ec1f R14: 00007fa426633300 R15: 0000000000022000 [ 303.183986][T31650] loop3: detected capacity change from 0 to 270 [ 303.300240][T31670] FAULT_INJECTION: forcing a failure. [ 303.300240][T31670] name failslab, interval 1, probability 0, space 0, times 0 [ 303.312894][T31670] CPU: 0 PID: 31670 Comm: syz-executor.1 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 303.323052][T31670] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 303.333111][T31670] Call Trace: [ 303.336394][T31670] dump_stack+0x137/0x19d [ 303.340739][T31670] should_fail+0x23c/0x250 [ 303.345229][T31670] __should_failslab+0x81/0x90 [ 303.350004][T31670] ? __scm_send+0x3d5/0xa40 [ 303.354748][T31670] should_failslab+0x5/0x20 [ 303.359271][T31670] kmem_cache_alloc_trace+0x49/0x310 [ 303.364659][T31670] __scm_send+0x3d5/0xa40 [ 303.368997][T31670] ? selinux_socket_getpeersec_dgram+0x1de/0x250 [ 303.375330][T31670] unix_dgram_sendmsg+0xc0/0x1610 [ 303.380355][T31670] ? sock_kmalloc+0x77/0xb0 [ 303.384853][T31670] ? selinux_socket_sendmsg+0x7e/0x140 [ 303.390313][T31670] ? __kmalloc+0x23d/0x340 [ 303.394827][T31670] unix_seqpacket_sendmsg+0xc2/0x100 [ 303.400230][T31670] ? unix_dgram_peer_wake_me+0x310/0x310 [ 303.405864][T31670] ____sys_sendmsg+0x360/0x4d0 [ 303.410626][T31670] ? sendmsg_copy_msghdr+0xc4/0xf0 [ 303.415804][T31670] __sys_sendmsg_sock+0x25/0x30 [ 303.420765][T31670] io_issue_sqe+0x231a/0x6750 [ 303.425604][T31670] ? avc_has_perm+0x59/0x150 [ 303.430231][T31670] ? avc_has_perm+0xc8/0x150 [ 303.434822][T31670] ? __fsnotify_parent+0x32f/0x430 [ 303.439930][T31670] ? mntput_no_expire+0x64/0x730 [ 303.444864][T31670] ? terminate_walk+0x261/0x270 [ 303.449951][T31670] ? path_openat+0x19ab/0x20b0 [ 303.454719][T31670] ? fget_many+0x178/0x1a0 [ 303.459256][T31670] __io_queue_sqe+0xe9/0x360 [ 303.463916][T31670] io_submit_sqe+0x1887/0x3360 [ 303.468683][T31670] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 303.474227][T31670] io_submit_sqes+0x5bd/0xbd0 [ 303.478942][T31670] __se_sys_io_uring_enter+0x1e1/0xa80 [ 303.484417][T31670] ? fput+0x2d/0x130 [ 303.488325][T31670] __x64_sys_io_uring_enter+0x74/0x80 [ 303.493797][T31670] do_syscall_64+0x4a/0x90 [ 303.498225][T31670] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 303.504141][T31670] RIP: 0033:0x4665d9 [ 303.508040][T31670] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 303.527646][T31670] RSP: 002b:00007fa426633188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 303.536069][T31670] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 14:04:18 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000200060004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:18 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x1000000) 14:04:18 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x2, 0x0, 0x0) 14:04:18 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 303.544197][T31670] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 303.544209][T31670] RBP: 00007fa4266331d0 R08: 0000000000000000 R09: 0000000000000000 [ 303.544220][T31670] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 303.544234][T31670] R13: 00007fffc1f3ec1f R14: 00007fa426633300 R15: 0000000000022000 14:04:18 executing program 1 (fault-call:9 fault-nth:54): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:18 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x4, 0x0, 0x0) 14:04:18 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:18 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000204060004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:18 executing program 2: r0 = syz_io_uring_setup(0x18a, &(0x7f0000000440)={0x0, 0xe345, 0x0, 0x0, 0x2}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) io_pgetevents(0x0, 0x85, 0x1, &(0x7f0000000140)=[{}, {}, {}], &(0x7f00000001c0)={r4, r5+60000000}, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r6, 0x0) preadv(0xffffffffffffffff, &(0x7f00000004c0), 0x0, 0xd9f, 0x4) r7 = gettid() ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r7, 0x36) ptrace$cont(0x18, r7, 0x0, 0x0) ptrace$setregs(0xf, r7, 0x20000006, &(0x7f0000000680)="a3d6ccee0182bc71f8eb57c9850c0a0d5d4015469f29011c417e9348a519aaa503b7d5f325cb0c28492292a919cfafc5ee365a47e901255e95dd9cf7a81677eaada36cd5957cc119cbb28ff347eb19036a40cabb04b595b243ed2dd1dbd7f6a53eb85fbfaa6b909f427108ac4bb76cfeea8ff731359bba79bd2e850630af140000001f9cb56c2a55a4f3819badf096c9a3111af4d128432d47c91875b93aff05519b29245d583b2d083fd5b11a68a69965f0e75f4e70e245000054bf1dadbce610c44f85b4683ee6177a") socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000004c0)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r8, 0x0) newfstatat(0xffffffffffffff9c, &(0x7f0000000300)='.\x00', &(0x7f0000000340), 0x6000) gettid() sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000400)=[{&(0x7f0000000240)=@abs={0x0, 0x0, 0x4e23}, 0x6e, &(0x7f00000002c0)=[{&(0x7f00000000c0)="6525d6d7e5e66c2968a28c3688726bb378644dff2fdd12fe8458", 0x1a}], 0x1, &(0x7f0000000500)=[@rights={{0x79, 0x1, 0x1, [r0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x30, 0x20000880}], 0x1, 0x488f5) io_uring_enter(r6, 0x16196, 0x0, 0x0, 0x0, 0x0) 14:04:18 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x2000000) [ 303.694441][T31697] loop3: detected capacity change from 0 to 270 14:04:18 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 303.756966][T31709] FAULT_INJECTION: forcing a failure. [ 303.756966][T31709] name failslab, interval 1, probability 0, space 0, times 0 [ 303.769610][T31709] CPU: 1 PID: 31709 Comm: syz-executor.1 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 303.780025][T31709] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 303.790079][T31709] Call Trace: [ 303.793381][T31709] dump_stack+0x137/0x19d 14:04:18 executing program 2: syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r0, r1, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r3 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r3, 0x0) ioctl$FS_IOC_FSSETXATTR(r3, 0x401c5820, &(0x7f0000000040)={0x8}) syz_io_uring_setup(0x7350, &(0x7f00000003c0)={0x0, 0x6b57, 0x20, 0x0, 0xa9, 0x0, r3}, &(0x7f000011c000/0x2000)=nil, &(0x7f0000148000/0x4000)=nil, &(0x7f00000004c0), &(0x7f0000000500)) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000340)=[{&(0x7f0000000080)=""/32, 0x20}, {&(0x7f0000000140)=""/14, 0xe}, {&(0x7f0000000180)=""/46, 0x2e}, {&(0x7f0000000240)=""/103, 0x67}, {&(0x7f00000002c0)=""/96, 0x60}, {&(0x7f00000001c0)=""/60, 0x3c}], 0x6, 0xd9f, 0xfffffffd) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x10}}], 0x10}], 0x1, 0x0) [ 303.793409][T31709] should_fail+0x23c/0x250 [ 303.793433][T31709] __should_failslab+0x81/0x90 [ 303.793457][T31709] should_failslab+0x5/0x20 [ 303.793551][T31709] kmem_cache_alloc_node+0x58/0x2b0 [ 303.793574][T31709] ? __alloc_skb+0xed/0x420 [ 303.793596][T31709] __alloc_skb+0xed/0x420 [ 303.793619][T31709] alloc_skb_with_frags+0x90/0x390 [ 303.793718][T31709] ? kmem_cache_alloc_trace+0x215/0x310 [ 303.793740][T31709] ? __scm_send+0x3d5/0xa40 [ 303.793793][T31709] sock_alloc_send_pskb+0x436/0x4e0 [ 303.793813][T31709] unix_dgram_sendmsg+0x478/0x1610 [ 303.793833][T31709] ? sock_kmalloc+0x77/0xb0 [ 303.793863][T31709] ? __kmalloc+0x23d/0x340 [ 303.793879][T31709] unix_seqpacket_sendmsg+0xc2/0x100 [ 303.793914][T31709] ? unix_dgram_peer_wake_me+0x310/0x310 [ 303.793932][T31709] ____sys_sendmsg+0x360/0x4d0 [ 303.793999][T31709] ? sendmsg_copy_msghdr+0xc4/0xf0 [ 303.794017][T31709] __sys_sendmsg_sock+0x25/0x30 [ 303.794038][T31709] io_issue_sqe+0x231a/0x6750 14:04:18 executing program 1 (fault-call:9 fault-nth:55): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:18 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x0, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 303.794055][T31709] ? avc_has_perm+0x59/0x150 [ 303.794101][T31709] ? avc_has_perm+0xc8/0x150 [ 303.794116][T31709] ? __fsnotify_parent+0x32f/0x430 [ 303.794134][T31709] ? mntput_no_expire+0x64/0x730 [ 303.794209][T31709] ? terminate_walk+0x261/0x270 [ 303.794230][T31709] ? path_openat+0x19ab/0x20b0 [ 303.794289][T31709] ? fget_many+0x178/0x1a0 [ 303.794311][T31709] __io_queue_sqe+0xe9/0x360 [ 303.794328][T31709] io_submit_sqe+0x1887/0x3360 [ 303.794347][T31709] ? kmem_cache_alloc_bulk+0x28c/0x340 14:04:18 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000), &(0x7f0000000100)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) mmap$IORING_OFF_SQ_RING(&(0x7f0000650000/0x1000)=nil, 0x1000, 0x0, 0x4000010, r0, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) syz_io_uring_setup(0x2fb0, &(0x7f0000000140)={0x0, 0x4a05, 0x0, 0x2, 0x123, 0x0, r0}, &(0x7f00000b3000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f00000001c0)) syz_io_uring_setup(0x6ad4, &(0x7f0000000080), &(0x7f0000ee8000/0x3000)=nil, &(0x7f00006d7000/0x1000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) r4 = open(&(0x7f0000000000)='./bus\x00', 0x103042, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r4, 0x100000000000000, &(0x7f0000000500)=[{&(0x7f0000000180)=""/22, 0x16}], 0x1}, 0x0) r5 = accept$inet6(r4, &(0x7f0000000300)={0xa, 0x0, 0x0, @private0}, &(0x7f0000000340)=0x1c) syz_io_uring_submit(r2, r1, &(0x7f0000000200)=@IORING_OP_RECVMSG={0xa, 0x4, 0x0, r5, 0x0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000380)=""/111, 0x6f}, {&(0x7f0000000680)=""/4096, 0x1000}, {&(0x7f0000000540)=""/220, 0xdc}], 0x3}, 0x0, 0x41, 0x1, {0x3}}, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r6, 0x0) preadv(r6, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x10}}], 0x10}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 303.794370][T31709] io_submit_sqes+0x5bd/0xbd0 [ 303.794405][T31709] __se_sys_io_uring_enter+0x1e1/0xa80 [ 303.794472][T31709] ? fput+0x2d/0x130 [ 303.794489][T31709] __x64_sys_io_uring_enter+0x74/0x80 [ 303.794515][T31709] do_syscall_64+0x4a/0x90 [ 303.794531][T31709] ? irqentry_exit_to_user_mode+0x5/0x20 [ 303.794561][T31709] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 303.794586][T31709] RIP: 0033:0x4665d9 14:04:18 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x0, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 303.794599][T31709] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 303.794612][T31709] RSP: 002b:00007fa426633188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 303.794633][T31709] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 303.794647][T31709] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 303.794659][T31709] RBP: 00007fa4266331d0 R08: 0000000000000000 R09: 0000000000000000 [ 303.794671][T31709] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 14:04:18 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x0, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 303.794682][T31709] R13: 00007fffc1f3ec1f R14: 00007fa426633300 R15: 0000000000022000 [ 303.811227][T31715] loop3: detected capacity change from 0 to 270 [ 303.837070][T31715] FAT-fs (loop3): bogus number of directory entries (1540) [ 304.039270][T31739] FAULT_INJECTION: forcing a failure. [ 304.039270][T31739] name failslab, interval 1, probability 0, space 0, times 0 [ 304.046527][T31715] FAT-fs (loop3): Can't find a valid FAT filesystem [ 304.095454][T31739] CPU: 1 PID: 31739 Comm: syz-executor.1 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 304.095479][T31739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 304.095488][T31739] Call Trace: [ 304.095494][T31739] dump_stack+0x137/0x19d [ 304.095514][T31739] should_fail+0x23c/0x250 [ 304.095530][T31739] ? sock_kmalloc+0x77/0xb0 [ 304.095601][T31739] __should_failslab+0x81/0x90 [ 304.095669][T31739] should_failslab+0x5/0x20 [ 304.095729][T31739] __kmalloc+0x66/0x340 [ 304.095748][T31739] sock_kmalloc+0x77/0xb0 [ 304.095769][T31739] ____sys_sendmsg+0x107/0x4d0 [ 304.095785][T31739] ? sendmsg_copy_msghdr+0xc4/0xf0 [ 304.095826][T31739] __sys_sendmsg_sock+0x25/0x30 [ 304.095839][T31739] io_issue_sqe+0x231a/0x6750 [ 304.095853][T31739] ? __list_del_entry_valid+0x54/0xc0 [ 304.095868][T31739] ? rmqueue_pcplist+0x152/0x190 [ 304.095882][T31739] ? rmqueue+0x43/0xd00 [ 304.095895][T31739] ? _find_next_bit+0x16a/0x190 [ 304.095953][T31739] ? kmem_cache_alloc+0x201/0x2f0 [ 304.095969][T31739] ? xas_create+0x96b/0xb30 [ 304.095987][T31739] ? xas_create+0xae3/0xb30 [ 304.096027][T31739] ? fget_many+0x178/0x1a0 [ 304.096044][T31739] __io_queue_sqe+0xe9/0x360 [ 304.096057][T31739] io_submit_sqe+0x1887/0x3360 [ 304.096071][T31739] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 304.096088][T31739] io_submit_sqes+0x5bd/0xbd0 [ 304.096102][T31739] __se_sys_io_uring_enter+0x1e1/0xa80 [ 304.096159][T31739] ? fput+0x2d/0x130 [ 304.096174][T31739] __x64_sys_io_uring_enter+0x74/0x80 [ 304.096275][T31739] do_syscall_64+0x4a/0x90 [ 304.096296][T31739] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 304.096318][T31739] RIP: 0033:0x4665d9 [ 304.096410][T31739] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 304.096430][T31739] RSP: 002b:00007fa426612188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 304.096447][T31739] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665d9 14:04:19 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x7, 0x0, 0x0) 14:04:19 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640), 0x0, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:19 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, 0x0, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:19 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000200070004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:19 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x4000000) [ 304.096469][T31739] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 304.096479][T31739] RBP: 00007fa4266121d0 R08: 0000000000000000 R09: 0000000000000000 [ 304.096515][T31739] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 304.096529][T31739] R13: 00007fffc1f3ec1f R14: 00007fa426612300 R15: 0000000000022000 14:04:19 executing program 1 (fault-call:9 fault-nth:56): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:19 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, 0x0, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 304.425301][T31764] loop3: detected capacity change from 0 to 270 [ 304.447322][T31768] FAULT_INJECTION: forcing a failure. [ 304.447322][T31768] name failslab, interval 1, probability 0, space 0, times 0 [ 304.459979][T31768] CPU: 0 PID: 31768 Comm: syz-executor.1 Tainted: G W 5.13.0-rc2-syzkaller #0 14:04:19 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0xf000000) 14:04:19 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0xf, 0x0, 0x0) 14:04:19 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) syz_io_uring_setup(0x271a, &(0x7f0000000140)={0x0, 0xa509, 0xe92b954cc3b5b790, 0x0, 0x321, 0x0, r0}, &(0x7f0000751000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000080)=0x0, &(0x7f00000001c0)) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000240)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x2, 0x2000, @fd_index=0x9, 0xc10, 0x0, 0x0, 0x3, 0x0, {0x3, r6}}, 0x9) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r7 = socket(0x1d, 0x4, 0x8) sendmmsg$unix(r7, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x10}}], 0x10, 0x2400a010}], 0x1, 0x80) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) r8 = openat$full(0xffffffffffffff9c, &(0x7f0000000280), 0x111000, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r8, 0x9, 0x0, 0x0) [ 304.470537][T31768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 304.480614][T31768] Call Trace: [ 304.483902][T31768] dump_stack+0x137/0x19d [ 304.488236][T31768] should_fail+0x23c/0x250 [ 304.492661][T31768] ? scm_fp_dup+0x3a/0x150 [ 304.497281][T31768] __should_failslab+0x81/0x90 [ 304.502065][T31768] should_failslab+0x5/0x20 [ 304.506588][T31768] __kmalloc_track_caller+0x64/0x340 [ 304.511888][T31768] ? skb_set_owner_w+0x17e/0x220 [ 304.516847][T31768] kmemdup+0x21/0x50 [ 304.520870][T31768] scm_fp_dup+0x3a/0x150 14:04:19 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, 0x0, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 304.525135][T31768] unix_attach_fds+0xa5/0x1e0 [ 304.529814][T31768] unix_dgram_sendmsg+0x5cb/0x1610 [ 304.535046][T31768] ? sock_kmalloc+0x77/0xb0 [ 304.539560][T31768] unix_seqpacket_sendmsg+0xc2/0x100 [ 304.544919][T31768] ? unix_dgram_peer_wake_me+0x310/0x310 [ 304.550555][T31768] ____sys_sendmsg+0x360/0x4d0 [ 304.555321][T31768] ? sendmsg_copy_msghdr+0xc4/0xf0 [ 304.560516][T31768] __sys_sendmsg_sock+0x25/0x30 [ 304.560535][T31768] io_issue_sqe+0x231a/0x6750 [ 304.560551][T31768] ? avc_has_perm+0x59/0x150 [ 304.560573][T31768] ? avc_has_perm+0xc8/0x150 [ 304.560593][T31768] ? __fsnotify_parent+0x32f/0x430 [ 304.560722][T31768] ? mntput_no_expire+0x64/0x730 [ 304.560744][T31768] ? terminate_walk+0x261/0x270 [ 304.560761][T31768] ? path_openat+0x19ab/0x20b0 [ 304.560795][T31768] ? fget_many+0x178/0x1a0 [ 304.560812][T31768] __io_queue_sqe+0xe9/0x360 [ 304.560828][T31768] io_submit_sqe+0x1887/0x3360 [ 304.613215][T31768] ? kmem_cache_alloc_bulk+0x28c/0x340 14:04:19 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000200090004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:19 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140), 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:19 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}, 0x0, 0x4008101}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x10}}], 0x10}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 304.613283][T31768] io_submit_sqes+0x5bd/0xbd0 [ 304.613299][T31768] __se_sys_io_uring_enter+0x1e1/0xa80 [ 304.613356][T31768] ? fput+0x2d/0x130 [ 304.613373][T31768] __x64_sys_io_uring_enter+0x74/0x80 [ 304.613397][T31768] do_syscall_64+0x4a/0x90 [ 304.613417][T31768] entry_SYSCALL_64_after_hwframe+0x44/0xae 14:04:19 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140), 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:19 executing program 1 (fault-call:9 fault-nth:57): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 304.613443][T31768] RIP: 0033:0x4665d9 [ 304.613458][T31768] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 304.613525][T31768] RSP: 002b:00007fa426633188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa 14:04:19 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="10f9ff8b96238f854639a6ffffffffff"], 0x10}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 304.613545][T31768] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 304.613555][T31768] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 304.613565][T31768] RBP: 00007fa4266331d0 R08: 0000000000000000 R09: 0000000000000000 [ 304.613574][T31768] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 304.613584][T31768] R13: 00007fffc1f3ec1f R14: 00007fa426633300 R15: 0000000000022000 [ 304.737389][T31803] loop3: detected capacity change from 0 to 270 [ 304.803514][T31813] FAULT_INJECTION: forcing a failure. [ 304.803514][T31813] name failslab, interval 1, probability 0, space 0, times 0 [ 304.816140][T31813] CPU: 1 PID: 31813 Comm: syz-executor.1 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 304.826291][T31813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 304.836612][T31813] Call Trace: [ 304.839894][T31813] dump_stack+0x137/0x19d [ 304.844263][T31813] should_fail+0x23c/0x250 14:04:19 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x42, 0x0, 0x0) 14:04:19 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140), 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:19 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x11000000) 14:04:19 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e666174000280010002000a0004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) [ 304.848683][T31813] __should_failslab+0x81/0x90 [ 304.853471][T31813] should_failslab+0x5/0x20 [ 304.858157][T31813] kmem_cache_alloc_bulk+0x40/0x340 [ 304.863396][T31813] io_submit_sqes+0x4a3/0xbd0 [ 304.868166][T31813] __se_sys_io_uring_enter+0x1e1/0xa80 [ 304.873634][T31813] ? fput+0x2d/0x130 [ 304.877569][T31813] __x64_sys_io_uring_enter+0x74/0x80 [ 304.883042][T31813] do_syscall_64+0x4a/0x90 [ 304.887461][T31813] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 304.893550][T31813] RIP: 0033:0x4665d9 14:04:19 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 304.897457][T31813] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 304.917354][T31813] RSP: 002b:00007fa426633188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 304.925766][T31813] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 304.933887][T31813] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 14:04:19 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x10}}], 0x10}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x3e791ccde0a4ee56, 0x0, 0x0) 14:04:19 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:19 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x1eb, 0x0, 0x0) [ 304.941874][T31813] RBP: 00007fa4266331d0 R08: 0000000000000000 R09: 0000000000000000 [ 304.949895][T31813] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 304.957894][T31813] R13: 00007fffc1f3ec1f R14: 00007fa426633300 R15: 0000000000022000 14:04:19 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x20000000) 14:04:19 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) ioctl$RTC_ALM_SET(r4, 0x40247007, &(0x7f0000000080)={0x17, 0x28, 0x5, 0x1e, 0x7, 0x9, 0x2, 0xd0}) r5 = socket$inet(0x2, 0x1, 0x0) setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000000)=[{0x6}]}, 0x10) getsockopt$sock_buf(r5, 0x1, 0x1a, &(0x7f0000000100)=""/206, &(0x7f0000000200)=0xce) preadv(r5, &(0x7f0000000280), 0x0, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="100000ec00"/14], 0x10}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 305.065090][T31849] loop3: detected capacity change from 0 to 270 14:04:19 executing program 1 (fault-call:9 fault-nth:58): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:19 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:19 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x204, 0x0, 0x0) 14:04:19 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x20}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) r5 = syz_open_pts(r4, 0x900) preadv(r5, &(0x7f0000000280), 0x0, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="1000000000000000010000000100000049d62e117efb8f69f74afce74220358566c5f4e3d1c72ad1011b0098510f03d7f0ef714570bd4b0edbc246e839bbd8281c4fe9ecd74ab4ec30d2ae9fd9e48481dd8a573e70b928f05cdb080d19932a21b2645ab713b38ea71ab5db90a95c9aea3418c7884afc9ab9f94c546cc83bcade6016d8bcd9328b6ea44929645d2f74c38cfa1113eee33f49048ac31cc6a0749de42d667752012da611381cfa9ee336ba80e9e0c50c0bc391fb63bcd5b8c9b1483e56b64cdc357b5eb0a98d6104c4398800"/224], 0x10}], 0x45, 0x0) connect$unix(r3, &(0x7f0000000140)=@abs={0x0, 0x0, 0x4e20}, 0x6e) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:19 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e666174000280010002000b0004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:19 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0xc0000000) 14:04:20 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) sendmsg$inet6(r4, &(0x7f0000001c80)={&(0x7f00000005c0)={0xa, 0x4e23, 0xffffffff, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x3}, 0x1c, &(0x7f0000001b40)=[{&(0x7f0000000680)="b3a6672720fc118ea8613c8f130b625a79938cfd5851fe177ec30c46c45b99d102f086acd10b9c2b5bab135b406908f31413ff107373073676c8392b8877dd3e8b6629766ad20a1e7873099b302baeec82437c57319957052cacfdee65ac6a", 0x5f}, {&(0x7f0000000700)="8922e8dfac67a7bdced0328ed37e4c2cc98f640ce6d4e06018c51895a62658b256dfd8b0d1bc65c877b97b0f55849f855ededdf3533e3038401f32358c0b1dce9fc34320a92ce7d07c7bb1790fdbc8d2e48b02c9dc5e490ed40e5573f7eb2b6bcf02941bc8c0a0aeb5e0890af70c899c7f603e245d5e287c5552039b2e266429470444fc6f35", 0x86}, {&(0x7f0000000600)="793e62b93e6a295733dd7443d12942d8c9275d19d6d05850ee6eaaeea6119fde7aaab1ea6061cfa7ff", 0x29}, {&(0x7f00000007c0)="e87f97d281ffd05670353bd97537132a2733cdacf81d0e108501d49f2586b58f1e09e60351ccfa91f94fef1c0d2a079d28e9db22f03f3c0584594042ba1fc66cf453913a92e52dc503584a7f463591af30c105df885d09f694d856b6fee574dabe7b95a00d142e86b5826ed478641b8b3a1de5eadcabe64e56c43ddfbd562bb2fe63770194b319f28b3e206e3fa4eafe16cf2c9bfdf5eb2b3b808354450413771c836b0a3968a342c02407299bd7dfff57bdf9b761705937", 0xb8}, {&(0x7f0000000880)="0c0df4437767547389569ffc69d7cf475679ac0db7256c7d08d2ca1efdf32e9f27ffd55cb3d7be989e60747c326b40550bc0970ffe30ccf9f8105664d78f7ed6c64adcc41158f5f5c50125e3639d32070dae0f3cfd3170daf2e6e2fb1e1d026ca95c936d22f28a191dfb8f99d5b4191a4907628b96fbc8c09065db39d39f4d561ba6c64bb1771281b40db1ce9cb92bc06763b6315415568f204e9e47873e96e448d79834a92ef3cd4ba3e4f6dbf8855f03870981a0366a8ef1e1761d219ac9827f48eb6c520202571173538925d9bcedb3498f614a2b726d1232c0620674cfba77a0d8fbf02bc3cc1b01a9606023c109a53d25b07b1ed9523b3dc73b218f", 0xfe}, {&(0x7f0000000980)="8ea7beb3e0b8d6bfcff6168090f5cadee5bdc500dd30cc2c0565f580085d2e25346c004ce85dad9d3b0756291ac1cd636a1f7f889aa73a144fd98458fb3d25e00e89746e473ea0074d834e5002fa4dd95a65a485b106abd64f0c1df0ed39b2674cd26d9b25adc52cf582112283464971ed5803a3241db4925b5d49d840dd714d277ba55cc03ea18ab7c2f510a3f79e448a50b5f2c217f0", 0x97}, {&(0x7f0000000a40)="9c2ffd89d3c0df946f19d3ad2810201ef4b7bd7a70597febc25bddfba0c669b2f57cdccd2485893d99a0a91d6de0bddb0816708ae690aa4f89943bde254850af590e7f1afea7d30ffc569dbcadfff76086655ebf4e01ac31882cb131a255780b9ff4397a78088bb1ff6ff7b3795f4f6b4df1a4fec166fca932f9d1c5a3b26ab6456d45cdd487341170c463543161e01e5881bf28cc6dc91e6b171b15f9aa93263391aa9d1613677e969c0c05b2737df21c447c0267c0b8ed89cb2b41f60178", 0xbf}, {&(0x7f0000000b00)="c401075acd9edd0bd9249001764c75f4bf34902b14598a9208a3b597f6137f0550226d49474a0cda61bdbb1406d88fb41896e931e5367ad528b936b1e01c99848e79bee8204f620de7b7dcf22142233961049781d01c91a08aaea00ff31b3d12ba2a23cdeded0db4e6f6199b560288a995f6162be814d494686aadd2bcf7aea864c7a68c56f60101a7bd9233f91f4c13393f81625e046411ac2dddfb9e3fe8c5fc43082599e1dab6207f7c463a6ee6987a987dff120d5236d986a45bd66d8de8bb277d095168fb35fc29d61606f4db1f2932811e17965b9b36d06763214225cd507a9f6c45c50e97dae830fa54f3865753b443533818f9b5755e40ef3bb914ac316a99f56877a169840100c5f88f284c878edfed18939eba3ba65095676bcd7e52ee5ac49814a572f0b540f19f4d3d9ac61e85d868c6d2a7829cd10bee8b308af23e76f8bb59a4c114c9c183352e6d9b7fdc52184ec4d41314938e2bfe3e321073136ce3533eb8b64d50db9591043ec059049b1126f09031d19b8874f89fdac98707443da78d7194d209f46595b10851a0020b30dd0be8c31897b8f1f3954e499d0c0061f6cd1e38bfd53dfd1993f7a53f6c9c88105b3db8b2c145e6f92feac3669e1e073dabadfb5347666236df83fe72a1b72759dbfd3713227126c660025a3928da552d13ecf958e3d05fc3a7a8838d9e7b4c9dcef2c0c87d3ea806f4e8bfd1cbbccf053887f168efbe905b89aab8aaf3d0959f9a71722e27b36b7c3dfc6d195c1614fe8857010f6c0731b4c0ec8ca61e5c23e3042bc187e960d317d3dfe738dd31ec56ff63dfad340f4efd0bcfad8d59ff2fe54425d0030bcb3a2bf1c0319d873720b72bd0ae38a49504787333f244033f803dddd1c05903e8d1a911098fe2c74de25b32cbf2ef8daf8f4c8853f35f7139297421639a4e08bbd4822e3697cb5eeb2c7f3f19d07bf489da3316cfb04e358ed07d876da9e65fe4311956a5b2d063398a751d0f23aecb5c9ce981d980ba7cca061c113f16660119235ae587e8c5182d0e1d5adca4f5a5556b4512733c9aba8a395a9225982635de6e9eac6da5c795c3142e7885134045c47817ec8c62584fcbcedd576e61770d4a95fde87165df28fd22fe9bd06e9c053eba5f575c26a09b7a2daa5a238ed276d02973d98e3c07468ba2e9f29b06a9b8e4b4c79d2a339b7c316a044fb4d83dee234b0711b70118274e67a786ada9d103d1c3c9533d48c07c744fb355e60c54883afd6f45f285e19ec8d894e350c1769af4881fe6abd0ad679fb6a92eda4d8ec1989e1a7d134632d669f48319e37863108cf003efcab6731e7739f154532e6309208818662642c4ba18e10e353dbbf9c1f576355816ffb66b75607b064fe1bf3640553bc44a6187feba71948da6121f5a66aed4623727ead1490b19061ef43bae964801945c11499b1c810779cae46d6433f8019651ad11631dd4706b3037d4862bbda801b0f201775608798a53c2a8de70817481e7e406964f56fdfbd3e3900d2b051a62b2954f7af0a84096537b71a2d694d11c5d1bda82932970dbb26484e861eba8b05dfbfe584b36a28c411dc8fc7f7fd4b2ca61f5e8bced0219f9dcd1856e4d01c5c057a4d69073d70b57f5785bbaeebd5bd199a43dc2abdcc0a4d8abd76e0c5bfecee3addf54f5b60c0d87829e0f95a9ea2ba09f31054f39a8e9e6832f4ab8e2c320673daa3f2e65c1028bd2f90d98fc4b596b46043a55bfe0f697bee2939e873ee7f9c6044ed19246f93e6e6ec68ddd8fb8a9d3c0282f93f827f41bda2fe8dd0bf90386d6fdc94a33d69ae9c588ca5fd045aa46d76b9a087522b14452954d4fa74822114bee93f27f8fdf033122153e82826a6fcb7d721ab9a1b9c3c101ca67fc69adfc34a46db1da9fc888e67971188e9f4d50dab44a3b652f79b1501175403ec124b09e97c2a2f5eff3a9486178d83513b54bca27288e11edb82a12917d674618aa89f20bba88d28796e1103fcea55eec60f21f043bcdfb99296c49842dc74b98d8e02fdfab9d78c74e90908c35a985316a5fde4959456be54b76a6e917a760eb43c7ee99add6e752bae954f3130b200be0e4b2f9f3844bcd56140cf67dddeed13a0a0edccf3810a16d31b36ab385330f946065baf7ff6d9487ff060de00bf0d5ea7f3cb5ab4876708a04a7cb32d8a8c16d21fd10ee1d9d613aa4094ea031851309655fb97ad046301c7339c8caa566a6fe8d86ab699a41614e1644865dd988e409682a3d1200c0cbc0142a70d62c9f23547e463fbe74cfcedb761f2e7a06749fe8e86d5bbbc4054a9cdde549130b92ebd388ce73072dd32dc379d505097a8827142ca1d2a1b3e1d495969a9406fe4f2a1f40d94808b55bb617a30d155a3157f33bdbe3c845d221760bcc42de554a2467725b73584f8750dc4b36f27b34e6078130c2ab15ece58688ad47f525beca72c2e02c84db9cc6cfc3234058a1f4d9cc77b0b77525d1fedb4146b2cefbb3d8af877677ccbab890dde84d449fbfc5b25316bc73b55b70040df517260f9cb6ca3691741c858bef54315cf3ba4f5faef6f810ff17612c75b01f293433b2a24aec8af15a0da0b5795ac6deeffe07d850098c5f6d02dc573eb09380d0bddcd164ed9132b7ca9159d00a27b4e69b43134ee126a2a92a7c0f8af24b69b7a0feea8e4b4b1fe5c054076330e6b78fee733299ba53b4fc1f76616587bcb230f49bea438cfcf297e0aa14ec5a549a97579765fb0268fc2753e547f9e255243ffd1c7f2de8d0a54415902e03ab019a285bddb81e930c491711f235fa4476438593976a546af9bcccfaead4a3fdd23eb3c0d9728d04e21c4cd3373f646f4d65a5337f274652c52d6ad0bcb0f3cc9804ae9036fcc2ff708867a556785731572b79ddd0d5694be3bd769bbd0ea1dbea586bbd10274417b67a5862b63361d6a6ec4648ad636bce02d9f4b11154b0c17d763d412a2f8038bdc4fb69e96fee89fc3310a369ba5d831821c0d3bdd457ab451a7fd7cabcdd54c27cb2f3803da1467bb2b98e6776ebf6a393c4a73a6a2c2853850ec1ee9e1b135f54844579cfd7aa61032bc8b73ed8ff61524282cadffba7e80bc8757bf9c3cc70065bc11dbd14ad2615afc1c76d929b25bc7b6d93a4bbc9b1309a5f2c9785a287b98db1704cf209f59d780da5f0c3b17fdfd1e684f963cd723abc5b98a1e4dc920ee96ecd8b8784d167d54e54df71dd2f015d261b40f5c0256509b349da589e4600094d9801821443a3d1f16e8c46e766e3e3dbfea500a80da3616b5905bc70cd148021b0a9f32764979f60e3cef1b6da97a6dc3e52fa319ac92c9feaa13c3845b29169d7e2528c03c4280b3cdd0830c0333bc823a200cb724978b0622f6cb09ad594752e2ed864a15c418f73808713e53798387f6f91d3a36f6c09ee156ce306a2ab25d3b01a4c5188b9c064398aa605b96224faf2299e88500232a00747645fce551eda09908e27b9c8a447dfe655ff27d0ec1beec73c620db1f2d4164eb83dcfe7f77d1d96073369d19849bae3d0c16d79e1b9d47cd9c1848cec403eab17657bfe4748ea801f80a22e5745dc2de1ce29ef9483bae5dc1f69be6cb350e1d9da5755426d15224ae56463263276c229438b15997c9bac83af6bfeaea98c2052307ef5d611f9ea77eb9336f9d6ae6fb62d9a0f6af554a6c566175778d371d3d4d2266add1ba3c1489740fdacc630f40265b0824d1acbafea91b1545f07ffdd79b828d991407bd458f6ec274885cc7a506d11715284cf09c2bc0c1a51b6b8983e8d3e9a4e6be04637bfeab7196c59e36fbdfb54bc79847298c38ecae3efe572486a00224c94e87c26d298f46bedfd8a608520a113f332b5d5a9a79092612433a9d1b21a512abd3543ee1b9b1869c00cf24c02772262aa45ea8c412bbf3765ce422546b2f3b0907ededcec4d432a183d0c6aa8fec9274391692b4818aa5009a99ee72aeb0d5198670cf2cf2b86d946eb079555c4e8e729ded47a7fc38fbeb7194ae2d13d86e56ea4a2212879a39f6d3d9f32026479cf74c75cb1a8eecf9bbb8a01c51608dcf57dd9782d3b65ac57444e02d52f4c861d1064e7ada1f346861fcf3a026ffd1a4e9cdff28d62a3c2ec4ee7435c9c03d8374123e1fb5858814d423c4865ee3222fb77f76e5a5c6dfd1fa86e72d5341ad9a16512e001ec89a1bba89229214e642b9fcc10755cec9a06c1f815327ba6c846ee94b3ef704a48579a59ae25361a96d041cc965631ea360313e93819e06aea9ac1bb90d8b25b24892ed6a41394f7274bd27df6977346018ff9c10bd3fb876aade5da2e072fdf1eee4a727d9ddac0c7d9d3b8d2b922f3ed5f89375ea9c5b81707fb19d4c919a3c1ff9c28ff29d77d4d42067d30123d4b170d4aa188dab85bb2f65a62486627ad15b9e24a84a31b314aad64509447ffe0ff34acc89c592bb4aa8c97db5af9e1eca719fc391d285a2a72ba9b405a494b10c726bd494812c5180979b6fa208f5e8c104c4f0ca118c2527215d122b80f7532522e2fbdf86ae274582876a23d5d85b1d5406ef37c41994012367c63adaa20fe9850d2afaaf7d9a49c7ef64eb6a127b14ba2069e71ce5a553809c1c2edaadb9892ce2315aa1c36a76d1aa04b8e53624b3bedbcab27c6577bb8567b07f350c36a7491e31245610ee8b4a1d04516ba253d2af1756b0a76d41ed3ff95620101a0234a0cecd5d303bd7cd3ba0b888d7c60b2854f83bde0305be00a41c4305cc2e5b5bc2abfa91b4b2b4e9fafec4c68bd53680b4e7218e3ad206b4e6386d841255274f13fd22056ee4c1afa71f1f5babf90178a503d5666848317c1fc24fee74cc80c73815fe840b37d1f135ae47a14d5c80fa086ded6932be4029eeee85b9d42b8d830b0b98dacd31a27cc4289997f6ab76402edeababfbd80eb514da64f1a6b98eb5d2d84bcf55271e5c63047e14a5b4b14441f70a1eaad66d7bfea1bd6414404ca7338f0eee2ce6a5e2d6f4ae4a4e803331ae010605d100a69c9689197b9e9b0d0495b962a1dfcfa72545abb8de7f53c4c0b3039753b66b07313536de0bb72a6c044ebe98a9d861c9d64c2934951714be87ae5669afb091e544d1486a2debe6797b69838bbd7c09a457acbfd55090e1d0a3fea0063bcaf43539a712ce3e3db0455f804107eecdf348b18343eb5e0700471633bb14fbd31ae13f3ce29c4afdcb27e7614879cff2c3c9a1ebc15f8c700f0890c10aa5e111730ca6119d8158d5121e01cea2766b04b8696f9f85130c1c4f0cd9112fa3e30c70464d430921ee17e4ab798aeb68713ea712b77e8280148fc5740055a66a2e5507ce3a06270a12a966c133a0268b9b4b0c66f5175e53c66a0d11517c2449106a520dc73ff9203f31a1b5562499d09ca40846292400acff43f9a8610b74e126cb63c0ca9d0be693708f3d59ddedfe46d150b4cf20aa22482e224f2624a8a5a58f8db55a6268480f32d0addb79efb10b631b18b6eed6015f6410aa38472445f812e3b539bf5d2f1a5cc78929b22fc46c5cb97f7f46ab7429d09182e466d701bf5c0fe088aad973fb680934e7d4f1184537bae82ceff56b7400f8f38cdf9d168cc5a0c46dbe3ed72bbadb5acb4ccb9c5aa3c66cf7a4d6540d3e0ba2d2f8f030a14d1b6d5fa80d192551339e10c6432512c7de1ffd6c5264cdd7296d508d6051c0b960233289be6104d1008cbc26542a756626f903e84dd8577f3a50d9918d8fce499b3645e39d1827e1e7802c5d050f16421ccec1efd98116dab7e1d424d045cc74b2bd5b0", 0x1000}, {&(0x7f0000001b00)="3a8d2bf8b395744464dd9c033df0b208c5831c38f50d80c992d4ecca360de1e46986ad982a", 0x25}], 0x9, &(0x7f0000001c00)=[@hopopts={{0x30, 0x29, 0x36, {0x1, 0x3, '\x00', [@pad1, @pad1, @hao={0xc9, 0x10, @private0}]}}}, @flowinfo={{0x14, 0x29, 0xb, 0xfffffffa}}], 0x48}, 0x4000800) r5 = syz_open_dev$char_raw(&(0x7f0000000080), 0x1, 0x200c01) preadv(r5, &(0x7f00000003c0)=[{&(0x7f0000000240)=""/237, 0xed}, {&(0x7f0000000140)=""/106, 0x6a}, {&(0x7f00000001c0)=""/38, 0x26}, {&(0x7f0000000340)=""/57, 0x39}, {&(0x7f00000004c0)=""/209, 0xd1}, {&(0x7f0000000380)=""/6, 0x6}], 0x6, 0xa4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="10000040000000000100000001000000"], 0x10}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 305.211097][T31881] FAULT_INJECTION: forcing a failure. [ 305.211097][T31881] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 305.224316][T31881] CPU: 1 PID: 31881 Comm: syz-executor.1 Tainted: G W 5.13.0-rc2-syzkaller #0 14:04:20 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:20 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x214, 0x0, 0x0) [ 305.224348][T31881] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 14:04:20 executing program 2: r0 = syz_io_uring_setup(0x185, &(0x7f0000000440)={0x0, 0x400, 0x8, 0x0, 0x336}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r4, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) connect(r3, &(0x7f0000000180)=@qipcrtr={0x2a, 0xffffffff, 0x1}, 0x80) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r5, 0x0) preadv(r5, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="10000500000000000000000001000000"], 0x10}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:20 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e666174000280010002000c0004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:20 executing program 1 (fault-call:9 fault-nth:59): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 305.224416][T31881] Call Trace: [ 305.224422][T31881] dump_stack+0x137/0x19d [ 305.224446][T31881] should_fail+0x23c/0x250 [ 305.224465][T31881] should_fail_usercopy+0x16/0x20 [ 305.224483][T31881] _copy_from_user+0x1c/0xd0 [ 305.224503][T31881] __copy_msghdr_from_user+0x44/0x350 14:04:20 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="10000000000000000100000001400000"], 0x10}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:20 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 305.224576][T31881] ? sock_kfree_s+0x24/0x40 [ 305.224595][T31881] ? ____sys_sendmsg+0x421/0x4d0 [ 305.224612][T31881] sendmsg_copy_msghdr+0x4f/0xf0 [ 305.224629][T31881] io_issue_sqe+0x250b/0x6750 [ 305.224699][T31881] ? avc_has_perm+0x59/0x150 [ 305.224718][T31881] ? avc_has_perm+0xc8/0x150 [ 305.224738][T31881] ? __fsnotify_parent+0x32f/0x430 14:04:20 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:20 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x100000}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000100)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = syz_mount_image$iso9660(&(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0xffffffffffffffff, 0x3, &(0x7f0000000380)=[{&(0x7f0000000240)="0f566c4b91c60352fbcb925bfe412a2c2e43c0a68150f86e47113bfe9a", 0x1d, 0x1}, {&(0x7f0000000280)="258e6aeed115dfae4a6c9f3ea5e987e92a5d919695c18ebd0371ffc1423309d0453e2f6f125aabce2dbda377129fc865fc3c6196ab604860de36bec9a16862aac2a28f1172b89914c47bd3654b2309078492e0b8809292e6b59bc53a1374863edf12adc4e36c4cdb3b83f93e97d1ef540272607de012b4135e862cf5947809e178df9ee9aa881461d8baf13e6d11693f88d44b455677c0b278f56993009eb1c0db7e2e28b0cca86c80b930e6b56ba0121b9221ac18b0fd160d4b1b06738b28ee9ba4dde5d53bd1793b2df5b576592d738bfe9ac3bb6321a7ffdca1e63cd3312813bb8205120aa85d2024984f", 0xec, 0x7}, {&(0x7f00000004c0)="4460eab5dbb8cd4b6262e046192b1d6eb7223794178f70365cf019288add3277fa61d55f28e06b5cddd254fac6833f38fe5ae97f15ead41b155bad0aa2a50836f0ee9ca116fed91a54e2a5e63751065121a42b19b2e67f5370e41bf81b0cda6e88e58a00d28b6739ac9f23459bd6b5e5faf0da2773a8f20073ccf014b8d5364d0b8b18e6a41f79c31588de5529f0c7cdcf612025feb32a8e83eb93bc8e2e3c4df9bb7322ba840576ef0ee66a036cabe099735f91583bc355d554bb608b7891e2d1e2b71a612eb16f1e6c82c07a484639c63769b77a7e12d46aa65ea2e3cebb500cd9757911767915ed200fd0aebfb6b7b028f23a86623b59", 0xf8, 0x4}], 0x200620, &(0x7f00000005c0)={[{@mode={'mode', 0x3d, 0x64a}}, {@cruft}], [{@fsmagic={'fsmagic', 0x3d, 0x4}}, {@measure}, {@uid_lt={'uid<', 0xee01}}, {@subj_user={'subj_user', 0x3d, '\x00'}}, {@permit_directio}]}) openat(r4, &(0x7f0000000400)='./file0\x00', 0x40580, 0x18) r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r5, 0x0) preadv(r5, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r6 = open(&(0x7f0000000080)='./file0\x00', 0x101000, 0xa8) sendmmsg$unix(r6, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYRESHEX=r1], 0x10, 0x4000000}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000680)={{0x7f, 0x45, 0x4c, 0x46, 0x1f, 0x1, 0xf7, 0x3, 0x7fff, 0x2, 0x3e, 0x2f, 0x1b5, 0x40, 0x248, 0xffff, 0x401, 0x38, 0x2, 0x7ff, 0x9, 0xffff}, [{0x4, 0x3a, 0x8, 0x2, 0x2572, 0x6, 0x1000, 0x87f9}, {0x1, 0x4, 0x400, 0x7, 0x2, 0x0, 0x101, 0x8}], "", ['\x00', '\x00', '\x00', '\x00']}, 0x4b0) [ 305.224762][T31881] ? mntput_no_expire+0x64/0x730 [ 305.224787][T31881] ? terminate_walk+0x261/0x270 [ 305.224804][T31881] ? path_openat+0x19ab/0x20b0 [ 305.224836][T31881] ? fget_many+0x178/0x1a0 [ 305.224855][T31881] __io_queue_sqe+0xe9/0x360 [ 305.224872][T31881] io_submit_sqe+0x1887/0x3360 [ 305.224890][T31881] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 305.224957][T31881] io_submit_sqes+0x5bd/0xbd0 14:04:20 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0xc03e0000) 14:04:20 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e666174000280010002020c0004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) [ 305.224971][T31881] __se_sys_io_uring_enter+0x1e1/0xa80 [ 305.224992][T31881] ? fput+0x2d/0x130 [ 305.225008][T31881] __x64_sys_io_uring_enter+0x74/0x80 [ 305.225109][T31881] do_syscall_64+0x4a/0x90 [ 305.225131][T31881] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 305.225149][T31881] RIP: 0033:0x4665d9 [ 305.225164][T31881] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 305.225182][T31881] RSP: 002b:00007fa426633188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 305.225202][T31881] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 305.225287][T31881] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 305.225298][T31881] RBP: 00007fa4266331d0 R08: 0000000000000000 R09: 0000000000000000 [ 305.225308][T31881] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 305.225317][T31881] R13: 00007fffc1f3ec1f R14: 00007fa426633300 R15: 0000000000022000 [ 305.245553][T31882] loop3: detected capacity change from 0 to 270 14:04:20 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(0x0, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:20 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(0x0, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 305.395916][T31904] loop3: detected capacity change from 0 to 270 [ 305.468215][T31922] FAULT_INJECTION: forcing a failure. [ 305.468215][T31922] name failslab, interval 1, probability 0, space 0, times 0 [ 305.539928][T31924] loop2: detected capacity change from 0 to 264192 [ 305.541673][T31922] CPU: 1 PID: 31922 Comm: syz-executor.1 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 305.615619][T31922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 305.615632][T31922] Call Trace: [ 305.615640][T31922] dump_stack+0x137/0x19d [ 305.615664][T31922] should_fail+0x23c/0x250 [ 305.615682][T31922] ? sock_kmalloc+0x77/0xb0 [ 305.615778][T31922] __should_failslab+0x81/0x90 [ 305.615801][T31922] should_failslab+0x5/0x20 [ 305.615822][T31922] __kmalloc+0x66/0x340 [ 305.615838][T31922] sock_kmalloc+0x77/0xb0 [ 305.615858][T31922] ____sys_sendmsg+0x107/0x4d0 [ 305.615875][T31922] ? sendmsg_copy_msghdr+0xc4/0xf0 [ 305.615953][T31922] __sys_sendmsg_sock+0x25/0x30 [ 305.615968][T31922] io_issue_sqe+0x231a/0x6750 [ 305.615986][T31922] ? __list_del_entry_valid+0x54/0xc0 [ 305.616006][T31922] ? rmqueue_pcplist+0x152/0x190 [ 305.616025][T31922] ? rmqueue+0x43/0xd00 [ 305.616100][T31922] ? _find_next_bit+0x16a/0x190 [ 305.616116][T31922] ? kmem_cache_alloc+0x201/0x2f0 14:04:20 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x402, 0x0, 0x0) 14:04:20 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(0x0, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:20 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$sock_int(r3, 0x1, 0x37, 0xfffffffffffffffe, &(0x7f0000000000)=0xc) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r4, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r5, 0x0) preadv(r5, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x10}}], 0x10}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 305.616131][T31922] ? xas_create+0x96b/0xb30 [ 305.616147][T31922] ? xas_create+0xae3/0xb30 [ 305.616164][T31922] ? fget_many+0x178/0x1a0 [ 305.616180][T31922] __io_queue_sqe+0xe9/0x360 [ 305.616234][T31922] io_submit_sqe+0x1887/0x3360 [ 305.616253][T31922] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 305.616275][T31922] io_submit_sqes+0x5bd/0xbd0 [ 305.616294][T31922] __se_sys_io_uring_enter+0x1e1/0xa80 [ 305.616318][T31922] ? fput+0x2d/0x130 [ 305.616335][T31922] __x64_sys_io_uring_enter+0x74/0x80 [ 305.616380][T31922] do_syscall_64+0x4a/0x90 [ 305.616396][T31922] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 305.616414][T31922] RIP: 0033:0x4665d9 [ 305.616425][T31922] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 305.616440][T31922] RSP: 002b:00007fa426612188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 305.616460][T31922] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665d9 [ 305.616487][T31922] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 305.616501][T31922] RBP: 00007fa4266121d0 R08: 0000000000000000 R09: 0000000000000000 [ 305.616514][T31922] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 305.616526][T31922] R13: 00007fffc1f3ec1f R14: 00007fa426612300 R15: 0000000000022000 [ 305.706850][T31948] loop3: detected capacity change from 0 to 270 14:04:20 executing program 1 (fault-call:9 fault-nth:60): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:20 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, 0x0, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:20 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r6 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r7 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r7, 0x0, 0x0) setsockopt$inet6_udp_int(r7, 0x11, 0x67, &(0x7f0000000100)=0x2e4, 0x4) getresgid(&(0x7f0000001d40), &(0x7f0000001d80)=0x0, &(0x7f0000001dc0)) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001f00)=[{&(0x7f00000004c0)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f00000007c0)=[{0x0}, {&(0x7f0000000640)="561f3c6b263e45805ea346a0d12f3bb686a99af706974930d50f16615a734614f7c0cd43848713ad18e72ea1b52b91679bfa1e371d873ca950b6c8ab2c1ac9982c0632147ec6462fb104d287e8ed9a9f49002c432d676ae8a77d7dce67e0", 0x5e}], 0x2, &(0x7f0000000940)=[@cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xa0, 0x4}, {&(0x7f0000000a00)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000d40)=[{&(0x7f0000000a80)="b704552cd93c4261cb62f9cde3b9dac082bb10f596b40cbf86cb4f81c83f25c862c1e49c07dec3b1562b81d8963f7a620931f24f8c1ffe57361c21ed126c68d1f4fdfe7a7ef03503913d945a5e652225cee0b0a8df931cf45e6b864eb08a58f8baffe67b8a4d16388af2f7ee04bc7da55c513d0fa7965350ed69ba06c67c3cc2496a90bdd0b6c84f2498c9314ac86e2e6699f7391e05a35a40", 0x99}, {&(0x7f0000000b80)}, {&(0x7f0000000c40)}, {&(0x7f0000000cc0)}], 0x4, &(0x7f0000000ec0)=[@cred={{0x1c}}], 0x20, 0x5}, {&(0x7f0000000f00)=@abs={0x1}, 0x6e, &(0x7f0000001180)=[{&(0x7f0000000f80)="91ada61214e529265cc3c648429ec1dc3006121ff36f924f803329e11f3ef746214290f6efcbae3faf8d60ebd71a29", 0x2f}, {&(0x7f0000001000)="f453", 0x2}, {&(0x7f0000001040)}, {&(0x7f0000001080)="df35c2793bba6d525edfc4243c49045c334d2c7d8d6984574e3f11cd087701b103212f4aadf8350645bb2a6904e096067792f512da5f8996f9bfd84bbaad1dc419d484323d2c821be324882919ef6b164c1be55b270365396391b268a876738de37e015fa30927bf528ba50e3611623937b0900a72570475df08c453f8f603f32eed09d74d91fa218d42d095873866671a101155275784b9e46eadf8063b2d5dabd68ee0b20e6cf55863db7e88974a0ca26dc24444993bbf28cf306f1ac13f680628bf5a14d7f432e1351615ac1987097b619adc3bdae63ab3259ac6878376e277b63309d3d55e3afecee953286b7b14fd895337c514fafab0e89e513c8ac1", 0xff}], 0x4, &(0x7f0000001400)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xee00}}}, @cred={{0x1c}}], 0x40, 0x10}, {&(0x7f0000001500)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000001640)=[{&(0x7f0000001580)="8fc3eb01813c78c5f3ec69367ecc321633cbdaf82e860e164c9adbadc36d376e23d953737c4efbfc4769ca552d1ef3948afbf75b52ba0114a5bac2511fe2734a78c740394215334657bed33cd4c4384ea4945e8212e09a428a07349c8c7222a9b9516fd2f1bfb9ebb8fc74565d22bcdd139832f885c8ccd848fab06b700863814e672042152b76a0fccb95b93406ca64e53b593e3975d0d262e7a8ed15248989ca1932f932210047108814059b82261c7cc2ca", 0xb3}], 0x1}, {&(0x7f00000019c0)=@abs={0x0, 0x0, 0x4e20}, 0x6e, &(0x7f0000001b00)=[{&(0x7f0000001a40)="fc852c93067ad3e209aaca5121f2cb86d87c50fff959c51438ffc65c9538b24783fc2462a660a3fa2277249894248fb4a30cf59ddb760717d44cec1f93c07c79c1b48201e81cc1d5c12131b284f2f307f790b5259f3e52d8124940f4e530a9b38749e9543b874e19af7b33f0ce8888d83fce878b6aad023a62f7b101c8011900e77980ed5d96f6f6474a8c32235d77e73ccbe305d7aef382731648ad52676a5c4fe1419b1e183446b29e", 0xaa}], 0x1, &(0x7f0000001e00)=[@rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r7, 0xffffffffffffffff, r6]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, r7]}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r5, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xffffffffffffffff}}}, @cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xee00, r8}}}], 0xe0, 0x805}], 0x5, 0x4040100) sendmmsg$unix(r3, &(0x7f0000001680)=[{&(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e, &(0x7f00000000c0)=[{&(0x7f00000002c0)="895f62f2e4ec4177fef901a3067b2ee4117bfd51315937bda6353acc5643baa23755e3f2c04b4fb8a04066998068d286fd5e12b7114a552bb420f898acc2ca918a9bfe380bdacd0e57a697b434ae495f10d97ade6ab1a11c32d50ddfd1d1cff924736ab81cbd916525d4d3dded4abe39e7209a217a58ecdf80e717fa5f3ebb8780016dabe6f2aeffe897173d9c7ee2f15641254d8f671e24fb596760dff34c5d7636ef8ffd7f6bed47694d57bc503dca504dccc20776efc4015b55bef708b840a2ab95136a217073557f70ba7ba2160f9512b50135f8a06622aeb4bb47e853b1c71862d19cfc8b8a546612725b8ea60c72", 0xf1}], 0x1, &(0x7f0000000540)=[@rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, r0, 0xffffffffffffffff, r3]}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff}}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, r8}}}], 0x60, 0x20000081}, {&(0x7f00000005c0)=@file={0x1, './bus\x00'}, 0x6e, &(0x7f00000003c0)=[{&(0x7f0000000680)="7b7c986aa67d3f15df3f7684c78f9e5ca34525ec9768418bedb8a5e333d1053c46651e1d52b67bb153f4426acdda4ec7827f9482454c3fcebf5ec179136b214df108898aa9aceebc41d4da5ee9797250e41849947f733926f15982cdc716272cb6f53fae9ba37f1c37900888940d91c360b36b8009b9130e50d8950f84ae8671adfa24c227da089a49b9057e5435c48609d636a0eb7c499fc016e6242731e1795646ce61f0d07d7a14f068e1aa1cf9feb3fab4170c64f567dfe15c22b67244e80e063aac63cdea4d3e6780b5dede2e294215ee6f221d2f373fa05a0119698345687c000eb12287f87c32d293b3448e06a2d5d4bcc01c947bcbd91c2a16c5fc5c001d3c06bd4b119d46eae7f968a29a4214843a08813edde95cd8bc4d86495d62726ed3bb25a5a491d75d09cd0e18752e03d3f39912e24a939fccb70f02e8a568a4fea782cabd1aa5e6a26a0850b17d295a2d7b3fa17b6fabacccbced46e680d4bb0de9a4bd00f7eb2ed17b481bd0e499c5bfe6781a26f3d563296f4cb7214a7a9752a945b88ab8666ffad91b8b63d4e70496689de78173f0cc5c45eacc8e57785b706d92d90871d1196f1abc9ca6203f42b9b6a7a76ac573454c2cd3d1c6b8c9561e813aebb6d08bad411adee2f419fb4e71218bafba495d695a2ab2b949fd7abdc4777d5db526b2260a8d17e0f75cdfd66b512bb6bc777c10e6e0a614f1f779e5e1a20a7ab85156dbc3e7775c46db950248cc74facafb9d601e89771c66e785d97b9c6f0ef3262536fcae8816656c68ef3d895686fb9978a67f4fbb8e7b9090cf783024cce496783b60f50ff142f174e437cb2d7f0cf39e6cc5eef2636513f9a6f29822bde1904feb2250847de442241ae0fa810dff8ce5a3d4b4ae1a200d2bfee4dc382e96d846caa6933c2706e8ccfa2bd4ee91f75877c53173ed87acb0c5ef8e20124ad53eb4c4a6bb2e643fde3b91a404ed05122f632b9c3ce2d2c3d3d6348168514a2787fd034dd5c0e16289197cc29e8bf4ffc4216342509e8c6866c6f573334866b75592166fd97ee87ed00650f46562f9a655e6c90d2eb449c270b225a4cd42fb33378b6c79c88ac20ef0aa7499f8af6e701f303738e69de9a02fea9c3cf53041e5173904e1d367564a90299bc8eabf8d3d2a65c590fec8f199aad4e5ef4c3a790df415ab781303001c823265a334f04061606152578a0cd5ee9ef291213d887891aa398954bf5694fda8277ee0fa1a619acbed27a770d7cdda47b593ed9c1f27b1906443ada1c3c78f4f10fef17eef1b782a771281b59525cc6f8ccba1ae9facac9d3e193039c49e04d60bf36bcdc28eb981ea8181940114e41499497b48c2edfdfd5e34a6e458b2b75d99961bf982783dfdeb26739a8de12bdd216b26075615ad65341b3d5edb01604f6a5d5e101ac9d9a821ef5b5aa50d3ff62b77be873e6b6b786f56e4c9ca5b6901b26cdc4b75acc1a77cd8984d9a517ad746c8f5d4e4653ffbcd715116c892029b7e5bbdc8a5ea8a4281942e938db053c54dee12454775b3f0517053a8debf4e798040371b02f6f08904fc8b1e28f5f796671308aeafa892b73c2539cee752b184a13b5e953853742f0a5812cbdbbc7b8381a21a50090d87bf01ead52f863d394336f31c44221bc02a36e392692f3f581f1e892e164ad4b1f165d80891a6d8174054c496cf2dac9f4a0a0408229c2ab2fe7cfd8b8d8aa41f096c0dd20511e556092e7a43fc56c179e2a132e955fe78bfe35b7d735328195083c791b9b0c293caf8d74d4015994e6e252b668f2be588b2263ff87d715af0078e6cc8aa89bee4eb7b88d07cab8c519acea30b92c69c8e2e403633d52e969c34beabcaad592efcdb9354096781c9e32a615f10c2efa331f8c991f18f052f5c3f1d58f06dad7b0b815a164253753feeca9ab95f9e07f1a02f019e250d7916362e7cf67ec516e137e5a20b010cb71c1fc8c2ee740bd7b887829b20de308fd71d6bae33eb2c7922264da41f4a8ddadd4638ed8591e89d211fe70e28263f56bd300fd6d6aff795694cc18a85c1be1f56ab341343bc63146795760ad275011f47bf57d9d35ec35eb69ad2d97c5df7a6ee256f0d30147daad2eb2d0c9c1c1663240752dd254fd3ad1d8ec8d0e14dfb626ea043c89649464fd68e0356c379fbe0c145ebad3f5b9f53c9ea5ebd19abc640ff1471f210ed5cab9da2f985c403193e998a4ff8034af0eb7954ebc8d6512d58a6d49a1fe41f653b3b5adafcff7a10bd9676495e7d9d6e9df104816326f002aacf0905610db34b13bbbb02add1d4c992e0ab6639f09e2869635ba2e26d7b718226d7deab558fcb5f675c0f2c6b00d6f01d5c1b9634408bd469bb2300f7dda7d57a6160ed42627eb92a75eb9a933190d44f91378a5ed939c75c7099684e5f41424daeba14d361cd208a60e3289e8d6f6dc7e86270387d8b4a6718191845310b3a72bcee6131e62a9f1b321e547c96ad00b376e571f7064404e70b2e63ffb860387ee53289c1b7b803ec75aee659106446371f92a9a09edaed27eecf571a5a48298c6190f5b1477d3c7d7be8dabaa53851e41f1ddeffe2f26d91f4ab27ff08ff6f00136cf02bed9fef643937474549a45571f75761b09ecf27ce0553b1493f8fa90b059c74c40cc85425a32bc05ba4615c9ad7977129b73c09f7a6368a7d4d7f56e47b7a0a458364c4f7929cd81643a9071f5a95897503e8fa5c42f06335d2829fd447be7ba6f6302f056284b4f186e3d632ba7fb8ddb010fac4accf01dce7a6cfc21a2bf1e9fde02b678c71388d5bd857797b2bb0929878af587002ee2aaa458c8c90ab51e5445443d1e9b339f676c1e258de6a224d5e604cc568d73d9e09718b47ec646b02e0a46624ce19578a3f0f1d698ebb0838b94d2150ad0033a81730baf26b33d66503b242829ef8a2cd1c7a90e8e33a645475a634d74f556437b14b2776542c4ef27d8cc559bf014843166b247752f19240ff9abc7e2c09199541ac13f6b5bfedaaf7eda6b6d25c172a451f51eff6b2dbcf6460923e8360446b22e460710cc9a85e8663daabf02cfb8d978b18e033747d54366edd18e35a722a439b50dbb9797aa8db3e2355363fefdd468f18161da63c181594213387c5aaa5f431b3df371b8c6b28c3cbb5c759a1d5a67a877a29531c8f126644860a6fdfb3fedefe2f5726803f5ef7df0b679c6def009b62e9a826e0927019befef4e9aa179d4b3b44b8cbad85cc188ac2b0036a6f2edec01d7f77c2443ca701d6bd3768b6cb815ccc23a38f6a06dad88234d69ec01785f7a355dc6c53f14d195a9cb63dd4d857ec4cd6456c4b7e14c167f5a4d2fbe5b2ff9e5bc62354368174d188230001a44fe909a9dbb24af80286312c136329f988e333895e608c85e5159486297671726eacb280ec63234da0dd0e275e1aeaa473c9808feac98a51f4f5ce57182c038d068c2b4d249f6af326d2164f2aa0bcce990c47331a2a1978020d29a8e8892f6df09a1db3926b49e169bac45f47214e0651cb8a77a84543a832bb72ec51d7ee55fc5e03f433999ff3d65ed622e285225d05fe59c5e09c8428585422fbcad24071a070aaa823cdd7c29f1e2082a9db31fa747ef5c370a95d95c6dd3792b2e05216fea0da497061bf25670f8d47f5c4c48e23fad8f7d33527e2b532488523004906a411884fa6c1b0a8341f030ed5adb395bbafcbb6f992caabcad92a3e3242dc6c70faeb02c6c804f99ca543ebdfad4010c1b878c5b2136c971a5333325fbb7a59b47a4f665fc3633ec768b38c28f693eb025690ece540d8c982772d648b95cc35cce91eacdddd4617164db4cfa05c426fb17dde1ce0649e04b0a4ff2069c0e169e290c10721c522071eb8df85bf12ce4fbee091d08e62cfa973a83e25a4b3433367c2d8541f07cba782ddac9fe8de6e7a6edd91777288d00dd1ef4131950cc9bdaee1b7d3408977c24cae8a61eaa818cf8ab78d51e43ce26be4d3a6e52d4fcf62ae53b51050dcd221617ca490338886cc9d79ca2e65ff732669ee19fc26a8c3a28d5352fe7813941fc2c09ae5f21201e5698dbaae2f3932c9663214edb9ec4bffd1006896647e5fe2368c892da9a271ba2d8d7963c50a05acfa73627a539579c16d8ddb1b541d1947709c8809d020d3ff5158cf2bd2b3b5b15822046acafdcfead84f2dd65830beed8be96dd136877b7f356a45e4d03214c78ce7d6d7d0a1009158bb27b9cf2a5ca18ae2d0128392b9694c16191f67ad4a081cb33e09fb31853cfb71607e33b1af708682cf9c408e58b7fde752c31eaa59bf9c5135c5cbec6c75069a2ab516dd7bf6e0e83f6cd152db63c9f614d2fe59027ad0755673ea1a15096aa86b20bc2d1d4c26a933ed077c55212e39ca5e55948404dcd468f56821dd822aa16efec804f34a844011fc824806c8a0e718329bfc3ced73e5bc64b73284a2551335de7c06fcd2e887b5bec9eae7bf7dc6c4d83fc21425bf6d1e3b0efbb8705b07d6e9c485306dbb88ba573e17249cbc4585af517cffcf7ab821ab0a1a267811daa776ed835ce9d05c31da177e938b9aa306276923db89c6b5289f1413f4eb79216d0cadd42bb16dcfd2b58410b2c24ad181dacd3cc277f5be1430cefdec6ee49c7c79e3cbec1270d04067008f1d88938c5d45bf0c7b31e7b4e65b320dc424a11c9330a065c26f0d5121d5210e5b1df3e5b70a19b5e12c9bdf08a82cb3bbbef38bfd359720602133b0fa1685b969d4e9fc78f9828cd691f564cfd7a14ab0bde3068dea66213b07e2897351d4d79c4c5fbb18e0869812c439c671a6094b05b4aa58ba58bc13bf889bfe46a70cd0020f5ae3641a1a5f72e0a68e6ce30d984c961233d714b511e375a264fe52c394c756e925363ce837ac995bd585e10001b9b2ef0e44fdc3e59cc290149d14be0cff8f05cc89d7af204dc21ce549eac7637e648b023a6aa5c80611154fe3d14286cd2179f2843317b2802624cf49254bfdd21f4f25ecd5f7e78432137dc8e550a1fd3ec6b3c84f2d987c4435753a0a65d079f6d8c162b6767ef9061b54861de3ad8cf98ee6006463b52d4e57e328f27721a0b4d91b9f873576566c0e6bf28b3be61d08d40dab64e2e2297dd472b9f6480bf56445497aacab31fc5d13c5000f65fa02ada536caac94bfe0d859174e3f3d404ca3e78a712fbd028ff2ac783342f9e5afcfaabe2ab8b2be8e8ffef17131c122d96db7c503214738ab988ad97c746063ba7bcfdd912ca83a15c04a0a596674a116f2f75723fe40dc8130d96cd2072906ca5a990841dff9ffd210a74c79554742af55a33baa05deabf2354ad2a312d4af22fb2a4fdb792cb9eec67f348bf1cdfaf6292950db48b8471f3caedf26873d709a8f64d5d53e52f7b6ffeb3529d3ff77190f196e29b5d389824da166505289f85b139adee8cbda5207c0bc43f49b30d799051afcf2ae388f669a1d2a99ad0329e4ea855af56cc4f8ed4c2b229cc089285401a451878e2fcef59a4d14daba86669489f1a38f39b92663e412f921331c291ea3c938666b11562eee297aed6f4e985d3f889e958be49f2e2ad2b52160f5b5a3a35ba8f3c2d912dfc13ff908f7ea2af7c26930bf86ad1dcaa1fc59b01ebe10209d815dc7f74ee442f749bd5b2d3d10ee76ae0f38aa9752a1bbf74a13db532fbb74b25360fef3b8886d0eeef3862549510a390856c564518c99c4b6b6b1ab2145352f0163908b102f902a7d864f869450e04f608cc48065e07b1233c02789f7228a9ea9d29823eeb947138849e7dfff07", 0x1000}], 0x1, 0x0, 0x0, 0x80}], 0x2, 0x800) r9 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r9, 0x0) ioctl$FS_IOC_FSSETXATTR(r9, 0x401c5820, &(0x7f0000000040)={0x8}) io_uring_enter(r9, 0x2dc1, 0x228d, 0x2, &(0x7f0000000080)={[0x8]}, 0x8) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="100000000000000001000000a59650dfab4acf800564d0119c7cea7d81d6f421749e13456c6129754d21de3fe1f46dc9390552aec29a2077da6b864c88f00000000000"], 0x10}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:20 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0xe03f0300) 14:04:20 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x406, 0x0, 0x0) 14:04:20 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x604, 0x0, 0x0) [ 305.897165][T31948] FAT-fs (loop3): bogus number of directory entries (3074) [ 305.904394][T31948] FAT-fs (loop3): Can't find a valid FAT filesystem [ 305.977356][T31980] FAULT_INJECTION: forcing a failure. [ 305.977356][T31980] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 305.990514][T31980] CPU: 0 PID: 31980 Comm: syz-executor.1 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 306.000665][T31980] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 306.010802][T31980] Call Trace: [ 306.014072][T31980] dump_stack+0x137/0x19d [ 306.018475][T31980] should_fail+0x23c/0x250 [ 306.022960][T31980] should_fail_usercopy+0x16/0x20 [ 306.027975][T31980] _copy_from_user+0x1c/0xd0 [ 306.032613][T31980] ____sys_sendmsg+0x1a3/0x4d0 [ 306.037369][T31980] ? sendmsg_copy_msghdr+0xc4/0xf0 [ 306.042487][T31980] __sys_sendmsg_sock+0x25/0x30 [ 306.047477][T31980] io_issue_sqe+0x231a/0x6750 [ 306.052147][T31980] ? avc_has_perm+0x59/0x150 [ 306.056732][T31980] ? avc_has_perm+0xc8/0x150 [ 306.061314][T31980] ? __fsnotify_parent+0x32f/0x430 [ 306.066448][T31980] ? mntput_no_expire+0x64/0x730 [ 306.071452][T31980] ? terminate_walk+0x261/0x270 [ 306.076337][T31980] ? path_openat+0x19ab/0x20b0 [ 306.081090][T31980] ? fget_many+0x178/0x1a0 [ 306.085513][T31980] __io_queue_sqe+0xe9/0x360 [ 306.090095][T31980] io_submit_sqe+0x1887/0x3360 [ 306.094858][T31980] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 306.100573][T31980] io_submit_sqes+0x5bd/0xbd0 [ 306.105242][T31980] __se_sys_io_uring_enter+0x1e1/0xa80 [ 306.110697][T31980] ? fput+0x2d/0x130 [ 306.114622][T31980] __x64_sys_io_uring_enter+0x74/0x80 [ 306.120357][T31980] do_syscall_64+0x4a/0x90 [ 306.124776][T31980] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 306.130691][T31980] RIP: 0033:0x4665d9 [ 306.134583][T31980] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 306.154930][T31980] RSP: 002b:00007fa426633188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 306.163345][T31980] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 14:04:21 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e666174000280010002000d0004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:21 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, 0x0, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:21 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x700, 0x0, 0x0) 14:04:21 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0xeffdffff) [ 306.171349][T31980] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 306.179309][T31980] RBP: 00007fa4266331d0 R08: 0000000000000000 R09: 0000000000000000 [ 306.187277][T31980] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 306.195431][T31980] R13: 00007fffc1f3ec1f R14: 00007fa426633300 R15: 0000000000022000 14:04:21 executing program 1 (fault-call:9 fault-nth:61): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:21 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, 0x0, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:21 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0xf00, 0x0, 0x0) [ 306.286138][T31994] loop3: detected capacity change from 0 to 270 [ 306.336810][T32004] FAULT_INJECTION: forcing a failure. [ 306.336810][T32004] name failslab, interval 1, probability 0, space 0, times 0 [ 306.349807][T32004] CPU: 1 PID: 32004 Comm: syz-executor.1 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 306.359968][T32004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 306.370028][T32004] Call Trace: [ 306.373423][T32004] dump_stack+0x137/0x19d [ 306.377773][T32004] should_fail+0x23c/0x250 14:04:21 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e666174000280010002010d0004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:21 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) chmod(&(0x7f0000000140)='./bus\x00', 0x0) r4 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0) r5 = socket$inet6(0xa, 0x3, 0x1) bind$inet6(r5, &(0x7f0000000000)={0x2, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}}, 0x10) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x8916, &(0x7f0000000180)={@private2={0xfc, 0x2, '\x00', 0x1}, 0x39}) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r4, 0x0) ioctl$FS_IOC_FSSETXATTR(r4, 0x401c5820, &(0x7f0000000040)={0x8}) r6 = openat(r4, &(0x7f0000000080)='./bus\x00', 0x0, 0x10) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r6, 0x0) preadv(r6, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x10}}], 0x10}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 306.377791][T32004] __should_failslab+0x81/0x90 [ 306.377810][T32004] ? __scm_send+0x3d5/0xa40 [ 306.377828][T32004] should_failslab+0x5/0x20 [ 306.377911][T32004] kmem_cache_alloc_trace+0x49/0x310 [ 306.377928][T32004] __scm_send+0x3d5/0xa40 [ 306.377944][T32004] ? selinux_socket_getpeersec_dgram+0x1de/0x250 14:04:21 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) syz_io_uring_submit(r1, r2, 0x0, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 306.377968][T32004] unix_dgram_sendmsg+0xc0/0x1610 [ 306.377987][T32004] ? sock_kmalloc+0x77/0xb0 [ 306.378006][T32004] ? selinux_socket_sendmsg+0x7e/0x140 [ 306.378048][T32004] ? __kmalloc+0x23d/0x340 14:04:21 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff}) preadv(r5, &(0x7f00000003c0)=[{&(0x7f0000000300)=""/172, 0xac}, {&(0x7f00000004c0)=""/194, 0xc2}, {&(0x7f0000000680)=""/150, 0x96}], 0x3, 0x40000000, 0x6000) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x10}}], 0x10}], 0x1, 0x0) r6 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r6, 0x208200) connect$unix(r6, &(0x7f0000000140)=@file={0x1, './file0\x00'}, 0x6e) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) r7 = socket$inet(0x2, 0x1, 0x0) setsockopt$SO_ATTACH_FILTER(r7, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000000)=[{0x6}]}, 0x10) getsockopt$sock_buf(r7, 0x1, 0x1a, &(0x7f0000000100)=""/206, &(0x7f0000000200)=0xce) r8 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000240), 0x428881, 0x0) ioctl$RTC_EPOCH_READ(r8, 0x8008700d, &(0x7f0000000280)) sendmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000005c0)=@rxrpc=@in4={0x21, 0x4, 0x2, 0x10, {0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x80, &(0x7f0000000400)}}, {{&(0x7f0000000880)=@l2tp6={0xa, 0x0, 0xffff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x7ff, 0x4}, 0x80, &(0x7f0000000d00)=[{&(0x7f0000000900)="e0dc7fcb07d6a59b368612f67d3122c983bf267d2464f9029c858538c322d833d6a1d748f8c2bd4a60d5c7d9b889f30279a2118b4fe3f7fd858c26d367bba0c0ee543566d80c1bafb15d294f3eaa615461d11e01d19b62274e6c431b562497666c253fb572bc221ebe114220551731da", 0x70}, {&(0x7f0000000740)="5defb27686f96e83c3131aba113e3df6156f1d168daf737b4659b9a12e94e27c079db7d56aeddd8c92f87404eb2548c15fe5e52d1a89b15b1ca9b8abf0d749e3ccf3f6dfc170595c39f07555afa9f21a000000000000000000000000007e9504e041630c46063aec82427088a46c5b80d4ebe20e317f6e004b5c22f5c09f38b66029189b8d51bfe411c09c71ccadc800291f110970121058a718490535fb3438307b7e8d14a2774c56a1101031edd9b9de6689", 0xb3}, {&(0x7f0000000a00)="c308a9207b7bf37883c6a6dea220ada71eb32be46673ef95c3ed4673a91fb5f31d7dc838", 0x24}, {&(0x7f0000000a40)="0a2917811478cd35f7d3340dad03c70907709414ff21443768ea4ead9966c1463d33650a45745f22cafede4bd2f3958fec2b71338c82911d17d33908805384997ad8ad156a556678b9b5129a2f5993f9ba85f87a11179d8f8bb07d931e060d4ae23bd2d9ebf6fd5171a2877c66d83b42c1951bde5ba8f79c789fafdb638ac445ebf721d412cb0e6b2268bffc6921a6dcd7cb5e38e67a0cf5750b7ba77662ec62148e6fa6481fc19bfafdb24cb4c1fe8464f228aa136cde3e26ebc852cdcba432531ab8966b972fedeb205615864d796115402141a3", 0xd5}, {&(0x7f0000003280)="767746bf803267b1483adbb831927119af60fa6d4684f0571fde6cb7639f696a312d5c033b39a9934bfea689b01799f31babfdee7035875d1c3ed125c2a1b3066c728ee20d9caa923865402dd59d63e0bf9737ac4ec7c1b5222f7b1e219eea3596a022068802b8b6438236d2e4b0985d65de29970641f1142fbf26456adfc5475539801a71d4f4c980cc7c75ac33e1214fb12ea2f81809aacf677496fcc32ad3f248eb803f23239c17886fd3674faa713e892bfebf5a874ad111cb8990b38cfcbf", 0xc1}, {&(0x7f0000000c40)="0984d05739001a9de247ce6ec7940c4d42d88a3bce58aac5cbdf852ec13ab22409d7e0bd95a6137ec24546b8f99148b70544529da1d70379c3ea65f5015ce3692f4067b89f0b55915fb9fdf334f1bda0782160fb94c441787006fc5ef73bf2f2e14b7016a0e13d519c91b9f31b8d4906bbe62a80dd2fcb99808f79c2511111ca93784c9813f29f8830e94091472de3e83e468d20e8e80e33", 0x98}], 0x6, &(0x7f0000000d80)=[{0xe8, 0x102, 0x401, "5ac0424b91534acc076dfbf24d7931c9a97c03658b7be2a661dabd17fc3e47403abe3715bd1a89462e1e38defc3a14e17b97f06b490b9e5ec708b95f47de3572b90a5be6f4d1d094bd73d5b310c788bcfc56f86cc2457892ab5243f401237f2735def62b46b2d2f2fdf29d7e8add317b2cb480d75a1e44282b5350226c76a13195bcc830f7d149b618fd4419a152b1846f27bae1bf58a96cac41c9893d95c3ab1645d255875dc1594d8ad51d3e83fe443b0b6caf72feaf9933026583748a036b8a9732a2f75ba988a7b3e0cfd509c88b50be7bcfe0"}, {0xc0, 0x108, 0xab9c, "7d64e2a72697180cd961d8353342f874aab7088dec631aa6f7d55ac4a140c5b84649e89d3686dd1920da17a59f39f92aac7cbeb04d0741168f3e4c20bb79c115f7813778d11697621b333a106d03dc713e812fa96c53cbc8cb16617b41b618fbd02be0434aac8fc96f817759539357f4917c94f4d71cc02b8bf693fd5ba0acee56d1a06e0f98ed445823c149c49115a43d817f33ec63d2e667fe5759a7276096a1260b4de620445dfbf2d4ea372e58e6"}, {0x1010, 0x104, 0x4, "85ebbed12b204983a72b06c9145a4f604c3bc9d1cf15de2c5a62d25b2d573f9e9b2782dada76060bfcdb0b8da152cc35c836691d6163310ece917e939d657c1d474e960533c971279be55b25febb559e0f892196a57ec1c61155d87fc4796d2dc693fcf567dfa9c62e65847ba28b9a9b3c1246c2163e85db9018d14d2fc1bb54f73ccbb31ec80a08b609ee6b966c6d17ba3b093ad849924843648ee3fa2e26d9999dec1d0285af1391ab9a58e8b3ff70ae88e4b28374f3219b72764903a8694cb314d5a286e5c660fb4418b37905285ca7d7a4117ad1b447d0ea550440976a018482c92a61580ac6610a9cb0e3a21339d43e18cbe0adc46a15efd9a3a5da2746a3428a3fdb6cf3d47b3dcbef31a8b9e6bddbe42a947098db2ffa6ffacb37da76962b32f51781e7d12a4c0050e60a89bbcb50a75934f9ba2e36502c2efa17f3feca84fe9a1532ace827cbd69835ef17008c6e0877c48b72ded3ddafe462937e00b4545b771d03401a139c2bf6be4877b168d2ffab68658f42f931cb08ef2d8e0526d444e9b972e70e8244f8a123398947a5b5b89a93fdacea1f886908e93202324febec869fbaf0b8e05b706844d2635a1c911196d40b139c76ab52922e4277a0b073412afb6c1229a7788b97241a4e0986ad3e821f459514683c5aa7f1c626e3d669ed9c92b14a855e674c70387aa7d80460f308ac910177192dd367c7441d54efed3ae9f6c1f00f17a4b949251c347adafb371cbb6f60caf13b6957e6c5a615876aca3bfc35dfa8741d3ec81e8c809e08abcf707696b5d435fd33684f3d6330e32be649804046a14f7aae2821ce022a2d236b99bd55f075de64ecb7c95fb19cec4a4034980e0f1a0adaa7c33fb2f4cb3c7e252a8cfc309a7de6f7584dfee612d8ebacd9216f718c1e05be6c5abc62573b8ff2a54deb80b5a000d895079f56d1953bbaeb64052547cf7bad67c33ed111bb708292056081020eb8db34e1b20029ed198779767ed14101fb27f41ec8deb4b2f73658698147a24179c6bb58df6f464651615c4b2a4d4c1d57a7f1145edde01fdfa4c5e525fa8ee9ec4a479f5e544075f17df68d5ba49223b485bb1bc7b5ccddd39fbd5deae28b828eeebcf28e69e78fb09dbd0182d05b0f0aeee25d0f224dec2c7b440cb17caf93ca227e5f898e0521d1d631c8815c17ded1ae160a6276386ffbf6c6f644ab5c90291e53024915a56db7634606b12a6bb3aa531e5f83456e77d175d4a430e93f1479d572fb19288af66e733dac74ce5ae77d37dd63d6b9b2638045e1d2dc9ea7dc4b33b9844dbb2ddc3a2907d8f9d4a88176990d851ea0e23f9eb37f77d6e3f8257f6010fb423f866517e7a096457a959e39ae9a7c596369fcedc5f0df05c0cb72cd031621acce0489f7e1f0ca508fc9e73a1be9f4e22715fbfeecf55af7146cd4875f912316912dcb0c664480d6dedae95a558f1a02b971d286885202a1f71b3e7546b3fe926766401efe9b2a701389030e2512d64198ef95cd33bd029697389869b1e0a883f3f8b7dac90ef65737da16e03b5af90661936515d982c3c9f97644b238755b28b76625a9e5ed87e754c3014a72437036c4efa0a4d41eb6667c1ca61c013ae40598cdd8410c720a84d85e5c5241f3ff7cb83036c6deead4614803571ae6871bc7069cdd49c9c522197eed228b7355888678e85147d4e75dc86fb30c6e2d626c36ba8d2d80d24b8d86f1edd3cc429fc2ef0d7b048b42749cc6e0f87b9692fc98636c3c54a9c6e75f5091dfd0313a5dd3840409947b9d2edb4b062fcabfcf22894bb3bd50b6ea50fa7f3fe4e882ef23d0f5284d9d4e9e6ba501d9ec92c58f37411a2ca78a5900fed0d4e2f9166569647cdd471a5d7676671c71135503c9c97df24687df41f72a7ee750e2b4903f5ac63e866313d85b9fae33f0e521c76127dab94d46d684e20c67dd685c1c2bc96d533c10f5953ac56743d76972d651ef0665d2d91e53a03e62d5a187c28b2695ff5e49065385f95486192486336b287ed1a17c8d81da020df7a76c317927d40531f0ea92ff7698d410c00ace760f1640df759e9d2ce5a0b48eda988833225d608c8ce5b2a5325fa355777c77c60567a83f3db9eb7a04ea78c8eee86a20c775b274f6d25215cfbc998a99c3fdf76e2a04eabfab8fb1e044be827527aff387a564cd5441292df35c04366127de7864634893ea650f7b8d6485ee34b020967826415f0c90a58328944f49df0391a055c7197c8b114ae2d0113f6641b8ab3bfa901eb3be5f1a5b83dd2dec8475fcbdb73cefd17eddcfb32f1f3ea0208512cacf7b1df141dd73be185d0c350e08d5839b91717d6ce6a47735b4396091b3ebf376e47602dda66bc8b420d3fc656b38c05af4d875a8e23cff0a5fc2637c705b614a4c63d9caa7dd21e6efdc90bb7165a8bdda0d7b8c19a1f925207dc198a75e91775989834fab628dcd8a74d3454114a4da3f5f9a71927e807e746b165ffb54d52258a89c3eb9721cb1cac9639d50316e78e15b3a90bdd9eef319865fadb342ea1af99d5a72462377032818a5e03e976200f5d3c63a8afcb65b732e4fc4e819cb4b31a5e856da738b8019a6f98afa9018120eb93df870fde1d8d25b36a92f947071860176500f1554774bae6d428cbedb06ba5f413c0913d8ab3ac87ee604b4e0a53a2b13a174051d517dbda945215efe5d940a54325c091a48725d0a05e3ebce9901fbd6fa4a2dbed5ac2ba17c03c641f740aef4f4232d4a09ab4b51e4b54eed509a4f9eb42e454fd866ff71976d557c29ac733e9318eeb4a5c9fb436e23ce81d3874860b89d0e3633eb87c199021a35e2675fee5628cab52e0bec4a74cc049fcb703ebee477e5037ad3fb853ae62fc0fda12a4918cc3b4c1ebfc271cfcec959427e134c2423bd4f87c72946697b2951015ad913f810720918b7b7f23e6872bac0608260aced302f15fec9a5cc3bae1e32f470e3a242557776f9e295e2f51b588dc583af0f4a85cc9e725df4faa626029b7671c122dfc1f69835ce2494f28046806a87b48366370634b07029a5c57c1944edce1579b0ef9381d76bf15a65b8d6259ff416e5d8e032ae98bc3c0d97834196b37e86e7452dfed014136c59283ec1d116f46c540f7eb1283797d0c7e07306293f6cce7c84e2756e17061ff7a93724f7469db51b06d70612b2fe0a4c43a669124505b4475d1444ea6d4b197484f69019596a3c95c1f17ed6010852b6ad8c5e94a3e6e6a02077f0623c3677f595477a0c617af4f1f6ed213cfa4f7de2347787334ffa9f66c51ce3700588c2eec80da0aa8bde28bf5b9e3f938d8afc33530d4df91ffaf3f22a6daea3811429a12110d177db90af9d145e0742405c7fe51463943ae9ff136ce93979e525d20aa73c9141fc39d0e4074557c41fb0dbae632c55803c5431c13f7f1d927a62003411be90c84aead624f0ec3c70ac28d1f6eceb7dcae5dedcec87e2bab90409ce656ca207f4c7982ace96fd99a4497e8156f91803457b3158307567e72aebf0b57ed47cc1184155520d4281a134f22cc04b4055a895b9029ad011252020796fbd04ee37123f6b0e1b00ff751be9f1150ec71d3bc6edd1c74e5e5fc30bfb292153ec07049bdcf9e4429b15e6704f5662aecde44b117026809f0e0ddfab93eb383ebda0b0b54b0e7bb0b23d75fc50cef8c622c408fdef080a7935518910cc4b80d7ffc938f3d8be37ddde6bd82de7819e064e0fd0e20e72a125a97bd8617cc604b12b4eaf6ea6124d3623372939c0400f6c3b85d08d929cd54dc8f4794e6f7cd7a31a17d6e615e0bfb4ddae6fae33914308cc70c0ddc3bcbacd78664564b26a8fbdb3ec07430b8f688eec360caf592b61fdc80c92a5a36a39594cae58f431da17a31648795f84af03e5db96ad6e1bda5c195b43519505060f6bcbbd3215220b5e1e1bb1f92ccd34ad1980a9f157ceb835accb9b7178a8f3e99403452c73ebfd058267f05bfc9703c534a26ede743432c0f21acd7a0bc41c65b2be1ff85bdf665d81a5771c6f09b7c435ba14e4e6bd45ea428a014719c8901430f70f52bae7bd19113aa6ba99164972470ef64308e7cd53d28dad5596877ba51e7dffe2c89024b716fce4574bef6fed9616a069fa9d771682935fc637a2f50ced9ce9530ca9c5c9d15a049371381d7afe0c2392b9e2fc07d4d76d2523df34dbb3a6071c1e52b4a56ca9ed8091559e4d696b8dc44da6f2c60fa3c84f9b7df58e7cfbd56f86947efd6ca5049dd4a1dd3a1d6091051c14e2b6c607429efa9bd8e0c5245bb33fe87dda912b1ad419e0efdc345bb8faa2c24adc540a062ec312ac1099a06363aa5cd8869b186da36640401db72b01ded0bc6a7f5b7b80f3a178c85cf5aa0955086024e83fc6968e934c1a6f72f440c02c4e0b27a9c2fb1fb1280c519446df34045f2d02ee30c1138784d6ac142f6d2b3babfdcbe12e766ca86bde97d1a7d1023f31092040d9914832906bbe4033646f311ff2d285fb47f5c8716f0efba3f64bfce6d5b5d423431511461ea6be2a12e6a4daa18beb96630182794397b05096345e0562d4079d0f61fde21712b91e7e34039ff1bbf47c7acf8f03f7c4f7e544ee4114aba3f25e5337f6aeca2bb2b3250f30c6a4ea39f276923070772a0312dae07599ec85d0dedd28b3da5b8cbd74940ae7d02c86a702ebf897d69bbd549aa11cac0c51089040124939527a3bfdcfad12bcd6bed54ea7ab1246d1799a696583f610aad40e95a4f5df77517bae388c577870e2bd3e4482182c93995b853b302656e238ac29425abb28ede5d626d23e383703bc95d9cd8aa239bc7a6e6bb0595ce01739b07f33d18a7304ac30133a3f85463672f2fb3b0d549d0d4ef61e7c5f2bbf4f987c7478fc17b7ff7f36a4c91088dc0942d0183fd56a5ddda15a4e9ece7ccccd62f4b2c69251fd18ccec8aa6a6949e1b2c593461b4f3a6e979873590b90147c5285707b7d8d3c6befef18dda974e3e8cb92a2d3652248ad9ebbab7c89b0732b8f69075453e85e7cb4eeb763627a494c272a0c15c3e030007e8b50e33c590b25d9b76993094837c4d36230428e15feec39fd361ab5990adc62ee1f736d33f34a73ad42b7b53447fb4240c97fafa6ba00bf3609b15d742ef7b4f3241d393409760eebd4f6a5e57310c83758fe0f32bc9182d15003349887e3a99f66fc735a1e394db4330f23b2d097afd972696b1382d9d82b90cfbb3c42bebcd0826bd44948da65b5a32c2d29be7e927bd6912bd1f580d5abf2536741cc8e00cd1caeba8448c3b3645bf4900e9f1e2b44e6f7e0bfab877cb2dd5e13dfff968f764bd3277a8d3d0254c990ef3fc25365537c768f4293366b7fadd02fece9c372e0dec31d1e34b24626efe517a6735d0f79179e1da82ab0c59817b0ca84008610ee59bc6cd5b03992546a75f6b9f01e31ffb6f2db2fa94524e576b16ab64128044fa1aea6cd0a1026e42c5bffe90865b905a94aa5be26ffa4b250e1df1e575f02b4e10a9d5dbe039f779317af200f6c9d6dcefb5689e27678d7564515657ee07a740ca2a8110d7d66a35a5414692c2d1b5d4f33f74475eb953b191d89e4e74daf497008c1aa849d772904eb0f0923c7d677b40b314bc057064999fb4daff2f8145acf89a39130290b9840280f19c09aeb632a30824df4849d1101349ec3aa56c501ffec9dbec11f2284b61a76cb003a6990a9efcb7bedf45c22088a663900a742d73b32794b478cbe32b73da19b5ce1b6dd3d6fcbaadec8ef57aaed4bbd845d72b462f485ea6500d010c"}, {0x58, 0x101, 0x0, "5b6c772ff259a75b5212887a6a548b292ef9bfbcaa550e44e971221171d2d5b239ab5c5a2d9c7917e3896a7216482330b18d9a658bc16a4ca3d9b0c3dba285374e"}, {0x90, 0x10f, 0x7fff, "e410b5461afbc3de26a5f8d4d2a5252bac69ab8a6fd376aacbe1ffd1f359f1b3ac0ac77fa8ee998d7e2de51d1d0298e78b92fbf7bbb33c380ea625f3df0d8cafa84fd4f3ab1df42db304fd0c0c0cb3f6d48cebc5032c30a5bab84b0970d6a2a425f9d9aa0774238c02034f77f5b5a30376b6b001088993ab3446146c989bd0"}], 0x12a0}}, {{0x0, 0x0, &(0x7f0000003100)=[{&(0x7f0000002040)="653aa0f4e25a424b7a313196857146ecc1d28a0962e7f6e296daed38be7e4147e923d4b4c3afbdadbaf9259bc53b42171e1b3bd7ee850d570e50390bcb03ea2e3c9c7c8b", 0x44}, {&(0x7f00000020c0)="7848ddb132bd8052616077b787580d1386a9501e5e03a69684cfbec92cedf47f185a62049029fdb25d9af4e707cd138cab3bbfa9766952935202c3988117410e7fd627daef11c3afda6d4a1a4a3d505ce653e91f4696d57b2b7242b9708adf90584fe94c475665a9eea339be9b9b1ecb920e2ee7f73568d6d7f5aab56a889825e9a9e4699f5eb7731b13aa6991045a55fa13b3f3c0ff0efc9dd996654bfbfeddcb428b7798656e2008c0c7d51edaa19decd0a93a0402d1584be0fb24f9e536a7a815034cef72dc9f97b5c9d43fa9bd5a72ccbfdd2931bf84497d7b568d895384ff914c0c9141e25e8a90ba34e8feb0e9631a0b192464a127530946669d7e5a3610fda75bd80882c2c973ffbd0432cc2b62ec765065595134ca2c43a32a6172c3e1a21623f45abd538313c4387700a9ccc5f086a934d888a4026b9b0130152bbae580895835b8c4be0b81f51d40dd6a5497f9417b66183fbd6e96179f298f26c27ff7c4bcf5f9d080d7869fde33876d69faca66316f7708f344542ffb29e83ef87b55e9d06c2e84d1742acf638bd9068c2dc829c87954a4d26fdef2d10e8ad92dfa1f3f605c6c897ecf148362474accf137bdf538825fe4170fa14e450203f7bf9f85b735cd00fa8c0c87190aca1fd816b535c4ab9cc46687bd8be27dd83cb5c96625c3936a15f6c2b17922350ed892c45aa23572066aecead2ad1dbd373776a59f061e82d0d466a9b0e7b57bacb1eaf2d1e1ac6722bb9ac7270313f4a05f7517a5941e0dd6d6a03ef59db74c0512585559bc8f4fe2739c053da6e779fc26bd5786be15216f6f1a9fc21da672efb62282c936b9952339a2f2fba8fe8185db36e29c74ab7438e66ba11de64e9ef836a2ad6bd01622c09b8f5550964fcbcc270786c35dcff65b6c2a668d383c36c83c75ea343bff5f39bfc2d6d437c2507acde8866354a318d93d037f3fb9f93d0e5fe7bf80e43f86f732e7b4f012cdf3ec26da254120093d8ee808d3ba4960eae121ce8acdce6caf6b35d7d181b73d83926345c2bf999e63095338819b67f473823292b0dd191984927911939c47df6e300cb65e06e61acdd7748bf4aa99833c97d8d4627648412284a12db189ac0baf60e3599208d42e9cdaff5b317cf1d8529d5db9e8e46472473e955beabb70f345d6599657e6a6c82191c5d22695f8dbd078ac10207192d83a8510966da9088443f04aec337f7091929da6fb6b66fa6502b3510698cf13c510ce8a1a35ce608979006afa844f82f40b7d7eef126815cec7cc76f3cc76490603cee4102cd128396d4bf3f65a6abe933417fe7ecd58c955032ee521807fa5d0093119fa7216565922cc352266b745a0347fc7b3bf3b90f0017b5a90d5efa75278b497db4d28ea4489d21f1a4adfb69ed9def0074bfc501ac95d99ef738ae86218b7ae26a7608e3903fe5b5f8cd01c7a75f01cf7e1a71faa26b9fdfeed1bfb1e9c2dbb8b9a96f8df85408f9774e82e7e0e227f2e3939a3b7d6cf39f90fc8cc80cb60408718bc5e6eb08f53261f0ea7f8dd5d34580c64dea6021d681df1fa1b18cf8b7dafa5d4b3b51207ee52af278f14a80febba47555f8431f5da3cbe152bd8b44e386d226f7aee05622969ac2ded209ce76fc810d386ad8e8b58bf5440dfd2d77f1a832db9508fcbed89cd7a8b8c6b7572e884d34a789b29246e76bf902453b76dbaf07975564bdade64c8bef52a1909f09cbb175864f551596ee38d37cd6760d00e1c04558a5cbd2883e15332be9eaee5dffd688565200dc5470a4e85de16d898a0c7dc83bfa19597461f53c82e013c55bb2d66615acb4863e51ae0700fa271a8d8d0e8f37513974d9422400e2439ad84358f46e4f6e3c0a70e19644255ddea44fa50aff07626493915fbb9a9662f8a1f98c22280b1d2f0e321040339272b8b566fc8f454434cd60fd4c624d814e9ef4316725a3f57ef4ceadb51c8f868b2994a3c9d43f4600ee5144f6d459344c7b2b3a969ea1447cc8c631c124d119f355e3242598481c6cb83e721b0a5fa0900639c5140182594200778fdaa3f0d64c6f08609562ddbcebc8b7310a2f53022b6f15d68265774db59ff2ce5fd97d1ba3be7930ad28978e1ddf6bc53f232102bd9e5dec0218519245128331c4f579d39c26c92f50bce90bfd26c01bca2740c19132ed6176d1fa5d8c2d07ab9c69ff8993833564f2e43bdba7c977d854bd225104422395b980b78e4778ff1dd6911e8609ced455f82b730287fb5e0c159f91be02ebbda4b454d000b4083e3298886a20b7fe738454023b0b9b4d04b42aed520b39d1ca74d517014fe6a05d30ec1e220f7b016abcfb108531edd2fdc824f39f77777d5187876d6e7ab37dd1e0e5e3611130f28f23bc2264882f85ce0893b20f40a7c92938a4fbd6227c9e8ec0513aac112d88ce04cf615cbdaa727f5caadd2ce210cd5dc4050ac8c60ffb166b0cfb82109d60529ca8b95d163e0bc2896922a84f15622565c1ba50f2670684e7ca73312e20258ff61eddbd5a9f03fb20097dbe408ae355516c856472ce9f6da777c339960d080e8c790e376f0b3a1344277bbca11a228d0116786a7b20cd605601382a08d701530565fee96d5a29f12d3319cd0860f81cd43c8081c513645fdea10dfd831b9c75ca127c90ca2a0d7ca037c51b4a347d5a265aba17d7b0118b566231ee4c32545f5783644e62896b89af54ed00659a4354c3a1695ff36de853ef5e7918fd561bbcf6928674d0df571f219c7079c419d2ec1b55e42d71b72db7ee58d75472095d3015c7fa401affed9bdb329ebbeab021ca253a7366dbb2791034793a53a81ba57127983450d9b451401d4f562fce9bb8aae93b59fdd9eef43d83ae3a3caba508965b0e19c6cdaaa588aff22a13c12459fa9407a1270f6b0683d5c40a43faaf9343eac44a42503b75c077d6dad5550512de90e1e04bed0efe08631da497605f93633a39ae06884a9c92af89323ae79724fd552db7912e8fdd5bc622aced593f3a177d81259c8eebd38029f5e1cf9eb5f8fdecac1cda2ce721b9090a274eaecd69d24d1a9685cfa137f9d0139482f29e55fa18d84ae295db7879603073731a347ea95cff246be7eecbe4698ef0272bd903b0715b628738d91d89a7b9f69131c28d67401d80efb8cecbe1e2cbaae29e43d3d2152cd93a36cb5d2e77e9549e26fc1aeeb545bfa544bea031352818b1cb156d3d089506bf044796322600a06750c11aec570b9fd22d5fbd0cd135ad8ae474ce313b56e44c436c3965d9ea9e4b4149e26eba05646ed171ea633ea2e0ec54c80d5748f58d00525b51e0dd6358eb62b557af874a4f0679f8c1876195b5f3bcd274f934e48aa06d9edf845d12ba505b0d172b0c32eb1220327afd6533d0fd784c849b7402f5985b2e597af7ed2f87cc96c48576fad38be5670a65e084c6c868c14a7ae8c57501b69d018e0b184d9d59f3e16b5007b1b84cbfdca5ac7a0d8be4025142d5dd80e97f5c4e9a85677c7342b85eddd2fdfc2ca14655bdb17cc530d5af1cb3b1fa3558afda4a124414b9f714e2a32b55797b3bb39244fc7364f9ba287a40ee801ea5a3132d028f8fbe410607e6d253cf8f19d78e5b56c7dea68a748133ad26323b3911995b179b55b88a2f9441a4e3f925970f4c21080498689688fb630417992d6c30114a921edc690699080a3924ff8d4656c4a39b6f30338317772b5040ead14828e57e364535abd26198c568d0074ebb585b03178f7687367b84b507bb32bd59ea8d36b650c16f87cb9d0b806f5fce5545c3c0fec151d2c2748cef7555675746b09ae37f6d73852c2717fc2484a496dc0d5c433fa1173d4325248ef1468917a8e0381a1b92d8596756bb1e19ded3fb6a1fd552dc689077370b394bb64b79ffc81913d2ff5ec7e8cb640e4f7169ce488004f9e7c42a35d897ac856aecbbf3a06c11173c1bb53cf6e803fe97239ddda48a8d91df117c0e8fd56cef1b9743af320642a0abe50e71c537bc370e9aed43c32af1e0553cfa67009b18636813ba10d26fcdca994f7ffdecf6cd751641c95d48d2a0fec17bd746f51ad1be654731c9f63c5a9e5ae5c16fd0aad3e89207b75c8ab36588928b078ae336b6d656f6a426eb8b0ec49478e16a14c287c57713c1b0971c2b6c6799e4f3b25bdc83aa62d964dcdea7a115b1cc34aabe3539d48f0c9fb66dc0b95c7ae1033978e8f99cf569693f4739ac3bd79cc3d19dae324bba0d796439c912b31770d6a946ef933fa99dd1c983b53e2eddc455bfff03a1fdc12d365d7bbd801e38efe38ea1243558ba6a2f435a46920b75df327375f1a076d64cb3b558a8d0e3e1c83f4a82cc064fd9f96b6e9e09d9d07996e38af328253de97a31ab6eb788f669a67b47061d5b53c24ce7891bdacc2a77810f10f7b00b168379238c0e13601f95c2e4e7a72f37c5f4d1d7f2fbe5ddf1410b8587fb22b880c906b0d3ddcab5f522b467ea552c0785c849e2859c5cb0902de0c01502caf87b4affd9bdeac73fcca9015a009dbdfad98eacef2cd73d75fe86765e0a4b53e6ccdf6266ab33934b3c74e1ffb7c235508a1579dde7df433eefa1a09cd59b11ae626cfca82487924cb3bb4e140a5d125339f6fcbac35eb6ffd903d8e05e74e3eb23af095c271f57862cf02fa728347be3274338847d0e06a10f8bbc651fa5c91069dd5f010b50b699d1ac8d0c85a8aa8091bd5f545c9580c2ec86ba1196914dda202eadf4d57e635ca6490a0e1a962c63db79536a09b4828a8855218f36bb145cdcbd9095778e15b29054bd69a6cd7d2af7c287198fad255f7bc4d2c9ccfba5b65b53d28662809dc4ef6d5f8b5af4da3e5fc47848c7167e76aaf3a4899f969c3aa2731c0d0d777ca1fd9a94e15b3d76231c255bc2398bb5607f4c96fe50ce12c44c92ebf5c1ddc5fee1c5cd6b78dbf9c92dfe9968a305c1fe30fde4c29a9baad7684171f4915d57d5b9e72c83c38c6178a50693e833234c36b5a52552d682128966fbb793c6febb1e99be079b3c3b089e5e0d03d62adeb06d47f924ca555d6e507223e2eee23dc7631be08ef5edf8af5615c3368e4844fce2616e705eaa23eae63a9f26c38e25b843da6d6d636886348d83cdf077888abc822a7aaeba0d1e482a2508afa0d5b744a0c36848a0206af06d1736ece3ffbe2011286f8730dfa86df3f134863c72287e193134041d5c98f1e59054cf31146c6a7e3e8640ea8e731a1817c9f613a78eaf74d0417eeb9fbcf1effcef6a9528d843a7297e99b5d91b488cb68558e7d05cebc4f642218e957005d8c92e7aeef1b7abc74ffd4b45669b848a8234bf6d366dbbc710e555df17c6a3309fa223f790ee0df803aab741968e74ecb3a4d041d30a5318dfc6ff25f0948cec1813ead46af464b9a5101c01e69021c56db063bf19ce29ece229f8ec8c9aadf875ec01cabe357ca704bc7d5490ff9701c3127b6b15ea81b0adaf727aabbc7724ed3759fa2245258157b34dbbd85c61682c8d1a2786d010d9824a11c6fe89016f6d6d9d2cbeec58442c8fcd5845f98b5a3a7647e834a647f1cda57c0cd97a290fa15098e2d202fb5aafeb559abe9a6322144e4994af87c910b748846b70bae6f5916b240fd82a1927c9f1c0b5a6a409dead9d84d2234e9ad40bd6d840735636304f3daed89505ac5799d91bfe8a3b36513c9ba4dd6f8f7c9b34af78a63a30c9e44f0a7d8683b4d456bab57ef575b3f145a3abbf317f1d900b82a88c027f0cb181121f7709dd886ad25576b55ff41368c98f0419bcb230f3567f627b94dde06", 0x1000}, {&(0x7f00000030c0)="72916b4ebbc5aeac6ec938837720639e7d09318160b269e314030e102684c0856faae9e62114755d302590cce45ee2094cb10f8ed53cf4f5f4e89f6e0eabf7", 0x3f}], 0x3}}], 0x3, 0x1) lseek(r7, 0x8, 0x2) 14:04:21 executing program 1 (fault-call:9 fault-nth:62): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 306.378070][T32004] unix_seqpacket_sendmsg+0xc2/0x100 [ 306.378084][T32004] ? unix_dgram_peer_wake_me+0x310/0x310 [ 306.378097][T32004] ____sys_sendmsg+0x360/0x4d0 [ 306.378138][T32004] ? sendmsg_copy_msghdr+0xc4/0xf0 [ 306.378156][T32004] __sys_sendmsg_sock+0x25/0x30 [ 306.378172][T32004] io_issue_sqe+0x231a/0x6750 [ 306.378190][T32004] ? avc_has_perm+0x59/0x150 14:04:21 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) syz_io_uring_submit(r1, r2, 0x0, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 306.378207][T32004] ? avc_has_perm+0xc8/0x150 [ 306.378223][T32004] ? __fsnotify_parent+0x32f/0x430 [ 306.378311][T32004] ? mntput_no_expire+0x64/0x730 [ 306.378336][T32004] ? terminate_walk+0x261/0x270 [ 306.378388][T32004] ? __perf_event_task_sched_out+0xce0/0xd30 [ 306.378410][T32004] ? __perf_event_task_sched_in+0x471/0x4c0 [ 306.378436][T32004] ? rb_erase+0x623/0x750 14:04:21 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e666174000280010002000e0004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:21 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) r3 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r3, 0x0) ioctl$FS_IOC_FSSETXATTR(r3, 0x401c5820, &(0x7f0000000040)={0x8}) io_uring_enter(r3, 0x1609, 0xa359, 0x0, &(0x7f0000000080)={[0x401]}, 0x8) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) io_uring_enter(r3, 0x4bef, 0x5820, 0x1, &(0x7f0000000140)={[0x3]}, 0x8) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r4, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r5, 0x0) shmat(0x0, &(0x7f0000ffd000/0x2000)=nil, 0x0) preadv(r5, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x10}}], 0x10}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 306.378483][T32004] __io_queue_sqe+0xe9/0x360 [ 306.378499][T32004] io_submit_sqe+0x1887/0x3360 [ 306.378576][T32004] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 306.378593][T32004] io_submit_sqes+0x5bd/0xbd0 [ 306.378619][T32004] __se_sys_io_uring_enter+0x1e1/0xa80 [ 306.378637][T32004] ? fput+0x2d/0x130 [ 306.378652][T32004] __x64_sys_io_uring_enter+0x74/0x80 [ 306.378687][T32004] do_syscall_64+0x4a/0x90 [ 306.378710][T32004] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 306.378785][T32004] RIP: 0033:0x4665d9 [ 306.378796][T32004] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 306.378809][T32004] RSP: 002b:00007fa426633188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 306.378823][T32004] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 306.378832][T32004] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 306.378841][T32004] RBP: 00007fa4266331d0 R08: 0000000000000000 R09: 0000000000000000 [ 306.378850][T32004] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 306.378860][T32004] R13: 00007fffc1f3ec1f R14: 00007fa426633300 R15: 0000000000022000 [ 306.529655][T32022] loop3: detected capacity change from 0 to 270 [ 306.534221][T32022] FAT-fs (loop3): bogus number of directory entries (3329) [ 306.534239][T32022] FAT-fs (loop3): Can't find a valid FAT filesystem [ 306.616828][T32036] FAULT_INJECTION: forcing a failure. [ 306.616828][T32036] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 306.616854][T32036] CPU: 1 PID: 32036 Comm: syz-executor.1 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 306.616873][T32036] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 306.616882][T32036] Call Trace: [ 306.616889][T32036] dump_stack+0x137/0x19d [ 306.616947][T32036] should_fail+0x23c/0x250 [ 306.616967][T32036] should_fail_usercopy+0x16/0x20 [ 306.616988][T32036] _copy_from_user+0x1c/0xd0 [ 306.617005][T32036] __copy_msghdr_from_user+0x44/0x350 [ 306.617021][T32036] ? sock_kfree_s+0x24/0x40 [ 306.617109][T32036] ? ____sys_sendmsg+0x421/0x4d0 [ 306.617122][T32036] sendmsg_copy_msghdr+0x4f/0xf0 [ 306.617136][T32036] io_issue_sqe+0x250b/0x6750 [ 306.617214][T32036] ? __list_del_entry_valid+0x54/0xc0 [ 306.617229][T32036] ? rmqueue_pcplist+0x152/0x190 [ 306.617243][T32036] ? _find_next_bit+0x188/0x190 [ 306.617367][T32036] ? pcpu_block_refresh_hint+0x18a/0x1a0 [ 306.617401][T32036] ? pcpu_block_update_hint_alloc+0x230/0x720 [ 306.617419][T32036] ? kmem_cache_alloc+0x201/0x2f0 [ 306.617439][T32036] ? xas_create+0x96b/0xb30 [ 306.617462][T32036] ? xas_create+0xae3/0xb30 [ 306.617478][T32036] ? fget_many+0x178/0x1a0 [ 306.617517][T32036] __io_queue_sqe+0xe9/0x360 [ 306.617534][T32036] io_submit_sqe+0x1887/0x3360 [ 306.617617][T32036] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 306.617704][T32036] io_submit_sqes+0x5bd/0xbd0 [ 306.617719][T32036] __se_sys_io_uring_enter+0x1e1/0xa80 [ 306.617812][T32036] ? fput+0x2d/0x130 [ 306.617827][T32036] __x64_sys_io_uring_enter+0x74/0x80 [ 306.617852][T32036] do_syscall_64+0x4a/0x90 [ 306.617951][T32036] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 306.617975][T32036] RIP: 0033:0x4665d9 [ 306.617986][T32036] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 306.618000][T32036] RSP: 002b:00007fa426612188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 306.618019][T32036] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665d9 [ 306.618032][T32036] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 306.618045][T32036] RBP: 00007fa4266121d0 R08: 0000000000000000 R09: 0000000000000000 [ 306.618057][T32036] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 14:04:21 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0xf5ffffff) 14:04:21 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) syz_io_uring_submit(r1, r2, 0x0, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:21 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e666174000280010002010e0004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:21 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x1402, 0x0, 0x0) 14:04:21 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r5 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x40000, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f000076d000/0x4000)=nil, 0x4000, 0x4, 0x8010, r5, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r6 = openat$full(0xffffffffffffff9c, &(0x7f0000000140), 0x40, 0x0) sendmmsg$unix(r6, &(0x7f0000000640), 0x0, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:21 executing program 1 (fault-call:9 fault-nth:63): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 306.618070][T32036] R13: 00007fffc1f3ec1f R14: 00007fa426612300 R15: 0000000000022000 [ 306.637165][T32042] loop3: detected capacity change from 0 to 270 [ 307.061150][T32057] loop3: detected capacity change from 0 to 270 14:04:21 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 307.093145][T32057] FAT-fs (loop3): bogus number of directory entries (3585) [ 307.100582][T32057] FAT-fs (loop3): Can't find a valid FAT filesystem [ 307.124137][T32073] FAULT_INJECTION: forcing a failure. [ 307.124137][T32073] name failslab, interval 1, probability 0, space 0, times 0 14:04:21 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0xfffffdef) 14:04:21 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x2000, 0x0, 0x0) 14:04:21 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x10}}], 0x10}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) io_uring_enter(r4, 0x32ac, 0x4656, 0x0, &(0x7f0000000080)={[0x8]}, 0x8) [ 307.137014][T32073] CPU: 1 PID: 32073 Comm: syz-executor.1 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 307.147203][T32073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 307.157490][T32073] Call Trace: [ 307.160844][T32073] dump_stack+0x137/0x19d [ 307.165201][T32073] should_fail+0x23c/0x250 [ 307.169640][T32073] __should_failslab+0x81/0x90 [ 307.174558][T32073] should_failslab+0x5/0x20 [ 307.179082][T32073] kmem_cache_alloc_node_trace+0x58/0x2e0 [ 307.184814][T32073] ? __kmalloc_node_track_caller+0x30/0x40 14:04:22 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 307.190634][T32073] ? kmem_cache_alloc_node+0x1da/0x2b0 [ 307.196202][T32073] __kmalloc_node_track_caller+0x30/0x40 [ 307.201911][T32073] ? alloc_skb_with_frags+0x90/0x390 [ 307.207280][T32073] __alloc_skb+0x187/0x420 [ 307.211808][T32073] alloc_skb_with_frags+0x90/0x390 [ 307.216977][T32073] ? kmem_cache_alloc_trace+0x215/0x310 [ 307.222787][T32073] ? __scm_send+0x3d5/0xa40 [ 307.227304][T32073] sock_alloc_send_pskb+0x436/0x4e0 [ 307.232525][T32073] unix_dgram_sendmsg+0x478/0x1610 [ 307.237655][T32073] ? sock_kmalloc+0x77/0xb0 14:04:22 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:22 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000240)={0x0, 0x2, 0x0, 0x2}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r5 = socket$inet(0x2, 0x1, 0x0) setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000000)=[{0x6}]}, 0x10) getsockopt$sock_buf(r5, 0x1, 0x1a, &(0x7f0000000100)=""/206, &(0x7f0000000200)=0xce) mmap(&(0x7f00006ee000/0x1000)=nil, 0x1000, 0x8, 0x110, r5, 0xe8fa5000) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) ioctl$FIONCLEX(r0, 0x5450) ioctl$FS_IOC_FSGETXATTR(r3, 0x801c581f, &(0x7f0000000080)={0x44, 0x9, 0x1, 0x4}) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x10}}], 0x10}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) sendmsg$inet(r5, &(0x7f0000000440)={&(0x7f00000002c0)={0x2, 0x4e21, @local}, 0x10, &(0x7f0000000400)=[{&(0x7f0000000300)="793ca83fc787", 0x6}, {&(0x7f0000000340)="0821d17bb74a27f5c12c8f19649467de448767f28e9d89d35abdfaf33d7d282c3259dc741ccc311e20d96189cf797d189e0fc49cb5c89aa276250d8aab2982ef575d1429e7bcc1f82156284ed6a9d30d09381dec57af7cf8d6765982d8286987e8383ec080f1e61f9c529862fcb3f04025eedfd5201834a2c5c6cb678a4279caeac7d552be39314aa98445d38402426e9ba25932e39ccb978c", 0x99}, {&(0x7f00000004c0)="80ad7d7e063676e0963edc42cc812922362939cf207a24bbc9dd6f912d5c1ed4df4e59c11d77a2456a1bd01ed45d86c987b53663d1701d4b93865688a304c6e8e89b676aee292cc092b7fe94afbfd6e12164d19faae3aec27fefdf9d722a600b26e200d057e9737c3a718a053728087483fb09bf718efab534eb1289ac260a06999f85b545f678fc646dabdad5b89cd1237439e9dea851771959031531358df742e4aa158e127ac1a722b576afff257929e689e1dfc26f54b77f28e18a68501bca9fb8610d9aaff038c5f64162eb2433768107eacfb11fd994e0bd97dd3dd2e0cc396dbc1bc62c257cd459cb646691b3c97de190e9bd652d9f5d7a", 0xfb}], 0x3, &(0x7f00000005c0)=[@ip_ttl={{0x14, 0x0, 0x2, 0x100}}, @ip_ttl={{0x14, 0x0, 0x2, 0x5a6}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x92}}], 0x48}, 0x800) 14:04:22 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e666174000280010002000f0004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) [ 307.242210][T32073] ? __kmalloc+0x23d/0x340 [ 307.246714][T32073] unix_seqpacket_sendmsg+0xc2/0x100 [ 307.252195][T32073] ? unix_dgram_peer_wake_me+0x310/0x310 [ 307.252218][T32073] ____sys_sendmsg+0x360/0x4d0 [ 307.252254][T32073] ? sendmsg_copy_msghdr+0xc4/0xf0 [ 307.252268][T32073] __sys_sendmsg_sock+0x25/0x30 14:04:22 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:22 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 307.252310][T32073] io_issue_sqe+0x231a/0x6750 [ 307.252329][T32073] ? avc_has_perm+0x59/0x150 [ 307.252352][T32073] ? avc_has_perm+0xc8/0x150 [ 307.252375][T32073] ? __fsnotify_parent+0x32f/0x430 [ 307.252472][T32073] ? mntput_no_expire+0x64/0x730 14:04:22 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x80010, 0xffffffffffffffff, 0xffff000) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x10}}], 0x10}], 0x1, 0x0) r5 = socket$inet(0x2, 0x1, 0x0) setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000000)=[{0x6}]}, 0x10) getsockopt$sock_buf(r5, 0x1, 0x1a, &(0x7f0000000100)=""/206, &(0x7f0000000200)=0xce) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000000)=[{0x6}]}, 0x10) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000100)=""/206, &(0x7f0000000200)=0xce) getsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000400), &(0x7f00000004c0)=0x4) ioctl$int_in(r5, 0x5452, &(0x7f0000000080)) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) r6 = creat(&(0x7f0000000240)='./file0\x00', 0x4) syz_io_uring_setup(0x1670, &(0x7f0000000280)={0x0, 0x6dfe, 0x4, 0x0, 0x119, 0x0, r6}, &(0x7f00000e6000/0x1000)=nil, &(0x7f000004b000/0x1000)=nil, &(0x7f0000000300), &(0x7f0000000340)) r7 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r7, 0x208200) renameat(r6, &(0x7f0000000380)='./file0\x00', r7, &(0x7f00000003c0)='./file0\x00') [ 307.252510][T32073] ? terminate_walk+0x261/0x270 [ 307.252534][T32073] ? kcsan_setup_watchpoint+0x26e/0x470 [ 307.252557][T32073] __io_queue_sqe+0xe9/0x360 [ 307.252579][T32073] io_submit_sqe+0x1887/0x3360 [ 307.252594][T32073] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 307.252610][T32073] io_submit_sqes+0x5bd/0xbd0 [ 307.252624][T32073] __se_sys_io_uring_enter+0x1e1/0xa80 [ 307.252650][T32073] ? fput+0x2d/0x130 [ 307.252664][T32073] __x64_sys_io_uring_enter+0x74/0x80 [ 307.252763][T32073] do_syscall_64+0x4a/0x90 [ 307.252785][T32073] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 307.252859][T32073] RIP: 0033:0x4665d9 [ 307.252873][T32073] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 307.252887][T32073] RSP: 002b:00007fa426633188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 307.252902][T32073] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 307.252915][T32073] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 14:04:22 executing program 1 (fault-call:9 fault-nth:64): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:22 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:22 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0xfffffe00) [ 307.252929][T32073] RBP: 00007fa4266331d0 R08: 0000000000000000 R09: 0000000000000000 [ 307.252942][T32073] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 307.252955][T32073] R13: 00007fffc1f3ec1f R14: 00007fa426633300 R15: 0000000000022000 [ 307.324589][T32105] loop3: detected capacity change from 0 to 270 14:04:22 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x3e80, 0x0, 0x0) 14:04:22 executing program 2: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x84980) ioctl$SNDRV_TIMER_IOCTL_PAUSE(r0, 0x54a3) r1 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000202000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r4, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x280040, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r5, 0x0) preadv(r5, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="100100000201000000"], 0x10}], 0x1, 0x0) io_uring_enter(r1, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:22 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:22 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000220100004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) [ 307.547554][T32128] FAULT_INJECTION: forcing a failure. [ 307.547554][T32128] name failslab, interval 1, probability 0, space 0, times 0 [ 307.560820][T32128] CPU: 0 PID: 32128 Comm: syz-executor.1 Tainted: G W 5.13.0-rc2-syzkaller #0 14:04:22 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:22 executing program 1 (fault-call:9 fault-nth:65): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 307.560845][T32128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 307.560856][T32128] Call Trace: [ 307.560863][T32128] dump_stack+0x137/0x19d [ 307.560887][T32128] should_fail+0x23c/0x250 14:04:22 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r4, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000000c0)={0xa, &(0x7f0000000240)=[{0x7, 0x0, 0x7, 0xffff}, {0x40, 0x9a, 0x6, 0x400}, {0x7ff, 0x5, 0x0, 0x5}, {0x8, 0x0, 0xb7, 0x10001}, {0x0, 0x1f, 0x2, 0x6}, {0x1, 0x40, 0x6, 0x3ff}, {0x3f, 0x20, 0x1, 0x7fff}, {0x7, 0x1f, 0x4, 0x7}, {0x3, 0x40, 0xca, 0xfffffdc9}, {0x8001, 0x5, 0x8, 0x200}]}, 0x10) r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) openat(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x4040, 0x8) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r5, 0x0) preadv(r5, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(r3, &(0x7f0000000640), 0x0, 0x20008851) r6 = perf_event_open$cgroup(&(0x7f0000000140)={0x4, 0x80, 0x0, 0x9, 0x7, 0x1, 0x0, 0x1, 0x304, 0x4, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1000, 0x2, @perf_config_ext={0x64, 0xbb9}, 0x5000, 0x64b, 0x401, 0x7, 0x168fc1a5, 0x9, 0x94a, 0x0, 0x101, 0x0, 0x3}, r5, 0x1, 0xffffffffffffffff, 0x8) ioctl$LOOP_SET_FD(r5, 0x4c00, r6) listen(r4, 0x6) r7 = fsmount(r5, 0x0, 0x0) ioctl$LOOP_CHANGE_FD(r5, 0x4c06, r7) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 307.560905][T32128] ? scm_fp_dup+0x3a/0x150 [ 307.560924][T32128] __should_failslab+0x81/0x90 [ 307.560946][T32128] should_failslab+0x5/0x20 [ 307.561030][T32128] __kmalloc_track_caller+0x64/0x340 [ 307.561054][T32128] kmemdup+0x21/0x50 [ 307.561071][T32128] scm_fp_dup+0x3a/0x150 [ 307.561090][T32128] unix_attach_fds+0xa5/0x1e0 [ 307.561108][T32128] unix_dgram_sendmsg+0x5cb/0x1610 [ 307.561141][T32128] ? sock_kmalloc+0x77/0xb0 [ 307.561162][T32128] unix_seqpacket_sendmsg+0xc2/0x100 14:04:22 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000200110004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:22 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 307.561180][T32128] ? unix_dgram_peer_wake_me+0x310/0x310 [ 307.561197][T32128] ____sys_sendmsg+0x360/0x4d0 [ 307.561214][T32128] ? sendmsg_copy_msghdr+0xc4/0xf0 [ 307.561230][T32128] __sys_sendmsg_sock+0x25/0x30 [ 307.561243][T32128] io_issue_sqe+0x231a/0x6750 [ 307.561259][T32128] ? avc_has_perm+0x59/0x150 [ 307.561333][T32128] ? avc_has_perm+0xc8/0x150 [ 307.561349][T32128] ? __fsnotify_parent+0x32f/0x430 [ 307.561367][T32128] ? mntput_no_expire+0x64/0x730 14:04:22 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="0000000003000000000000000200000077ae1e5985e537b5842cfa548dc9517f6918da32ee7f8c79e3905dde2588cd6c9c9267cdae8524686c0ed7ad584245b6a3504710ab25f24d5492471e4b0682ddb07f2ee7b95a2ffc4bff6bf74c3342f29b8900f6d2075b9fd71b3ace18555196bbe02ee9"], 0x10}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 307.561465][T32128] ? kcsan_setup_watchpoint+0x26e/0x470 [ 307.561488][T32128] ? terminate_walk+0x261/0x270 [ 307.561508][T32128] ? path_openat+0x19ab/0x20b0 [ 307.561523][T32128] ? fget_many+0x178/0x1a0 14:04:22 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 307.561544][T32128] __io_queue_sqe+0xe9/0x360 [ 307.561562][T32128] io_submit_sqe+0x1887/0x3360 [ 307.561589][T32128] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 307.561612][T32128] io_submit_sqes+0x5bd/0xbd0 [ 307.561631][T32128] __se_sys_io_uring_enter+0x1e1/0xa80 [ 307.561713][T32128] ? fput+0x2d/0x130 [ 307.561731][T32128] __x64_sys_io_uring_enter+0x74/0x80 [ 307.561755][T32128] do_syscall_64+0x4a/0x90 [ 307.561806][T32128] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 307.561831][T32128] RIP: 0033:0x4665d9 [ 307.561848][T32128] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 307.561923][T32128] RSP: 002b:00007fa426633188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 307.561944][T32128] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 307.561958][T32128] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 307.561971][T32128] RBP: 00007fa4266331d0 R08: 0000000000000000 R09: 0000000000000000 [ 307.561984][T32128] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 307.561997][T32128] R13: 00007fffc1f3ec1f R14: 00007fa426633300 R15: 0000000000022000 [ 307.616121][T32144] loop3: detected capacity change from 0 to 270 [ 307.755404][T32162] FAULT_INJECTION: forcing a failure. [ 307.755404][T32162] name failslab, interval 1, probability 0, space 0, times 0 [ 307.755429][T32162] CPU: 0 PID: 32162 Comm: syz-executor.1 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 307.755454][T32162] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 307.755535][T32162] Call Trace: [ 307.755587][T32162] dump_stack+0x137/0x19d [ 307.755612][T32162] should_fail+0x23c/0x250 [ 307.755631][T32162] __should_failslab+0x81/0x90 [ 307.755705][T32162] ? __scm_send+0x3d5/0xa40 [ 307.755725][T32162] should_failslab+0x5/0x20 [ 307.755777][T32162] kmem_cache_alloc_trace+0x49/0x310 [ 307.755799][T32162] __scm_send+0x3d5/0xa40 [ 307.755814][T32162] ? selinux_socket_getpeersec_dgram+0x1de/0x250 [ 307.755833][T32162] unix_dgram_sendmsg+0xc0/0x1610 [ 307.755913][T32162] ? sock_kmalloc+0x77/0xb0 [ 307.755928][T32162] ? selinux_socket_sendmsg+0x7e/0x140 [ 307.755949][T32162] ? __kmalloc+0x23d/0x340 [ 307.755969][T32162] unix_seqpacket_sendmsg+0xc2/0x100 [ 307.755988][T32162] ? unix_dgram_peer_wake_me+0x310/0x310 [ 307.756011][T32162] ____sys_sendmsg+0x360/0x4d0 [ 307.756028][T32162] ? sendmsg_copy_msghdr+0xc4/0xf0 [ 307.756044][T32162] __sys_sendmsg_sock+0x25/0x30 [ 307.756057][T32162] io_issue_sqe+0x231a/0x6750 [ 307.756072][T32162] ? __list_del_entry_valid+0x54/0xc0 [ 307.756092][T32162] ? rmqueue_pcplist+0x152/0x190 [ 307.756111][T32162] ? rmqueue+0x43/0xd00 [ 307.756127][T32162] ? _find_next_bit+0x16a/0x190 [ 307.756160][T32162] ? kmem_cache_alloc+0x201/0x2f0 [ 307.756181][T32162] ? xas_create+0x96b/0xb30 [ 307.756202][T32162] ? xas_create+0xae3/0xb30 [ 307.756222][T32162] ? fget_many+0x178/0x1a0 [ 307.756275][T32162] __io_queue_sqe+0xe9/0x360 [ 307.756288][T32162] io_submit_sqe+0x1887/0x3360 [ 307.756302][T32162] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 307.756318][T32162] io_submit_sqes+0x5bd/0xbd0 [ 307.756405][T32162] __se_sys_io_uring_enter+0x1e1/0xa80 [ 307.756431][T32162] ? fput+0x2d/0x130 [ 307.756448][T32162] __x64_sys_io_uring_enter+0x74/0x80 [ 307.756470][T32162] do_syscall_64+0x4a/0x90 [ 307.756518][T32162] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 307.756536][T32162] RIP: 0033:0x4665d9 [ 307.756546][T32162] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 307.756560][T32162] RSP: 002b:00007fa426612188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 307.756576][T32162] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665d9 [ 307.756589][T32162] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 307.756602][T32162] RBP: 00007fa4266121d0 R08: 0000000000000000 R09: 0000000000000000 [ 307.756614][T32162] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 307.756626][T32162] R13: 00007fffc1f3ec1f R14: 00007fa426612300 R15: 0000000000022000 14:04:23 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0xfffffff5) 14:04:23 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000200120004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:23 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:23 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r4 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x8, 0x2, &(0x7f00000001c0)=[{&(0x7f0000000180)="2ddb845ad6", 0x5, 0x2}, {&(0x7f0000000680)="6eb3cb92a78897127a92365315bbff1809c6695b7b4d9c9c0408e75e70b9c27e49348f389bd9ee5a296cbb3b57e34b47eb25cfeb693851d020fdf16856d1e9ea8a38dfe8ea20bf8cef4cbd060eb1b62fd1c0c776a3dc822c8cf24eb917065cc5f59a0b4dca931bf038ea152d6e46dd58e27610e9adc6888db97c22caae80772cdaabf960afd1dec2ea401c87d955d1588e585c3784ae47ee0a3360fdfef74f840762bfbddcd04f1857fb76b0f11fc5ccaad33e3bcb215fca8522193363795df6e600e4f39fd28c093658a725685736dbb68718592d8f67280436713f3422466e0fd773ec4b29638f45e83fb6b38ca9f709f21908b1e1986ec7323fb382000b7ca3b0ccb8039684cf5f3a4ec84cd6a18c24405f20d338806124712d51d8f96a6a6570831e963519e1bc02fc7a439453c044cca5c3f4087593f18c7cdec401b730bd274e6c472f06dbe94dec49a09c8ffde58a55fecda96cb7d1edd58841f949f894414c94f31b6916089f5b39441853077e8e3ad58ed8d076242f0913610aa214e6e1f2ed6ebbae0305fb092eb0824e8b341be36541ab6fa0f4473fb37c765479ee06067b9109947fa38f605a528cc0a003717b99efca4fdc923a8cd38e16a892384765a50879a68433f230f0e1bcbba3ad8a502c044af77f578aeaef44b35db8b966064741e6ea96255036dd3781558960ab6173e31d30be2e1c037984cbe1fa8ec5d248f1993a68f17bf889d57a14f2085657ba4653b390087a770739eb86d6dace66aa1a63f4647607c505c834e5fe9dc02babff2a6b9a458cb5e0152ed04a9a7d9967205df2cac01820fd2ca6ba6c1ef72d7c47cc8add497e39232e0a82feb0b01cfd8765bce7490841eb44401252bffe9cc7e290b86e1ff0fdccf307979d3c0ec7d5af7d33fae3e06a60f7ad518d3ab6cc5c26c08bcf00f6645f009a6dd8c41403cd8501385eecb14e4d6432a62539b67caa5713352171f2487760af51b63a0fbe452d0bbb88c7a768fa196c6f8a094830126c9107600056bcde7159e8964ea6ea00fee20de1c07311c344150bec10159e8af688d5f4c9854e35d486065cec1f693e44333687baa5ccf5984a978bcdcc009d695164c08b0bae5c023371fbf2ec49f68cd35ceae8b09fdf5f6fc73c5df328933a818cf89be847fa270fa2f5d610ad76d462bab0838443696cbe26d93db4864a49b8cbb9fdffcca2fd37225d1cebb03012cc9cea17974685facf97a63e0fd1f03507c6e058765919e5aeab77c3421c33fdfb7275701b6b406047c8db6ae1d1bbde251024865fbf2f62aedd0eb58823148c2c9b751dec4004fc909752631913d177f2b90a4cc2398f47ad2b3b67864b70c6c12a3ec0cd2b8d90b4b6d04475e54d1dfd81e0b7d0baca05bc80566bfb369fce1a950c5c0a856c61bfe41db1310c2cab6d830129ff268d3a998efaf217912f948b0779832ae0a1c195270acd67b95808930fc9c246795b0c40dcd0d23272091710d597b2bbfc9018bed61e8542194d418452b374d3a0e392bc2880a3633a697a2417b249d1c57e7b7d9803a1388490940521e9cc87fdc8354eb8b49f0ffd78e48421bd34f689a11d122a2bb474a5f783c65ca5648e9f7f7180a57175a5baeb54296b3ce81e7b214ecaac4937eeed1b5e6996b70225fc806f309263590349f118d0f0d13ca75debd51c1bfc06e3056ae11609e4f456106e0f7e8e470380169a3634d902128dad7dd05900ea39044e2e007e2f492ebd991f942852f3de0c4a94ca51f764c02131b277564abb0d38575c5f5ae99602c06a8507cf98a832b4ff922ee4cc6fb2774d8ac0e0bec8b16ec1e843caac786bcca24150134b62198cace663c41bd6702a4192c77ccae5180345de9b1e71d6ed6e9a6de9015425c46f4317304e6613278697e4f89ea9399641ee30f14f19e0379707990581da84220a76c8c3ca8ddb8e997d9612cdda8680a0ac66c94944acc8e3528bd48f0d1c18fe6a32cae0b04555036efeef39bd03649d39f46ce12106243019a331f0c0835ae565c27e1819193c458f693f950acf17e04e92aae48aedd1084a5a23f87a38e7b71317377d00217c3bdc0a3ea625cd57d5704ba1fd1432796ba6932c7bd0c42c56374c2973f4a06599fefa665c04bcd4afc729badb757ec48050936054650043304de489fbcf068343c566159e21fbc245857784e7ee1931ec079438eb1b264efdde88aa6d096c46975932f607e390d7ffd9cae4e5a4d2a72bf5464f48d236e14fa314f8302acde172dbfc2dcd1f0557d09cef85b34f90124e14d17d87999b50277083bbf8c89c0a1838c92f2d8ca8ecdb637f5cd393502207f489d7ef9dacb8f2a9c3779ee0f668c4746a4aabae935f314cacb61d942519f5e700bb18b961669f07b31983936bd8eaae9520c9f461bbdf75f9c89f01e6a13a0ec4b7f849a9de14583216cba1bfe35aaa676d4d232fac8dae97de942365b01cbb4d8be4189b7211c0c5750c3afd51f58df55dd9c508b31a7295b5bf2bf6c5621a6d2af8bf5dbf1ea1e0faaaacb225216b26b07c506ce3499b2ffa93e0c45d93b1d5e5a4e6257bd8dfbbab5eea00a6df69d7ed39d6542a9d2bdf06dab73829dfb6ed5b48fac19c2294a31bdc4a64f3d8dd6c9d9a03e06f39ab036ee2c62d8e4bf8e2cbc57651b95662cad3512301075fd9d4b23c4f4b0a1210b44d68713469ac5989dc7a8fa53499c2c74377a9047a649abb05a2d5b6b0fed145e2e875ce6403315d6c9ed17202a3497dfa1d30bbabb0dadf9f64514fa255d0f8033264ca02e084b417fa4e166b31a838c4557b907f1ed02091917ec9498a7b217c5a786aa335e67ff77b6a3b2d17bf79778fda78691e1aaa8748e77d39ab062ca696135f2d6a98bee51d5c1fed18dcf0adcfd9673c55cb590235c7d73d0db04cc484977dba6f7c8e1e2ab43823f661d2adfbb45cff399df07b0a713dfaec2481b8c090636c4d729653befe02ab61e95553fb7a1cd127d91c4a5f04cf71634b4e7e915a0fe4436c3ec0029a4710bd1d34fe3ee9497053b20d81edc138963fcee7b1c16a55ee0ff312c0cd629e48e89aba2157d4b7cbc3df4f90c00a66a50e64a6ace74951306fabea04d8d9b7055312ca760cb6564140ff5e2b8ba428439e92ce3149ad4309bf8258673800a17713d88bf1cbcf6fe33aa9b3e1a3a23af2ceb1040b58a59e9873a7a7102f3e37bcf34ef2c05c51e02e17a0302ba50eca6d79c376970bb4f36e501fd6c340a94e1c405f1fb03901eb49dbffb888da7f17fe6312a490afb57aa14a1983524bdea5ec9640c71766447bd765d7eadb425961c6d28d3f67d0616578ba8728d494a6e44ebbb2998ef2bde159f942d06f18c7b11d1df79f157ef1407fec94041509bdc4ee134446f82b43803150691dba116e7d90abec18c8df0246dc222898b168133d1176fa79459bc2113458e6e04b96228d3b74c8a194d88ffd9781b13a988b82a68939b17f82f74c3d290ddc488407b848f0b15781ad3d3a44a23922cb24a1dc5d7fa6696520544bb5a2e3943495b6840ab487c726f463ff391c3cc3862d7049d6d4b595f47bb55c2002322fad4ae5e5ee358d3930db362bb5e360740dcefc18116db6f7bd94c8c75fa44930be3b14904ca3ec396251140404cbcd9016b3d7f0ea49a69cd7fa0c403599726bab14d015283067b8bc228fd0e7b0bee4cf65467e8779854c05ce4149ca8493650e71bc11df8f54e85830a151ea4cf1b828eecc38b4cafa0ea56eeee52d954a469739dce0fbd29e5f08ca90a8feefaede88476f4a9274f17e99147d3b02807a12a4a323a50d2a35f7b339d5ff2e5fa7ee3a9f4999cdee25c91c9c0ef56025719efb9a9d5bf40ad5873011dd073181964c9d4b1f4fc8050ee655bf9686aa975547a4b9e6d9739d4d8e1a278ba939c496f55402f754cdf34e42e97dc81bcbfcfc8c544638d7eee5385b42dcc5068c90ae1c3385239ceb424858af3d918c6cf5e2bf9f9873245cb000852807410bd11f26a197f73bb607607c782a2e2184e73f758071b95512e3b9faaaa82fa0aad8a940197bda5307d21c7f5a78197370fefe51ee0f747410ec013cfce3108334b71aa36a284e1a0b2d1fef749892328c9bc64baa40026de33618dc9f9f5424698777aecd98e21882cd911265776e0e0b8063c798bacba1d110650231e56975e2b4bc07a2e7384907f4c9dccf85a5f6b75828a2785d5366fbb6ebe5c4df9a8d4f744dba75b304576149074e1b805b545d3881ebb307aeba9ddf74f127ae34c2dd63ccc0edf90ccc23eae997c7d3b6e99dde91ab7740eb24849041bbefd6c20cc6b24dad3725e0c9de612796b8de3a2802309a6cf6a13b3e6b8d9c99c905ec77d62fa618aee34175d1a4031966a57c53f6aeb4b45b364d7b456a8f27a26c8e2e5aa02403fbaee2022ce6984fef265d8cc1ad0bd9ee6360c0413c5f55b036af4529535f735fbd0b8d857ea2f8fa91abd7e3d8004a62a53cdf67af195851c6ad9636586856625d17f3582dddb4b499ab955a02f9e259e268f840b33449cf88063ff6bc3e4796fe014a284a96b1070027b23f6648221514a349289749b1350027f7e1034ae0ca66298b1bc5b0f98b33cd80bbe4bf9351ae90e55233e86657e51004524de66073fb77f84c11d1f38b3b2b70c45ddedf64901cb2da4d20e14a01a9b618fc8680e6168a85f273b50bd88ce5b76deb24eba8d1c23bbde936afc7c9bb415a83c7e60a41c08a07719c82ef889b73226e84eebd67c91ae96ef191348d30258dbb44a9085d2ea24838b8d1101f34a9f9569cb15742e6baf1111ef491cbeb6419515b270d7387fdab8484b805eec83cb11f361e13f73030e9357e272002d2b7a802ffa2e159e1f2e7c72b92837fe7317e76cde9c81cb32ad71228885ce33a566d0343135e34356fca5d328fc2e9fb763ef50e2c570b7211362987929518835b6a5a0ab24a642eae774886bd49c732b492a74ff420cdd40dc233a24f98df57370733938c2b34c712b2e3464dddc6f41c84b5147f1b3f9c4808b21403d9f4b10e25816481c69dd924a6a32af067f0f8610f409efede397c853bdd597aea721a342cbaa6999fad282385c438512f231d1879db6e7aedb8fc5d6a7b63c331244b79d7ef2e72e7c933ed05d305b965eb77ce041f67bbe9f482b33389f4a8a8d32bfb5c4604d4d6380bc51b18a8d6d3cbf4ee95b4be52c948b1f28b471e4ebdf1669e6b5837e402546d01d4ed4fe4cd9c56c9655cb65ad92fd4265d76efcdfe11ae42d2a379c997ab1fdf10706117afba70fb0378dc3177bff477ac2ab2e3c5712e24ca9d686dea6298f890d822822340ef66346ba56c588743965e91a0d883f75e690cfbfdb25238c12c3ba0e856e94475b1390016ed6f942c07c5e72c16d6e405ead8c3fdab7e1c89c5939e631c0300a7f1756da3799569e702bbf0545ff08ee8d9655920696408c5984aecd7e4adb8f2d518ec4ef7482f937a576d2b8f3740277065603ce27664b1486f3b6feefe5c940fd6b5ce9302047c0d3b26b450ba0fa18fca8a9f4dd274797427e995cc358d8a99e78032aca59973c8ae52c86f9f8e0c4e725c9ac89489d2b96427ca0dd75964880cf046f54ccc6f566fc67e8372fec2e385a906bfb808d11c5f164800ed33baa7986f54d10b7e6510f02e64f2e29a1f894c5fa0e9a5febc9ffb31e2b7d18dade04300bc7b651a93822d0e004284f6f79869340d86c6397a2b5d892324586b29dcdfd9e4c6ce0562983e6328453a239ae2b57d137421a404f664f8", 0x1000, 0x8fb}], 0x80, &(0x7f0000000240)={[{@nr_blocks={'nr_blocks', 0x3d, [0x4d, 0x6d, 0x78, 0x34, 0x30, 0x36, 0x70, 0x38, 0x32, 0x65]}}, {@size={'size', 0x3d, [0x36]}}, {@huge_within_size}, {@huge_within_size}, {@huge_within_size}], [{@seclabel}, {@fsmagic}, {@measure}, {@dont_hash}, {@dont_hash}, {@pcr={'pcr', 0x3d, 0x13}}, {@fowner_gt={'fowner>', 0xffffffffffffffff}}]}) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000380)=@IORING_OP_OPENAT={0x12, 0x4, 0x0, r4, 0x0, &(0x7f0000000340)='./file0\x00', 0x120, 0x20800, 0x12345, {0x0, r5}}, 0x61f) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="10000000000000f70000000001000000"], 0x10}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x5ba5, 0x0, 0x0, 0x0) listxattr(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000400)=""/46, 0x2e) 14:04:23 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x4000, 0x0, 0x0) 14:04:23 executing program 1 (fault-call:9 fault-nth:66): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 307.790241][T32166] loop3: detected capacity change from 0 to 270 [ 307.827059][T32166] FAT-fs (loop3): Directory bread(block 270) failed [ 307.827226][T32166] FAT-fs (loop3): Directory bread(block 271) failed [ 307.827249][T32166] FAT-fs (loop3): Directory bread(block 272) failed [ 307.827265][T32166] FAT-fs (loop3): Directory bread(block 273) failed [ 307.827357][T32166] FAT-fs (loop3): Directory bread(block 274) failed [ 308.441072][T32190] loop3: detected capacity change from 0 to 270 [ 308.469328][T32200] FAULT_INJECTION: forcing a failure. [ 308.469328][T32200] name failslab, interval 1, probability 0, space 0, times 0 [ 308.482278][T32200] CPU: 1 PID: 32200 Comm: syz-executor.1 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 308.486305][T32190] FAT-fs (loop3): Directory bread(block 270) failed [ 308.492435][T32200] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 308.499088][T32190] FAT-fs (loop3): Directory bread(block 271) failed [ 308.509059][T32200] Call Trace: [ 308.509068][T32200] dump_stack+0x137/0x19d [ 308.517126][T32190] FAT-fs (loop3): Directory bread(block 272) failed [ 308.518925][T32200] should_fail+0x23c/0x250 [ 308.523360][T32190] FAT-fs (loop3): Directory bread(block 273) failed [ 308.529927][T32200] ? sock_kmalloc+0x77/0xb0 [ 308.529953][T32200] __should_failslab+0x81/0x90 [ 308.535712][T32190] FAT-fs (loop3): Directory bread(block 274) failed [ 308.541090][T32200] should_failslab+0x5/0x20 [ 308.545648][T32190] FAT-fs (loop3): Directory bread(block 275) failed [ 308.550352][T32200] __kmalloc+0x66/0x340 [ 308.558179][T32190] FAT-fs (loop3): Directory bread(block 276) failed [ 308.561511][T32200] sock_kmalloc+0x77/0xb0 [ 308.568755][T32190] FAT-fs (loop3): Directory bread(block 277) failed 14:04:23 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:23 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000200180004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:23 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x4200, 0x0, 0x0) [ 308.572302][T32200] ____sys_sendmsg+0x107/0x4d0 [ 308.579642][T32190] FAT-fs (loop3): Directory bread(block 278) failed [ 308.583401][T32200] ? sendmsg_copy_msghdr+0xc4/0xf0 [ 308.590472][T32190] FAT-fs (loop3): Directory bread(block 279) failed [ 308.594726][T32200] __sys_sendmsg_sock+0x25/0x30 [ 308.618000][T32200] io_issue_sqe+0x231a/0x6750 [ 308.623237][T32200] ? avc_has_perm+0x59/0x150 [ 308.627826][T32200] ? avc_has_perm+0xc8/0x150 [ 308.632593][T32200] ? __fsnotify_parent+0x32f/0x430 14:04:23 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x10, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 308.637806][T32200] ? mntput_no_expire+0x64/0x730 [ 308.642771][T32200] ? terminate_walk+0x261/0x270 [ 308.647673][T32200] ? path_openat+0x19ab/0x20b0 [ 308.647714][T32200] ? fget_many+0x178/0x1a0 [ 308.647737][T32200] __io_queue_sqe+0xe9/0x360 [ 308.647756][T32200] io_submit_sqe+0x1887/0x3360 [ 308.647770][T32200] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 308.647792][T32200] io_submit_sqes+0x5bd/0xbd0 [ 308.647808][T32200] __se_sys_io_uring_enter+0x1e1/0xa80 14:04:23 executing program 1 (fault-call:9 fault-nth:67): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:23 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x10, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 308.647842][T32200] ? fput+0x2d/0x130 [ 308.647859][T32200] __x64_sys_io_uring_enter+0x74/0x80 [ 308.647884][T32200] do_syscall_64+0x4a/0x90 [ 308.647904][T32200] entry_SYSCALL_64_after_hwframe+0x44/0xae 14:04:23 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x10, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 308.647924][T32200] RIP: 0033:0x4665d9 [ 308.647935][T32200] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 308.648015][T32200] RSP: 002b:00007fa426633188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 308.648035][T32200] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 308.648046][T32200] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 308.648056][T32200] RBP: 00007fa4266331d0 R08: 0000000000000000 R09: 0000000000000000 [ 308.648066][T32200] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 308.648075][T32200] R13: 00007fffc1f3ec1f R14: 00007fa426633300 R15: 0000000000022000 [ 308.656024][T32198] loop2: detected capacity change from 0 to 12 [ 308.656798][T32198] tmpfs: Bad value for 'nr_blocks' [ 308.750316][T32224] loop3: detected capacity change from 0 to 270 [ 308.793289][T32224] FAT-fs (loop3): Directory bread(block 270) failed [ 308.793306][T32224] FAT-fs (loop3): Directory bread(block 271) failed [ 308.793324][T32224] FAT-fs (loop3): Directory bread(block 272) failed [ 308.793338][T32224] FAT-fs (loop3): Directory bread(block 273) failed [ 308.793395][T32224] FAT-fs (loop3): Directory bread(block 274) failed [ 308.793412][T32224] FAT-fs (loop3): Directory bread(block 275) failed [ 308.793426][T32224] FAT-fs (loop3): Directory bread(block 276) failed [ 308.793444][T32224] FAT-fs (loop3): Directory bread(block 277) failed [ 308.793462][T32224] FAT-fs (loop3): Directory bread(block 278) failed [ 308.793478][T32224] FAT-fs (loop3): Directory bread(block 279) failed [ 308.814783][T32234] FAULT_INJECTION: forcing a failure. [ 308.814783][T32234] name failslab, interval 1, probability 0, space 0, times 0 14:04:23 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x2000000000000) 14:04:23 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) r3 = mmap$IORING_OFF_SQES(&(0x7f0000bfd000/0x400000)=nil, 0x400000, 0x1, 0x80010, r0, 0x10000000) syz_io_uring_submit(r1, r3, &(0x7f0000000300)=@IORING_OP_WRITE={0x17, 0x3, 0x0, @fd_index=0x1, 0x0, &(0x7f0000000240)="846201ee481466b876db38bb2e0de766c34eed33d95678a4b6e958c632a8f146cf65323b8df59adfc539f30f799751a23a37642dafe3ee3c21f47e5eb215972049e8c57ddff2d4f108a5c6cb25fb12d8d445f30510556fb12756f80ec038097f71308b3f298b2eed0065cba1be4506fbe047f088b7c0edea4d4455f0ad466bd42aaefbd7fed5a26d925d721f346bfdfc7b5389f0b517e202cfadcb0e0f3a259cc4b9", 0xa2, 0x12, 0x1}, 0x6) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r4, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendmsg$FOU_CMD_ADD(r5, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2400600}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x34, 0x0, 0x200, 0x70bd2c, 0x25dfdbff, {}, [@FOU_ATTR_TYPE={0x5, 0x4, 0x1}, @FOU_ATTR_LOCAL_V4={0x8, 0x6, @loopback}, @FOU_ATTR_IPPROTO={0x5, 0x3, 0x33}, @FOU_ATTR_IPPROTO={0x5, 0x3, 0x6}]}, 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x80) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r5, 0x0) preadv(r5, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="1000000000000000e7ffffffffffffff93ba8c114d7c00a57ab462489ff71b60"], 0x10}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:23 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000200190004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:23 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, 0xffffffffffffffff, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 308.939182][T32234] CPU: 0 PID: 32234 Comm: syz-executor.1 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 308.939204][T32234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 14:04:23 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, 0xffffffffffffffff, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:23 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) io_uring_enter(r0, 0xc74, 0x97ac, 0x3, &(0x7f00000004c0)={[0x5]}, 0x8) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) preadv(r3, &(0x7f0000000400)=[{&(0x7f0000000140)=""/163, 0xa3}, {&(0x7f0000000240)=""/237, 0xed}, {&(0x7f0000000340)=""/139, 0x8b}, {&(0x7f0000000080)=""/10, 0xa}], 0x4, 0x10000, 0x207) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x10}}], 0x10}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 308.939226][T32234] Call Trace: [ 308.939232][T32234] dump_stack+0x137/0x19d [ 308.939319][T32234] should_fail+0x23c/0x250 [ 308.939339][T32234] ? sock_kmalloc+0x77/0xb0 [ 308.939382][T32234] __should_failslab+0x81/0x90 [ 308.939430][T32234] should_failslab+0x5/0x20 [ 308.939456][T32234] __kmalloc+0x66/0x340 14:04:23 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="10000000000000000100000001000000d978ea9c636e524fdcea6155d6da42441c5aac5879ca4a38746cad30b045b45401aed26e4f9767c1326bec9582ac8d5e14acdb205e83079be3ae0034c53e58286ea7a55134fcd57277af65adaa7a389c3162a179fb0c8eb37854722d4c12c6ef05573544794bbbe2c6ccd7b5248b509a442f28f92768ec77fe5599c6d0a8c26e93dce2dbe2596e803f6f3a2f2a395f03d9f8e190f9b83618de4bbf96b4ea8e671441f33972b73c1a8af2f9ac038cedfb6674044e63cd"], 0x10}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 308.939477][T32234] sock_kmalloc+0x77/0xb0 [ 308.939523][T32234] ____sys_sendmsg+0x107/0x4d0 [ 308.939536][T32234] ? sendmsg_copy_msghdr+0xc4/0xf0 [ 308.939596][T32234] __sys_sendmsg_sock+0x25/0x30 [ 308.939610][T32234] io_issue_sqe+0x231a/0x6750 [ 308.939625][T32234] ? __list_del_entry_valid+0x54/0xc0 [ 308.939697][T32234] ? rmqueue_pcplist+0x152/0x190 [ 308.939714][T32234] ? rmqueue+0x43/0xd00 [ 308.939726][T32234] ? _find_next_bit+0x16a/0x190 [ 308.939745][T32234] ? kmem_cache_alloc+0x201/0x2f0 [ 308.939851][T32234] ? xas_create+0x96b/0xb30 [ 308.939872][T32234] ? xas_create+0xae3/0xb30 [ 308.939893][T32234] ? fget_many+0x178/0x1a0 [ 308.939914][T32234] __io_queue_sqe+0xe9/0x360 [ 308.939931][T32234] io_submit_sqe+0x1887/0x3360 [ 308.939950][T32234] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 308.940064][T32234] io_submit_sqes+0x5bd/0xbd0 [ 308.940101][T32234] __se_sys_io_uring_enter+0x1e1/0xa80 [ 308.940127][T32234] ? fput+0x2d/0x130 [ 308.940144][T32234] __x64_sys_io_uring_enter+0x74/0x80 [ 308.940166][T32234] do_syscall_64+0x4a/0x90 [ 308.940256][T32234] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 308.940281][T32234] RIP: 0033:0x4665d9 [ 308.940292][T32234] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 308.940306][T32234] RSP: 002b:00007fa426612188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 308.940327][T32234] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665d9 14:04:24 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x803e, 0x0, 0x0) 14:04:24 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, 0xffffffffffffffff, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:24 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$inet_icmp(0x2, 0x2, 0x1) preadv(r4, &(0x7f0000000180)=[{&(0x7f0000000240)=""/215, 0xd7}, {&(0x7f0000000080)=""/38, 0x26}, {&(0x7f0000000140)=""/58, 0x3a}], 0x3, 0x4, 0x3ff) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r5, 0x0) preadv(r5, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x10}}], 0x10}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:24 executing program 1 (fault-call:9 fault-nth:68): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 308.940340][T32234] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 308.940431][T32234] RBP: 00007fa4266121d0 R08: 0000000000000000 R09: 0000000000000000 [ 308.940444][T32234] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 308.940456][T32234] R13: 00007fffc1f3ec1f R14: 00007fa426612300 R15: 0000000000022000 [ 309.020681][T32250] loop3: detected capacity change from 0 to 270 [ 309.154253][T32250] FAT-fs (loop3): Directory bread(block 270) failed 14:04:24 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000200200004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) [ 309.253708][T32250] FAT-fs (loop3): Directory bread(block 271) failed [ 309.260612][T32250] FAT-fs (loop3): Directory bread(block 272) failed [ 309.260630][T32250] FAT-fs (loop3): Directory bread(block 273) failed [ 309.260650][T32250] FAT-fs (loop3): Directory bread(block 274) failed [ 309.260714][T32250] FAT-fs (loop3): Directory bread(block 275) failed [ 309.260727][T32250] FAT-fs (loop3): Directory bread(block 276) failed [ 309.260739][T32250] FAT-fs (loop3): Directory bread(block 277) failed [ 309.260751][T32250] FAT-fs (loop3): Directory bread(block 278) failed [ 309.260765][T32250] FAT-fs (loop3): Directory bread(block 279) failed [ 309.351879][T32286] FAULT_INJECTION: forcing a failure. [ 309.351879][T32286] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 309.351905][T32286] CPU: 0 PID: 32286 Comm: syz-executor.1 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 309.351927][T32286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 309.351936][T32286] Call Trace: [ 309.351943][T32286] dump_stack+0x137/0x19d [ 309.351962][T32286] should_fail+0x23c/0x250 14:04:24 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x4000000000000) 14:04:24 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:24 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) io_uring_enter(0xffffffffffffffff, 0x515c, 0x420a, 0x3, &(0x7f0000000080)={[0xfffffffffffffffd]}, 0x8) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r5, 0x208200) io_uring_enter(r5, 0x12b8, 0xe81d, 0x1, &(0x7f00000000c0), 0x8) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="100000000000000001000000010000003f714320b8a630783bca39d4c7a50d6ca2852bca63f492671db9a82714f392ff97dc2550532357917b39b6a0384e88af31bbe9d243041fab733c7e43d1df6b3d3a4e33c7e7c67ec82fb9636ca350c231907b9a36a05a7e11999fbc2c97c5b1a5312d19774d6c1c59f7e74a4bf559b2bacfa74d59b99a87a53031c7273be6d4b69ce12e942531d3ba5195af599c62b504d2b4da529c8a35269126b6f17ad28c2261f207d78d9bda5cd4ea7479a823b785c0a5706389ade9f193941c04292f79fb502c9c2d192dc1b710fba256fd709901a28e7b23b491f8d5256674ce28a0899430a14c60f2"], 0x10}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 309.351978][T32286] should_fail_usercopy+0x16/0x20 [ 309.352047][T32286] _copy_from_user+0x1c/0xd0 [ 309.352143][T32286] ____sys_sendmsg+0x1a3/0x4d0 [ 309.352160][T32286] ? sendmsg_copy_msghdr+0xc4/0xf0 [ 309.352228][T32286] __sys_sendmsg_sock+0x25/0x30 [ 309.352245][T32286] io_issue_sqe+0x231a/0x6750 [ 309.352263][T32286] ? __list_del_entry_valid+0x54/0xc0 [ 309.352282][T32286] ? rmqueue_pcplist+0x152/0x190 [ 309.352298][T32286] ? _find_next_bit+0x188/0x190 [ 309.352312][T32286] ? pcpu_block_refresh_hint+0x18a/0x1a0 14:04:24 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0xfffffffe, 0x8, 0x0, 0x3}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00007d4000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = syz_open_dev$ttys(0xc, 0x2, 0x0) sendfile(r3, r4, &(0x7f0000000080)=0x1, 0x3ff) write$binfmt_elf64(r3, &(0x7f0000000680)={{0x7f, 0x45, 0x4c, 0x46, 0x23, 0x1, 0x40, 0xff, 0x3, 0x3, 0x3, 0x3, 0x2e5, 0x40, 0x266, 0xffffffff, 0x1, 0x38, 0x2, 0x5, 0x1, 0xffff}, [{0x1, 0x9, 0x0, 0xef36, 0x7fffffff, 0x7, 0x800, 0x7}], "b340f60eeba400405683f831b446b630150edba0b3f74cf50b37687d794a095e5b143d9afb0fd37594c1420448d9768c4756229d81a0eddcbcbb65d93419e63fb884753cd1de15706a9e92f9c980c0c48d5305524a95077d738b53e1e0845f471a67b4c1c96e75ee96fd721adf8b7d9470bf1b24a7200bfd155e86de795d00e12d9ee3a7f674f02bdff515066bba3b5410b41bdfb4d36fce73082f89ac6a68d36fe93d", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x81b) r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r5, 0x0) syz_io_uring_setup(0x591c, &(0x7f0000000240)={0x0, 0x1563, 0x10, 0x0, 0xe6, 0x0, r5}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000199000/0x1000)=nil, &(0x7f00000000c0), &(0x7f00000001c0)) preadv(r5, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="100000000000000001000000010000004703a24c7e69be0981d87f57ee91a564d07ed6780334c51ecbfe7598f7ac18860a6a837d89c30d99f970b2790d1d30f769e75df3127b05be644f471abe24071759ad3e6d4ea329f8134fe290ad75e066630f"], 0x10}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff}) ioctl$TIOCGPTLCK(r6, 0x80045439, &(0x7f0000000300)) 14:04:24 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 309.352337][T32286] ? kmem_cache_alloc+0x201/0x2f0 [ 309.352354][T32286] ? xas_create+0x96b/0xb30 [ 309.352375][T32286] ? kcsan_setup_watchpoint+0x26e/0x470 [ 309.352397][T32286] ? xas_create+0xae3/0xb30 [ 309.352444][T32286] __io_queue_sqe+0xe9/0x360 [ 309.352462][T32286] io_submit_sqe+0x1887/0x3360 [ 309.352487][T32286] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 309.352509][T32286] io_submit_sqes+0x5bd/0xbd0 [ 309.352591][T32286] __se_sys_io_uring_enter+0x1e1/0xa80 [ 309.352611][T32286] ? fput+0x2d/0x130 14:04:24 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x3}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="10000000bd0340000100010000000000"], 0x10}], 0x1, 0x0) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) splice(r3, &(0x7f0000000140)=0x6, r5, &(0x7f0000000180)=0xffffffff, 0x20, 0x8) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 309.352624][T32286] __x64_sys_io_uring_enter+0x74/0x80 [ 309.352645][T32286] do_syscall_64+0x4a/0x90 [ 309.352723][T32286] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 309.352745][T32286] RIP: 0033:0x4665d9 [ 309.352757][T32286] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 309.352801][T32286] RSP: 002b:00007fa426612188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa 14:04:24 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 309.352841][T32286] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665d9 [ 309.352854][T32286] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 309.352867][T32286] RBP: 00007fa4266121d0 R08: 0000000000000000 R09: 0000000000000000 [ 309.352879][T32286] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 309.352888][T32286] R13: 00007fffc1f3ec1f R14: 00007fa426612300 R15: 0000000000022000 [ 309.354701][T32287] loop3: detected capacity change from 0 to 270 [ 309.398640][T32287] FAT-fs (loop3): Directory bread(block 270) failed [ 309.610376][T32287] FAT-fs (loop3): Directory bread(block 271) failed [ 309.610473][T32287] FAT-fs (loop3): Directory bread(block 272) failed [ 309.610492][T32287] FAT-fs (loop3): Directory bread(block 273) failed [ 309.610507][T32287] FAT-fs (loop3): Directory bread(block 274) failed [ 309.610597][T32287] FAT-fs (loop3): Directory bread(block 275) failed 14:04:24 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0xeb01, 0x0, 0x0) 14:04:24 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, 0x0, 0x0, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:24 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x8010, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000003c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd=r0, 0x4, &(0x7f0000001800)=[{&(0x7f0000000140)=""/172, 0xac}, {&(0x7f0000000080)=""/25, 0x19}, {&(0x7f0000000680)=""/4096, 0x1000}, {&(0x7f0000000240)=""/197, 0xc5}, {&(0x7f0000000340)=""/3, 0x3}, {&(0x7f0000000380)=""/59, 0x3b}, {&(0x7f00000004c0)=""/196, 0xc4}, {&(0x7f0000001680)=""/159, 0x9f}, {&(0x7f0000001740)=""/164, 0xa4}], 0x9, 0x0, 0x1}, 0x94) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r4, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r5, 0x0) preadv(r5, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x10}}], 0x10}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:24 executing program 1 (fault-call:9 fault-nth:69): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:24 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000210200004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:24 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x40030000000000) [ 309.610613][T32287] FAT-fs (loop3): Directory bread(block 276) failed [ 309.610629][T32287] FAT-fs (loop3): Directory bread(block 277) failed [ 309.610643][T32287] FAT-fs (loop3): Directory bread(block 278) failed [ 309.610662][T32287] FAT-fs (loop3): Directory bread(block 279) failed 14:04:24 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, 0x0, 0x0, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 309.722417][T32327] FAULT_INJECTION: forcing a failure. [ 309.722417][T32327] name failslab, interval 1, probability 0, space 0, times 0 [ 309.735120][T32327] CPU: 0 PID: 32327 Comm: syz-executor.1 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 309.745355][T32327] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 309.755461][T32327] Call Trace: [ 309.755469][T32327] dump_stack+0x137/0x19d [ 309.763061][T32327] should_fail+0x23c/0x250 14:04:24 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, 0x0, 0x0, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:24 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x20000, 0x0, 0x0) 14:04:24 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 309.767488][T32327] __should_failslab+0x81/0x90 [ 309.767525][T32327] should_failslab+0x5/0x20 [ 309.767565][T32327] kmem_cache_alloc_node+0x58/0x2b0 [ 309.767586][T32327] ? __alloc_skb+0xed/0x420 [ 309.767609][T32327] __alloc_skb+0xed/0x420 [ 309.767632][T32327] alloc_skb_with_frags+0x90/0x390 [ 309.767649][T32327] ? kmem_cache_alloc_trace+0x215/0x310 [ 309.767706][T32327] ? __scm_send+0x3d5/0xa40 [ 309.767720][T32327] sock_alloc_send_pskb+0x436/0x4e0 [ 309.767742][T32327] unix_dgram_sendmsg+0x478/0x1610 [ 309.767760][T32327] ? sock_kmalloc+0x77/0xb0 14:04:24 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:24 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000f2cea979c49e7836644fa13a75ada302449a334b2210"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 309.767779][T32327] ? __kmalloc+0x23d/0x340 [ 309.767858][T32327] unix_seqpacket_sendmsg+0xc2/0x100 [ 309.767886][T32327] ? unix_dgram_peer_wake_me+0x310/0x310 [ 309.767898][T32327] ____sys_sendmsg+0x360/0x4d0 [ 309.767912][T32327] ? sendmsg_copy_msghdr+0xc4/0xf0 [ 309.767925][T32327] __sys_sendmsg_sock+0x25/0x30 [ 309.767939][T32327] io_issue_sqe+0x231a/0x6750 [ 309.767952][T32327] ? avc_has_perm+0x59/0x150 [ 309.767978][T32327] ? avc_has_perm+0xc8/0x150 [ 309.768074][T32327] ? __fsnotify_parent+0x32f/0x430 14:04:24 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 309.768092][T32327] ? mntput_no_expire+0x64/0x730 [ 309.768111][T32327] ? terminate_walk+0x261/0x270 [ 309.768127][T32327] ? path_openat+0x19ab/0x20b0 [ 309.768140][T32327] ? fget_many+0x178/0x1a0 [ 309.768178][T32327] __io_queue_sqe+0xe9/0x360 [ 309.768192][T32327] io_submit_sqe+0x1887/0x3360 [ 309.768208][T32327] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 309.768228][T32327] io_submit_sqes+0x5bd/0xbd0 [ 309.768246][T32327] __se_sys_io_uring_enter+0x1e1/0xa80 [ 309.768312][T32327] ? fput+0x2d/0x130 [ 309.768328][T32327] __x64_sys_io_uring_enter+0x74/0x80 [ 309.768351][T32327] do_syscall_64+0x4a/0x90 [ 309.768370][T32327] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 309.768392][T32327] RIP: 0033:0x4665d9 [ 309.895578][T32351] loop3: detected capacity change from 0 to 270 [ 309.898826][T32327] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 14:04:24 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 309.898846][T32327] RSP: 002b:00007fa426633188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 309.963729][T32327] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 309.963740][T32327] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 309.963750][T32327] RBP: 00007fa4266331d0 R08: 0000000000000000 R09: 0000000000000000 [ 309.963759][T32327] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 309.963768][T32327] R13: 00007fffc1f3ec1f R14: 00007fa426633300 R15: 0000000000022000 14:04:24 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x40000, 0x0, 0x0) [ 310.039648][T32351] FAT-fs (loop3): Directory bread(block 270) failed [ 310.046277][T32351] FAT-fs (loop3): Directory bread(block 271) failed [ 310.052958][T32351] FAT-fs (loop3): Directory bread(block 272) failed [ 310.064090][T32351] FAT-fs (loop3): Directory bread(block 273) failed [ 310.074653][T32351] FAT-fs (loop3): Directory bread(block 274) failed [ 310.082917][T32351] FAT-fs (loop3): Directory bread(block 275) failed [ 310.089959][T32351] FAT-fs (loop3): Directory bread(block 276) failed [ 310.096794][T32351] FAT-fs (loop3): Directory bread(block 277) failed [ 310.103418][T32351] FAT-fs (loop3): Directory bread(block 278) failed 14:04:24 executing program 1 (fault-call:9 fault-nth:70): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:24 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000200220004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:24 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0xfeffff00000000) 14:04:24 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 310.103437][T32351] FAT-fs (loop3): Directory bread(block 279) failed [ 310.170701][T32377] FAULT_INJECTION: forcing a failure. [ 310.170701][T32377] name failslab, interval 1, probability 0, space 0, times 0 [ 310.183351][T32377] CPU: 1 PID: 32377 Comm: syz-executor.1 Tainted: G W 5.13.0-rc2-syzkaller #0 14:04:25 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f000029b000/0x2000)=nil, &(0x7f0000221000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f00000012c0)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0}}) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x8914, &(0x7f0000000040)='lo\x00\x96o\xd6Q\xb9Y\xa9\xc8J,\x00\xd2\x97\x04\x03\xdc\r') ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ') r7 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NLBL_CIPSOV4_C_REMOVE(r6, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f0000001e40)=ANY=[@ANYRESHEX, @ANYRES16=r7, @ANYBLOB="a5002bbd7000ffdbdfa06b00000c0800021480e1b57c95a5296b00000080000000007ec3127c8201609150ddfd000000", @ANYBLOB="e4b3fcdfaf28d2f54df080980ecba931899b0008000000000000074dae8564120ea7471c8734c4922298574f4a6257e44b155e19c37e446191e681261f836eaf0cef84dce2ee74b3ba7e14261ca313fcce6833276cb1e4ba13668bbfeb3b5024ed222970f9e1ddabb042e3695f67e387c26fa634b4d9bfda45b262ff431c6d56785cf7fed495c7f6bc172da0e3349c47edadc95de0995d0500000049c46e0d364800bdfa1bac1bbd842f1dbd4cf73f2a5311fa106c0c61b59bfa82276f2a1aadff1ad04e31a1ad41059976b940f5452f93e868863e967bd1ffb3e15179e8435815ff0fd89ad8e4342c79b161531cb1265a507536be8db7f3f5f5a9160f73f4e398a6d9124ba0601046b3e86acc21361d878e6571e9e04a45c29f36f02db5053b317c831eed0d97d8669da67e98acecb5cff9b219be9943a3fa223e8a66308c31da0ebaf1f7c9694bcf90738405808086e92012ad5268cecd8a4fcabeaa8a9e3899b8ebd04dee8f6c027b98e8d6ded5680c8f3f304ba1ffba8e13958fa14635aa1f0e148f76c71e5947e2b6a0c3a0c13eb5ea7b1093b689cd698e159504413068d04cb0143f702196774cef3e"], 0x3}, 0x1, 0x0, 0x0, 0x4}, 0x40024) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000001900)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000002c0)={&(0x7f0000001bc0)=ANY=[@ANYBLOB="ba01000015e913e73ab82083271a850455e66e48f8ab6340fbf34259671d74010000000000000021964771a5daf364daf34a7bc1bdf18c4ba98ff8199775863f84c471d71975672ce83820e109d40ac4c9ef4204b10c9511d4cb9a1fdb1d41f552acacdf08752840baf90700000000000000b8c8db05c01d17468f1c5702d54280d0cb1cbe631c4f47acc100a4918dfce089dd08d527ffcb2f6588d51a8e89ad3e61a114bd7bd354865812ad283fc8eee46cb7fd999c5bed57fa62b97c8ce7e87e01d6d8fe54b2269bffb6fd8ffa67c6cdb3674521bb7b878c88a057ed339f9310f7db66cd1e19c9e0a1b4d455511b70647dd7e8142f71bdfc69552f0883880ff0dccd51b95504d22279135b3df122fefee05f71250da37f4f3f14f504e1c46cb6a2cbf6fc70aca58b97e76e8023f99be68e76782d479b9f7d26ddef0e6adae305b9aac8055180ccf555d429e58a7aba6df0291b88237fe41e711942095e8c02e26a22675bcc54300094a1af5ce11ffd1104db9f71eddad711c00c24e90f8f90866300f81ca06d66f4b17915fef24a7a6b8e7c1e80d3b8dffff2c96c77a578875c793445ffb3ec7ca8696d288552e6df1039c48e4ceb77f51b14127fcc001cc3248744d462b43d48cba20ccc3d40be923594a7b65b737fb9983a45164b8f701996c7d1d0886f604d179149c2deb908000000e3006173372860f0c57226fba67d795b32fc319e249dec420eeaa4d27173371e4785831ab0f81e90468a97e6bc1a4755ad23c44c72e7a205f4ec61a6c8e5c2d8636e9c9782", @ANYRES16=r7, @ANYRESDEC=r5], 0x1d4}, 0x1, 0x0, 0x0, 0x24048000}, 0x0) ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000280)={r5, 0x407, 0x401, 0x1}) ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001200)={0x0, 0x0, {0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct, 0x0}}) ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000001600)={0x0, 0x0, {0x2, @usage=0x1ff, r5, 0x8, 0x200, 0xf, 0x2, 0xffffffffffff8001, 0xe0, @struct={0x1}, 0x3, 0x1, [0x8, 0x4, 0x58, 0xffff, 0x6]}, {0x100000000, @usage=0x9ca, 0x0, 0x2, 0xfff, 0xffffffffffffffff, 0x9, 0x80, 0x62, @usage=0x100, 0x100, 0x0, [0x5, 0x6, 0x6, 0x1, 0x8, 0x7946]}, {0x200000007, @struct={0x8, 0x12}, r8, 0x20, 0x2, 0x83, 0x10001, 0x15b575bac000, 0x28, @struct={0x5, 0x1f}, 0x87, 0x8, [0x20, 0x4, 0x7fff, 0x538b7e3d, 0xfffffffffffffffb, 0x80000001]}, {0x401, 0x1f, 0x96}}) ioctl$BTRFS_IOC_RM_DEV_V2(r0, 0x5000943a, &(0x7f0000000680)={{r3}, 0x0, 0x0, @unused=[0x813, 0x1, 0x3, 0x10001], @devid=r5}) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="100532509775010000000000000006b6f43db35ac0aa2199b08402ce9c0000006d4ee18cd1e3badeec624c4d52b72df1742bf1ac8b14f36e08365f99f5ef904ee771f5437239ba7e8a4fc435d939f4cb22f28c3fbc01ebbe41fdf6767c876331eb6a49ea50dacf433d3ce69d01320200d0ce8c5f8ab9"], 0x10, 0x804}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:25 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x1000000, 0x0, 0x0) 14:04:25 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640), 0x0, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 310.193508][T32377] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 310.203558][T32377] Call Trace: [ 310.206836][T32377] dump_stack+0x137/0x19d [ 310.211174][T32377] should_fail+0x23c/0x250 [ 310.215606][T32377] __should_failslab+0x81/0x90 [ 310.220370][T32377] should_failslab+0x5/0x20 [ 310.224894][T32377] kmem_cache_alloc_node_trace+0x58/0x2e0 [ 310.230610][T32377] ? __kmalloc_node_track_caller+0x30/0x40 [ 310.236416][T32377] ? kmem_cache_alloc_node+0x1da/0x2b0 14:04:25 executing program 1 (fault-call:9 fault-nth:71): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 310.241876][T32377] __kmalloc_node_track_caller+0x30/0x40 [ 310.241904][T32377] ? alloc_skb_with_frags+0x90/0x390 [ 310.241920][T32377] __alloc_skb+0x187/0x420 [ 310.241937][T32377] alloc_skb_with_frags+0x90/0x390 14:04:25 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640), 0x0, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 310.241952][T32377] ? kmem_cache_alloc_trace+0x215/0x310 14:04:25 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640), 0x0, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 310.242048][T32377] ? __scm_send+0x3d5/0xa40 14:04:25 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, 0x0, 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:25 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000452000/0x1000)=nil, 0x1000, 0x8, 0x4000010, r0, 0x8000000) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000080)=@IORING_OP_POLL_ADD={0x6, 0x1, 0x0, @fd_index=0x2, 0x0, 0x0, 0x0, {0x9000}, 0x0, {0x0, r4}}, 0x80000000) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r5, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r6, 0x0) preadv(r6, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x10}}], 0x10}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:25 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e666174000280010002d0260004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) [ 310.242069][T32377] sock_alloc_send_pskb+0x436/0x4e0 14:04:25 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="10000000000000000100000001000000faa9a68cd5b659caef3f24fe2f40f20e6651a3f6cb210e23660552106ca37854d8e27238bc6b8544982f7454e192f48d833d7db3888689c72cd77d19d9fafbd1d6cf6d74081c050f46147123386b624febbbfdfeac7c01dabd4b9126ee7d1c5104fbf5b2ab17df6c5c2059a00cec3dc0f7cdbeff5614327568bfc4f226bc5d8300428ac3c10d66cde954092bf81ac9841d735221bc97d44cc3a2085788bd74aa14f7f95365fa4daa7bde03f32892fa48dfdb0c68d316764fd64607b2bb856eb1"], 0x10}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 310.242092][T32377] unix_dgram_sendmsg+0x478/0x1610 [ 310.242108][T32377] ? sock_kmalloc+0x77/0xb0 [ 310.242126][T32377] ? __kmalloc+0x23d/0x340 [ 310.242145][T32377] unix_seqpacket_sendmsg+0xc2/0x100 [ 310.242164][T32377] ? unix_dgram_peer_wake_me+0x310/0x310 [ 310.242182][T32377] ____sys_sendmsg+0x360/0x4d0 [ 310.242200][T32377] ? sendmsg_copy_msghdr+0xc4/0xf0 [ 310.242229][T32377] __sys_sendmsg_sock+0x25/0x30 [ 310.242243][T32377] io_issue_sqe+0x231a/0x6750 [ 310.242257][T32377] ? avc_has_perm+0x59/0x150 [ 310.242272][T32377] ? avc_has_perm+0xc8/0x150 [ 310.242288][T32377] ? __fsnotify_parent+0x32f/0x430 [ 310.242310][T32377] ? mntput_no_expire+0x64/0x730 [ 310.242345][T32377] ? terminate_walk+0x261/0x270 [ 310.242400][T32377] ? path_openat+0x19ab/0x20b0 [ 310.242418][T32377] ? fget_many+0x178/0x1a0 [ 310.242439][T32377] __io_queue_sqe+0xe9/0x360 [ 310.242454][T32377] io_submit_sqe+0x1887/0x3360 [ 310.242468][T32377] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 310.242562][T32377] io_submit_sqes+0x5bd/0xbd0 [ 310.242578][T32377] __se_sys_io_uring_enter+0x1e1/0xa80 [ 310.242603][T32377] ? fput+0x2d/0x130 [ 310.242617][T32377] __x64_sys_io_uring_enter+0x74/0x80 [ 310.242643][T32377] do_syscall_64+0x4a/0x90 [ 310.242665][T32377] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 310.242689][T32377] RIP: 0033:0x4665d9 [ 310.242700][T32377] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 310.242713][T32377] RSP: 002b:00007fa426633188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 310.242728][T32377] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 310.242796][T32377] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 310.242809][T32377] RBP: 00007fa4266331d0 R08: 0000000000000000 R09: 0000000000000000 [ 310.242822][T32377] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 310.242834][T32377] R13: 00007fffc1f3ec1f R14: 00007fa426633300 R15: 0000000000022000 [ 310.248584][T32387] device lo entered promiscuous mode [ 310.249117][T32387] Y­4`Ò˜: renamed from lo [ 310.299063][T32395] loop3: detected capacity change from 0 to 270 [ 310.351494][T32395] FAT-fs (loop3): Directory bread(block 270) failed [ 310.351518][T32395] FAT-fs (loop3): Directory bread(block 271) failed [ 310.351541][T32395] FAT-fs (loop3): Directory bread(block 272) failed [ 310.351557][T32395] FAT-fs (loop3): Directory bread(block 273) failed [ 310.351573][T32395] FAT-fs (loop3): Directory bread(block 274) failed [ 310.351667][T32395] FAT-fs (loop3): Directory bread(block 275) failed [ 310.351681][T32395] FAT-fs (loop3): Directory bread(block 276) failed [ 310.351693][T32395] FAT-fs (loop3): Directory bread(block 277) failed [ 310.351709][T32395] FAT-fs (loop3): Directory bread(block 278) failed [ 310.351725][T32395] FAT-fs (loop3): Directory bread(block 279) failed [ 310.401331][T32418] FAULT_INJECTION: forcing a failure. [ 310.401331][T32418] name failslab, interval 1, probability 0, space 0, times 0 [ 310.401357][T32418] CPU: 0 PID: 32418 Comm: syz-executor.1 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 310.401379][T32418] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 310.401390][T32418] Call Trace: [ 310.401395][T32418] dump_stack+0x137/0x19d [ 310.401418][T32418] should_fail+0x23c/0x250 [ 310.401438][T32418] ? sock_kmalloc+0x77/0xb0 [ 310.401464][T32418] __should_failslab+0x81/0x90 [ 310.401484][T32418] should_failslab+0x5/0x20 [ 310.401504][T32418] __kmalloc+0x66/0x340 [ 310.401519][T32418] sock_kmalloc+0x77/0xb0 [ 310.401545][T32418] ____sys_sendmsg+0x107/0x4d0 [ 310.401563][T32418] ? sendmsg_copy_msghdr+0xc4/0xf0 [ 310.401582][T32418] __sys_sendmsg_sock+0x25/0x30 [ 310.401598][T32418] io_issue_sqe+0x231a/0x6750 [ 310.401612][T32418] ? __list_del_entry_valid+0x54/0xc0 [ 310.401710][T32418] ? rmqueue_pcplist+0x152/0x190 [ 310.401730][T32418] ? _find_next_bit+0x188/0x190 [ 310.401747][T32418] ? pcpu_block_refresh_hint+0x18a/0x1a0 [ 310.401802][T32418] ? pcpu_block_update_hint_alloc+0x230/0x720 [ 310.401821][T32418] ? kmem_cache_alloc+0x201/0x2f0 [ 310.401955][T32418] ? xas_create+0x96b/0xb30 [ 310.402012][T32418] ? xas_create+0xae3/0xb30 [ 310.402063][T32418] ? fget_many+0x178/0x1a0 [ 310.402150][T32418] __io_queue_sqe+0xe9/0x360 [ 310.402190][T32418] io_submit_sqe+0x1887/0x3360 [ 310.402204][T32418] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 310.402221][T32418] io_submit_sqes+0x5bd/0xbd0 [ 310.402235][T32418] __se_sys_io_uring_enter+0x1e1/0xa80 [ 310.402289][T32418] ? fput+0x2d/0x130 [ 310.402327][T32418] __x64_sys_io_uring_enter+0x74/0x80 [ 310.402352][T32418] do_syscall_64+0x4a/0x90 [ 310.402400][T32418] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 310.402420][T32418] RIP: 0033:0x4665d9 [ 310.402430][T32418] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 310.402461][T32418] RSP: 002b:00007fa426612188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 310.402479][T32418] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665d9 [ 310.402493][T32418] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 310.402506][T32418] RBP: 00007fa4266121d0 R08: 0000000000000000 R09: 0000000000000000 [ 310.402518][T32418] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 310.402529][T32418] R13: 00007fffc1f3ec1f R14: 00007fa426612300 R15: 0000000000022000 14:04:25 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x100000000000000) 14:04:25 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, 0x0, 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:25 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, 0xffffffffffffffff, 0x0) connect$unix(r3, &(0x7f0000000540)=@abs={0x1, 0x0, 0x4e21}, 0x6e) r4 = socket$inet(0x2, 0x1, 0x0) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000000)=[{0x6}]}, 0x10) syz_io_uring_setup(0x6ad4, &(0x7f0000000080), &(0x7f0000ee8000/0x3000)=nil, &(0x7f00006d7000/0x1000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) r7 = open(&(0x7f0000000300)='./bus\x00', 0x919e3b260d425c8d, 0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r7, 0x100000000000000, &(0x7f0000000500)=[{&(0x7f0000000180)=""/22, 0x16}], 0x1}, 0x0) syz_io_uring_setup(0x6ad4, &(0x7f0000000080)={0x0, 0x0, 0x2, 0x0, 0x3}, &(0x7f0000ee8000/0x3000)=nil, &(0x7f00006d7000/0x1000)=nil, &(0x7f0000000280)=0x0, &(0x7f00000002c0)=0x0) r10 = open(&(0x7f0000000000)='./bus\x00', 0x103740, 0x0) syz_io_uring_submit(r8, r9, &(0x7f0000000000)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r10, 0x100000000000000, &(0x7f0000000500)=[{&(0x7f0000000180)=""/22, 0x16}], 0x1}, 0x0) syz_io_uring_submit(r5, r9, &(0x7f0000000240)=@IORING_OP_TIMEOUT={0xb, 0x3, 0x0, 0x0, 0x8, &(0x7f0000000080), 0x1, 0x0, 0x1}, 0x0) getsockopt$sock_buf(r4, 0x1, 0x1a, &(0x7f0000000100)=""/206, &(0x7f0000000200)=0xce) write$binfmt_script(r4, &(0x7f0000000340)=ANY=[@ANYBLOB="2321202e2f66696c65302000200020002000200020000a802a49e8f005b9607ad447f445e7ea2cae988f779cc1b6d620e74c6940c10d39f63b7d50bf3d2d5c211fa959f138f8c2844efdc66bafcb371832c1f08b52875207436bbe8f3874a56d11874367f5695ea25dcd3ed46949cb228c512a430c95fefa48459a9fa8f15ae89724a280c360265f33052095cfbd0b"], 0x6c) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="100000000000c1000100000001000500"], 0x10}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 310.442796][T32420] loop3: detected capacity change from 0 to 270 [ 310.461633][T32420] FAT-fs (loop3): Directory bread(block 270) failed [ 310.972952][T32420] FAT-fs (loop3): Directory bread(block 271) failed [ 310.988505][T32420] FAT-fs (loop3): Directory bread(block 272) failed [ 310.995151][T32420] FAT-fs (loop3): Directory bread(block 273) failed [ 311.001738][T32420] FAT-fs (loop3): Directory bread(block 274) failed 14:04:25 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x2000000, 0x0, 0x0) 14:04:25 executing program 1 (fault-call:9 fault-nth:72): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 311.012373][T32420] FAT-fs (loop3): Directory bread(block 275) failed [ 311.046185][T32420] FAT-fs (loop3): Directory bread(block 276) failed [ 311.052800][T32420] FAT-fs (loop3): Directory bread(block 277) failed [ 311.070522][T32446] FAULT_INJECTION: forcing a failure. [ 311.070522][T32446] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 311.083609][T32446] CPU: 0 PID: 32446 Comm: syz-executor.1 Tainted: G W 5.13.0-rc2-syzkaller #0 14:04:25 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f00000003c0)=[{&(0x7f0000000140)=""/92, 0x5c}, {&(0x7f0000000240)=""/121, 0x79}, {&(0x7f00000002c0)=""/114, 0x72}, {&(0x7f0000000340)=""/65, 0x41}, {&(0x7f00000004c0)=""/219, 0xdb}], 0x5, 0x0, 0x9) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x10}}], 0x10}], 0x1, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, &(0x7f0000000040)='lo\x00\x96o\xd6Q\xb9Y\xa9\xc8J,\x00\xd2\x97\x04\x03\xdc\r') ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ') r5 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f0000001700)=ANY=[@ANYRESHEX, @ANYRES16=r5, @ANYBLOB="a5002bbd7000ffdbdfa06b00000c0800021480e1b57c95a5296b00000080000000007ec3127c82016091500900000000", @ANYBLOB="e4b3fcdfaf28d2f54df080980ecba931899b0008000000000000074dae8564120ea7471c8734c4922298574f4a6257e44b155e19c37e446191e681261f836eaf0cef84dce214261ca313fcce6833276cb1e4ba13668bbfeb3b5024ed222970f9e1ddabb042e3695f67e387c26fa634b4d9bfda45b262ff431c6d56785cf7fed495c7f6bc172da0e3349c47edadc95de0995d0500000049c46e0d364800bdfa1bac1bbd842f1dbd4cf73f2a5311fa106c0c61b59bfa82276f2a1aadff1ad04e31a1ad41059976b940f5452f93e868863e967bd1ffb3e15179e8435815ff0fd89ad8e4342c79b161531cb1265a507536be8db7f3f5f5a9160f73f4e398a6d9124ba0601046b3e86acc21361d878e6571e9e04a45c29f36f02db5053b317c831eed0d97d8669da67e98acecb5cff9b219be9943a3fa223e8a66308c31da0ebaf1f7c9694bcf90738405808086e92012ad5268cecd8a4fcabeaa8a9e3899b8ebd04dee8f6c027b98e8d6ded5680c8f3f304ba1ffba8e13958fa14635aa1f0e148f76c71e5947e2b6a0c3a0c13eb5ea7b1093b689cd698e159504413068d04cb0143f702196774cef3e"], 0x3}, 0x1, 0x0, 0x0, 0x4}, 0x40025) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000001900)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000002c0)={&(0x7f0000001bc0)=ANY=[@ANYBLOB="ba01000015e913e73ab82083271a850455e66e48f8ab6340fbf34259671d74010000000000000021964771a5daf364daf34a7bc1bdf18c4ba98ff8199775863f84c471d71975672ce83820e109d40ac4c9ef4204b10c9511d4cb9a1fdb1d41f552acacdf08752840baf90700000000000000b8c8db05c01d17468f1c5702d54280d0cb1cbe631c4f47acc100a4918dfce089dd08d527ffcb2f6588d51a8e89ad3e61a114bd7bd354865812ad283fc8eee46cb7fd999c5bed57fa62b97c8ce7e87e01d6d8fe54b2269bffb6fd8ffa67c6cdb3674521bb7b878c88a057ed339f9310f7db66cd1e19c9e0a1b4d455511b70647dd7e8142f71bdfc69552f0883880ff0dccd51b95504d22279135b3df122fefee05f71250da37f4f3f14f504e1c46cb6a2cbf6fc70aca58b97e76e8023f99be68e76782d479b9f7d26ddef0e6adae305b9aac8055180ccf555d429e58a7aba6df0291b88237fe41e711942095e8c02e26a22675bcc54300094a1af5ce11ffd1104db9f71eddad711c00c24e90f8f90866300f81ca06d66f4b17915fef24a7a6b8e7c1e80d3b8dffff2c96c77a578875c793445ffb3ec7ca8696d288552e6df1039c48e4ceb77f51b14127fcc001cc3248744d462b43d48cba20ccc3d40be923594a7b65b737fb9983a45164b8f701996c7d1d0886f604d179149c2deb908000000e3006173372860f0c57226fba67d795b32fc319e249dec420eeaa4d27173371e4785831ab0f81e90468a97e6bc1a4755ad23c44c72e7a205f4ec61a6c8e5c2d8636e9c9782", @ANYRES16=r5, @ANYRESDEC], 0x1d4}, 0x1, 0x0, 0x0, 0x24048000}, 0x0) ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f0000000340)={0x0, 0x100000000, 0x8000}) ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000280)={0x0, 0x407, 0x401, 0x1}) ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001200)={0x0, 0x0, {0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct}}) ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000001600)={0x0, 0x0, {0x2, @usage=0x1ff, 0x0, 0x8, 0x200, 0xf, 0x2, 0xffffffffffff8001, 0xe0, @struct={0x1}, 0x3, 0x1, [0x8, 0x4, 0x58, 0xffff, 0x6]}, {0x100000000, @usage=0x9ca, r6, 0x2, 0xfff, 0xffffffffffffffff, 0x9, 0x80, 0x62, @usage=0x100, 0x100, 0x0, [0x5, 0x6, 0x6, 0x1, 0x8, 0x7946]}, {0x200000007, @struct={0x8, 0x12}, 0x0, 0x20, 0x2, 0x83, 0x10001, 0x15b575bac000, 0x28, @struct={0x5, 0x1f}, 0x87, 0x8, [0x20, 0x4, 0x7fff, 0x538b7e3d, 0xfffffffffffffffb, 0x80000001]}, {0x401, 0x1f, 0x96}}) ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, &(0x7f0000000680)={0x0, 0x7, 0x0, [0x3f, 0x3d4, 0x6a99, 0xf4, 0x9], [0x9, 0xa, 0x1, 0x80000001, 0x101, 0x11c, 0x40, 0x3f, 0x5, 0x10000, 0x0, 0x0, 0x6, 0x0, 0x0, 0x101, 0x0, 0x10001, 0x3, 0x7, 0x9, 0xe7e4, 0x1, 0x4, 0x4f, 0x692bc8e4, 0x4096, 0x2, 0x1, 0x4, 0x17d, 0x200, 0x6, 0x6, 0x6, 0x100000000, 0x7, 0x1, 0xc719, 0x8, 0x80000001, 0x5951, 0x1, 0xcbc0, 0x7, 0x1ca1, 0x80, 0x2, 0x5f, 0x7ff, 0x9, 0x7ff, 0x10001, 0x2, 0x401, 0x200, 0x100000001, 0x80, 0xb86, 0x3, 0x101, 0xffffffff, 0x7, 0x1, 0x7, 0x20, 0x7fffffff, 0x7, 0x10000, 0x1, 0x5, 0xffffffffffff704f, 0x6, 0x9, 0x0, 0x0, 0x0, 0x4, 0x0, 0xa3, 0x4e2, 0x8, 0xffffffff, 0x58c3cb72, 0xff, 0x40, 0x1000, 0x0, 0x2, 0x0, 0xd, 0x5a, 0x1, 0x7ff, 0xffffffffffffffff, 0x5, 0x6c, 0x3, 0x2, 0x5, 0xffffffffffffff46, 0x40, 0x4, 0x0, 0x8000000000000000, 0x9, 0x9, 0x2951, 0x4, 0x0, 0xf9, 0x100000000, 0x8000, 0x6, 0x401, 0x100, 0x0, 0x1000, 0x0, 0x2, 0xaa7f]}) ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000ac0)={0x9, 0x5, {0x9059, @usage, 0x0, 0x6, 0x6847671f, 0x99, 0x1, 0x3, 0x9, @usage=0xfffffffffffffffa, 0x20, 0x4, [0xcb26, 0x80000001, 0x6, 0x100000001, 0x1f, 0x5]}, {0x7f, @usage, r7, 0x3d0, 0x1, 0x81, 0x0, 0x100, 0x420, @usage=0x7d1, 0x1000, 0x0, [0xa0, 0x401, 0x3ff, 0x2, 0x73, 0xffffffffffffff01]}, {0xfffffffffffff800, @usage=0x4, 0x0, 0x1f, 0x100000001, 0xe9b, 0x7, 0x7, 0x430, @struct={0x4000000, 0xa2}, 0x9, 0x40, [0x100, 0xa4af, 0x100000001, 0x7, 0x10001]}, {0x7, 0x3ff, 0x6}}) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:25 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000466000/0x4000)=nil, 0x4000, 0x2000000, 0x4010, r4, 0x0) syz_io_uring_complete(r5) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x10}}], 0x10}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 311.093762][T32446] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 311.103816][T32446] Call Trace: [ 311.107120][T32446] dump_stack+0x137/0x19d [ 311.111450][T32446] should_fail+0x23c/0x250 [ 311.115948][T32446] should_fail_usercopy+0x16/0x20 [ 311.120967][T32446] _copy_from_user+0x1c/0xd0 [ 311.125650][T32446] __copy_msghdr_from_user+0x44/0x350 [ 311.131108][T32446] ? sock_kfree_s+0x24/0x40 [ 311.135649][T32446] ? ____sys_sendmsg+0x421/0x4d0 [ 311.140610][T32446] sendmsg_copy_msghdr+0x4f/0xf0 14:04:25 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x200000000000000) [ 311.145557][T32446] io_issue_sqe+0x250b/0x6750 [ 311.150236][T32446] ? avc_has_perm+0x59/0x150 [ 311.154818][T32446] ? avc_has_perm+0xc8/0x150 [ 311.159412][T32446] ? __fsnotify_parent+0x32f/0x430 [ 311.164547][T32446] ? mntput_no_expire+0x64/0x730 [ 311.169491][T32446] ? terminate_walk+0x261/0x270 [ 311.174366][T32446] ? path_openat+0x19ab/0x20b0 [ 311.179131][T32446] ? fget_many+0x178/0x1a0 [ 311.183626][T32446] __io_queue_sqe+0xe9/0x360 [ 311.188216][T32446] io_submit_sqe+0x1887/0x3360 14:04:26 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x400000000000000) [ 311.192994][T32446] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 311.193018][T32446] io_submit_sqes+0x5bd/0xbd0 [ 311.193035][T32446] __se_sys_io_uring_enter+0x1e1/0xa80 [ 311.208585][T32420] FAT-fs (loop3): Directory bread(block 278) failed [ 311.208706][T32446] ? fput+0x2d/0x130 [ 311.219149][T32446] __x64_sys_io_uring_enter+0x74/0x80 [ 311.224561][T32446] do_syscall_64+0x4a/0x90 [ 311.228976][T32446] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 311.232263][T32420] FAT-fs (loop3): Directory bread(block 279) failed [ 311.234862][T32446] RIP: 0033:0x4665d9 [ 311.234879][T32446] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 311.265008][T32446] RSP: 002b:00007fa426633188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 311.265030][T32446] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 311.265042][T32446] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 311.265054][T32446] RBP: 00007fa4266331d0 R08: 0000000000000000 R09: 0000000000000000 14:04:26 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e666174000280010002d2260004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:26 executing program 1 (fault-call:9 fault-nth:73): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:26 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, 0x0, 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:26 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x2040000, 0x0, 0x0) 14:04:26 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32, @ANYRES32], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 311.297397][T32446] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 311.297483][T32446] R13: 00007fffc1f3ec1f R14: 00007fa426633300 R15: 0000000000022000 14:04:26 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32, @ANYRES32], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:26 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0xf00000000000000) [ 311.383695][T32480] FAULT_INJECTION: forcing a failure. [ 311.383695][T32480] name failslab, interval 1, probability 0, space 0, times 0 [ 311.396387][T32480] CPU: 0 PID: 32480 Comm: syz-executor.1 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 311.406539][T32480] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 311.416620][T32480] Call Trace: [ 311.419889][T32480] dump_stack+0x137/0x19d [ 311.424241][T32480] should_fail+0x23c/0x250 [ 311.428698][T32480] ? sock_kmalloc+0x77/0xb0 14:04:26 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x80}, &(0x7f0000635000/0x3000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$inet(0x2, 0x1, 0x0) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000000)=[{0x6}]}, 0x10) getsockopt$sock_buf(r4, 0x1, 0x1a, &(0x7f0000000100)=""/206, &(0x7f0000000200)=0xce) r5 = gettid() ptrace$setopts(0x4206, r5, 0x0, 0x5) tkill(r5, 0x36) ptrace$cont(0x18, r5, 0x0, 0x0) ptrace$setregs(0xd, r5, 0x0, &(0x7f0000000080)) fcntl$setownex(r4, 0xf, &(0x7f0000000080)={0x2, r5}) tkill(0x0, 0xb) r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r6, 0x0) preadv(r6, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x10}}], 0x10}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) preadv(r7, &(0x7f0000000380)=[{&(0x7f0000000680)=""/4096, 0x1000}, {&(0x7f0000000280)=""/130, 0x82}, {&(0x7f0000000340)=""/49, 0x31}, {&(0x7f0000001680)=""/4096, 0x1000}], 0x4, 0x0, 0x9) [ 311.433255][T32480] __should_failslab+0x81/0x90 [ 311.438028][T32480] should_failslab+0x5/0x20 [ 311.443135][T32480] __kmalloc+0x66/0x340 [ 311.447295][T32480] sock_kmalloc+0x77/0xb0 [ 311.451622][T32480] ____sys_sendmsg+0x107/0x4d0 [ 311.456386][T32480] ? sendmsg_copy_msghdr+0xc4/0xf0 [ 311.461485][T32480] __sys_sendmsg_sock+0x25/0x30 [ 311.466323][T32480] io_issue_sqe+0x231a/0x6750 [ 311.471042][T32480] ? avc_has_perm+0x59/0x150 [ 311.475620][T32480] ? avc_has_perm+0xc8/0x150 [ 311.480311][T32480] ? __fsnotify_parent+0x32f/0x430 [ 311.485428][T32480] ? mntput_no_expire+0x64/0x730 [ 311.490417][T32480] ? terminate_walk+0x261/0x270 [ 311.495356][T32480] ? path_openat+0x19ab/0x20b0 [ 311.500101][T32480] ? fget_many+0x178/0x1a0 [ 311.504503][T32480] __io_queue_sqe+0xe9/0x360 [ 311.509094][T32480] io_submit_sqe+0x1887/0x3360 [ 311.513849][T32480] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 311.519294][T32480] io_submit_sqes+0x5bd/0xbd0 [ 311.523959][T32480] __se_sys_io_uring_enter+0x1e1/0xa80 [ 311.529486][T32480] ? fput+0x2d/0x130 [ 311.533379][T32480] __x64_sys_io_uring_enter+0x74/0x80 [ 311.538875][T32480] do_syscall_64+0x4a/0x90 [ 311.543294][T32480] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 311.549175][T32480] RIP: 0033:0x4665d9 [ 311.553051][T32480] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 311.572642][T32480] RSP: 002b:00007fa426633188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 311.581038][T32480] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 311.589061][T32480] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 311.597013][T32480] RBP: 00007fa4266331d0 R08: 0000000000000000 R09: 0000000000000000 [ 311.604965][T32480] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 311.612922][T32480] R13: 00007fffc1f3ec1f R14: 00007fa426633300 R15: 0000000000022000 14:04:26 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x6040000, 0x0, 0x0) 14:04:26 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x1100000000000000) 14:04:26 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9", @ANYRES32], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:26 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r4, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r5, 0x0) preadv(r3, &(0x7f0000000240)=[{&(0x7f0000000080)=""/16, 0x10}, {&(0x7f0000000140)=""/139, 0x8b}], 0x2, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x10}}], 0x10}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 311.652500][T32499] loop3: detected capacity change from 0 to 270 [ 311.667010][T32499] FAT-fs (loop3): bogus number of directory entries (9938) [ 311.674229][T32499] FAT-fs (loop3): Can't find a valid FAT filesystem 14:04:26 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e666174000280010002003f0004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:26 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x100000, 0x8, 0x800}, &(0x7f00002c7000/0x2000)=nil, &(0x7f0000610000/0x4000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) socketpair$unix(0x1, 0xa8e5ba7195763f75, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x10}}], 0x10}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:26 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="00000000000000000000000000000000d8ea9616be990cc7a90715760f44860585be99928189d707bf4d4c44403faf5e2e5bad8f39c6fb2eb44df3bdfb4fb833db3e0a6e321a203b4ffa3187ebc5caf9ea8e85ad51a50f520f345caa9de1b0913795862e47f5ce4c253da6c26c2beae1901cc924a468676d8c8d963db10b65ffed22163a63c17e5afbc813b495e1d8cd72dfcb90e93583154162764faaf0613b6fb40859e364d844dd657e232a3d87fcfdf268b7a17a6358ead4ed93076dba6042387c608bc0cbf88e6f3b0469a56c2998dd157091b3ec65c79e2212243f552c117532118a88519e67ebe9"], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:26 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x7000000, 0x0, 0x0) 14:04:26 executing program 1 (fault-call:9 fault-nth:74): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:26 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x2000000000000000) [ 311.806164][T32533] loop3: detected capacity change from 0 to 270 [ 311.817791][T32532] FAULT_INJECTION: forcing a failure. [ 311.817791][T32532] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 311.830867][T32532] CPU: 1 PID: 32532 Comm: syz-executor.1 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 311.841022][T32532] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 311.847615][T32533] FAT-fs (loop3): Directory bread(block 270) failed [ 311.851297][T32532] Call Trace: [ 311.851306][T32532] dump_stack+0x137/0x19d [ 311.857992][T32533] FAT-fs (loop3): Directory bread(block 271) failed [ 311.861140][T32532] should_fail+0x23c/0x250 [ 311.865520][T32533] FAT-fs (loop3): Directory bread(block 272) failed [ 311.872014][T32532] should_fail_usercopy+0x16/0x20 [ 311.876676][T32533] FAT-fs (loop3): Directory bread(block 273) failed [ 311.882982][T32532] _copy_from_user+0x1c/0xd0 [ 311.888049][T32533] FAT-fs (loop3): Directory bread(block 274) failed [ 311.894555][T32532] ____sys_sendmsg+0x1a3/0x4d0 [ 311.894575][T32532] ? sendmsg_copy_msghdr+0xc4/0xf0 [ 311.899205][T32533] FAT-fs (loop3): Directory bread(block 275) failed [ 311.905782][T32532] __sys_sendmsg_sock+0x25/0x30 [ 311.905802][T32532] io_issue_sqe+0x231a/0x6750 [ 311.910678][T32533] FAT-fs (loop3): Directory bread(block 276) failed [ 311.915624][T32532] ? avc_has_perm+0x59/0x150 [ 311.915647][T32532] ? avc_has_perm+0xc8/0x150 [ 311.922259][T32533] FAT-fs (loop3): Directory bread(block 277) failed 14:04:26 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000200400004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) [ 311.927025][T32532] ? __fsnotify_parent+0x32f/0x430 [ 311.927050][T32532] ? mntput_no_expire+0x64/0x730 [ 311.932004][T32533] FAT-fs (loop3): Directory bread(block 278) failed [ 311.938290][T32532] ? terminate_walk+0x261/0x270 [ 311.943557][T32533] FAT-fs (loop3): Directory bread(block 279) failed [ 311.947453][T32532] ? path_openat+0x19ab/0x20b0 [ 311.947473][T32532] ? fget_many+0x178/0x1a0 [ 311.991204][T32532] ? kcsan_setup_watchpoint+0x26e/0x470 [ 311.991232][T32532] __io_queue_sqe+0xe9/0x360 14:04:26 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_setup(0x6ad4, &(0x7f0000000080), &(0x7f0000ee8000/0x3000)=nil, &(0x7f00006d7000/0x1000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) r6 = open(&(0x7f0000000000)='./bus\x00', 0x103042, 0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r6, 0x100000000000000, &(0x7f0000000500)=[{&(0x7f0000000180)=""/22, 0x16}], 0x1}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000080)=@IORING_OP_FALLOCATE={0x11, 0x4, 0x0, @fd_index=0x2, 0x8000, 0x0, 0x7, 0x0, 0x1}, 0x100) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r7 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r7, 0x0) io_uring_enter(r7, 0xf68, 0x327c, 0x0, &(0x7f00000001c0)={[0x4]}, 0x8) preadv(r7, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x10}}], 0x10}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:26 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:26 executing program 1 (fault-call:9 fault-nth:75): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 311.991248][T32532] io_submit_sqe+0x1887/0x3360 [ 311.991269][T32532] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 311.991292][T32532] io_submit_sqes+0x5bd/0xbd0 [ 311.991385][T32532] __se_sys_io_uring_enter+0x1e1/0xa80 [ 311.991412][T32532] ? fput+0x2d/0x130 [ 311.991429][T32532] __x64_sys_io_uring_enter+0x74/0x80 14:04:26 executing program 0: syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r0, r1, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(0xffffffffffffffff, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:26 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$bt_hci(r4, 0x0, 0x1, &(0x7f0000000080)=""/25, &(0x7f0000000140)=0x19) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r5, 0x0) preadv(r5, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r6 = socket$inet(0x2, 0xa, 0x9) syz_io_uring_submit(r1, r2, &(0x7f0000000240)=@IORING_OP_POLL_ADD={0x6, 0x5, 0x0, @fd=r3, 0x0, 0x0, 0x0, {0x4020}}, 0x5) setsockopt$SO_ATTACH_FILTER(r6, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000000)=[{0x6}]}, 0x10) getsockopt$sock_buf(r6, 0x1, 0x1a, &(0x7f0000000100)=""/206, &(0x7f0000000200)=0xce) ioctl$BTRFS_IOC_SCRUB(r6, 0xc400941b, &(0x7f0000000680)={0x0, 0x6, 0x4}) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="100000001300000001cc52719b000000"], 0x10}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 311.991452][T32532] do_syscall_64+0x4a/0x90 [ 311.991524][T32532] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 311.991544][T32532] RIP: 0033:0x4665d9 14:04:26 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000200480004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) [ 311.991556][T32532] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 311.991570][T32532] RSP: 002b:00007fa426633188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 311.991595][T32532] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 14:04:26 executing program 2: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e666174000280010002000d0004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:27 executing program 0: syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r0, r1, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(0xffffffffffffffff, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 311.991605][T32532] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 311.991615][T32532] RBP: 00007fa4266331d0 R08: 0000000000000000 R09: 0000000000000000 [ 311.991625][T32532] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 311.991634][T32532] R13: 00007fffc1f3ec1f R14: 00007fa426633300 R15: 0000000000022000 [ 312.071979][T32557] loop3: detected capacity change from 0 to 270 [ 312.096339][T32557] FAT-fs (loop3): Directory bread(block 270) failed [ 312.096404][T32557] FAT-fs (loop3): Directory bread(block 271) failed [ 312.096424][T32557] FAT-fs (loop3): Directory bread(block 272) failed [ 312.096437][T32557] FAT-fs (loop3): Directory bread(block 273) failed [ 312.096449][T32557] FAT-fs (loop3): Directory bread(block 274) failed [ 312.096464][T32557] FAT-fs (loop3): Directory bread(block 275) failed [ 312.096481][T32557] FAT-fs (loop3): Directory bread(block 276) failed [ 312.096546][T32557] FAT-fs (loop3): Directory bread(block 277) failed [ 312.096562][T32557] FAT-fs (loop3): Directory bread(block 278) failed [ 312.096577][T32557] FAT-fs (loop3): Directory bread(block 279) failed [ 312.176045][T32569] FAULT_INJECTION: forcing a failure. [ 312.176045][T32569] name failslab, interval 1, probability 0, space 0, times 0 [ 312.247122][T32578] loop2: detected capacity change from 0 to 270 [ 312.249716][T32569] CPU: 1 PID: 32569 Comm: syz-executor.1 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 312.318065][T32569] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 312.318080][T32569] Call Trace: [ 312.318087][T32569] dump_stack+0x137/0x19d 14:04:27 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0xf000000, 0x0, 0x0) 14:04:27 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e666174000280010002004c0004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:27 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x8000000000000000) 14:04:27 executing program 0: syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r0, r1, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(0xffffffffffffffff, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:27 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1, 0x0, 0x8b}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x2, 0x0, 0x0, 0x0, 0x23456}, 0x8) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="10000040000500224c100200013ee100"], 0x10}], 0x1, 0x0) socketpair(0x2a, 0x1, 0x7, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendto(r5, &(0x7f0000000180)="e490cc99c1e4e43a21e80f131b641b7bf1fc848cfc12b6e434d139a19fab403a161889e7a9067423dfc3d848a6cb267ff9d53dee3083ad5ad90572b052232fada77519290ee9d26744cebe82a35006c1eef5a0f61fa7", 0x56, 0x100, &(0x7f0000000240)=@ipx={0x4, 0x3, 0x200, "ba88e95c54d4", 0x1f}, 0x80) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 312.335691][T32569] should_fail+0x23c/0x250 [ 312.335714][T32569] ? sock_kmalloc+0x77/0xb0 [ 312.344597][T32569] __should_failslab+0x81/0x90 [ 312.349478][T32569] should_failslab+0x5/0x20 [ 312.354008][T32569] __kmalloc+0x66/0x340 [ 312.358201][T32569] sock_kmalloc+0x77/0xb0 [ 312.362572][T32569] ____sys_sendmsg+0x107/0x4d0 [ 312.367338][T32569] ? sendmsg_copy_msghdr+0xc4/0xf0 [ 312.372448][T32569] __sys_sendmsg_sock+0x25/0x30 [ 312.377290][T32569] io_issue_sqe+0x231a/0x6750 [ 312.382039][T32569] ? __list_del_entry_valid+0x54/0xc0 14:04:27 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x0, 0x0, 0x0, 0x0, 0x0) [ 312.387474][T32569] ? rmqueue_pcplist+0x152/0x190 [ 312.392428][T32569] ? rmqueue+0x43/0xd00 [ 312.396645][T32569] ? _find_next_bit+0x16a/0x190 [ 312.396729][T32569] ? kmem_cache_alloc+0x201/0x2f0 [ 312.396753][T32569] ? xas_create+0x96b/0xb30 [ 312.396775][T32569] ? xas_create+0xae3/0xb30 [ 312.396794][T32569] ? fget_many+0x178/0x1a0 [ 312.396816][T32569] __io_queue_sqe+0xe9/0x360 14:04:27 executing program 1 (fault-call:9 fault-nth:76): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:27 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 14:04:27 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1, 0x0, 0x8b}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x2, 0x0, 0x0, 0x0, 0x23456}, 0x8) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="10000040000500224c100200013ee100"], 0x10}], 0x1, 0x0) socketpair(0x2a, 0x1, 0x7, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendto(r5, &(0x7f0000000180)="e490cc99c1e4e43a21e80f131b641b7bf1fc848cfc12b6e434d139a19fab403a161889e7a9067423dfc3d848a6cb267ff9d53dee3083ad5ad90572b052232fada77519290ee9d26744cebe82a35006c1eef5a0f61fa7", 0x56, 0x100, &(0x7f0000000240)=@ipx={0x4, 0x3, 0x200, "ba88e95c54d4", 0x1f}, 0x80) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 312.396848][T32569] io_submit_sqe+0x1887/0x3360 [ 312.396935][T32569] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 312.396955][T32569] io_submit_sqes+0x5bd/0xbd0 [ 312.396970][T32569] __se_sys_io_uring_enter+0x1e1/0xa80 14:04:27 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x0, 0x0, 0x0, 0x0, 0x0) [ 312.396995][T32569] ? fput+0x2d/0x130 [ 312.397009][T32569] __x64_sys_io_uring_enter+0x74/0x80 [ 312.397028][T32569] do_syscall_64+0x4a/0x90 [ 312.397112][T32569] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 312.397192][T32569] RIP: 0033:0x4665d9 [ 312.397206][T32569] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 14:04:27 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1, 0x0, 0x8b}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x2, 0x0, 0x0, 0x0, 0x23456}, 0x8) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="10000040000500224c100200013ee100"], 0x10}], 0x1, 0x0) socketpair(0x2a, 0x1, 0x7, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendto(r5, &(0x7f0000000180)="e490cc99c1e4e43a21e80f131b641b7bf1fc848cfc12b6e434d139a19fab403a161889e7a9067423dfc3d848a6cb267ff9d53dee3083ad5ad90572b052232fada77519290ee9d26744cebe82a35006c1eef5a0f61fa7", 0x56, 0x100, &(0x7f0000000240)=@ipx={0x4, 0x3, 0x200, "ba88e95c54d4", 0x1f}, 0x80) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:27 executing program 0: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000e01000004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) [ 312.397221][T32569] RSP: 002b:00007fa426612188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 312.397237][T32569] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665d9 [ 312.397249][T32569] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 312.397261][T32569] RBP: 00007fa4266121d0 R08: 0000000000000000 R09: 0000000000000000 [ 312.397271][T32569] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 312.397280][T32569] R13: 00007fffc1f3ec1f R14: 00007fa426612300 R15: 0000000000022000 [ 312.469006][T32603] loop3: detected capacity change from 0 to 270 [ 312.568526][T32603] FAT-fs (loop3): Directory bread(block 270) failed [ 312.568589][T32603] FAT-fs (loop3): Directory bread(block 271) failed [ 312.568609][T32603] FAT-fs (loop3): Directory bread(block 272) failed [ 312.568623][T32603] FAT-fs (loop3): Directory bread(block 273) failed [ 312.568636][T32603] FAT-fs (loop3): Directory bread(block 274) failed [ 312.568650][T32603] FAT-fs (loop3): Directory bread(block 275) failed [ 312.568663][T32603] FAT-fs (loop3): Directory bread(block 276) failed [ 312.568687][T32603] FAT-fs (loop3): Directory bread(block 277) failed [ 312.568749][T32603] FAT-fs (loop3): Directory bread(block 278) failed [ 312.568763][T32603] FAT-fs (loop3): Directory bread(block 279) failed [ 312.580101][T32622] FAULT_INJECTION: forcing a failure. [ 312.580101][T32622] name fail_usercopy, interval 1, probability 0, space 0, times 0 14:04:27 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x14020000, 0x0, 0x0) 14:04:27 executing program 0 (fault-call:8 fault-nth:0): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 312.691106][T32622] CPU: 1 PID: 32622 Comm: syz-executor.1 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 312.691139][T32622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 312.691150][T32622] Call Trace: [ 312.691157][T32622] dump_stack+0x137/0x19d [ 312.718987][T32622] should_fail+0x23c/0x250 [ 312.719010][T32622] should_fail_usercopy+0x16/0x20 [ 312.719059][T32622] _copy_from_user+0x1c/0xd0 [ 312.719084][T32622] ____sys_sendmsg+0x1a3/0x4d0 [ 312.719103][T32622] ? sendmsg_copy_msghdr+0xc4/0xf0 [ 312.719122][T32622] __sys_sendmsg_sock+0x25/0x30 [ 312.719193][T32622] io_issue_sqe+0x231a/0x6750 [ 312.719211][T32622] ? __list_del_entry_valid+0x54/0xc0 [ 312.719244][T32622] ? rmqueue_pcplist+0x152/0x190 [ 312.719263][T32622] ? _find_next_bit+0x188/0x190 [ 312.719347][T32622] ? pcpu_block_refresh_hint+0x18a/0x1a0 [ 312.719370][T32622] ? pcpu_block_update_hint_alloc+0x230/0x720 [ 312.719393][T32622] ? kmem_cache_alloc+0x201/0x2f0 [ 312.719468][T32622] ? xas_create+0x96b/0xb30 [ 312.719551][T32622] ? xas_create+0xae3/0xb30 [ 312.719571][T32622] ? fget_many+0x178/0x1a0 [ 312.719586][T32622] __io_queue_sqe+0xe9/0x360 [ 312.719598][T32622] io_submit_sqe+0x1887/0x3360 [ 312.719612][T32622] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 312.719628][T32622] io_submit_sqes+0x5bd/0xbd0 [ 312.719682][T32622] __se_sys_io_uring_enter+0x1e1/0xa80 [ 312.719708][T32622] ? fput+0x2d/0x130 [ 312.719725][T32622] __x64_sys_io_uring_enter+0x74/0x80 [ 312.719753][T32622] do_syscall_64+0x4a/0x90 [ 312.719769][T32622] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 312.719798][T32622] RIP: 0033:0x4665d9 [ 312.719809][T32622] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 312.719872][T32622] RSP: 002b:00007fa426612188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 312.719888][T32622] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665d9 [ 312.719899][T32622] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 312.719913][T32622] RBP: 00007fa4266121d0 R08: 0000000000000000 R09: 0000000000000000 [ 312.719926][T32622] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 312.719941][T32622] R13: 00007fffc1f3ec1f R14: 00007fa426612300 R15: 0000000000022000 [ 312.751472][T32637] FAULT_INJECTION: forcing a failure. [ 312.751472][T32637] name failslab, interval 1, probability 0, space 0, times 0 [ 312.751495][T32637] CPU: 0 PID: 32637 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 312.751516][T32637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 312.751526][T32637] Call Trace: [ 312.751532][T32637] dump_stack+0x137/0x19d [ 312.751555][T32637] should_fail+0x23c/0x250 [ 312.751573][T32637] __should_failslab+0x81/0x90 [ 312.751614][T32637] should_failslab+0x5/0x20 [ 312.751699][T32637] kmem_cache_alloc_bulk+0x40/0x340 [ 312.751716][T32637] io_submit_sqes+0x4a3/0xbd0 [ 312.751809][T32637] __se_sys_io_uring_enter+0x1e1/0xa80 [ 312.751844][T32637] ? fput+0x2d/0x130 [ 312.751916][T32637] __x64_sys_io_uring_enter+0x74/0x80 [ 312.751974][T32637] do_syscall_64+0x4a/0x90 [ 312.751995][T32637] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 312.752018][T32637] RIP: 0033:0x4665d9 [ 312.752033][T32637] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 312.752049][T32637] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 312.752067][T32637] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 312.752080][T32637] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 312.752092][T32637] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 [ 312.752104][T32637] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 14:04:27 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0xc000000000000000) 14:04:27 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1, 0x0, 0x8b}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x2, 0x0, 0x0, 0x0, 0x23456}, 0x8) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="10000040000500224c100200013ee100"], 0x10}], 0x1, 0x0) socketpair(0x2a, 0x1, 0x7, &(0x7f0000000140)) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:27 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000200680004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:27 executing program 0 (fault-call:8 fault-nth:1): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:27 executing program 1 (fault-call:9 fault-nth:77): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:27 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x20000000, 0x0, 0x0) [ 312.752116][T32637] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 [ 313.132069][T32651] FAULT_INJECTION: forcing a failure. [ 313.132069][T32651] name failslab, interval 1, probability 0, space 0, times 0 [ 313.144729][T32651] CPU: 1 PID: 32651 Comm: syz-executor.1 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 313.154876][T32651] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 313.157335][T32657] FAULT_INJECTION: forcing a failure. [ 313.157335][T32657] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 313.164921][T32651] Call Trace: [ 313.164930][T32651] dump_stack+0x137/0x19d [ 313.164954][T32651] should_fail+0x23c/0x250 [ 313.164970][T32651] __should_failslab+0x81/0x90 [ 313.194798][T32651] should_failslab+0x5/0x20 [ 313.199296][T32651] kmem_cache_alloc_node_trace+0x58/0x2e0 [ 313.205064][T32651] ? __kmalloc_node_track_caller+0x30/0x40 [ 313.210855][T32651] ? kmem_cache_alloc_node+0x1da/0x2b0 [ 313.216324][T32651] __kmalloc_node_track_caller+0x30/0x40 [ 313.221968][T32651] ? alloc_skb_with_frags+0x90/0x390 [ 313.227302][T32651] __alloc_skb+0x187/0x420 [ 313.231720][T32651] alloc_skb_with_frags+0x90/0x390 [ 313.236819][T32651] ? kmem_cache_alloc_trace+0x215/0x310 [ 313.242349][T32651] ? __scm_send+0x3d5/0xa40 [ 313.246944][T32651] sock_alloc_send_pskb+0x436/0x4e0 [ 313.252134][T32651] unix_dgram_sendmsg+0x478/0x1610 [ 313.257227][T32651] ? sock_kmalloc+0x77/0xb0 [ 313.261714][T32651] ? __kmalloc+0x23d/0x340 [ 313.266114][T32651] unix_seqpacket_sendmsg+0xc2/0x100 [ 313.271603][T32651] ? unix_dgram_peer_wake_me+0x310/0x310 [ 313.277282][T32651] ____sys_sendmsg+0x360/0x4d0 [ 313.282030][T32651] ? sendmsg_copy_msghdr+0xc4/0xf0 [ 313.287180][T32651] __sys_sendmsg_sock+0x25/0x30 [ 313.292014][T32651] io_issue_sqe+0x231a/0x6750 [ 313.296751][T32651] ? avc_has_perm+0x59/0x150 [ 313.301325][T32651] ? avc_has_perm+0xc8/0x150 [ 313.305898][T32651] ? __fsnotify_parent+0x32f/0x430 [ 313.311041][T32651] ? mntput_no_expire+0x64/0x730 [ 313.316041][T32651] ? terminate_walk+0x261/0x270 [ 313.320879][T32651] ? path_openat+0x19ab/0x20b0 [ 313.325684][T32651] ? fget_many+0x178/0x1a0 [ 313.330118][T32651] __io_queue_sqe+0xe9/0x360 [ 313.334736][T32651] io_submit_sqe+0x1887/0x3360 [ 313.339864][T32651] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 313.345375][T32651] io_submit_sqes+0x5bd/0xbd0 [ 313.350034][T32651] __se_sys_io_uring_enter+0x1e1/0xa80 [ 313.355681][T32651] ? fput+0x2d/0x130 [ 313.359563][T32651] __x64_sys_io_uring_enter+0x74/0x80 [ 313.364996][T32651] do_syscall_64+0x4a/0x90 [ 313.369400][T32651] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 313.375354][T32651] RIP: 0033:0x4665d9 [ 313.379232][T32651] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 313.398834][T32651] RSP: 002b:00007fa426633188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 313.407241][T32651] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 313.415198][T32651] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 313.423163][T32651] RBP: 00007fa4266331d0 R08: 0000000000000000 R09: 0000000000000000 [ 313.431120][T32651] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 313.439177][T32651] R13: 00007fffc1f3ec1f R14: 00007fa426633300 R15: 0000000000022000 [ 313.447136][T32657] CPU: 0 PID: 32657 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 313.457347][T32657] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 313.467402][T32657] Call Trace: [ 313.467410][T32657] dump_stack+0x137/0x19d [ 313.467430][T32657] should_fail+0x23c/0x250 [ 313.479415][T32657] should_fail_usercopy+0x16/0x20 [ 313.484445][T32657] _copy_from_user+0x1c/0xd0 [ 313.489043][T32657] __copy_msghdr_from_user+0x44/0x350 [ 313.494445][T32657] sendmsg_copy_msghdr+0x4f/0xf0 [ 313.499380][T32657] io_issue_sqe+0x250b/0x6750 [ 313.499398][T32657] ? __list_del_entry_valid+0x54/0xc0 [ 313.499417][T32657] ? rmqueue_pcplist+0x152/0x190 [ 313.514340][T32657] ? rmqueue+0x43/0xd00 [ 313.518491][T32657] ? mntput_no_expire+0x64/0x730 [ 313.523435][T32657] ? mntput+0x45/0x70 [ 313.527441][T32657] ? get_page_from_freelist+0x53e/0x800 14:04:28 executing program 1 (fault-call:9 fault-nth:78): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:28 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0xc03e000000000000) [ 313.533018][T32657] ? fget_many+0x178/0x1a0 [ 313.537571][T32657] __io_queue_sqe+0xe9/0x360 [ 313.537594][T32657] io_submit_sqe+0x1887/0x3360 [ 313.537616][T32657] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 313.537640][T32657] io_submit_sqes+0x5bd/0xbd0 [ 313.537688][T32657] __se_sys_io_uring_enter+0x1e1/0xa80 [ 313.537715][T32657] ? fput+0x2d/0x130 [ 313.537733][T32657] __x64_sys_io_uring_enter+0x74/0x80 [ 313.537758][T32657] do_syscall_64+0x4a/0x90 [ 313.560912][T32659] loop3: detected capacity change from 0 to 270 [ 313.562709][T32657] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 313.562739][T32657] RIP: 0033:0x4665d9 [ 313.562750][T32657] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 313.562764][T32657] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 313.562778][T32657] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 313.562788][T32657] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 313.562798][T32657] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 [ 313.562808][T32657] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 313.596464][T32659] FAT-fs (loop3): Directory bread(block 270) failed [ 313.612040][T32657] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 [ 313.615008][T32675] FAULT_INJECTION: forcing a failure. [ 313.615008][T32675] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 313.620700][T32659] FAT-fs (loop3): Directory bread(block 271) failed [ 313.628502][T32675] CPU: 0 PID: 32675 Comm: syz-executor.1 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 313.636523][T32659] FAT-fs (loop3): Directory bread(block 272) failed [ 313.644410][T32675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 313.644421][T32675] Call Trace: [ 313.644428][T32675] dump_stack+0x137/0x19d [ 313.652406][T32659] FAT-fs (loop3): Directory bread(block 273) failed [ 313.658936][T32675] should_fail+0x23c/0x250 [ 313.658956][T32675] should_fail_usercopy+0x16/0x20 [ 313.658973][T32675] _copy_from_user+0x1c/0xd0 [ 313.666954][T32659] FAT-fs (loop3): Directory bread(block 274) failed [ 313.679902][T32675] __copy_msghdr_from_user+0x44/0x350 [ 313.679923][T32675] ? sock_kfree_s+0x24/0x40 [ 313.686502][T32659] FAT-fs (loop3): Directory bread(block 275) failed [ 313.696613][T32675] ? ____sys_sendmsg+0x421/0x4d0 [ 313.703211][T32659] FAT-fs (loop3): Directory bread(block 276) failed [ 313.713222][T32675] sendmsg_copy_msghdr+0x4f/0xf0 14:04:28 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e666174000280010002006c0004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) [ 313.716520][T32659] FAT-fs (loop3): Directory bread(block 277) failed [ 313.720798][T32675] io_issue_sqe+0x250b/0x6750 [ 313.727397][T32659] FAT-fs (loop3): Directory bread(block 278) failed [ 313.731750][T32675] ? __list_del_entry_valid+0x54/0xc0 [ 313.736788][T32659] FAT-fs (loop3): Directory bread(block 279) failed [ 313.741338][T32675] ? rmqueue_pcplist+0x152/0x190 [ 313.815445][T32675] ? _find_next_bit+0x188/0x190 14:04:28 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1, 0x0, 0x8b}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x2, 0x0, 0x0, 0x0, 0x23456}, 0x8) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="10000040000500224c100200013ee100"], 0x10}], 0x1, 0x0) socketpair(0x2a, 0x1, 0x7, &(0x7f0000000140)) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:28 executing program 0 (fault-call:8 fault-nth:2): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 313.815468][T32675] ? pcpu_block_refresh_hint+0x191/0x1a0 [ 313.815493][T32675] ? pcpu_block_update_hint_alloc+0x230/0x720 [ 313.815532][T32675] ? kmem_cache_alloc+0x201/0x2f0 [ 313.815553][T32675] ? xas_create+0x96b/0xb30 [ 313.815572][T32675] ? xas_create+0xae3/0xb30 [ 313.815633][T32675] ? fget_many+0x178/0x1a0 [ 313.815676][T32675] ? kcsan_setup_watchpoint+0x26e/0x470 [ 313.815695][T32675] __io_queue_sqe+0xe9/0x360 [ 313.815710][T32675] io_submit_sqe+0x1887/0x3360 [ 313.815729][T32675] ? kmem_cache_alloc_bulk+0x28c/0x340 14:04:28 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x40000000, 0x0, 0x0) [ 313.815760][T32675] io_submit_sqes+0x5bd/0xbd0 [ 313.815779][T32675] __se_sys_io_uring_enter+0x1e1/0xa80 [ 313.815799][T32675] ? fput+0x2d/0x130 [ 313.815882][T32675] __x64_sys_io_uring_enter+0x74/0x80 [ 313.815907][T32675] do_syscall_64+0x4a/0x90 [ 313.815930][T32675] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 313.815950][T32675] RIP: 0033:0x4665d9 [ 313.815961][T32675] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 313.815977][T32675] RSP: 002b:00007fa426612188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 313.815997][T32675] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665d9 [ 313.816010][T32675] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 313.816024][T32675] RBP: 00007fa4266121d0 R08: 0000000000000000 R09: 0000000000000000 [ 313.816037][T32675] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 313.816051][T32675] R13: 00007fffc1f3ec1f R14: 00007fa426612300 R15: 0000000000022000 [ 313.878294][T32689] FAULT_INJECTION: forcing a failure. [ 313.878294][T32689] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 313.898326][T32686] loop3: detected capacity change from 0 to 270 [ 313.899253][T32689] CPU: 1 PID: 32689 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 313.943411][T32686] FAT-fs (loop3): Directory bread(block 270) failed [ 313.946828][T32689] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 313.946841][T32689] Call Trace: [ 313.946848][T32689] dump_stack+0x137/0x19d [ 313.954970][T32686] FAT-fs (loop3): Directory bread(block 271) failed [ 313.962766][T32689] should_fail+0x23c/0x250 [ 313.962791][T32689] should_fail_usercopy+0x16/0x20 [ 313.972686][T32686] FAT-fs (loop3): Directory bread(block 272) failed [ 313.978684][T32689] _copy_from_user+0x1c/0xd0 [ 313.978710][T32689] ____sys_sendmsg+0x1a3/0x4d0 [ 313.987388][T32686] FAT-fs (loop3): Directory bread(block 273) failed [ 313.999648][T32689] ? sendmsg_copy_msghdr+0xc4/0xf0 14:04:28 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1, 0x0, 0x8b}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x2, 0x0, 0x0, 0x0, 0x23456}, 0x8) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="10000040000500224c100200013ee100"], 0x10}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 313.999669][T32689] __sys_sendmsg_sock+0x25/0x30 [ 313.999682][T32689] io_issue_sqe+0x231a/0x6750 [ 313.999701][T32689] ? __list_del_entry_valid+0x54/0xc0 [ 314.006867][T32686] FAT-fs (loop3): Directory bread(block 274) failed [ 314.016036][T32689] ? rmqueue_pcplist+0x152/0x190 [ 314.016059][T32689] ? rmqueue+0x43/0xd00 [ 314.016076][T32689] ? mntput_no_expire+0x64/0x730 [ 314.023667][T32686] FAT-fs (loop3): Directory bread(block 275) failed [ 314.032681][T32689] ? get_page_from_freelist+0x53e/0x800 14:04:28 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000200740004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:28 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1, 0x0, 0x8b}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x2, 0x0, 0x0, 0x0, 0x23456}, 0x8) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 314.036440][T32686] FAT-fs (loop3): Directory bread(block 276) failed [ 314.040268][T32689] ? fget_many+0x178/0x1a0 [ 314.040292][T32689] __io_queue_sqe+0xe9/0x360 [ 314.047518][T32686] FAT-fs (loop3): Directory bread(block 277) failed [ 314.051250][T32689] io_submit_sqe+0x1887/0x3360 [ 314.056837][T32686] FAT-fs (loop3): Directory bread(block 278) failed [ 314.062821][T32689] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 314.062847][T32689] io_submit_sqes+0x5bd/0xbd0 [ 314.068135][T32686] FAT-fs (loop3): Directory bread(block 279) failed [ 314.072174][T32689] __se_sys_io_uring_enter+0x1e1/0xa80 [ 314.072201][T32689] ? fput+0x2d/0x130 [ 314.072216][T32689] __x64_sys_io_uring_enter+0x74/0x80 [ 314.196192][T32689] do_syscall_64+0x4a/0x90 [ 314.196216][T32689] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 314.196235][T32689] RIP: 0033:0x4665d9 [ 314.196251][T32689] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 14:04:29 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1, 0x0, 0x8b}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x2, 0x0, 0x0, 0x0, 0x23456}, 0x8) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:29 executing program 0 (fault-call:8 fault-nth:3): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:29 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1, 0x0, 0x8b}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x2, 0x0, 0x0, 0x0, 0x23456}, 0x8) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 314.196318][T32689] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 314.196335][T32689] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 314.196345][T32689] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 314.196355][T32689] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 [ 314.196365][T32689] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 314.196398][T32689] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 [ 314.256808][T32711] loop3: detected capacity change from 0 to 270 [ 314.291681][T32719] FAULT_INJECTION: forcing a failure. [ 314.291681][T32719] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 314.291745][T32719] CPU: 0 PID: 32719 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 314.291767][T32719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 314.291778][T32719] Call Trace: [ 314.291786][T32719] dump_stack+0x137/0x19d [ 314.291811][T32719] should_fail+0x23c/0x250 [ 314.291831][T32719] should_fail_usercopy+0x16/0x20 [ 314.291846][T32719] _copy_from_user+0x1c/0xd0 [ 314.291863][T32719] __copy_msghdr_from_user+0x44/0x350 [ 314.291903][T32719] ? unix_seqpacket_sendmsg+0xc2/0x100 [ 314.291922][T32719] ? unix_dgram_peer_wake_me+0x310/0x310 [ 314.291941][T32719] ? ____sys_sendmsg+0x428/0x4d0 [ 314.291991][T32719] sendmsg_copy_msghdr+0x4f/0xf0 [ 314.292010][T32719] io_issue_sqe+0x250b/0x6750 [ 314.292028][T32719] ? __list_del_entry_valid+0x54/0xc0 [ 314.292036][T32711] FAT-fs (loop3): Directory bread(block 270) failed [ 314.292049][T32719] ? rmqueue_pcplist+0x152/0x190 [ 314.292056][T32711] FAT-fs (loop3): Directory bread(block 271) failed [ 314.292069][T32719] ? rmqueue+0x43/0xd00 [ 314.292080][T32711] FAT-fs (loop3): Directory bread(block 272) failed [ 314.292086][T32719] ? mntput_no_expire+0x64/0x730 [ 314.292106][T32719] ? get_page_from_freelist+0x53e/0x800 [ 314.292176][T32711] FAT-fs (loop3): Directory bread(block 273) failed [ 314.292136][T32719] ? fget_many+0x178/0x1a0 [ 314.292190][T32711] FAT-fs (loop3): Directory bread(block 274) failed [ 314.292201][T32719] __io_queue_sqe+0xe9/0x360 [ 314.292207][T32711] FAT-fs (loop3): Directory bread(block 275) failed [ 314.292218][T32719] io_submit_sqe+0x1887/0x3360 [ 314.292225][T32711] FAT-fs (loop3): Directory bread(block 276) failed [ 314.292242][T32711] FAT-fs (loop3): Directory bread(block 277) failed [ 314.292238][T32719] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 314.292259][T32719] io_submit_sqes+0x5bd/0xbd0 [ 314.292281][T32711] FAT-fs (loop3): Directory bread(block 278) failed [ 314.292273][T32719] __se_sys_io_uring_enter+0x1e1/0xa80 [ 314.292297][T32711] FAT-fs (loop3): Directory bread(block 279) failed [ 314.292328][T32719] ? fput+0x2d/0x130 [ 314.292344][T32719] __x64_sys_io_uring_enter+0x74/0x80 [ 314.292362][T32719] do_syscall_64+0x4a/0x90 [ 314.292456][T32719] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 314.292481][T32719] RIP: 0033:0x4665d9 [ 314.292493][T32719] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 314.292506][T32719] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 314.292535][T32719] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 314.292549][T32719] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 314.292562][T32719] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 [ 314.292643][T32719] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 14:04:29 executing program 1 (fault-call:9 fault-nth:79): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:29 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0xe03f030000000000) 14:04:29 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1, 0x0, 0x8b}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x2, 0x0, 0x0, 0x0, 0x23456}, 0x8) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:29 executing program 0 (fault-call:8 fault-nth:4): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:29 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000200780004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:29 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x42000000, 0x0, 0x0) [ 314.292655][T32719] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 [ 314.689125][T32739] FAULT_INJECTION: forcing a failure. [ 314.689125][T32739] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 314.702315][T32739] CPU: 0 PID: 32739 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 314.703676][T32737] loop3: detected capacity change from 0 to 270 [ 314.712601][T32739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 314.712615][T32739] Call Trace: [ 314.712622][T32739] dump_stack+0x137/0x19d [ 314.712645][T32739] should_fail+0x23c/0x250 [ 314.740868][T32739] should_fail_usercopy+0x16/0x20 [ 314.745460][T32737] FAT-fs (loop3): Directory bread(block 270) failed [ 314.745932][T32739] _copy_from_user+0x1c/0xd0 [ 314.752667][T32737] FAT-fs (loop3): Directory bread(block 271) failed [ 314.757067][T32739] ____sys_sendmsg+0x1a3/0x4d0 [ 314.757088][T32739] ? sendmsg_copy_msghdr+0xc4/0xf0 [ 314.764610][T32737] FAT-fs (loop3): Directory bread(block 272) failed [ 314.768510][T32739] __sys_sendmsg_sock+0x25/0x30 [ 314.773809][T32737] FAT-fs (loop3): Directory bread(block 273) failed [ 314.780173][T32739] io_issue_sqe+0x231a/0x6750 [ 314.785738][T32737] FAT-fs (loop3): Directory bread(block 274) failed [ 314.791590][T32739] ? __list_del_entry_valid+0x54/0xc0 [ 314.796618][T32737] FAT-fs (loop3): Directory bread(block 275) failed [ 314.802800][T32739] ? rmqueue_pcplist+0x152/0x190 [ 314.802822][T32739] ? rmqueue+0x43/0xd00 [ 314.808895][T32737] FAT-fs (loop3): Directory bread(block 276) failed [ 314.814713][T32739] ? mntput_no_expire+0x64/0x730 [ 314.819997][T32737] FAT-fs (loop3): Directory bread(block 277) failed [ 314.823780][T32739] ? get_page_from_freelist+0x53e/0x800 [ 314.823801][T32739] ? fget_many+0x178/0x1a0 [ 314.831589][T32737] FAT-fs (loop3): Directory bread(block 278) failed [ 314.835301][T32739] __io_queue_sqe+0xe9/0x360 [ 314.835329][T32739] io_submit_sqe+0x1887/0x3360 [ 314.842596][T32737] FAT-fs (loop3): Directory bread(block 279) failed [ 314.847418][T32739] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 314.847444][T32739] io_submit_sqes+0x5bd/0xbd0 14:04:29 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e666174000280010002007a0004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:29 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1, 0x0, 0x8b}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x2, 0x0, 0x0, 0x0, 0x23456}, 0x8) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 314.884340][T32739] __se_sys_io_uring_enter+0x1e1/0xa80 [ 314.884447][T32739] ? fput+0x2d/0x130 [ 314.884466][T32739] __x64_sys_io_uring_enter+0x74/0x80 [ 314.884490][T32739] do_syscall_64+0x4a/0x90 [ 314.884582][T32739] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 314.884657][T32739] RIP: 0033:0x4665d9 [ 314.884669][T32739] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 314.884684][T32739] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 314.884699][T32739] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 314.884708][T32739] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 314.884718][T32739] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 14:04:29 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1, 0x0, 0x8b}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x2, 0x0, 0x0, 0x0, 0x23456}, 0x8) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:29 executing program 0 (fault-call:8 fault-nth:5): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 314.884749][T32739] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 314.884762][T32739] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 [ 314.951902][T32762] FAULT_INJECTION: forcing a failure. [ 314.951902][T32762] name failslab, interval 1, probability 0, space 0, times 0 [ 315.013288][ T301] FAULT_INJECTION: forcing a failure. [ 315.013288][ T301] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 315.014803][T32762] CPU: 1 PID: 32762 Comm: syz-executor.1 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 315.014824][T32762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 315.047983][T32762] Call Trace: [ 315.047992][T32762] dump_stack+0x137/0x19d [ 315.048016][T32762] should_fail+0x23c/0x250 [ 315.048031][T32762] ? sock_kmalloc+0x77/0xb0 [ 315.048048][T32762] __should_failslab+0x81/0x90 [ 315.048139][T32762] should_failslab+0x5/0x20 [ 315.048158][T32762] __kmalloc+0x66/0x340 [ 315.048205][T32762] sock_kmalloc+0x77/0xb0 14:04:29 executing program 0 (fault-call:8 fault-nth:6): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:29 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1, 0x0, 0x8b}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x2, 0x0, 0x0, 0x0, 0x23456}, 0x8) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 315.048225][T32762] ____sys_sendmsg+0x107/0x4d0 [ 315.048298][T32762] ? sendmsg_copy_msghdr+0xc4/0xf0 [ 315.048312][T32762] __sys_sendmsg_sock+0x25/0x30 [ 315.048325][T32762] io_issue_sqe+0x231a/0x6750 [ 315.048356][T32762] ? __list_del_entry_valid+0x54/0xc0 [ 315.048372][T32762] ? rmqueue_pcplist+0x152/0x190 [ 315.048386][T32762] ? rmqueue+0x43/0xd00 [ 315.048399][T32762] ? _find_next_bit+0x16a/0x190 [ 315.048414][T32762] ? kmem_cache_alloc+0x201/0x2f0 [ 315.048501][T32762] ? xas_create+0x96b/0xb30 [ 315.048564][T32762] ? xas_create+0xae3/0xb30 [ 315.048583][T32762] ? fget_many+0x178/0x1a0 [ 315.048599][T32762] __io_queue_sqe+0xe9/0x360 [ 315.048612][T32762] io_submit_sqe+0x1887/0x3360 [ 315.048627][T32762] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 315.048685][T32762] io_submit_sqes+0x5bd/0xbd0 [ 315.048699][T32762] __se_sys_io_uring_enter+0x1e1/0xa80 [ 315.048719][T32762] ? fput+0x2d/0x130 [ 315.048733][T32762] __x64_sys_io_uring_enter+0x74/0x80 [ 315.048831][T32762] do_syscall_64+0x4a/0x90 [ 315.048847][T32762] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 315.048867][T32762] RIP: 0033:0x4665d9 [ 315.048878][T32762] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 315.048892][T32762] RSP: 002b:00007fa426612188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 315.048907][T32762] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665d9 [ 315.048917][T32762] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 315.048964][T32762] RBP: 00007fa4266121d0 R08: 0000000000000000 R09: 0000000000000000 [ 315.048974][T32762] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 315.048983][T32762] R13: 00007fffc1f3ec1f R14: 00007fa426612300 R15: 0000000000022000 [ 315.048995][ T301] CPU: 0 PID: 301 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 315.049017][ T301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 315.049025][ T301] Call Trace: [ 315.049030][ T301] dump_stack+0x137/0x19d [ 315.049048][ T301] should_fail+0x23c/0x250 [ 315.049079][ T301] should_fail_usercopy+0x16/0x20 [ 315.049167][ T301] _copy_from_user+0x1c/0xd0 [ 315.049190][ T301] __copy_msghdr_from_user+0x44/0x350 [ 315.049210][ T301] ? unix_seqpacket_sendmsg+0xc2/0x100 [ 315.049230][ T301] ? unix_dgram_peer_wake_me+0x310/0x310 [ 315.049249][ T301] ? ____sys_sendmsg+0x428/0x4d0 [ 315.049293][ T301] sendmsg_copy_msghdr+0x4f/0xf0 [ 315.049307][ T301] io_issue_sqe+0x250b/0x6750 [ 315.049320][ T301] ? __list_del_entry_valid+0x54/0xc0 [ 315.049339][ T301] ? rmqueue_pcplist+0x152/0x190 [ 315.049374][ T301] ? rmqueue+0x43/0xd00 [ 315.049387][ T301] ? mntput_no_expire+0x64/0x730 [ 315.049406][ T301] ? get_page_from_freelist+0x53e/0x800 [ 315.049421][ T301] ? fget_many+0x178/0x1a0 [ 315.049442][ T301] __io_queue_sqe+0xe9/0x360 [ 315.049460][ T301] io_submit_sqe+0x1887/0x3360 [ 315.049480][ T301] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 315.049538][ T301] io_submit_sqes+0x5bd/0xbd0 [ 315.049631][ T301] __se_sys_io_uring_enter+0x1e1/0xa80 [ 315.049650][ T301] ? fput+0x2d/0x130 [ 315.049663][ T301] __x64_sys_io_uring_enter+0x74/0x80 [ 315.049682][ T301] do_syscall_64+0x4a/0x90 [ 315.049722][ T301] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 315.049748][ T301] RIP: 0033:0x4665d9 [ 315.049761][ T301] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 315.049781][ T301] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 315.049801][ T301] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 315.049870][ T301] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 315.049879][ T301] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 [ 315.049889][ T301] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 315.049900][ T301] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 [ 315.064879][T32763] loop3: detected capacity change from 0 to 270 [ 315.095729][ T304] FAULT_INJECTION: forcing a failure. [ 315.095729][ T304] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 315.178910][T32763] FAT-fs (loop3): Directory bread(block 270) failed [ 315.180219][ T304] CPU: 1 PID: 304 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 315.180240][ T304] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 315.180249][ T304] Call Trace: [ 315.180257][ T304] dump_stack+0x137/0x19d [ 315.180278][ T304] should_fail+0x23c/0x250 [ 315.180294][ T304] should_fail_usercopy+0x16/0x20 [ 315.184830][T32763] FAT-fs (loop3): Directory bread(block 271) failed [ 315.190564][ T304] _copy_from_user+0x1c/0xd0 [ 315.196640][T32763] FAT-fs (loop3): Directory bread(block 272) failed [ 315.214062][ T304] ____sys_sendmsg+0x1a3/0x4d0 [ 315.214086][ T304] ? sendmsg_copy_msghdr+0xc4/0xf0 [ 315.222684][T32763] FAT-fs (loop3): Directory bread(block 273) failed [ 315.230430][ T304] __sys_sendmsg_sock+0x25/0x30 [ 315.230451][ T304] io_issue_sqe+0x231a/0x6750 [ 315.239905][T32763] FAT-fs (loop3): Directory bread(block 274) failed [ 315.246362][ T304] ? __list_del_entry_valid+0x54/0xc0 [ 315.255098][T32763] FAT-fs (loop3): Directory bread(block 275) failed [ 315.262416][ T304] ? rmqueue_pcplist+0x152/0x190 [ 315.262439][ T304] ? rmqueue+0x43/0xd00 [ 315.272481][T32763] FAT-fs (loop3): Directory bread(block 276) failed [ 315.282419][ T304] ? mntput_no_expire+0x64/0x730 [ 315.282442][ T304] ? get_page_from_freelist+0x53e/0x800 [ 315.282462][ T304] ? fget_many+0x178/0x1a0 [ 315.287161][T32763] FAT-fs (loop3): Directory bread(block 277) failed [ 315.290088][ T304] __io_queue_sqe+0xe9/0x360 [ 315.290109][ T304] io_submit_sqe+0x1887/0x3360 [ 315.295158][T32763] FAT-fs (loop3): Directory bread(block 278) failed [ 315.299496][ T304] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 315.299523][ T304] io_submit_sqes+0x5bd/0xbd0 [ 315.304242][T32763] FAT-fs (loop3): Directory bread(block 279) failed [ 315.309531][ T304] __se_sys_io_uring_enter+0x1e1/0xa80 [ 315.679999][ T304] ? fput+0x2d/0x130 14:04:30 executing program 1 (fault-call:9 fault-nth:80): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 315.680022][ T304] __x64_sys_io_uring_enter+0x74/0x80 [ 315.680048][ T304] do_syscall_64+0x4a/0x90 [ 315.680072][ T304] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 315.680103][ T304] RIP: 0033:0x4665d9 [ 315.680117][ T304] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 315.680136][ T304] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 315.680155][ T304] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 315.680165][ T304] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 315.680177][ T304] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 [ 315.680190][ T304] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 315.680202][ T304] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 14:04:30 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0xeffdffff00000000) 14:04:30 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1, 0x0, 0x8b}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x2, 0x0, 0x0, 0x0, 0x23456}, 0x8) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:30 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000203870004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:30 executing program 0 (fault-call:8 fault-nth:7): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:30 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x803e0000, 0x0, 0x0) [ 315.755266][ T319] FAULT_INJECTION: forcing a failure. [ 315.755266][ T319] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 315.805898][ T319] CPU: 0 PID: 319 Comm: syz-executor.1 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 315.805920][ T319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 315.805930][ T319] Call Trace: [ 315.829189][ T319] dump_stack+0x137/0x19d [ 315.829212][ T319] should_fail+0x23c/0x250 14:04:30 executing program 0 (fault-call:8 fault-nth:8): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 315.829259][ T319] should_fail_usercopy+0x16/0x20 [ 315.829274][ T319] _copy_from_user+0x1c/0xd0 [ 315.829375][ T319] ____sys_sendmsg+0x1a3/0x4d0 [ 315.829447][ T319] ? sendmsg_copy_msghdr+0xc4/0xf0 14:04:30 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1, 0x0, 0x8b}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x2, 0x0, 0x0, 0x0, 0x23456}, 0x8) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:30 executing program 1 (fault-call:9 fault-nth:81): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 315.829461][ T319] __sys_sendmsg_sock+0x25/0x30 [ 315.829550][ T319] io_issue_sqe+0x231a/0x6750 [ 315.829571][ T319] ? __list_del_entry_valid+0x54/0xc0 [ 315.829637][ T319] ? rmqueue_pcplist+0x152/0x190 [ 315.829654][ T319] ? rmqueue+0x43/0xd00 [ 315.829672][ T319] ? _find_next_bit+0x16a/0x190 [ 315.829691][ T319] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 315.829735][ T319] ? io_submit_sqe+0x43b/0x3360 [ 315.829753][ T319] ? io_file_get+0x1b/0x400 [ 315.829767][ T319] __io_queue_sqe+0xe9/0x360 [ 315.829781][ T319] io_submit_sqe+0x1887/0x3360 [ 315.829799][ T319] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 315.829822][ T319] io_submit_sqes+0x5bd/0xbd0 [ 315.829918][ T319] __se_sys_io_uring_enter+0x1e1/0xa80 [ 315.829940][ T319] ? fput+0x2d/0x130 [ 315.829956][ T319] __x64_sys_io_uring_enter+0x74/0x80 [ 315.829998][ T319] do_syscall_64+0x4a/0x90 [ 315.830090][ T319] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 315.830117][ T319] RIP: 0033:0x4665d9 [ 315.830132][ T319] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 315.830151][ T319] RSP: 002b:00007fa426612188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 315.830172][ T319] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665d9 [ 315.830186][ T319] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 315.830197][ T319] RBP: 00007fa4266121d0 R08: 0000000000000000 R09: 0000000000000000 [ 315.830207][ T319] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 315.830217][ T319] R13: 00007fffc1f3ec1f R14: 00007fa426612300 R15: 0000000000022000 [ 315.857770][ T327] FAULT_INJECTION: forcing a failure. [ 315.857770][ T327] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 315.857790][ T327] CPU: 0 PID: 327 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 315.857807][ T327] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 315.857818][ T327] Call Trace: [ 315.857887][ T327] dump_stack+0x137/0x19d [ 315.857906][ T327] should_fail+0x23c/0x250 [ 315.857921][ T327] should_fail_usercopy+0x16/0x20 [ 315.857941][ T327] _copy_from_user+0x1c/0xd0 [ 315.857972][ T327] __copy_msghdr_from_user+0x44/0x350 [ 315.857988][ T327] ? unix_seqpacket_sendmsg+0xc2/0x100 [ 315.858008][ T327] ? unix_dgram_peer_wake_me+0x310/0x310 [ 315.858022][ T327] ? ____sys_sendmsg+0x428/0x4d0 [ 315.858035][ T327] sendmsg_copy_msghdr+0x4f/0xf0 [ 315.858048][ T327] io_issue_sqe+0x250b/0x6750 [ 315.858068][ T327] ? __list_del_entry_valid+0x54/0xc0 [ 315.858146][ T327] ? rmqueue_pcplist+0x152/0x190 [ 315.858161][ T327] ? rmqueue+0x43/0xd00 [ 315.858242][ T327] ? mntput_no_expire+0x64/0x730 [ 315.858265][ T327] ? get_page_from_freelist+0x53e/0x800 [ 315.858283][ T327] ? fget_many+0x178/0x1a0 [ 315.858302][ T327] __io_queue_sqe+0xe9/0x360 [ 315.858315][ T327] io_submit_sqe+0x1887/0x3360 [ 315.858329][ T327] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 315.858370][ T327] io_submit_sqes+0x5bd/0xbd0 [ 315.858385][ T327] __se_sys_io_uring_enter+0x1e1/0xa80 [ 315.858438][ T327] ? fput+0x2d/0x130 [ 315.858455][ T327] __x64_sys_io_uring_enter+0x74/0x80 [ 315.858514][ T327] do_syscall_64+0x4a/0x90 [ 315.858536][ T327] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 315.858602][ T327] RIP: 0033:0x4665d9 [ 315.858630][ T327] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 315.858649][ T327] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 315.858664][ T327] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 315.858674][ T327] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 315.858686][ T327] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 [ 315.858763][ T327] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 315.858774][ T327] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 [ 315.888002][ T331] loop3: detected capacity change from 0 to 270 [ 315.893705][ T331] FAT-fs (loop3): bogus number of directory entries (34563) [ 315.893721][ T331] FAT-fs (loop3): Can't find a valid FAT filesystem [ 315.907568][ T338] FAULT_INJECTION: forcing a failure. [ 315.907568][ T338] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 316.323606][ T338] CPU: 1 PID: 338 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 316.323630][ T338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 316.323640][ T338] Call Trace: 14:04:31 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0xeb010000, 0x0, 0x0) 14:04:31 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000203c40004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) [ 316.347045][ T338] dump_stack+0x137/0x19d [ 316.347067][ T338] should_fail+0x23c/0x250 [ 316.347083][ T338] should_fail_usercopy+0x16/0x20 [ 316.347146][ T338] _copy_from_user+0x1c/0xd0 14:04:31 executing program 0 (fault-call:8 fault-nth:9): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 316.347231][ T338] ____sys_sendmsg+0x1a3/0x4d0 14:04:31 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1, 0x0, 0x8b}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x2, 0x0, 0x0, 0x0, 0x23456}, 0x8) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 316.347246][ T338] ? sendmsg_copy_msghdr+0xc4/0xf0 [ 316.347260][ T338] __sys_sendmsg_sock+0x25/0x30 [ 316.347274][ T338] io_issue_sqe+0x231a/0x6750 [ 316.347288][ T338] ? __list_del_entry_valid+0x54/0xc0 [ 316.347384][ T338] ? rmqueue_pcplist+0x152/0x190 [ 316.347426][ T338] ? rmqueue+0x43/0xd00 [ 316.347439][ T338] ? mntput_no_expire+0x64/0x730 [ 316.347459][ T338] ? __cgroup_account_cputime+0x9b/0x1e0 [ 316.347505][ T338] ? select_task_rq_fair+0x186/0xc00 [ 316.347528][ T338] ? fget_many+0x178/0x1a0 [ 316.347548][ T338] __io_queue_sqe+0xe9/0x360 [ 316.347565][ T338] io_submit_sqe+0x1887/0x3360 [ 316.347583][ T338] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 316.347603][ T338] io_submit_sqes+0x5bd/0xbd0 [ 316.347622][ T338] __se_sys_io_uring_enter+0x1e1/0xa80 [ 316.347759][ T338] ? fput+0x2d/0x130 [ 316.347777][ T338] __x64_sys_io_uring_enter+0x74/0x80 [ 316.347796][ T338] do_syscall_64+0x4a/0x90 [ 316.347828][ T338] ? irqentry_exit_to_user_mode+0x5/0x20 [ 316.347859][ T338] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 316.347893][ T338] RIP: 0033:0x4665d9 [ 316.347906][ T338] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 316.347920][ T338] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 316.347935][ T338] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 316.347945][ T338] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 316.347954][ T338] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 [ 316.347963][ T338] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 316.347972][ T338] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 [ 316.418758][ T358] FAULT_INJECTION: forcing a failure. [ 316.418758][ T358] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 316.418838][ T358] CPU: 0 PID: 358 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 316.418880][ T358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 316.418889][ T358] Call Trace: [ 316.418895][ T358] dump_stack+0x137/0x19d [ 316.418910][ T354] loop3: detected capacity change from 0 to 270 [ 316.418923][ T358] should_fail+0x23c/0x250 [ 316.418943][ T358] should_fail_usercopy+0x16/0x20 [ 316.418967][ T358] _copy_from_user+0x1c/0xd0 [ 316.419042][ T358] __copy_msghdr_from_user+0x44/0x350 [ 316.419125][ T358] ? unix_seqpacket_sendmsg+0xc2/0x100 [ 316.419141][ T358] ? unix_dgram_peer_wake_me+0x310/0x310 [ 316.419159][ T358] ? ____sys_sendmsg+0x428/0x4d0 [ 316.419189][ T358] sendmsg_copy_msghdr+0x4f/0xf0 [ 316.419203][ T358] io_issue_sqe+0x250b/0x6750 [ 316.419218][ T358] ? __list_del_entry_valid+0x54/0xc0 [ 316.419234][ T358] ? rmqueue_pcplist+0x152/0x190 [ 316.419254][ T358] ? rmqueue+0x43/0xd00 [ 316.419271][ T358] ? mntput_no_expire+0x64/0x730 [ 316.419375][ T358] ? get_page_from_freelist+0x53e/0x800 [ 316.419394][ T358] ? fget_many+0x178/0x1a0 [ 316.419413][ T358] __io_queue_sqe+0xe9/0x360 [ 316.419428][ T358] io_submit_sqe+0x1887/0x3360 [ 316.419459][ T358] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 316.419476][ T358] io_submit_sqes+0x5bd/0xbd0 [ 316.419490][ T358] __se_sys_io_uring_enter+0x1e1/0xa80 [ 316.419514][ T358] ? fput+0x2d/0x130 [ 316.419573][ T358] __x64_sys_io_uring_enter+0x74/0x80 [ 316.419597][ T358] do_syscall_64+0x4a/0x90 [ 316.419659][ T358] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 316.419677][ T358] RIP: 0033:0x4665d9 [ 316.419690][ T358] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 316.419708][ T358] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 316.419781][ T358] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 316.419790][ T358] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 316.419799][ T358] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 [ 316.419808][ T358] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 316.419816][ T358] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 [ 316.424254][ T354] FAT-fs (loop3): bogus number of directory entries (50179) [ 316.424269][ T354] FAT-fs (loop3): Can't find a valid FAT filesystem [ 316.482554][ T366] FAULT_INJECTION: forcing a failure. [ 316.482554][ T366] name failslab, interval 1, probability 0, space 0, times 0 [ 316.482576][ T366] CPU: 1 PID: 366 Comm: syz-executor.1 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 316.482597][ T366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 316.482673][ T366] Call Trace: [ 316.482679][ T366] dump_stack+0x137/0x19d [ 316.482780][ T366] should_fail+0x23c/0x250 [ 316.482883][ T366] __should_failslab+0x81/0x90 [ 316.482907][ T366] ? __scm_send+0x3d5/0xa40 [ 316.482928][ T366] should_failslab+0x5/0x20 [ 316.482948][ T366] kmem_cache_alloc_trace+0x49/0x310 [ 316.482969][ T366] __scm_send+0x3d5/0xa40 [ 316.483002][ T366] ? selinux_socket_getpeersec_dgram+0x1de/0x250 [ 316.483026][ T366] unix_dgram_sendmsg+0xc0/0x1610 [ 316.483043][ T366] ? sock_kmalloc+0x77/0xb0 [ 316.483058][ T366] ? selinux_socket_sendmsg+0x7e/0x140 [ 316.483072][ T366] ? __kmalloc+0x23d/0x340 [ 316.483174][ T366] unix_seqpacket_sendmsg+0xc2/0x100 [ 316.483193][ T366] ? unix_dgram_peer_wake_me+0x310/0x310 [ 316.483211][ T366] ____sys_sendmsg+0x360/0x4d0 [ 316.483230][ T366] ? sendmsg_copy_msghdr+0xc4/0xf0 [ 316.483248][ T366] __sys_sendmsg_sock+0x25/0x30 [ 316.483266][ T366] io_issue_sqe+0x231a/0x6750 [ 316.483285][ T366] ? __list_del_entry_valid+0x54/0xc0 [ 316.483306][ T366] ? rmqueue_pcplist+0x152/0x190 [ 316.483394][ T366] ? _find_next_bit+0x188/0x190 [ 316.483408][ T366] ? pcpu_block_refresh_hint+0x18a/0x1a0 [ 316.483430][ T366] ? pcpu_block_update_hint_alloc+0x230/0x720 [ 316.483461][ T366] ? kmem_cache_alloc+0x201/0x2f0 [ 316.483482][ T366] ? xas_create+0x96b/0xb30 [ 316.483523][ T366] ? xas_create+0xae3/0xb30 [ 316.483541][ T366] ? fget_many+0x178/0x1a0 [ 316.483627][ T366] __io_queue_sqe+0xe9/0x360 [ 316.483641][ T366] io_submit_sqe+0x1887/0x3360 [ 316.483655][ T366] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 316.483740][ T366] io_submit_sqes+0x5bd/0xbd0 [ 316.483760][ T366] __se_sys_io_uring_enter+0x1e1/0xa80 [ 316.483786][ T366] ? fput+0x2d/0x130 [ 316.483804][ T366] __x64_sys_io_uring_enter+0x74/0x80 [ 316.483891][ T366] do_syscall_64+0x4a/0x90 [ 316.483913][ T366] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 316.483936][ T366] RIP: 0033:0x4665d9 [ 316.483959][ T366] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 14:04:31 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0xf5ffffff00000000) 14:04:31 executing program 0 (fault-call:8 fault-nth:10): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:31 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000203c50004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:31 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1, 0x0, 0x8b}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x2, 0x0, 0x0, 0x0, 0x23456}, 0x8) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:32 executing program 1 (fault-call:9 fault-nth:82): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 316.483972][ T366] RSP: 002b:00007fa426612188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 316.483986][ T366] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665d9 [ 316.483995][ T366] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 316.484006][ T366] RBP: 00007fa4266121d0 R08: 0000000000000000 R09: 0000000000000000 [ 316.484019][ T366] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 316.484031][ T366] R13: 00007fffc1f3ec1f R14: 00007fa426612300 R15: 0000000000022000 [ 317.207897][ T381] FAULT_INJECTION: forcing a failure. [ 317.207897][ T381] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 317.209394][ T379] loop3: detected capacity change from 0 to 270 [ 317.221033][ T381] CPU: 1 PID: 381 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 317.229598][ T379] FAT-fs (loop3): bogus number of directory entries (50435) [ 317.237194][ T381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 317.237206][ T381] Call Trace: 14:04:32 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0xeffdffff, 0x0, 0x0) 14:04:32 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1, 0x0, 0x8b}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000), &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 317.237213][ T381] dump_stack+0x137/0x19d [ 317.244484][ T379] FAT-fs (loop3): Can't find a valid FAT filesystem [ 317.254509][ T381] should_fail+0x23c/0x250 [ 317.273112][ T381] should_fail_usercopy+0x16/0x20 [ 317.278147][ T381] _copy_from_user+0x1c/0xd0 [ 317.282748][ T381] ____sys_sendmsg+0x1a3/0x4d0 [ 317.287541][ T381] ? sendmsg_copy_msghdr+0xc4/0xf0 14:04:32 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000203c60004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) [ 317.287560][ T381] __sys_sendmsg_sock+0x25/0x30 [ 317.287574][ T381] io_issue_sqe+0x231a/0x6750 [ 317.287590][ T381] ? __list_del_entry_valid+0x54/0xc0 [ 317.287642][ T381] ? rmqueue_pcplist+0x152/0x190 [ 317.287662][ T381] ? rmqueue+0x43/0xd00 [ 317.287738][ T381] ? mntput_no_expire+0x64/0x730 14:04:32 executing program 0 (fault-call:8 fault-nth:11): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 317.287762][ T381] ? get_page_from_freelist+0x53e/0x800 [ 317.287780][ T381] ? fget_many+0x178/0x1a0 [ 317.287812][ T381] __io_queue_sqe+0xe9/0x360 [ 317.287828][ T381] io_submit_sqe+0x1887/0x3360 [ 317.287847][ T381] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 317.287869][ T381] io_submit_sqes+0x5bd/0xbd0 [ 317.287945][ T381] __se_sys_io_uring_enter+0x1e1/0xa80 [ 317.287967][ T381] ? fput+0x2d/0x130 [ 317.287981][ T381] __x64_sys_io_uring_enter+0x74/0x80 [ 317.288003][ T381] do_syscall_64+0x4a/0x90 [ 317.288025][ T381] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 317.288071][ T381] RIP: 0033:0x4665d9 [ 317.288086][ T381] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 317.288139][ T381] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 317.288155][ T381] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 317.288166][ T381] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 317.288176][ T381] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 [ 317.288185][ T381] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 317.288195][ T381] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 [ 317.343612][ T398] FAULT_INJECTION: forcing a failure. [ 317.343612][ T398] name failslab, interval 1, probability 0, space 0, times 0 [ 317.375918][ T403] FAULT_INJECTION: forcing a failure. [ 317.375918][ T403] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 317.380037][ T398] CPU: 0 PID: 398 Comm: syz-executor.1 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 317.522289][ T398] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 317.522301][ T398] Call Trace: [ 317.522307][ T398] dump_stack+0x137/0x19d [ 317.522336][ T398] should_fail+0x23c/0x250 [ 317.522350][ T398] __should_failslab+0x81/0x90 [ 317.522369][ T398] should_failslab+0x5/0x20 [ 317.522389][ T398] kmem_cache_alloc_bulk+0x40/0x340 [ 317.522405][ T398] io_submit_sqes+0x4a3/0xbd0 [ 317.522443][ T398] __se_sys_io_uring_enter+0x1e1/0xa80 [ 317.522497][ T398] ? fput+0x2d/0x130 [ 317.522509][ T398] __x64_sys_io_uring_enter+0x74/0x80 [ 317.522593][ T398] do_syscall_64+0x4a/0x90 [ 317.522609][ T398] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 317.522675][ T398] RIP: 0033:0x4665d9 [ 317.522686][ T398] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 14:04:32 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0xffffffff00000000) 14:04:32 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1, 0x0, 0x8b}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000), &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:32 executing program 1 (fault-call:9 fault-nth:83): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 317.522699][ T398] RSP: 002b:00007fa426612188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 317.522714][ T398] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665d9 [ 317.522723][ T398] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 317.522732][ T398] RBP: 00007fa4266121d0 R08: 0000000000000000 R09: 0000000000000000 [ 317.522741][ T398] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 317.522749][ T398] R13: 00007fffc1f3ec1f R14: 00007fa426612300 R15: 0000000000022000 14:04:32 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1, 0x0, 0x8b}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000), &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 317.522807][ T403] CPU: 1 PID: 403 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 317.522829][ T403] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 317.522838][ T403] Call Trace: [ 317.522842][ T403] dump_stack+0x137/0x19d [ 317.522939][ T403] should_fail+0x23c/0x250 [ 317.522955][ T403] should_fail_usercopy+0x16/0x20 [ 317.522971][ T403] _copy_from_user+0x1c/0xd0 [ 317.522990][ T403] __copy_msghdr_from_user+0x44/0x350 [ 317.523008][ T403] ? unix_seqpacket_sendmsg+0xc2/0x100 14:04:32 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1, 0x0, 0x8b}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x2, 0x0, 0x0, 0x0, 0x23456}, 0x8) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 317.523067][ T403] ? unix_dgram_peer_wake_me+0x310/0x310 [ 317.569438][ T400] loop3: detected capacity change from 0 to 270 [ 317.570257][ T403] ? ____sys_sendmsg+0x428/0x4d0 [ 317.570279][ T403] sendmsg_copy_msghdr+0x4f/0xf0 [ 317.606251][ T400] FAT-fs (loop3): bogus number of directory entries (50691) [ 317.613374][ T403] io_issue_sqe+0x250b/0x6750 [ 317.613398][ T403] ? __list_del_entry_valid+0x54/0xc0 [ 317.621801][ T400] FAT-fs (loop3): Can't find a valid FAT filesystem [ 317.629739][ T403] ? rmqueue_pcplist+0x152/0x190 [ 317.629759][ T403] ? rmqueue+0x43/0xd00 [ 317.629775][ T403] ? mntput_no_expire+0x64/0x730 [ 317.738086][ T420] FAULT_INJECTION: forcing a failure. [ 317.738086][ T420] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 317.743271][ T403] ? get_page_from_freelist+0x53e/0x800 [ 317.793258][ T403] ? fget_many+0x178/0x1a0 [ 317.793338][ T403] __io_queue_sqe+0xe9/0x360 [ 317.793353][ T403] io_submit_sqe+0x1887/0x3360 [ 317.793419][ T403] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 317.793438][ T403] io_submit_sqes+0x5bd/0xbd0 [ 317.793452][ T403] __se_sys_io_uring_enter+0x1e1/0xa80 [ 317.793472][ T403] ? fput+0x2d/0x130 [ 317.793536][ T403] __x64_sys_io_uring_enter+0x74/0x80 [ 317.793554][ T403] do_syscall_64+0x4a/0x90 [ 317.793571][ T403] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 317.793590][ T403] RIP: 0033:0x4665d9 [ 317.793634][ T403] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 317.793648][ T403] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 317.793663][ T403] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 317.793673][ T403] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 317.793683][ T403] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 [ 317.793692][ T403] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 317.793701][ T403] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 [ 317.793714][ T420] CPU: 0 PID: 420 Comm: syz-executor.1 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 317.793736][ T420] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 317.793744][ T420] Call Trace: [ 317.793749][ T420] dump_stack+0x137/0x19d [ 317.793768][ T420] should_fail+0x23c/0x250 [ 317.793840][ T420] should_fail_usercopy+0x16/0x20 [ 317.793856][ T420] _copy_from_user+0x1c/0xd0 [ 317.839885][ T426] FAULT_INJECTION: forcing a failure. 14:04:32 executing program 0 (fault-call:8 fault-nth:12): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:32 executing program 0 (fault-call:8 fault-nth:13): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 317.839885][ T426] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 317.842579][ T420] __copy_msghdr_from_user+0x44/0x350 [ 317.842603][ T420] ? sock_kfree_s+0x24/0x40 [ 317.979000][ T420] ? ____sys_sendmsg+0x421/0x4d0 [ 317.979020][ T420] sendmsg_copy_msghdr+0x4f/0xf0 [ 317.979035][ T420] io_issue_sqe+0x250b/0x6750 [ 317.979107][ T420] ? __list_del_entry_valid+0x54/0xc0 [ 317.979123][ T420] ? rmqueue_pcplist+0x152/0x190 14:04:32 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1, 0x0, 0x8b}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x2, 0x0, 0x0, 0x0, 0x23456}, 0x8) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 317.979138][ T420] ? sysvec_apic_timer_interrupt+0x3e/0x80 [ 317.979189][ T420] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 317.979209][ T420] ? xas_create+0xae3/0xb30 [ 317.979226][ T420] ? fget_many+0x178/0x1a0 [ 317.979280][ T420] __io_queue_sqe+0xe9/0x360 [ 317.979293][ T420] io_submit_sqe+0x1887/0x3360 [ 317.979308][ T420] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 317.979326][ T420] io_submit_sqes+0x5bd/0xbd0 [ 317.979341][ T420] __se_sys_io_uring_enter+0x1e1/0xa80 [ 317.979360][ T420] ? fput+0x2d/0x130 [ 317.979384][ T420] __x64_sys_io_uring_enter+0x74/0x80 [ 317.979404][ T420] do_syscall_64+0x4a/0x90 [ 317.979419][ T420] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 317.979439][ T420] RIP: 0033:0x4665d9 [ 317.979451][ T420] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 317.979464][ T420] RSP: 002b:00007fa426612188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 317.979480][ T420] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665d9 [ 317.979489][ T420] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 317.979499][ T420] RBP: 00007fa4266121d0 R08: 0000000000000000 R09: 0000000000000000 [ 317.979508][ T420] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 317.979517][ T420] R13: 00007fffc1f3ec1f R14: 00007fa426612300 R15: 0000000000022000 [ 317.979585][ T426] CPU: 1 PID: 426 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 317.979606][ T426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 317.979616][ T426] Call Trace: [ 317.979622][ T426] dump_stack+0x137/0x19d [ 317.979640][ T426] should_fail+0x23c/0x250 [ 317.979660][ T426] should_fail_usercopy+0x16/0x20 [ 317.979724][ T426] _copy_from_user+0x1c/0xd0 [ 317.979743][ T426] ____sys_sendmsg+0x1a3/0x4d0 [ 317.979772][ T426] ? sendmsg_copy_msghdr+0xc4/0xf0 [ 317.979788][ T426] __sys_sendmsg_sock+0x25/0x30 [ 317.979801][ T426] io_issue_sqe+0x231a/0x6750 [ 317.979816][ T426] ? __list_del_entry_valid+0x54/0xc0 [ 317.979835][ T426] ? rmqueue_pcplist+0x152/0x190 [ 317.979851][ T426] ? rmqueue+0x43/0xd00 [ 317.979865][ T426] ? mntput_no_expire+0x64/0x730 [ 317.979945][ T426] ? get_page_from_freelist+0x53e/0x800 [ 317.979960][ T426] ? fget_many+0x178/0x1a0 [ 317.979979][ T426] __io_queue_sqe+0xe9/0x360 [ 317.979992][ T426] io_submit_sqe+0x1887/0x3360 [ 317.980007][ T426] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 317.980033][ T426] io_submit_sqes+0x5bd/0xbd0 [ 317.980050][ T426] __se_sys_io_uring_enter+0x1e1/0xa80 [ 317.980074][ T426] ? fput+0x2d/0x130 [ 317.980087][ T426] __x64_sys_io_uring_enter+0x74/0x80 [ 317.980106][ T426] do_syscall_64+0x4a/0x90 [ 317.980164][ T426] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 317.980252][ T426] RIP: 0033:0x4665d9 [ 317.980266][ T426] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 317.980282][ T426] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 317.980299][ T426] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 317.980310][ T426] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 317.980327][ T426] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 [ 317.980373][ T426] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 317.980385][ T426] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 [ 318.059704][ T434] FAULT_INJECTION: forcing a failure. [ 318.059704][ T434] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 318.059724][ T434] CPU: 0 PID: 434 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 318.059742][ T434] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 318.059753][ T434] Call Trace: [ 318.059760][ T434] dump_stack+0x137/0x19d [ 318.059784][ T434] should_fail+0x23c/0x250 [ 318.059802][ T434] should_fail_usercopy+0x16/0x20 [ 318.059834][ T434] _copy_from_user+0x1c/0xd0 [ 318.059856][ T434] __copy_msghdr_from_user+0x44/0x350 [ 318.059881][ T434] ? unix_seqpacket_sendmsg+0xc2/0x100 [ 318.059900][ T434] ? unix_dgram_peer_wake_me+0x310/0x310 [ 318.059963][ T434] ? ____sys_sendmsg+0x428/0x4d0 [ 318.059980][ T434] sendmsg_copy_msghdr+0x4f/0xf0 [ 318.059998][ T434] io_issue_sqe+0x250b/0x6750 [ 318.060082][ T434] ? __list_del_entry_valid+0x54/0xc0 [ 318.060108][ T434] ? rmqueue_pcplist+0x152/0x190 [ 318.060144][ T434] ? rmqueue+0x43/0xd00 [ 318.060157][ T434] ? mntput_no_expire+0x64/0x730 [ 318.060176][ T434] ? get_page_from_freelist+0x53e/0x800 [ 318.060190][ T434] ? fget_many+0x178/0x1a0 [ 318.060243][ T434] ? kcsan_setup_watchpoint+0x26e/0x470 [ 318.060290][ T434] __io_queue_sqe+0xe9/0x360 [ 318.060303][ T434] io_submit_sqe+0x1887/0x3360 [ 318.060320][ T434] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 318.060339][ T434] io_submit_sqes+0x5bd/0xbd0 [ 318.060353][ T434] __se_sys_io_uring_enter+0x1e1/0xa80 [ 318.060378][ T434] ? fput+0x2d/0x130 [ 318.060394][ T434] __x64_sys_io_uring_enter+0x74/0x80 [ 318.060448][ T434] do_syscall_64+0x4a/0x90 [ 318.060464][ T434] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 318.060489][ T434] RIP: 0033:0x4665d9 14:04:33 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000203c70004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:33 executing program 0 (fault-call:8 fault-nth:14): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:33 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0xf5ffffff, 0x0, 0x0) 14:04:33 executing program 2: syz_io_uring_submit(0x0, 0x0, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x2, 0x0, 0x0, 0x0, 0x23456}, 0x8) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(0xffffffffffffffff, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:33 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:33 executing program 1 (fault-call:9 fault-nth:84): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 318.060499][ T434] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 318.060515][ T434] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 318.060530][ T434] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 318.060539][ T434] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 318.060548][ T434] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 [ 318.060558][ T434] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 318.060570][ T434] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 14:04:33 executing program 2: syz_io_uring_submit(0x0, 0x0, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x2, 0x0, 0x0, 0x0, 0x23456}, 0x8) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(0xffffffffffffffff, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 318.685470][ T448] loop3: detected capacity change from 0 to 270 [ 318.688537][ T456] FAULT_INJECTION: forcing a failure. [ 318.688537][ T456] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 318.704844][ T456] CPU: 1 PID: 456 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 318.704864][ T456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 318.704872][ T456] Call Trace: [ 318.704878][ T456] dump_stack+0x137/0x19d 14:04:33 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0xf7ffffff, 0x0, 0x0) [ 318.732453][ T456] should_fail+0x23c/0x250 [ 318.732479][ T456] should_fail_usercopy+0x16/0x20 [ 318.732571][ T456] _copy_from_user+0x1c/0xd0 [ 318.732590][ T456] ____sys_sendmsg+0x1a3/0x4d0 [ 318.732660][ T456] ? sendmsg_copy_msghdr+0xc4/0xf0 [ 318.732679][ T456] __sys_sendmsg_sock+0x25/0x30 [ 318.732697][ T456] io_issue_sqe+0x231a/0x6750 14:04:33 executing program 2: syz_io_uring_submit(0x0, 0x0, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x2, 0x0, 0x0, 0x0, 0x23456}, 0x8) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(0xffffffffffffffff, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:33 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000203c80004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:33 executing program 0 (fault-call:8 fault-nth:15): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 318.732715][ T456] ? __list_del_entry_valid+0x54/0xc0 [ 318.732734][ T456] ? rmqueue_pcplist+0x152/0x190 [ 318.732754][ T456] ? rmqueue+0x43/0xd00 [ 318.732771][ T456] ? mntput_no_expire+0x64/0x730 [ 318.732809][ T456] ? get_page_from_freelist+0x53e/0x800 [ 318.732841][ T456] ? fget_many+0x178/0x1a0 14:04:33 executing program 2: r0 = syz_io_uring_setup(0x0, &(0x7f0000000440)={0x0, 0x0, 0x1, 0x0, 0x8b}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x2, 0x0, 0x0, 0x0, 0x23456}, 0x8) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:33 executing program 0 (fault-call:8 fault-nth:16): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 318.732861][ T456] __io_queue_sqe+0xe9/0x360 [ 318.732874][ T456] io_submit_sqe+0x1887/0x3360 [ 318.732888][ T456] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 318.732904][ T456] io_submit_sqes+0x5bd/0xbd0 14:04:33 executing program 2: r0 = syz_io_uring_setup(0x0, &(0x7f0000000440)={0x0, 0x0, 0x1, 0x0, 0x8b}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x2, 0x0, 0x0, 0x0, 0x23456}, 0x8) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:33 executing program 1 (fault-call:9 fault-nth:85): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 318.732919][ T456] __se_sys_io_uring_enter+0x1e1/0xa80 [ 318.733007][ T456] ? fput+0x2d/0x130 [ 318.733025][ T456] __x64_sys_io_uring_enter+0x74/0x80 [ 318.733049][ T456] do_syscall_64+0x4a/0x90 [ 318.733068][ T456] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 318.733142][ T456] RIP: 0033:0x4665d9 [ 318.733154][ T456] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 318.733170][ T456] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 318.733190][ T456] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 318.733210][ T456] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 318.733224][ T456] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 [ 318.733236][ T456] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 318.733249][ T456] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 [ 318.750794][ T448] FAT-fs (loop3): bogus number of directory entries (50947) [ 318.750811][ T448] FAT-fs (loop3): Can't find a valid FAT filesystem [ 318.756567][ T462] FAULT_INJECTION: forcing a failure. [ 318.756567][ T462] name failslab, interval 1, probability 0, space 0, times 0 [ 318.756649][ T462] CPU: 0 PID: 462 Comm: syz-executor.1 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 318.756665][ T462] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 318.756675][ T462] Call Trace: [ 318.756682][ T462] dump_stack+0x137/0x19d [ 318.756712][ T462] should_fail+0x23c/0x250 [ 318.756732][ T462] ? sock_kmalloc+0x77/0xb0 [ 318.756751][ T462] __should_failslab+0x81/0x90 [ 318.756785][ T462] should_failslab+0x5/0x20 [ 318.756829][ T462] __kmalloc+0x66/0x340 [ 318.756849][ T462] sock_kmalloc+0x77/0xb0 [ 318.756867][ T462] ____sys_sendmsg+0x107/0x4d0 [ 318.756880][ T462] ? sendmsg_copy_msghdr+0xc4/0xf0 [ 318.756893][ T462] __sys_sendmsg_sock+0x25/0x30 [ 318.756915][ T462] io_issue_sqe+0x231a/0x6750 [ 318.756930][ T462] ? __list_del_entry_valid+0x54/0xc0 [ 318.756950][ T462] ? rmqueue_pcplist+0x152/0x190 [ 318.756969][ T462] ? _find_next_bit+0x188/0x190 [ 318.756988][ T462] ? pcpu_block_refresh_hint+0x191/0x1a0 [ 318.757073][ T462] ? pcpu_block_update_hint_alloc+0x230/0x720 [ 318.757095][ T462] ? kmem_cache_alloc+0x201/0x2f0 [ 318.757115][ T462] ? xas_create+0x96b/0xb30 [ 318.757136][ T462] ? xas_create+0xae3/0xb30 [ 318.757156][ T462] ? fget_many+0x178/0x1a0 [ 318.757228][ T462] __io_queue_sqe+0xe9/0x360 [ 318.757244][ T462] io_submit_sqe+0x1887/0x3360 [ 318.757262][ T462] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 318.757283][ T462] io_submit_sqes+0x5bd/0xbd0 [ 318.757346][ T462] __se_sys_io_uring_enter+0x1e1/0xa80 [ 318.757366][ T462] ? fput+0x2d/0x130 [ 318.757445][ T462] __x64_sys_io_uring_enter+0x74/0x80 [ 318.757464][ T462] do_syscall_64+0x4a/0x90 [ 318.757479][ T462] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 318.757497][ T462] RIP: 0033:0x4665d9 [ 318.757507][ T462] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 318.757521][ T462] RSP: 002b:00007fa426612188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 318.757548][ T462] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665d9 [ 318.757561][ T462] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 318.757570][ T462] RBP: 00007fa4266121d0 R08: 0000000000000000 R09: 0000000000000000 [ 318.757579][ T462] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 318.757665][ T462] R13: 00007fffc1f3ec1f R14: 00007fa426612300 R15: 0000000000022000 [ 318.855020][ T479] FAULT_INJECTION: forcing a failure. [ 318.855020][ T479] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 318.855039][ T479] CPU: 1 PID: 479 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 318.855055][ T479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 318.855111][ T479] Call Trace: [ 318.855118][ T479] dump_stack+0x137/0x19d [ 318.855141][ T479] should_fail+0x23c/0x250 [ 318.855157][ T479] should_fail_usercopy+0x16/0x20 [ 318.855172][ T479] _copy_from_user+0x1c/0xd0 [ 318.855197][ T479] __copy_msghdr_from_user+0x44/0x350 [ 318.855212][ T479] ? unix_seqpacket_sendmsg+0xc2/0x100 [ 318.855228][ T479] ? unix_dgram_peer_wake_me+0x310/0x310 [ 318.855287][ T479] ? ____sys_sendmsg+0x428/0x4d0 [ 318.855301][ T479] sendmsg_copy_msghdr+0x4f/0xf0 [ 318.855315][ T479] io_issue_sqe+0x250b/0x6750 [ 318.855330][ T479] ? __list_del_entry_valid+0x54/0xc0 [ 318.855347][ T479] ? rmqueue_pcplist+0x152/0x190 [ 318.855363][ T479] ? rmqueue+0x43/0xd00 [ 318.855379][ T479] ? kcsan_setup_watchpoint+0x26e/0x470 [ 318.855473][ T479] ? mntput_no_expire+0x64/0x730 [ 318.855538][ T479] ? get_page_from_freelist+0x53e/0x800 [ 318.855555][ T479] ? fget_many+0x178/0x1a0 [ 318.855571][ T479] __io_queue_sqe+0xe9/0x360 [ 318.855584][ T479] io_submit_sqe+0x1887/0x3360 [ 318.855603][ T479] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 318.855631][ T479] io_submit_sqes+0x5bd/0xbd0 [ 318.855649][ T479] __se_sys_io_uring_enter+0x1e1/0xa80 [ 318.855672][ T479] ? fput+0x2d/0x130 [ 318.855687][ T479] __x64_sys_io_uring_enter+0x74/0x80 [ 318.855727][ T479] do_syscall_64+0x4a/0x90 [ 318.855743][ T479] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 318.855761][ T479] RIP: 0033:0x4665d9 [ 318.855772][ T479] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 318.855790][ T479] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 318.855873][ T479] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 318.855883][ T479] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 318.855893][ T479] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 [ 318.855907][ T479] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 318.855920][ T479] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 [ 318.861375][ T478] loop3: detected capacity change from 0 to 270 [ 318.863231][ T478] FAT-fs (loop3): bogus number of directory entries (51203) [ 318.863247][ T478] FAT-fs (loop3): Can't find a valid FAT filesystem [ 318.885635][ T487] FAULT_INJECTION: forcing a failure. [ 318.885635][ T487] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 319.517489][ T487] CPU: 0 PID: 487 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 14:04:34 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) socket$inet(0x2, 0x1, 0x0) r5 = socket$inet(0x2, 0x1, 0x0) syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) setsockopt$SO_ATTACH_FILTER(r6, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000000)=[{0x6}]}, 0x10) getsockopt$sock_buf(r6, 0x1, 0x1a, &(0x7f0000000100)=""/206, &(0x7f0000000200)=0xce) bind$inet(r5, &(0x7f0000000280)={0x2, 0x4e24, @remote}, 0x10) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x30, &(0x7f00000000c0)=[@rights={{0x10}}], 0x10}], 0x1, 0x200c4845) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000100)=""/206, &(0x7f0000000200)=0xce) write(0xffffffffffffffff, &(0x7f0000000300)="c9ced145a4e5c1434ded980ae78031153bca5c539e37a5713fed7ef7e287c19481aadac868288840019ba38fc1fd5e774ae714a92d3b425231fed48ddcda9279e43c95ea90c80903d659872d4915ce5a0204d9cf9d4f5ff20b8db1c26eede0f83342403e6e3c4e3e2bff162d00dd221defc9dfd02f8a9793b56af30a09a6a10b54609982e77420138a45799cb1a93760406d3c99628a1bb5b8b9c0f82c4883cff5", 0xa1) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) r7 = dup(r4) syz_genetlink_get_family_id$mptcp(&(0x7f0000000240), r7) r8 = mmap$IORING_OFF_SQ_RING(&(0x7f00000cc000/0x4000)=nil, 0x4000, 0x4, 0x4000010, r0, 0x0) syz_io_uring_submit(r8, r2, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, {0x8154}, 0x1}, 0x4) 14:04:34 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000203c90004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) [ 319.517510][ T487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 14:04:34 executing program 0 (fault-call:8 fault-nth:17): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:34 executing program 2: r0 = syz_io_uring_setup(0x0, &(0x7f0000000440)={0x0, 0x0, 0x1, 0x0, 0x8b}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x2, 0x0, 0x0, 0x0, 0x23456}, 0x8) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 319.517519][ T487] Call Trace: [ 319.517525][ T487] dump_stack+0x137/0x19d [ 319.517546][ T487] should_fail+0x23c/0x250 [ 319.517561][ T487] should_fail_usercopy+0x16/0x20 [ 319.517607][ T487] _copy_from_user+0x1c/0xd0 [ 319.517625][ T487] ____sys_sendmsg+0x1a3/0x4d0 [ 319.517681][ T487] ? sendmsg_copy_msghdr+0xc4/0xf0 [ 319.517700][ T487] __sys_sendmsg_sock+0x25/0x30 [ 319.517718][ T487] io_issue_sqe+0x231a/0x6750 [ 319.517746][ T487] ? __list_del_entry_valid+0x54/0xc0 [ 319.517762][ T487] ? rmqueue_pcplist+0x152/0x190 [ 319.517816][ T487] ? rmqueue+0x43/0xd00 [ 319.517905][ T487] ? mntput_no_expire+0x64/0x730 [ 319.517930][ T487] ? get_page_from_freelist+0x53e/0x800 [ 319.517949][ T487] ? fget_many+0x178/0x1a0 [ 319.517970][ T487] __io_queue_sqe+0xe9/0x360 [ 319.517986][ T487] io_submit_sqe+0x1887/0x3360 [ 319.518001][ T487] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 319.518100][ T487] io_submit_sqes+0x5bd/0xbd0 [ 319.518120][ T487] __se_sys_io_uring_enter+0x1e1/0xa80 [ 319.518145][ T487] ? fput+0x2d/0x130 [ 319.518159][ T487] __x64_sys_io_uring_enter+0x74/0x80 [ 319.518182][ T487] do_syscall_64+0x4a/0x90 [ 319.518208][ T487] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 319.518230][ T487] RIP: 0033:0x4665d9 [ 319.518242][ T487] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 319.518256][ T487] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 319.518272][ T487] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 319.518344][ T487] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 319.518358][ T487] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 [ 319.518372][ T487] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 319.518385][ T487] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 [ 319.604190][ T502] loop3: detected capacity change from 0 to 270 [ 319.614435][ T502] FAT-fs (loop3): bogus number of directory entries (51459) [ 319.614450][ T502] FAT-fs (loop3): Can't find a valid FAT filesystem [ 319.621375][ T507] FAULT_INJECTION: forcing a failure. [ 319.621375][ T507] name failslab, interval 1, probability 0, space 0, times 0 [ 319.621399][ T507] CPU: 0 PID: 507 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 319.621421][ T507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 319.621432][ T507] Call Trace: [ 319.621486][ T507] dump_stack+0x137/0x19d [ 319.621511][ T507] should_fail+0x23c/0x250 [ 319.621530][ T507] __should_failslab+0x81/0x90 [ 319.621555][ T507] should_failslab+0x5/0x20 [ 319.621579][ T507] kmem_cache_alloc_bulk+0x40/0x340 [ 319.621623][ T507] io_submit_sqes+0x4a3/0xbd0 [ 319.621687][ T507] __se_sys_io_uring_enter+0x1e1/0xa80 [ 319.621714][ T507] ? fput+0x2d/0x130 [ 319.621731][ T507] __x64_sys_io_uring_enter+0x74/0x80 [ 319.621758][ T507] do_syscall_64+0x4a/0x90 [ 319.621781][ T507] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 319.621806][ T507] RIP: 0033:0x4665d9 [ 319.621820][ T507] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 319.621838][ T507] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 319.621858][ T507] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 319.621872][ T507] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 319.621884][ T507] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 [ 319.621898][ T507] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 319.621934][ T507] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 [ 319.643516][ T509] FAULT_INJECTION: forcing a failure. [ 319.643516][ T509] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 319.643541][ T509] CPU: 0 PID: 509 Comm: syz-executor.1 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 319.643563][ T509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 319.643571][ T509] Call Trace: [ 319.643577][ T509] dump_stack+0x137/0x19d [ 319.643600][ T509] should_fail+0x23c/0x250 [ 319.643682][ T509] should_fail_usercopy+0x16/0x20 [ 319.643702][ T509] _copy_from_user+0x1c/0xd0 [ 319.643720][ T509] ____sys_sendmsg+0x1a3/0x4d0 [ 319.643735][ T509] ? sendmsg_copy_msghdr+0xc4/0xf0 [ 319.643749][ T509] __sys_sendmsg_sock+0x25/0x30 [ 319.643762][ T509] io_issue_sqe+0x231a/0x6750 [ 319.643779][ T509] ? __list_del_entry_valid+0x54/0xc0 [ 319.643803][ T509] ? rmqueue_pcplist+0x152/0x190 [ 319.643822][ T509] ? rmqueue+0x43/0xd00 [ 319.643839][ T509] ? _find_next_bit+0x16a/0x190 [ 319.643856][ T509] ? kmem_cache_alloc+0x201/0x2f0 [ 319.643882][ T509] ? xas_create+0x96b/0xb30 [ 319.643903][ T509] ? xas_create+0xae3/0xb30 [ 319.643971][ T509] ? fget_many+0x178/0x1a0 [ 319.643994][ T509] __io_queue_sqe+0xe9/0x360 [ 319.644011][ T509] io_submit_sqe+0x1887/0x3360 [ 319.644034][ T509] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 319.644055][ T509] io_submit_sqes+0x5bd/0xbd0 [ 319.644074][ T509] __se_sys_io_uring_enter+0x1e1/0xa80 [ 319.644098][ T509] ? fput+0x2d/0x130 [ 319.644110][ T509] __x64_sys_io_uring_enter+0x74/0x80 [ 319.644210][ T509] do_syscall_64+0x4a/0x90 [ 319.644231][ T509] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 319.644249][ T509] RIP: 0033:0x4665d9 [ 319.644259][ T509] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 319.644322][ T509] RSP: 002b:00007fa426612188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 319.644341][ T509] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665d9 [ 319.644354][ T509] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 319.644366][ T509] RBP: 00007fa4266121d0 R08: 0000000000000000 R09: 0000000000000000 [ 319.644376][ T509] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 319.644385][ T509] R13: 00007fffc1f3ec1f R14: 00007fa426612300 R15: 0000000000022000 [ 319.662432][ T512] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=512 comm=syz-executor.5 14:04:35 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000203ca0004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:35 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0xfffffdef, 0x0, 0x0) 14:04:35 executing program 0 (fault-call:8 fault-nth:18): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:35 executing program 2: r0 = syz_io_uring_setup(0x187, 0x0, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x2, 0x0, 0x0, 0x0, 0x23456}, 0x8) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:35 executing program 1 (fault-call:9 fault-nth:86): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 320.259436][ T512] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=512 comm=syz-executor.5 [ 320.303665][ T528] FAULT_INJECTION: forcing a failure. 14:04:35 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) syz_open_dev$vcsn(&(0x7f00000002c0), 0x80000000, 0x2000) r3 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r3, 0x0) ioctl$FS_IOC_FSSETXATTR(r3, 0x401c5820, &(0x7f0000000040)={0x8}) r4 = syz_io_uring_setup(0x10000d90, &(0x7f0000000180)={0x0, 0x2000718d, 0x8, 0x0, 0x3a4, 0x0, r3}, &(0x7f00006d6000/0x2000)=nil, &(0x7f00000cc000/0x2000)=nil, &(0x7f0000000240), &(0x7f0000000280)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r5, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) setsockopt$SO_ATTACH_FILTER(r6, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000000)=[{0x6}]}, 0x10) getsockopt$sock_buf(r6, 0x1, 0x1a, &(0x7f0000000100)=""/206, &(0x7f0000000200)=0xce) ioctl$EXT4_IOC_MOVE_EXT(r6, 0xc028660f, &(0x7f0000000300)={0x0, r3, 0x32, 0x2a5, 0x9, 0x6}) r7 = socket$nl_audit(0x10, 0x3, 0x9) socket$inet(0x2, 0x1, 0x0) r8 = socket$inet(0x2, 0x1, 0x0) r9 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) socket$netlink(0x10, 0x3, 0x7) sendmmsg$unix(r5, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r7, r4, r5, r8, r9]}}], 0x28, 0x40004}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:35 executing program 2: r0 = syz_io_uring_setup(0x187, 0x0, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x2, 0x0, 0x0, 0x0, 0x23456}, 0x8) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 320.303665][ T528] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 320.316765][ T528] CPU: 0 PID: 528 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 320.326748][ T528] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 320.336816][ T528] Call Trace: [ 320.340095][ T528] dump_stack+0x137/0x19d [ 320.344469][ T528] should_fail+0x23c/0x250 [ 320.348898][ T528] should_fail_usercopy+0x16/0x20 [ 320.351056][ T527] loop3: detected capacity change from 0 to 270 [ 320.354014][ T528] _copy_from_user+0x1c/0xd0 [ 320.354042][ T528] __copy_msghdr_from_user+0x44/0x350 [ 320.354061][ T528] ? unix_seqpacket_sendmsg+0xc2/0x100 [ 320.375633][ T528] ? unix_dgram_peer_wake_me+0x310/0x310 [ 320.376487][ T527] FAT-fs (loop3): bogus number of directory entries (51715) [ 320.381270][ T528] ? ____sys_sendmsg+0x428/0x4d0 [ 320.381292][ T528] sendmsg_copy_msghdr+0x4f/0xf0 [ 320.388568][ T527] FAT-fs (loop3): Can't find a valid FAT filesystem [ 320.393462][ T528] io_issue_sqe+0x250b/0x6750 [ 320.409689][ T528] ? __list_del_entry_valid+0x54/0xc0 14:04:35 executing program 0 (fault-call:8 fault-nth:19): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:35 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000203cb0004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) [ 320.409712][ T528] ? rmqueue_pcplist+0x152/0x190 [ 320.409731][ T528] ? rmqueue+0x43/0xd00 [ 320.409745][ T528] ? mntput_no_expire+0x64/0x730 [ 320.409764][ T528] ? get_page_from_freelist+0x53e/0x800 14:04:35 executing program 2: r0 = syz_io_uring_setup(0x187, 0x0, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x2, 0x0, 0x0, 0x0, 0x23456}, 0x8) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:35 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000203cc0004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:35 executing program 1 (fault-call:9 fault-nth:87): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 320.409850][ T528] ? fget_many+0x178/0x1a0 [ 320.409867][ T528] __io_queue_sqe+0xe9/0x360 [ 320.409896][ T528] io_submit_sqe+0x1887/0x3360 [ 320.409918][ T528] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 320.409942][ T528] io_submit_sqes+0x5bd/0xbd0 [ 320.409959][ T528] __se_sys_io_uring_enter+0x1e1/0xa80 [ 320.409998][ T528] ? fput+0x2d/0x130 14:04:35 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x8b}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x2, 0x0, 0x0, 0x0, 0x23456}, 0x8) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 320.410022][ T528] __x64_sys_io_uring_enter+0x74/0x80 [ 320.410047][ T528] do_syscall_64+0x4a/0x90 [ 320.410071][ T528] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 320.410105][ T528] RIP: 0033:0x4665d9 [ 320.410116][ T528] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 320.410219][ T528] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 320.410238][ T528] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 320.410251][ T528] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 320.410262][ T528] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 [ 320.410271][ T528] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 320.410281][ T528] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 [ 320.467726][ T546] FAULT_INJECTION: forcing a failure. [ 320.467726][ T546] name failslab, interval 1, probability 0, space 0, times 0 [ 320.467805][ T546] CPU: 1 PID: 546 Comm: syz-executor.1 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 320.467827][ T546] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 320.467837][ T546] Call Trace: [ 320.467844][ T546] dump_stack+0x137/0x19d [ 320.467868][ T546] should_fail+0x23c/0x250 [ 320.467966][ T546] __should_failslab+0x81/0x90 [ 320.467986][ T546] ? __scm_send+0x3d5/0xa40 [ 320.468009][ T546] should_failslab+0x5/0x20 [ 320.468055][ T546] kmem_cache_alloc_trace+0x49/0x310 [ 320.468077][ T546] __scm_send+0x3d5/0xa40 [ 320.468096][ T546] ? __perf_event_task_sched_in+0x471/0x4c0 [ 320.468179][ T546] ? selinux_socket_getpeersec_dgram+0x1de/0x250 [ 320.468201][ T546] unix_dgram_sendmsg+0xc0/0x1610 [ 320.468291][ T546] ? finish_task_switch+0xce/0x290 [ 320.468314][ T546] ? sock_kmalloc+0x77/0xb0 [ 320.468330][ T546] ? selinux_socket_sendmsg+0x7e/0x140 [ 320.468412][ T546] ? __kmalloc+0x23d/0x340 [ 320.468504][ T546] unix_seqpacket_sendmsg+0xc2/0x100 [ 320.468522][ T546] ? unix_dgram_peer_wake_me+0x310/0x310 [ 320.468539][ T546] ____sys_sendmsg+0x360/0x4d0 [ 320.468556][ T546] ? sendmsg_copy_msghdr+0xc4/0xf0 [ 320.468588][ T546] __sys_sendmsg_sock+0x25/0x30 [ 320.468601][ T546] io_issue_sqe+0x231a/0x6750 [ 320.468614][ T546] ? __list_del_entry_valid+0x54/0xc0 [ 320.468630][ T546] ? rmqueue_pcplist+0x152/0x190 [ 320.468644][ T546] ? rmqueue+0x43/0xd00 [ 320.468660][ T546] ? _find_next_bit+0x16a/0x190 [ 320.468679][ T546] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 320.468760][ T546] ? kcsan_setup_watchpoint+0x436/0x470 [ 320.468855][ T546] ? kcsan_setup_watchpoint+0x26e/0x470 [ 320.468879][ T546] __io_queue_sqe+0xe9/0x360 [ 320.468896][ T546] io_submit_sqe+0x1887/0x3360 [ 320.468965][ T546] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 320.468987][ T546] io_submit_sqes+0x5bd/0xbd0 [ 320.469013][ T546] __se_sys_io_uring_enter+0x1e1/0xa80 [ 320.469034][ T546] ? fput+0x2d/0x130 [ 320.469088][ T546] __x64_sys_io_uring_enter+0x74/0x80 [ 320.469114][ T546] do_syscall_64+0x4a/0x90 [ 320.469136][ T546] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 320.469161][ T546] RIP: 0033:0x4665d9 [ 320.469203][ T546] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 320.469222][ T546] RSP: 002b:00007fa426612188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 320.469240][ T546] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665d9 [ 320.469249][ T546] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 320.469258][ T546] RBP: 00007fa4266121d0 R08: 0000000000000000 R09: 0000000000000000 [ 320.469267][ T546] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 320.469276][ T546] R13: 00007fffc1f3ec1f R14: 00007fa426612300 R15: 0000000000022000 [ 320.486630][ T552] loop3: detected capacity change from 0 to 270 [ 320.489361][ T552] FAT-fs (loop3): bogus number of directory entries (51971) [ 320.489383][ T552] FAT-fs (loop3): Can't find a valid FAT filesystem [ 320.512725][ T558] FAULT_INJECTION: forcing a failure. [ 320.512725][ T558] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 320.512749][ T558] CPU: 0 PID: 558 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 320.512770][ T558] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 320.512780][ T558] Call Trace: [ 320.512787][ T558] dump_stack+0x137/0x19d [ 320.512879][ T558] should_fail+0x23c/0x250 [ 320.512896][ T558] should_fail_usercopy+0x16/0x20 [ 320.512916][ T558] _copy_from_user+0x1c/0xd0 [ 320.512934][ T558] ____sys_sendmsg+0x1a3/0x4d0 [ 320.513029][ T558] ? sendmsg_copy_msghdr+0xc4/0xf0 [ 320.513043][ T558] __sys_sendmsg_sock+0x25/0x30 [ 320.513061][ T558] io_issue_sqe+0x231a/0x6750 [ 320.513079][ T558] ? __list_del_entry_valid+0x54/0xc0 [ 320.513147][ T558] ? rmqueue_pcplist+0x152/0x190 [ 320.513167][ T558] ? rmqueue+0x43/0xd00 [ 320.616688][ T566] FAULT_INJECTION: forcing a failure. [ 320.616688][ T566] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 320.616762][ T558] ? mntput_no_expire+0x64/0x730 [ 321.037499][ T558] ? get_page_from_freelist+0x53e/0x800 [ 321.037520][ T558] ? fget_many+0x178/0x1a0 [ 321.037582][ T558] __io_queue_sqe+0xe9/0x360 [ 321.037689][ T558] io_submit_sqe+0x1887/0x3360 [ 321.037703][ T558] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 321.037721][ T558] io_submit_sqes+0x5bd/0xbd0 [ 321.037736][ T558] __se_sys_io_uring_enter+0x1e1/0xa80 14:04:35 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0xfffffff5, 0x0, 0x0) 14:04:35 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x8b}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x2, 0x0, 0x0, 0x0, 0x23456}, 0x8) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:35 executing program 0 (fault-call:8 fault-nth:20): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 321.037755][ T558] ? fput+0x2d/0x130 [ 321.037769][ T558] __x64_sys_io_uring_enter+0x74/0x80 [ 321.037874][ T558] do_syscall_64+0x4a/0x90 [ 321.037891][ T558] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 321.037970][ T558] RIP: 0033:0x4665d9 [ 321.037982][ T558] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 321.038052][ T558] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 321.038067][ T558] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 321.038077][ T558] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 321.038086][ T558] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 [ 321.038096][ T558] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 321.038105][ T558] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 [ 321.038118][ T566] CPU: 1 PID: 566 Comm: syz-executor.1 Tainted: G W 5.13.0-rc2-syzkaller #0 14:04:35 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x8b}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x2, 0x0, 0x0, 0x0, 0x23456}, 0x8) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 321.038140][ T566] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 321.038149][ T566] Call Trace: [ 321.038154][ T566] dump_stack+0x137/0x19d [ 321.038188][ T566] should_fail+0x23c/0x250 [ 321.038206][ T566] should_fail_usercopy+0x16/0x20 [ 321.038252][ T566] _copy_from_user+0x1c/0xd0 [ 321.038273][ T566] __copy_msghdr_from_user+0x44/0x350 [ 321.038292][ T566] ? sock_kfree_s+0x24/0x40 [ 321.038311][ T566] ? ____sys_sendmsg+0x421/0x4d0 [ 321.038326][ T566] sendmsg_copy_msghdr+0x4f/0xf0 [ 321.038342][ T566] io_issue_sqe+0x250b/0x6750 [ 321.038359][ T566] ? __list_del_entry_valid+0x54/0xc0 [ 321.038453][ T566] ? rmqueue_pcplist+0x152/0x190 [ 321.038473][ T566] ? rmqueue+0x43/0xd00 [ 321.038490][ T566] ? _find_next_bit+0x16a/0x190 [ 321.038511][ T566] ? kmem_cache_alloc+0x201/0x2f0 [ 321.038546][ T566] ? xas_create+0x96b/0xb30 [ 321.038564][ T566] ? xas_create+0xae3/0xb30 [ 321.038580][ T566] ? fget_many+0x178/0x1a0 [ 321.038671][ T566] __io_queue_sqe+0xe9/0x360 [ 321.038732][ T566] io_submit_sqe+0x1887/0x3360 [ 321.038752][ T566] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 321.038865][ T566] io_submit_sqes+0x5bd/0xbd0 [ 321.038902][ T566] __se_sys_io_uring_enter+0x1e1/0xa80 [ 321.038928][ T566] ? fput+0x2d/0x130 [ 321.038952][ T566] __x64_sys_io_uring_enter+0x74/0x80 [ 321.038979][ T566] do_syscall_64+0x4a/0x90 [ 321.039007][ T566] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 321.039048][ T566] RIP: 0033:0x4665d9 [ 321.039062][ T566] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 321.039081][ T566] RSP: 002b:00007fa426612188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 321.039171][ T566] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665d9 [ 321.039181][ T566] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 321.039191][ T566] RBP: 00007fa4266121d0 R08: 0000000000000000 R09: 0000000000000000 [ 321.039201][ T566] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 321.039211][ T566] R13: 00007fffc1f3ec1f R14: 00007fa426612300 R15: 0000000000022000 [ 321.090156][ T570] loop3: detected capacity change from 0 to 270 [ 321.145539][ T579] FAULT_INJECTION: forcing a failure. [ 321.145539][ T579] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 321.218483][ T570] FAT-fs (loop3): bogus number of directory entries (52227) [ 321.218690][ T579] CPU: 0 PID: 579 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 321.218713][ T579] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 321.223726][ T570] FAT-fs (loop3): Can't find a valid FAT filesystem [ 321.228364][ T579] Call Trace: [ 321.228371][ T579] dump_stack+0x137/0x19d [ 321.228395][ T579] should_fail+0x23c/0x250 [ 321.470981][ T579] should_fail_usercopy+0x16/0x20 [ 321.471004][ T579] _copy_from_user+0x1c/0xd0 [ 321.471084][ T579] __copy_msghdr_from_user+0x44/0x350 [ 321.471136][ T579] ? unix_seqpacket_sendmsg+0xc2/0x100 [ 321.471179][ T579] ? unix_dgram_peer_wake_me+0x310/0x310 [ 321.471192][ T579] ? ____sys_sendmsg+0x428/0x4d0 [ 321.471206][ T579] sendmsg_copy_msghdr+0x4f/0xf0 [ 321.471219][ T579] io_issue_sqe+0x250b/0x6750 [ 321.471299][ T579] ? __list_del_entry_valid+0x54/0xc0 [ 321.471315][ T579] ? rmqueue_pcplist+0x152/0x190 [ 321.471330][ T579] ? rmqueue+0x43/0xd00 [ 321.471343][ T579] ? mntput_no_expire+0x64/0x730 [ 321.471363][ T579] ? get_page_from_freelist+0x53e/0x800 [ 321.471448][ T579] ? fget_many+0x178/0x1a0 [ 321.471464][ T579] __io_queue_sqe+0xe9/0x360 [ 321.471477][ T579] io_submit_sqe+0x1887/0x3360 [ 321.471491][ T579] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 321.471554][ T579] io_submit_sqes+0x5bd/0xbd0 [ 321.471569][ T579] __se_sys_io_uring_enter+0x1e1/0xa80 [ 321.471591][ T579] ? fput+0x2d/0x130 [ 321.471605][ T579] __x64_sys_io_uring_enter+0x74/0x80 [ 321.471665][ T579] do_syscall_64+0x4a/0x90 [ 321.471682][ T579] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 321.471701][ T579] RIP: 0033:0x4665d9 [ 321.471712][ T579] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 321.471758][ T579] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 321.471773][ T579] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 321.471782][ T579] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 14:04:36 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x2, 0x0, 0x0, 0x0, 0x23456}, 0x8) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:36 executing program 0 (fault-call:8 fault-nth:21): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:36 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x800, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) r8 = accept$inet(r5, &(0x7f0000000240)={0x2, 0x0, @private}, &(0x7f0000000280)=0x10) mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x0, 0x12, r8, 0xb0123000) r9 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x10000, 0x14) setsockopt$inet_tcp_TLS_RX(r9, 0x6, 0x2, &(0x7f00000001c0)=@ccm_128={{0x304}, "c3af5393e22be6b1", "d0dadc2d72ac6405091956c35110eb37", "97746905", "d0920d89b519bcd5"}, 0x28) 14:04:36 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000203cd0004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:36 executing program 1 (fault-call:9 fault-nth:88): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 321.471792][ T579] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 [ 321.471801][ T579] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 321.471810][ T579] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 14:04:36 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0xfffffff7, 0x0, 0x0) 14:04:36 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, 0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(0x0, r1, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x2, 0x0, 0x0, 0x0, 0x23456}, 0x8) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 321.732696][ T611] FAULT_INJECTION: forcing a failure. [ 321.732696][ T611] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 321.737532][ T614] FAULT_INJECTION: forcing a failure. [ 321.737532][ T614] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 321.745761][ T611] CPU: 0 PID: 611 Comm: syz-executor.1 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 321.768711][ T611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 321.778749][ T611] Call Trace: [ 321.782012][ T611] dump_stack+0x137/0x19d [ 321.786366][ T611] should_fail+0x23c/0x250 [ 321.790767][ T611] should_fail_usercopy+0x16/0x20 [ 321.795772][ T611] _copy_from_user+0x1c/0xd0 [ 321.800410][ T611] ____sys_sendmsg+0x1a3/0x4d0 [ 321.805154][ T611] ? sendmsg_copy_msghdr+0xc4/0xf0 [ 321.810307][ T611] __sys_sendmsg_sock+0x25/0x30 [ 321.815207][ T611] io_issue_sqe+0x231a/0x6750 [ 321.819864][ T611] ? avc_has_perm+0x59/0x150 [ 321.824438][ T611] ? avc_has_perm+0xc8/0x150 [ 321.829009][ T611] ? __fsnotify_parent+0x32f/0x430 [ 321.834104][ T611] ? mntput_no_expire+0x64/0x730 [ 321.839027][ T611] ? terminate_walk+0x261/0x270 [ 321.843872][ T611] ? path_openat+0x19ab/0x20b0 [ 321.848744][ T611] ? fget_many+0x178/0x1a0 [ 321.853143][ T611] __io_queue_sqe+0xe9/0x360 [ 321.857713][ T611] io_submit_sqe+0x1887/0x3360 [ 321.862522][ T611] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 321.867967][ T611] io_submit_sqes+0x5bd/0xbd0 [ 321.872623][ T611] __se_sys_io_uring_enter+0x1e1/0xa80 [ 321.878069][ T611] ? fput+0x2d/0x130 [ 321.882029][ T611] __x64_sys_io_uring_enter+0x74/0x80 [ 321.887408][ T611] do_syscall_64+0x4a/0x90 [ 321.891878][ T611] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 321.897810][ T611] RIP: 0033:0x4665d9 [ 321.901682][ T611] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 321.921380][ T611] RSP: 002b:00007fa426633188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 321.929774][ T611] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 321.937726][ T611] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 321.945676][ T611] RBP: 00007fa4266331d0 R08: 0000000000000000 R09: 0000000000000000 [ 321.953626][ T611] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 321.961578][ T611] R13: 00007fffc1f3ec1f R14: 00007fa426633300 R15: 0000000000022000 [ 321.969622][ T614] CPU: 1 PID: 614 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 321.976342][ T608] loop3: detected capacity change from 0 to 270 [ 321.979695][ T614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 321.995963][ T614] Call Trace: [ 321.999251][ T614] dump_stack+0x137/0x19d [ 322.003594][ T614] should_fail+0x23c/0x250 [ 322.008068][ T614] should_fail_usercopy+0x16/0x20 [ 322.008095][ T614] _copy_from_user+0x1c/0xd0 [ 322.008119][ T614] ____sys_sendmsg+0x1a3/0x4d0 [ 322.008139][ T614] ? sendmsg_copy_msghdr+0xc4/0xf0 [ 322.008158][ T614] __sys_sendmsg_sock+0x25/0x30 14:04:36 executing program 1 (fault-call:9 fault-nth:89): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 322.008176][ T614] io_issue_sqe+0x231a/0x6750 [ 322.008256][ T614] ? __list_del_entry_valid+0x54/0xc0 [ 322.008275][ T614] ? rmqueue_pcplist+0x152/0x190 [ 322.008295][ T614] ? rmqueue+0x43/0xd00 [ 322.008311][ T614] ? mntput_no_expire+0x64/0x730 [ 322.008405][ T614] ? get_page_from_freelist+0x53e/0x800 [ 322.008450][ T614] ? fget_many+0x178/0x1a0 [ 322.008472][ T614] __io_queue_sqe+0xe9/0x360 [ 322.008489][ T614] io_submit_sqe+0x1887/0x3360 [ 322.008508][ T614] ? kmem_cache_alloc_bulk+0x28c/0x340 14:04:36 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, 0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(0x0, r1, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x2, 0x0, 0x0, 0x0, 0x23456}, 0x8) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 322.008530][ T614] io_submit_sqes+0x5bd/0xbd0 [ 322.008549][ T614] __se_sys_io_uring_enter+0x1e1/0xa80 [ 322.008589][ T614] ? fput+0x2d/0x130 [ 322.008607][ T614] __x64_sys_io_uring_enter+0x74/0x80 [ 322.008635][ T614] do_syscall_64+0x4a/0x90 [ 322.008653][ T614] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 322.008678][ T614] RIP: 0033:0x4665d9 [ 322.008692][ T614] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 322.070790][ T608] FAT-fs (loop3): bogus number of directory entries (52483) [ 322.071515][ T614] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 322.071538][ T614] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 322.076298][ T608] FAT-fs (loop3): Can't find a valid FAT filesystem [ 322.081714][ T614] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 322.145790][ T629] FAULT_INJECTION: forcing a failure. [ 322.145790][ T629] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 322.150497][ T614] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 [ 322.150513][ T614] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 322.150526][ T614] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 [ 322.209891][ T629] CPU: 0 PID: 629 Comm: syz-executor.1 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 322.209943][ T629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 322.209972][ T629] Call Trace: 14:04:37 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x1000000000000, 0x0, 0x0) 14:04:37 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000203ce0004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) [ 322.209978][ T629] dump_stack+0x137/0x19d [ 322.237581][ T629] should_fail+0x23c/0x250 [ 322.237606][ T629] should_fail_usercopy+0x16/0x20 [ 322.237628][ T629] _copy_from_user+0x1c/0xd0 [ 322.237652][ T629] ____sys_sendmsg+0x1a3/0x4d0 [ 322.237713][ T629] ? sendmsg_copy_msghdr+0xc4/0xf0 14:04:37 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, 0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(0x0, r1, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x2, 0x0, 0x0, 0x0, 0x23456}, 0x8) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 322.237732][ T629] __sys_sendmsg_sock+0x25/0x30 [ 322.237750][ T629] io_issue_sqe+0x231a/0x6750 [ 322.237769][ T629] ? __list_del_entry_valid+0x54/0xc0 [ 322.237791][ T629] ? rmqueue_pcplist+0x152/0x190 [ 322.237811][ T629] ? rmqueue+0x43/0xd00 [ 322.237828][ T629] ? _find_next_bit+0x16a/0x190 [ 322.237912][ T629] ? kmem_cache_alloc+0x201/0x2f0 14:04:37 executing program 0 (fault-call:8 fault-nth:22): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:37 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r1, 0x0, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x2, 0x0, 0x0, 0x0, 0x23456}, 0x8) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 322.237935][ T629] ? xas_create+0x96b/0xb30 [ 322.237958][ T629] ? kcsan_setup_watchpoint+0x26e/0x470 [ 322.238019][ T629] __io_queue_sqe+0xe9/0x360 [ 322.238110][ T629] io_submit_sqe+0x1887/0x3360 [ 322.238142][ T629] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 322.238234][ T629] io_submit_sqes+0x5bd/0xbd0 [ 322.238251][ T629] __se_sys_io_uring_enter+0x1e1/0xa80 [ 322.238302][ T629] ? fput+0x2d/0x130 [ 322.238320][ T629] __x64_sys_io_uring_enter+0x74/0x80 [ 322.238344][ T629] do_syscall_64+0x4a/0x90 [ 322.238400][ T629] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 322.238420][ T629] RIP: 0033:0x4665d9 [ 322.238431][ T629] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 322.238446][ T629] RSP: 002b:00007fa426612188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 322.238461][ T629] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665d9 [ 322.238529][ T629] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 322.238541][ T629] RBP: 00007fa4266121d0 R08: 0000000000000000 R09: 0000000000000000 [ 322.238554][ T629] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 322.238566][ T629] R13: 00007fffc1f3ec1f R14: 00007fa426612300 R15: 0000000000022000 [ 322.326471][ T645] loop3: detected capacity change from 0 to 270 [ 322.431510][ T653] FAULT_INJECTION: forcing a failure. [ 322.431510][ T653] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 322.451851][ T645] FAT-fs (loop3): bogus number of directory entries (52739) [ 322.458262][ T653] CPU: 0 PID: 653 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 322.458283][ T653] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 322.458293][ T653] Call Trace: [ 322.458300][ T653] dump_stack+0x137/0x19d [ 322.464540][ T645] FAT-fs (loop3): Can't find a valid FAT filesystem [ 322.477516][ T653] should_fail+0x23c/0x250 [ 322.477541][ T653] should_fail_usercopy+0x16/0x20 [ 322.528602][ T653] _copy_from_user+0x1c/0xd0 [ 322.533274][ T653] __copy_msghdr_from_user+0x44/0x350 [ 322.533296][ T653] ? unix_seqpacket_sendmsg+0xc2/0x100 [ 322.533355][ T653] ? unix_dgram_peer_wake_me+0x310/0x310 [ 322.533371][ T653] ? ____sys_sendmsg+0x428/0x4d0 [ 322.533390][ T653] sendmsg_copy_msghdr+0x4f/0xf0 [ 322.533409][ T653] io_issue_sqe+0x250b/0x6750 [ 322.533446][ T653] ? __list_del_entry_valid+0x54/0xc0 [ 322.533555][ T653] ? rmqueue_pcplist+0x152/0x190 [ 322.533571][ T653] ? rmqueue+0x43/0xd00 [ 322.533589][ T653] ? mntput_no_expire+0x64/0x730 [ 322.533616][ T653] ? get_page_from_freelist+0x53e/0x800 [ 322.533634][ T653] ? fget_many+0x178/0x1a0 [ 322.533650][ T653] __io_queue_sqe+0xe9/0x360 [ 322.533714][ T653] io_submit_sqe+0x1887/0x3360 [ 322.533729][ T653] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 322.533797][ T653] io_submit_sqes+0x5bd/0xbd0 [ 322.533897][ T653] __se_sys_io_uring_enter+0x1e1/0xa80 [ 322.533921][ T653] ? fput+0x2d/0x130 [ 322.533934][ T653] __x64_sys_io_uring_enter+0x74/0x80 [ 322.533960][ T653] do_syscall_64+0x4a/0x90 [ 322.533996][ T653] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 322.534047][ T653] RIP: 0033:0x4665d9 [ 322.534063][ T653] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 322.534088][ T653] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa 14:04:37 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) ioctl$sock_inet_SIOCRTMSG(r6, 0x890d, &(0x7f0000000180)={0x0, {0x2, 0x4e20, @multicast2}, {0x2, 0x4e22, @loopback}, {0x2, 0x4e21, @multicast1}, 0x40, 0x0, 0x0, 0x0, 0xff, 0x0, 0x3ff, 0x7, 0x2}) 14:04:37 executing program 1 (fault-call:9 fault-nth:90): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:37 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r1, 0x0, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x2, 0x0, 0x0, 0x0, 0x23456}, 0x8) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:37 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000203cf0004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:37 executing program 0 (fault-call:8 fault-nth:23): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:37 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x2000000000000, 0x0, 0x0) [ 322.534107][ T653] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 322.534117][ T653] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 322.534127][ T653] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 [ 322.534163][ T653] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 322.534180][ T653] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 [ 322.785287][ T678] FAULT_INJECTION: forcing a failure. [ 322.785287][ T678] name failslab, interval 1, probability 0, space 0, times 0 [ 322.788304][ T680] FAULT_INJECTION: forcing a failure. [ 322.788304][ T680] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 322.797917][ T678] CPU: 0 PID: 678 Comm: syz-executor.1 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 322.820885][ T678] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 322.830928][ T678] Call Trace: [ 322.834189][ T678] dump_stack+0x137/0x19d [ 322.838507][ T678] should_fail+0x23c/0x250 [ 322.842907][ T678] __should_failslab+0x81/0x90 [ 322.847687][ T678] should_failslab+0x5/0x20 [ 322.852175][ T678] kmem_cache_alloc_node+0x58/0x2b0 [ 322.857436][ T678] ? __alloc_skb+0xed/0x420 [ 322.861940][ T678] __alloc_skb+0xed/0x420 [ 322.866254][ T678] alloc_skb_with_frags+0x90/0x390 [ 322.871367][ T678] ? kmem_cache_alloc_trace+0x215/0x310 [ 322.876924][ T678] ? __scm_send+0x3d5/0xa40 [ 322.881427][ T678] sock_alloc_send_pskb+0x436/0x4e0 [ 322.886609][ T678] unix_dgram_sendmsg+0x478/0x1610 [ 322.891702][ T678] ? sock_kmalloc+0x77/0xb0 [ 322.896262][ T678] ? __kmalloc+0x23d/0x340 [ 322.900665][ T678] unix_seqpacket_sendmsg+0xc2/0x100 [ 322.905948][ T678] ? unix_dgram_peer_wake_me+0x310/0x310 [ 322.911606][ T678] ____sys_sendmsg+0x360/0x4d0 [ 322.916351][ T678] ? sendmsg_copy_msghdr+0xc4/0xf0 [ 322.921442][ T678] __sys_sendmsg_sock+0x25/0x30 [ 322.926326][ T678] io_issue_sqe+0x231a/0x6750 [ 322.930984][ T678] ? avc_has_perm+0x59/0x150 [ 322.935591][ T678] ? avc_has_perm+0xc8/0x150 [ 322.940179][ T678] ? __fsnotify_parent+0x32f/0x430 [ 322.945396][ T678] ? mntput_no_expire+0x64/0x730 [ 322.950321][ T678] ? terminate_walk+0x261/0x270 [ 322.955153][ T678] ? path_openat+0x19ab/0x20b0 [ 322.959900][ T678] ? fget_many+0x178/0x1a0 [ 322.964309][ T678] __io_queue_sqe+0xe9/0x360 [ 322.968942][ T678] io_submit_sqe+0x1887/0x3360 [ 322.973687][ T678] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 322.979150][ T678] io_submit_sqes+0x5bd/0xbd0 [ 322.983808][ T678] __se_sys_io_uring_enter+0x1e1/0xa80 [ 322.989350][ T678] ? fput+0x2d/0x130 [ 322.993348][ T678] __x64_sys_io_uring_enter+0x74/0x80 [ 322.998756][ T678] do_syscall_64+0x4a/0x90 [ 323.005415][ T678] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 323.011293][ T678] RIP: 0033:0x4665d9 [ 323.015167][ T678] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 323.034896][ T678] RSP: 002b:00007fa426633188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 323.043448][ T678] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 323.051400][ T678] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 323.059352][ T678] RBP: 00007fa4266331d0 R08: 0000000000000000 R09: 0000000000000000 [ 323.067305][ T678] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 323.075379][ T678] R13: 00007fffc1f3ec1f R14: 00007fa426633300 R15: 0000000000022000 [ 323.083333][ T680] CPU: 1 PID: 680 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 323.093371][ T680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 323.104658][ T680] Call Trace: [ 323.107934][ T680] dump_stack+0x137/0x19d [ 323.112304][ T680] should_fail+0x23c/0x250 [ 323.116717][ T680] should_fail_usercopy+0x16/0x20 [ 323.121774][ T680] _copy_from_user+0x1c/0xd0 [ 323.121795][ T680] ____sys_sendmsg+0x1a3/0x4d0 14:04:37 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r1, 0x0, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x2, 0x0, 0x0, 0x0, 0x23456}, 0x8) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:37 executing program 1 (fault-call:9 fault-nth:91): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:37 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000), &(0x7f0000000080)=0x0) syz_io_uring_submit(0x0, r1, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x2, 0x0, 0x0, 0x0, 0x23456}, 0x8) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:38 executing program 0 (fault-call:8 fault-nth:24): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:38 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000226d00004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) [ 323.121810][ T680] ? sendmsg_copy_msghdr+0xc4/0xf0 [ 323.121843][ T680] __sys_sendmsg_sock+0x25/0x30 [ 323.121860][ T680] io_issue_sqe+0x231a/0x6750 [ 323.121952][ T680] ? __list_del_entry_valid+0x54/0xc0 [ 323.121973][ T680] ? rmqueue_pcplist+0x152/0x190 [ 323.121994][ T680] ? rmqueue+0x43/0xd00 14:04:38 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000), &(0x7f0000000080)=0x0) syz_io_uring_submit(0x0, r1, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x2, 0x0, 0x0, 0x0, 0x23456}, 0x8) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 323.122009][ T680] ? mntput_no_expire+0x64/0x730 [ 323.122035][ T680] ? get_page_from_freelist+0x53e/0x800 [ 323.122084][ T680] ? fget_many+0x178/0x1a0 [ 323.122139][ T680] __io_queue_sqe+0xe9/0x360 [ 323.122156][ T680] io_submit_sqe+0x1887/0x3360 [ 323.122177][ T680] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 323.122201][ T680] io_submit_sqes+0x5bd/0xbd0 [ 323.122220][ T680] __se_sys_io_uring_enter+0x1e1/0xa80 [ 323.122243][ T680] ? fput+0x2d/0x130 [ 323.122262][ T680] __x64_sys_io_uring_enter+0x74/0x80 [ 323.122325][ T680] do_syscall_64+0x4a/0x90 [ 323.122346][ T680] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 323.122441][ T680] RIP: 0033:0x4665d9 [ 323.122455][ T680] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 323.122475][ T680] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 323.122492][ T680] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 323.122503][ T680] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 323.122517][ T680] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 [ 323.122569][ T680] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 323.122582][ T680] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 [ 323.146180][ T684] loop3: detected capacity change from 0 to 270 [ 323.152982][ T684] FAT-fs (loop3): bogus number of directory entries (52995) [ 323.153000][ T684] FAT-fs (loop3): Can't find a valid FAT filesystem [ 323.232679][ T701] FAULT_INJECTION: forcing a failure. [ 323.232679][ T701] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 323.232738][ T701] CPU: 1 PID: 701 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 323.232754][ T701] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 323.232766][ T701] Call Trace: [ 323.232773][ T701] dump_stack+0x137/0x19d [ 323.232798][ T701] should_fail+0x23c/0x250 [ 323.232818][ T701] should_fail_usercopy+0x16/0x20 [ 323.232914][ T701] _copy_from_user+0x1c/0xd0 [ 323.232935][ T701] __copy_msghdr_from_user+0x44/0x350 [ 323.233016][ T701] ? unix_seqpacket_sendmsg+0xc2/0x100 [ 323.233030][ T701] ? unix_dgram_peer_wake_me+0x310/0x310 [ 323.233048][ T701] ? ____sys_sendmsg+0x428/0x4d0 [ 323.233066][ T701] sendmsg_copy_msghdr+0x4f/0xf0 [ 323.233085][ T701] io_issue_sqe+0x250b/0x6750 [ 323.233100][ T701] ? __list_del_entry_valid+0x54/0xc0 [ 323.233116][ T701] ? rmqueue_pcplist+0x152/0x190 [ 323.233132][ T701] ? rmqueue+0x43/0xd00 [ 323.233217][ T701] ? mntput_no_expire+0x64/0x730 [ 323.233236][ T701] ? get_page_from_freelist+0x53e/0x800 [ 323.233312][ T701] ? fget_many+0x178/0x1a0 [ 323.233400][ T701] __io_queue_sqe+0xe9/0x360 [ 323.233415][ T701] io_submit_sqe+0x1887/0x3360 [ 323.233430][ T701] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 323.233450][ T701] io_submit_sqes+0x5bd/0xbd0 [ 323.233471][ T701] __se_sys_io_uring_enter+0x1e1/0xa80 [ 323.233503][ T701] ? fput+0x2d/0x130 [ 323.233519][ T701] __x64_sys_io_uring_enter+0x74/0x80 [ 323.233537][ T701] do_syscall_64+0x4a/0x90 [ 323.233572][ T701] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 323.233633][ T701] RIP: 0033:0x4665d9 [ 323.233644][ T701] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 323.233657][ T701] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 323.233672][ T701] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 323.233681][ T701] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 323.233753][ T701] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 [ 323.233765][ T701] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 323.233775][ T701] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 [ 323.253735][ T702] loop3: detected capacity change from 0 to 270 [ 323.255871][ T702] FAT-fs (loop3): bogus number of directory entries (53286) [ 323.255906][ T702] FAT-fs (loop3): Can't find a valid FAT filesystem [ 323.267161][ T714] FAULT_INJECTION: forcing a failure. [ 323.267161][ T714] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 323.267247][ T714] CPU: 0 PID: 714 Comm: syz-executor.1 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 323.267264][ T714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 323.267275][ T714] Call Trace: [ 323.267282][ T714] dump_stack+0x137/0x19d [ 323.267306][ T714] should_fail+0x23c/0x250 [ 323.267401][ T714] should_fail_usercopy+0x16/0x20 [ 323.267416][ T714] _copy_from_user+0x1c/0xd0 [ 323.267432][ T714] __copy_msghdr_from_user+0x44/0x350 [ 323.267530][ T714] ? sock_kfree_s+0x24/0x40 [ 323.267546][ T714] ? ____sys_sendmsg+0x421/0x4d0 [ 323.267560][ T714] sendmsg_copy_msghdr+0x4f/0xf0 [ 323.267578][ T714] io_issue_sqe+0x250b/0x6750 [ 323.267602][ T714] ? __list_del_entry_valid+0x54/0xc0 [ 323.267683][ T714] ? rmqueue_pcplist+0x152/0x190 [ 323.267702][ T714] ? _find_next_bit+0x188/0x190 [ 323.267766][ T714] ? pcpu_block_refresh_hint+0x191/0x1a0 [ 323.267861][ T714] ? pcpu_block_update_hint_alloc+0x230/0x720 [ 323.267885][ T714] ? kmem_cache_alloc+0x201/0x2f0 [ 323.267903][ T714] ? xas_create+0x96b/0xb30 [ 323.267919][ T714] ? xas_create+0xae3/0xb30 [ 323.267989][ T714] ? fget_many+0x178/0x1a0 [ 323.268009][ T714] __io_queue_sqe+0xe9/0x360 [ 323.268022][ T714] io_submit_sqe+0x1887/0x3360 [ 323.268038][ T714] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 323.268054][ T714] io_submit_sqes+0x5bd/0xbd0 [ 323.268067][ T714] __se_sys_io_uring_enter+0x1e1/0xa80 [ 323.268111][ T714] ? fput+0x2d/0x130 [ 323.268127][ T714] __x64_sys_io_uring_enter+0x74/0x80 [ 323.268148][ T714] do_syscall_64+0x4a/0x90 [ 323.268163][ T714] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 323.268181][ T714] RIP: 0033:0x4665d9 [ 323.268194][ T714] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 323.268246][ T714] RSP: 002b:00007fa426612188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 323.268263][ T714] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665d9 [ 323.268276][ T714] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 14:04:38 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000340)=0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) getsockopt(r4, 0x1, 0x2c, &(0x7f0000000100)=""/155, &(0x7f00000001c0)=0x9b) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = mmap$IORING_OFF_SQES(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x200000e, 0x80010, r0, 0x10000000) r7 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x6) r8 = socket$inet(0x2, 0x1, 0x0) setsockopt$SO_ATTACH_FILTER(r8, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000000)=[{0x6}]}, 0x10) getsockopt$sock_buf(r8, 0x1, 0x1a, &(0x7f0000000100)=""/206, &(0x7f0000000200)=0xce) syz_io_uring_submit(r1, r6, &(0x7f0000000300)=@IORING_OP_EPOLL_CTL=@add={0x1d, 0x1, 0x0, r7, &(0x7f00000001c0)={0x80000008}, r8, 0x1, 0x0, 0x1}, 0x1) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r5, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) socket$nl_audit(0x10, 0x3, 0x9) r9 = socket$inet(0x2, 0x1, 0x0) socket$inet(0x2, 0x1, 0x0) syz_open_dev$vcsu(&(0x7f00000000c0), 0x9c, 0x480000) sendto$inet(r9, &(0x7f0000000240)="50bdd5ddb12ddb98b3a69afd133cbb865d2fd05748aaecc018505c2f037ce4ad17a2dc204c2fbe66ef25408f5969e324d3438c1d4d2ffcb43c0caac74868c27c2867d0f1889b9a0bc6e1b13dca1a48d527cf5dd6c3265f6965c70c0d48333ba6fdaed16aa50f78f2949289fef644d2daf2997104ac3a38563736e21bbe05e2620636c60dae2e85151865e5f79a66df02fb8ccb2721b098390a8fd83c", 0x9c, 0x4000, 0x0, 0x0) 14:04:38 executing program 0 (fault-call:8 fault-nth:25): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:38 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x4000000000000, 0x0, 0x0) 14:04:38 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000226d20004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:38 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000), &(0x7f0000000080)=0x0) syz_io_uring_submit(0x0, r1, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x2, 0x0, 0x0, 0x0, 0x23456}, 0x8) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 323.268289][ T714] RBP: 00007fa4266121d0 R08: 0000000000000000 R09: 0000000000000000 [ 323.268301][ T714] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 323.268314][ T714] R13: 00007fffc1f3ec1f R14: 00007fa426612300 R15: 0000000000022000 14:04:38 executing program 1 (fault-call:9 fault-nth:92): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:38 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x100000000000000, 0x0, 0x0) [ 323.992298][ T732] loop3: detected capacity change from 0 to 270 [ 324.001696][ T742] FAULT_INJECTION: forcing a failure. [ 324.001696][ T742] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 324.014842][ T742] CPU: 0 PID: 742 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 324.024811][ T742] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 324.034861][ T742] Call Trace: [ 324.038164][ T742] dump_stack+0x137/0x19d [ 324.042483][ T742] should_fail+0x23c/0x250 [ 324.046974][ T742] should_fail_usercopy+0x16/0x20 [ 324.051995][ T742] _copy_from_user+0x1c/0xd0 [ 324.056569][ T742] ____sys_sendmsg+0x1a3/0x4d0 [ 324.061333][ T742] ? sendmsg_copy_msghdr+0xc4/0xf0 [ 324.066440][ T742] __sys_sendmsg_sock+0x25/0x30 [ 324.071347][ T742] io_issue_sqe+0x231a/0x6750 [ 324.076009][ T742] ? __list_del_entry_valid+0x54/0xc0 [ 324.081360][ T742] ? rmqueue_pcplist+0x152/0x190 [ 324.086278][ T742] ? rmqueue+0x43/0xd00 [ 324.090492][ T742] ? mntput_no_expire+0x64/0x730 [ 324.095418][ T742] ? get_page_from_freelist+0x53e/0x800 [ 324.100955][ T742] ? fget_many+0x178/0x1a0 [ 324.105359][ T742] __io_queue_sqe+0xe9/0x360 [ 324.110111][ T742] io_submit_sqe+0x1887/0x3360 [ 324.114873][ T742] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 324.120314][ T742] io_submit_sqes+0x5bd/0xbd0 [ 324.125032][ T742] __se_sys_io_uring_enter+0x1e1/0xa80 [ 324.130531][ T742] ? fput+0x2d/0x130 [ 324.134403][ T742] __x64_sys_io_uring_enter+0x74/0x80 [ 324.139806][ T742] do_syscall_64+0x4a/0x90 [ 324.144247][ T742] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 324.150175][ T742] RIP: 0033:0x4665d9 [ 324.154048][ T742] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 324.173635][ T742] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 324.182642][ T742] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 14:04:39 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x1000) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 324.190798][ T742] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 324.198887][ T742] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 [ 324.207041][ T742] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 324.214996][ T742] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 [ 324.231664][ T744] FAULT_INJECTION: forcing a failure. [ 324.231664][ T744] name failslab, interval 1, probability 0, space 0, times 0 [ 324.244354][ T744] CPU: 1 PID: 744 Comm: syz-executor.1 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 324.254335][ T744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 324.264384][ T744] Call Trace: [ 324.267651][ T744] dump_stack+0x137/0x19d [ 324.272044][ T744] should_fail+0x23c/0x250 [ 324.276444][ T744] ? scm_fp_dup+0x3a/0x150 [ 324.280893][ T744] __should_failslab+0x81/0x90 [ 324.285649][ T744] should_failslab+0x5/0x20 [ 324.290146][ T744] __kmalloc_track_caller+0x64/0x340 [ 324.295426][ T744] ? skb_set_owner_w+0x17e/0x220 [ 324.300434][ T744] kmemdup+0x21/0x50 [ 324.304365][ T744] scm_fp_dup+0x3a/0x150 [ 324.308594][ T744] unix_attach_fds+0xa5/0x1e0 [ 324.313255][ T744] unix_dgram_sendmsg+0x5cb/0x1610 [ 324.318349][ T744] ? sock_kmalloc+0x77/0xb0 [ 324.322891][ T744] unix_seqpacket_sendmsg+0xc2/0x100 [ 324.328162][ T744] ? unix_dgram_peer_wake_me+0x310/0x310 [ 324.333856][ T744] ____sys_sendmsg+0x360/0x4d0 [ 324.338602][ T744] ? sendmsg_copy_msghdr+0xc4/0xf0 [ 324.343694][ T744] __sys_sendmsg_sock+0x25/0x30 [ 324.348524][ T744] io_issue_sqe+0x231a/0x6750 [ 324.353187][ T744] ? avc_has_perm+0x59/0x150 [ 324.357817][ T744] ? avc_has_perm+0xc8/0x150 [ 324.362401][ T744] ? __fsnotify_parent+0x32f/0x430 [ 324.367504][ T744] ? mntput_no_expire+0x64/0x730 [ 324.372424][ T744] ? terminate_walk+0x261/0x270 [ 324.377290][ T744] ? path_openat+0x19ab/0x20b0 [ 324.382068][ T744] ? fget_many+0x178/0x1a0 [ 324.386546][ T744] __io_queue_sqe+0xe9/0x360 [ 324.391123][ T744] io_submit_sqe+0x1887/0x3360 [ 324.396035][ T744] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 324.401578][ T744] io_submit_sqes+0x5bd/0xbd0 [ 324.406242][ T744] __se_sys_io_uring_enter+0x1e1/0xa80 [ 324.411690][ T744] ? fput+0x2d/0x130 [ 324.415574][ T744] __x64_sys_io_uring_enter+0x74/0x80 [ 324.420932][ T744] do_syscall_64+0x4a/0x90 [ 324.425411][ T744] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 324.431292][ T744] RIP: 0033:0x4665d9 [ 324.435173][ T744] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 324.454953][ T744] RSP: 002b:00007fa426633188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 324.463346][ T744] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 324.471296][ T744] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 324.479248][ T744] RBP: 00007fa4266331d0 R08: 0000000000000000 R09: 0000000000000000 14:04:39 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)) syz_io_uring_submit(r1, 0x0, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x2, 0x0, 0x0, 0x0, 0x23456}, 0x8) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:39 executing program 0 (fault-call:8 fault-nth:26): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 324.487202][ T744] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 324.495155][ T744] R13: 00007fffc1f3ec1f R14: 00007fa426633300 R15: 0000000000022000 [ 324.515207][ T732] FAT-fs (loop3): bogus number of directory entries (53798) [ 324.522603][ T732] FAT-fs (loop3): Can't find a valid FAT filesystem 14:04:39 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)) syz_io_uring_submit(r1, 0x0, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x2, 0x0, 0x0, 0x0, 0x23456}, 0x8) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 324.569257][ T757] FAULT_INJECTION: forcing a failure. [ 324.569257][ T757] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 324.582354][ T757] CPU: 0 PID: 757 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 324.582375][ T757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 324.582403][ T757] Call Trace: [ 324.582409][ T757] dump_stack+0x137/0x19d [ 324.582428][ T757] should_fail+0x23c/0x250 [ 324.582445][ T757] should_fail_usercopy+0x16/0x20 14:04:39 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)) syz_io_uring_submit(r1, 0x0, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x2, 0x0, 0x0, 0x0, 0x23456}, 0x8) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 324.582460][ T757] _copy_from_user+0x1c/0xd0 [ 324.624110][ T757] __copy_msghdr_from_user+0x44/0x350 [ 324.629486][ T757] ? unix_seqpacket_sendmsg+0xc2/0x100 [ 324.634943][ T757] ? unix_dgram_peer_wake_me+0x310/0x310 [ 324.640621][ T757] ? ____sys_sendmsg+0x428/0x4d0 [ 324.645555][ T757] sendmsg_copy_msghdr+0x4f/0xf0 [ 324.650486][ T757] io_issue_sqe+0x250b/0x6750 [ 324.655191][ T757] ? __list_del_entry_valid+0x54/0xc0 [ 324.660555][ T757] ? rmqueue_pcplist+0x152/0x190 [ 324.665582][ T757] ? rmqueue+0x43/0xd00 14:04:39 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x200000000000000, 0x0, 0x0) 14:04:39 executing program 1 (fault-call:9 fault-nth:93): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:39 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, 0x0, 0x8) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 324.669737][ T757] ? mntput_no_expire+0x64/0x730 [ 324.674725][ T757] ? get_page_from_freelist+0x53e/0x800 [ 324.680264][ T757] ? fget_many+0x178/0x1a0 [ 324.684694][ T757] __io_queue_sqe+0xe9/0x360 [ 324.689291][ T757] io_submit_sqe+0x1887/0x3360 [ 324.694058][ T757] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 324.699523][ T757] io_submit_sqes+0x5bd/0xbd0 [ 324.704197][ T757] __se_sys_io_uring_enter+0x1e1/0xa80 [ 324.709676][ T757] ? fput+0x2d/0x130 [ 324.713574][ T757] __x64_sys_io_uring_enter+0x74/0x80 [ 324.714009][ T768] FAULT_INJECTION: forcing a failure. [ 324.714009][ T768] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 324.719054][ T757] do_syscall_64+0x4a/0x90 [ 324.719079][ T757] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 324.742310][ T757] RIP: 0033:0x4665d9 [ 324.746186][ T757] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 324.765773][ T757] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 324.774165][ T757] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 324.782156][ T757] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 324.790106][ T757] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 [ 324.798061][ T757] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 324.806010][ T757] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 [ 324.813966][ T768] CPU: 1 PID: 768 Comm: syz-executor.1 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 324.824035][ T768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 324.834078][ T768] Call Trace: [ 324.837356][ T768] dump_stack+0x137/0x19d [ 324.841728][ T768] should_fail+0x23c/0x250 [ 324.846145][ T768] should_fail_usercopy+0x16/0x20 [ 324.851174][ T768] _copy_from_user+0x1c/0xd0 [ 324.855769][ T768] __copy_msghdr_from_user+0x44/0x350 [ 324.855794][ T768] ? sock_kfree_s+0x24/0x40 [ 324.865640][ T768] ? ____sys_sendmsg+0x421/0x4d0 [ 324.870626][ T768] sendmsg_copy_msghdr+0x4f/0xf0 [ 324.875556][ T768] io_issue_sqe+0x250b/0x6750 [ 324.880292][ T768] ? avc_has_perm+0x59/0x150 [ 324.885042][ T768] ? avc_has_perm+0xc8/0x150 [ 324.889744][ T768] ? __fsnotify_parent+0x32f/0x430 [ 324.894865][ T768] ? mntput_no_expire+0x64/0x730 [ 324.899866][ T768] ? terminate_walk+0x261/0x270 [ 324.904773][ T768] ? path_openat+0x19ab/0x20b0 [ 324.909534][ T768] ? fget_many+0x178/0x1a0 [ 324.913961][ T768] ? kcsan_setup_watchpoint+0x26e/0x470 [ 324.919577][ T768] __io_queue_sqe+0xe9/0x360 [ 324.924152][ T768] io_submit_sqe+0x1887/0x3360 [ 324.929024][ T768] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 324.934488][ T768] io_submit_sqes+0x5bd/0xbd0 [ 324.939173][ T768] __se_sys_io_uring_enter+0x1e1/0xa80 [ 324.944743][ T768] ? fput+0x2d/0x130 [ 324.948637][ T768] __x64_sys_io_uring_enter+0x74/0x80 [ 324.954014][ T768] do_syscall_64+0x4a/0x90 [ 324.958423][ T768] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 324.964534][ T768] RIP: 0033:0x4665d9 [ 324.968403][ T768] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 324.988135][ T768] RSP: 002b:00007fa426633188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 324.996570][ T768] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 325.004560][ T768] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 325.012509][ T768] RBP: 00007fa4266331d0 R08: 0000000000000000 R09: 0000000000000000 14:04:39 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000201f30004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:39 executing program 0 (fault-call:8 fault-nth:27): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:39 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x5, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:39 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x204000000000000, 0x0, 0x0) 14:04:39 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, 0x0, 0x8) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 325.020457][ T768] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 325.028543][ T768] R13: 00007fffc1f3ec1f R14: 00007fa426633300 R15: 0000000000022000 14:04:39 executing program 1 (fault-call:9 fault-nth:94): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:39 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, 0x0, 0x8) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 325.093668][ T790] loop3: detected capacity change from 0 to 270 [ 325.100159][ T793] FAULT_INJECTION: forcing a failure. [ 325.100159][ T793] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 325.113237][ T793] CPU: 0 PID: 793 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 325.123277][ T793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 325.133327][ T793] Call Trace: [ 325.134677][ T790] FAT-fs (loop3): bogus number of directory entries (62209) [ 325.136637][ T793] dump_stack+0x137/0x19d [ 325.143931][ T790] FAT-fs (loop3): Can't find a valid FAT filesystem [ 325.148222][ T793] should_fail+0x23c/0x250 [ 325.159189][ T793] should_fail_usercopy+0x16/0x20 [ 325.164234][ T793] _copy_from_user+0x1c/0xd0 [ 325.164259][ T793] ____sys_sendmsg+0x1a3/0x4d0 14:04:40 executing program 0 (fault-call:8 fault-nth:28): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:40 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x23456}, 0x8) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:40 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e6661740002800100020fff0004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) [ 325.164274][ T793] ? sendmsg_copy_msghdr+0xc4/0xf0 [ 325.164288][ T793] __sys_sendmsg_sock+0x25/0x30 [ 325.164305][ T793] io_issue_sqe+0x231a/0x6750 [ 325.164325][ T793] ? __list_del_entry_valid+0x54/0xc0 [ 325.164351][ T793] ? rmqueue_pcplist+0x152/0x190 [ 325.164367][ T793] ? rmqueue+0x43/0xd00 [ 325.164434][ T793] ? mntput_no_expire+0x64/0x730 [ 325.164458][ T793] ? get_page_from_freelist+0x53e/0x800 [ 325.164478][ T793] ? fget_many+0x178/0x1a0 [ 325.164494][ T793] __io_queue_sqe+0xe9/0x360 [ 325.164510][ T793] io_submit_sqe+0x1887/0x3360 [ 325.164526][ T793] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 325.164547][ T793] io_submit_sqes+0x5bd/0xbd0 [ 325.164627][ T793] __se_sys_io_uring_enter+0x1e1/0xa80 14:04:40 executing program 0 (fault-call:8 fault-nth:29): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:40 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x8) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 325.164646][ T793] ? fput+0x2d/0x130 [ 325.164658][ T793] __x64_sys_io_uring_enter+0x74/0x80 [ 325.164679][ T793] do_syscall_64+0x4a/0x90 [ 325.164825][ T793] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 325.164850][ T793] RIP: 0033:0x4665d9 [ 325.164863][ T793] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 325.164877][ T793] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 325.164891][ T793] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 325.164901][ T793] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 325.164911][ T793] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 [ 325.164919][ T793] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 325.164928][ T793] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 [ 325.245051][ T814] FAULT_INJECTION: forcing a failure. [ 325.245051][ T814] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 325.245083][ T814] CPU: 0 PID: 814 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 325.245113][ T814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 325.245121][ T814] Call Trace: [ 325.245127][ T814] dump_stack+0x137/0x19d [ 325.245149][ T814] should_fail+0x23c/0x250 [ 325.245169][ T814] should_fail_usercopy+0x16/0x20 [ 325.245259][ T814] _copy_from_user+0x1c/0xd0 [ 325.245278][ T814] __copy_msghdr_from_user+0x44/0x350 [ 325.245295][ T814] ? unix_seqpacket_sendmsg+0xc2/0x100 [ 325.245309][ T814] ? unix_dgram_peer_wake_me+0x310/0x310 [ 325.245326][ T814] ? ____sys_sendmsg+0x428/0x4d0 [ 325.245344][ T814] sendmsg_copy_msghdr+0x4f/0xf0 [ 325.245362][ T814] io_issue_sqe+0x250b/0x6750 [ 325.245447][ T814] ? __list_del_entry_valid+0x54/0xc0 [ 325.245482][ T814] ? rmqueue_pcplist+0x152/0x190 [ 325.245497][ T814] ? rmqueue+0x43/0xd00 [ 325.245514][ T814] ? mntput_no_expire+0x64/0x730 [ 325.245543][ T814] ? get_page_from_freelist+0x53e/0x800 [ 325.245575][ T814] ? fget_many+0x178/0x1a0 [ 325.245591][ T814] __io_queue_sqe+0xe9/0x360 [ 325.245604][ T814] io_submit_sqe+0x1887/0x3360 [ 325.245680][ T814] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 325.245701][ T814] io_submit_sqes+0x5bd/0xbd0 [ 325.245720][ T814] __se_sys_io_uring_enter+0x1e1/0xa80 [ 325.245756][ T814] ? fput+0x2d/0x130 [ 325.245774][ T814] __x64_sys_io_uring_enter+0x74/0x80 [ 325.245799][ T814] do_syscall_64+0x4a/0x90 [ 325.245820][ T814] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 325.245839][ T814] RIP: 0033:0x4665d9 [ 325.245850][ T814] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 325.245909][ T814] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 325.245927][ T814] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 325.245937][ T814] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 325.245946][ T814] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 [ 325.245955][ T814] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 325.245965][ T814] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 [ 325.263517][ T817] FAULT_INJECTION: forcing a failure. [ 325.263517][ T817] name failslab, interval 1, probability 0, space 0, times 0 [ 325.291247][ T815] loop3: detected capacity change from 0 to 270 [ 325.292818][ T817] CPU: 0 PID: 817 Comm: syz-executor.1 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 325.304047][ T815] FAT-fs (loop3): bogus number of directory entries (65295) [ 325.308449][ T817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 325.308461][ T817] Call Trace: [ 325.308468][ T817] dump_stack+0x137/0x19d [ 325.312338][ T815] FAT-fs (loop3): Can't find a valid FAT filesystem [ 325.317712][ T817] should_fail+0x23c/0x250 [ 325.317734][ T817] __should_failslab+0x81/0x90 [ 325.344930][ T825] FAULT_INJECTION: forcing a failure. [ 325.344930][ T825] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 325.351473][ T817] ? __scm_send+0x3d5/0xa40 [ 325.717965][ T817] should_failslab+0x5/0x20 [ 325.718054][ T817] kmem_cache_alloc_trace+0x49/0x310 [ 325.718073][ T817] __scm_send+0x3d5/0xa40 [ 325.718150][ T817] ? __perf_event_task_sched_in+0x471/0x4c0 [ 325.718212][ T817] ? selinux_socket_getpeersec_dgram+0x1de/0x250 [ 325.718230][ T817] unix_dgram_sendmsg+0xc0/0x1610 [ 325.718246][ T817] ? finish_task_switch+0xce/0x290 [ 325.718265][ T817] ? sock_kmalloc+0x77/0xb0 14:04:40 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 325.718289][ T817] ? selinux_socket_sendmsg+0x7e/0x140 [ 325.718304][ T817] ? __kmalloc+0x23d/0x340 [ 325.718389][ T817] unix_seqpacket_sendmsg+0xc2/0x100 [ 325.718403][ T817] ? unix_dgram_peer_wake_me+0x310/0x310 [ 325.718417][ T817] ____sys_sendmsg+0x360/0x4d0 [ 325.718430][ T817] ? sendmsg_copy_msghdr+0xc4/0xf0 [ 325.718444][ T817] __sys_sendmsg_sock+0x25/0x30 [ 325.718457][ T817] io_issue_sqe+0x231a/0x6750 [ 325.718492][ T817] ? __list_del_entry_valid+0x54/0xc0 [ 325.718508][ T817] ? rmqueue_pcplist+0x152/0x190 [ 325.718523][ T817] ? rmqueue+0x43/0xd00 [ 325.718536][ T817] ? _find_next_bit+0x16a/0x190 [ 325.718551][ T817] ? kmem_cache_alloc+0x201/0x2f0 [ 325.718567][ T817] ? xas_create+0x96b/0xb30 [ 325.718603][ T817] ? xas_create+0xae3/0xb30 [ 325.718619][ T817] ? fget_many+0x178/0x1a0 [ 325.718635][ T817] __io_queue_sqe+0xe9/0x360 [ 325.718648][ T817] io_submit_sqe+0x1887/0x3360 [ 325.718726][ T817] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 325.718748][ T817] io_submit_sqes+0x5bd/0xbd0 [ 325.718763][ T817] __se_sys_io_uring_enter+0x1e1/0xa80 [ 325.718782][ T817] ? fput+0x2d/0x130 [ 325.718810][ T817] __x64_sys_io_uring_enter+0x74/0x80 [ 325.718829][ T817] do_syscall_64+0x4a/0x90 [ 325.718846][ T817] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 325.718866][ T817] RIP: 0033:0x4665d9 [ 325.718878][ T817] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 325.718952][ T817] RSP: 002b:00007fa426612188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 325.718967][ T817] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665d9 [ 325.718977][ T817] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 325.718986][ T817] RBP: 00007fa4266121d0 R08: 0000000000000000 R09: 0000000000000000 [ 325.718995][ T817] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 325.719005][ T817] R13: 00007fffc1f3ec1f R14: 00007fa426612300 R15: 0000000000022000 [ 325.719060][ T825] CPU: 1 PID: 825 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 325.719081][ T825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 325.719119][ T825] Call Trace: [ 325.719125][ T825] dump_stack+0x137/0x19d [ 325.719144][ T825] should_fail+0x23c/0x250 [ 325.719189][ T825] should_fail_usercopy+0x16/0x20 [ 325.719207][ T825] _copy_from_user+0x1c/0xd0 [ 325.719244][ T825] ____sys_sendmsg+0x1a3/0x4d0 [ 325.719260][ T825] ? sendmsg_copy_msghdr+0xc4/0xf0 [ 325.719301][ T825] __sys_sendmsg_sock+0x25/0x30 14:04:40 executing program 1 (fault-call:9 fault-nth:95): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 325.719317][ T825] io_issue_sqe+0x231a/0x6750 [ 325.719333][ T825] ? __list_del_entry_valid+0x54/0xc0 [ 325.719349][ T825] ? rmqueue_pcplist+0x152/0x190 [ 325.719365][ T825] ? rmqueue+0x43/0xd00 [ 325.719380][ T825] ? mntput_no_expire+0x64/0x730 [ 325.719427][ T825] ? get_page_from_freelist+0x53e/0x800 [ 325.719448][ T825] ? fget_many+0x178/0x1a0 [ 326.044029][ T825] __io_queue_sqe+0xe9/0x360 [ 326.044053][ T825] io_submit_sqe+0x1887/0x3360 [ 326.044072][ T825] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 326.044096][ T825] io_submit_sqes+0x5bd/0xbd0 [ 326.044111][ T825] __se_sys_io_uring_enter+0x1e1/0xa80 [ 326.044133][ T825] ? fput+0x2d/0x130 [ 326.044147][ T825] __x64_sys_io_uring_enter+0x74/0x80 [ 326.044204][ T825] do_syscall_64+0x4a/0x90 [ 326.044287][ T825] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 326.044353][ T825] RIP: 0033:0x4665d9 [ 326.044367][ T825] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 14:04:40 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x604000000000000, 0x0, 0x0) 14:04:40 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0xffffffff}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r4, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}, 0x0, 0x0, 0x1}, 0x0) r5 = socket$nl_audit(0x10, 0x3, 0x9) r6 = socket$inet(0x2, 0x1, 0x0) r7 = socket$inet(0x2, 0x1, 0x0) syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) fcntl$setstatus(r7, 0x4, 0x46c00) poll(&(0x7f00000001c0)=[{r3, 0x1000}, {r6, 0x4080}, {r6, 0x221}, {}], 0x4, 0x65) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="24000000000000000100000001000000cab811f1ddd2f62e86ec1165a009a21ec90836415739181dfdfed15feb90c992422cb456d0d05bed95e67f270689d1217fa3e4850122d32498af5e58293b7188ea197cc5ed8ec988b47704a1b7ea580d52164adadf7d5e460f3b239baa677739562a7c814d40b34b934e639bb94f532eff322cb2a6d3ac15cd50362413da14c51bc3057c34d0b4b2945572c56b2591c664efe701e9b731a4ce2aae67e65ef38014c496d4ae76e161a44860d596922d076f61cd50b6a58fc93c86404dd0a6162accb863c0be462a04dda6a5b5bf01720f183db211c7df53b0df5beddcec13e001e8bde48bf7ad1b9ec0602b9540f713c45e153b02393b9ee25ce8a5fbc5e7cf932ed9899c8abde069d2500574a522fa876bff865af0a99efa6838577995d616371d025303789ff7acc1f5cfeee066eea7c2c945f5", @ANYRES32=r5, @ANYRES32=r6, @ANYRES32=r4, @ANYRES32=r7, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00'], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:40 executing program 0 (fault-call:8 fault-nth:30): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 326.044461][ T825] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 326.044476][ T825] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 326.044486][ T825] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 326.044497][ T825] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 [ 326.044511][ T825] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 326.044523][ T825] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 14:04:41 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000200000006f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) [ 326.203668][ T832] FAULT_INJECTION: forcing a failure. [ 326.203668][ T832] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 326.216739][ T832] CPU: 0 PID: 832 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 326.226759][ T832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 326.236828][ T832] Call Trace: 14:04:41 executing program 0 (fault-call:8 fault-nth:31): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 326.236838][ T832] dump_stack+0x137/0x19d [ 326.236865][ T832] should_fail+0x23c/0x250 [ 326.236886][ T832] should_fail_usercopy+0x16/0x20 [ 326.236904][ T832] _copy_from_user+0x1c/0xd0 [ 326.236998][ T832] __copy_msghdr_from_user+0x44/0x350 [ 326.237016][ T832] ? unix_seqpacket_sendmsg+0xc2/0x100 [ 326.237032][ T832] ? unix_dgram_peer_wake_me+0x310/0x310 [ 326.237091][ T832] ? ____sys_sendmsg+0x428/0x4d0 [ 326.237109][ T832] sendmsg_copy_msghdr+0x4f/0xf0 [ 326.237127][ T832] io_issue_sqe+0x250b/0x6750 [ 326.237145][ T832] ? __list_del_entry_valid+0x54/0xc0 [ 326.237202][ T832] ? rmqueue_pcplist+0x152/0x190 [ 326.237216][ T832] ? rmqueue+0x43/0xd00 [ 326.237233][ T832] ? mntput_no_expire+0x64/0x730 [ 326.237373][ T832] ? get_page_from_freelist+0x53e/0x800 [ 326.237387][ T832] ? fget_many+0x178/0x1a0 [ 326.237407][ T832] __io_queue_sqe+0xe9/0x360 [ 326.237424][ T832] io_submit_sqe+0x1887/0x3360 [ 326.237443][ T832] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 326.237463][ T832] io_submit_sqes+0x5bd/0xbd0 [ 326.237499][ T832] __se_sys_io_uring_enter+0x1e1/0xa80 [ 326.237518][ T832] ? fput+0x2d/0x130 [ 326.237578][ T832] __x64_sys_io_uring_enter+0x74/0x80 [ 326.237673][ T832] do_syscall_64+0x4a/0x90 [ 326.237694][ T832] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 326.237718][ T832] RIP: 0033:0x4665d9 [ 326.237748][ T832] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 326.237763][ T832] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 326.237788][ T832] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 326.237799][ T832] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 326.237853][ T832] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 [ 326.237865][ T832] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 326.237878][ T832] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 [ 326.287484][ T851] FAULT_INJECTION: forcing a failure. [ 326.287484][ T851] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 326.287519][ T851] CPU: 0 PID: 851 Comm: syz-executor.1 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 326.287535][ T851] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 326.287543][ T851] Call Trace: [ 326.287550][ T851] dump_stack+0x137/0x19d [ 326.287576][ T851] should_fail+0x23c/0x250 [ 326.287596][ T851] should_fail_usercopy+0x16/0x20 [ 326.287616][ T851] _copy_from_user+0x1c/0xd0 [ 326.287633][ T851] __copy_msghdr_from_user+0x44/0x350 [ 326.287677][ T851] ? sock_kfree_s+0x24/0x40 [ 326.287697][ T851] ? ____sys_sendmsg+0x421/0x4d0 [ 326.287712][ T851] sendmsg_copy_msghdr+0x4f/0xf0 [ 326.287725][ T851] io_issue_sqe+0x250b/0x6750 [ 326.287739][ T851] ? __list_del_entry_valid+0x54/0xc0 [ 326.287758][ T851] ? rmqueue_pcplist+0x152/0x190 [ 326.287835][ T851] ? rmqueue+0x43/0xd00 [ 326.287851][ T851] ? _find_next_bit+0x16a/0x190 [ 326.287872][ T851] ? kmem_cache_alloc+0x201/0x2f0 [ 326.287966][ T851] ? xas_create+0x96b/0xb30 [ 326.288046][ T851] ? xas_create+0xae3/0xb30 [ 326.288064][ T851] ? fget_many+0x178/0x1a0 [ 326.288080][ T851] __io_queue_sqe+0xe9/0x360 [ 326.288115][ T851] io_submit_sqe+0x1887/0x3360 [ 326.288130][ T851] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 326.288182][ T851] io_submit_sqes+0x5bd/0xbd0 [ 326.288207][ T851] __se_sys_io_uring_enter+0x1e1/0xa80 [ 326.288231][ T851] ? fput+0x2d/0x130 [ 326.303777][ T854] loop3: detected capacity change from 0 to 270 [ 326.307646][ T851] __x64_sys_io_uring_enter+0x74/0x80 14:04:41 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000200000007f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:41 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 326.367941][ T858] FAULT_INJECTION: forcing a failure. [ 326.367941][ T858] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 326.372302][ T851] do_syscall_64+0x4a/0x90 [ 326.653036][ T851] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 326.653064][ T851] RIP: 0033:0x4665d9 [ 326.653076][ T851] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 14:04:41 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:41 executing program 1 (fault-call:9 fault-nth:96): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 326.653098][ T851] RSP: 002b:00007fa426612188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 326.653119][ T851] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665d9 [ 326.653129][ T851] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 326.653138][ T851] RBP: 00007fa4266121d0 R08: 0000000000000000 R09: 0000000000000000 [ 326.653147][ T851] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 326.653156][ T851] R13: 00007fffc1f3ec1f R14: 00007fa426612300 R15: 0000000000022000 14:04:41 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 326.653169][ T858] CPU: 1 PID: 858 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 326.653189][ T858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 326.653200][ T858] Call Trace: [ 326.653205][ T858] dump_stack+0x137/0x19d [ 326.653226][ T858] should_fail+0x23c/0x250 [ 326.653243][ T858] should_fail_usercopy+0x16/0x20 [ 326.653259][ T858] _copy_from_user+0x1c/0xd0 [ 326.653306][ T858] ____sys_sendmsg+0x1a3/0x4d0 [ 326.653323][ T858] ? sendmsg_copy_msghdr+0xc4/0xf0 [ 326.653338][ T858] __sys_sendmsg_sock+0x25/0x30 [ 326.653352][ T858] io_issue_sqe+0x231a/0x6750 [ 326.653371][ T858] ? __list_del_entry_valid+0x54/0xc0 [ 326.653440][ T858] ? rmqueue_pcplist+0x152/0x190 [ 326.653466][ T858] ? rmqueue+0x43/0xd00 [ 326.653480][ T858] ? mntput_no_expire+0x64/0x730 [ 326.811328][ T858] ? get_page_from_freelist+0x53e/0x800 [ 326.811354][ T858] ? fget_many+0x178/0x1a0 [ 326.811378][ T858] __io_queue_sqe+0xe9/0x360 [ 326.811397][ T858] io_submit_sqe+0x1887/0x3360 [ 326.811417][ T858] ? kmem_cache_alloc_bulk+0x28c/0x340 14:04:41 executing program 0 (fault-call:8 fault-nth:32): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:41 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x700000000000000, 0x0, 0x0) 14:04:41 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 326.811447][ T858] io_submit_sqes+0x5bd/0xbd0 [ 326.811468][ T858] __se_sys_io_uring_enter+0x1e1/0xa80 [ 326.811573][ T858] ? fput+0x2d/0x130 [ 326.811591][ T858] __x64_sys_io_uring_enter+0x74/0x80 [ 326.811611][ T858] do_syscall_64+0x4a/0x90 [ 326.811629][ T858] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 326.811688][ T858] RIP: 0033:0x4665d9 [ 326.811702][ T858] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 326.811722][ T858] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 326.811743][ T858] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 326.811757][ T858] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 326.811767][ T858] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 [ 326.811777][ T858] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 326.811786][ T858] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 [ 326.828931][ T876] FAULT_INJECTION: forcing a failure. [ 326.828931][ T876] name failslab, interval 1, probability 0, space 0, times 0 [ 326.941707][ T886] FAULT_INJECTION: forcing a failure. [ 326.941707][ T886] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 326.951202][ T876] CPU: 0 PID: 876 Comm: syz-executor.1 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 326.951224][ T876] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 326.984282][ T876] Call Trace: [ 326.984290][ T876] dump_stack+0x137/0x19d [ 326.984310][ T876] should_fail+0x23c/0x250 [ 326.984325][ T876] ? sock_kmalloc+0x77/0xb0 [ 326.984418][ T876] __should_failslab+0x81/0x90 [ 326.984437][ T876] should_failslab+0x5/0x20 [ 326.984530][ T876] __kmalloc+0x66/0x340 [ 326.984545][ T876] sock_kmalloc+0x77/0xb0 [ 326.984616][ T876] ____sys_sendmsg+0x107/0x4d0 [ 326.984635][ T876] ? sendmsg_copy_msghdr+0xc4/0xf0 [ 326.984648][ T876] __sys_sendmsg_sock+0x25/0x30 [ 326.984661][ T876] io_issue_sqe+0x231a/0x6750 [ 326.984675][ T876] ? __list_del_entry_valid+0x54/0xc0 [ 326.984691][ T876] ? rmqueue_pcplist+0x152/0x190 [ 326.984712][ T876] ? _find_next_bit+0x188/0x190 [ 326.984727][ T876] ? pcpu_block_refresh_hint+0x191/0x1a0 [ 326.984744][ T876] ? pcpu_block_update_hint_alloc+0x230/0x720 [ 326.984815][ T876] ? kmem_cache_alloc+0x201/0x2f0 [ 326.984833][ T876] ? xas_create+0x96b/0xb30 [ 326.984850][ T876] ? kcsan_setup_watchpoint+0x26e/0x470 [ 326.984869][ T876] __io_queue_sqe+0xe9/0x360 [ 326.984882][ T876] io_submit_sqe+0x1887/0x3360 [ 326.984897][ T876] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 326.984913][ T876] io_submit_sqes+0x5bd/0xbd0 [ 326.984976][ T876] __se_sys_io_uring_enter+0x1e1/0xa80 [ 326.984996][ T876] ? fput+0x2d/0x130 [ 326.985009][ T876] __x64_sys_io_uring_enter+0x74/0x80 [ 326.985028][ T876] do_syscall_64+0x4a/0x90 [ 326.985124][ T876] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 326.985143][ T876] RIP: 0033:0x4665d9 [ 326.985155][ T876] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 326.985168][ T876] RSP: 002b:00007fa426612188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 326.985184][ T876] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665d9 [ 326.985194][ T876] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 326.985203][ T876] RBP: 00007fa4266121d0 R08: 0000000000000000 R09: 0000000000000000 [ 326.985212][ T876] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 326.985222][ T876] R13: 00007fffc1f3ec1f R14: 00007fa426612300 R15: 0000000000022000 [ 326.985247][ T886] CPU: 1 PID: 886 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 326.985268][ T886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 326.985277][ T886] Call Trace: [ 326.985308][ T886] dump_stack+0x137/0x19d [ 326.985328][ T886] should_fail+0x23c/0x250 [ 326.985361][ T886] should_fail_usercopy+0x16/0x20 [ 326.985466][ T886] _copy_from_user+0x1c/0xd0 [ 326.985487][ T886] __copy_msghdr_from_user+0x44/0x350 [ 326.985503][ T886] ? unix_seqpacket_sendmsg+0xc2/0x100 [ 326.985520][ T886] ? unix_dgram_peer_wake_me+0x310/0x310 [ 326.985536][ T886] ? ____sys_sendmsg+0x428/0x4d0 [ 326.985551][ T886] sendmsg_copy_msghdr+0x4f/0xf0 [ 326.985568][ T886] io_issue_sqe+0x250b/0x6750 [ 326.985583][ T886] ? __list_del_entry_valid+0x54/0xc0 [ 326.985727][ T886] ? rmqueue_pcplist+0x152/0x190 [ 326.985745][ T886] ? rmqueue+0x43/0xd00 [ 326.985760][ T886] ? mntput_no_expire+0x64/0x730 [ 326.985845][ T886] ? get_page_from_freelist+0x53e/0x800 [ 326.985867][ T886] ? fget_many+0x178/0x1a0 [ 326.985889][ T886] __io_queue_sqe+0xe9/0x360 [ 326.985902][ T886] io_submit_sqe+0x1887/0x3360 [ 326.985917][ T886] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 326.986008][ T886] io_submit_sqes+0x5bd/0xbd0 [ 326.986029][ T886] __se_sys_io_uring_enter+0x1e1/0xa80 [ 326.986055][ T886] ? fput+0x2d/0x130 [ 326.986081][ T886] __x64_sys_io_uring_enter+0x74/0x80 [ 326.986216][ T886] do_syscall_64+0x4a/0x90 [ 326.986232][ T886] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 326.986251][ T886] RIP: 0033:0x4665d9 [ 326.986261][ T886] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 326.986274][ T886] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 326.986288][ T886] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 326.986301][ T886] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 326.986315][ T886] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 [ 326.986328][ T886] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 14:04:42 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) syz_io_uring_setup(0x6ad4, &(0x7f0000000080), &(0x7f0000ee8000/0x3000)=nil, &(0x7f00006d7000/0x1000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) r5 = open(&(0x7f0000000000)='./bus\x00', 0x103042, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000000)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r5, 0x100000000000000, &(0x7f0000000500)=[{&(0x7f0000000180)=""/22, 0x16}], 0x1}, 0x0) r6 = mmap$IORING_OFF_SQES(&(0x7f00006d5000/0x4000)=nil, 0x4000, 0x4, 0x100010, r0, 0x10000000) syz_io_uring_submit(r3, r6, &(0x7f0000000180)=@IORING_OP_WRITE_FIXED={0x5, 0x2, 0x0, @fd_index=0x9, 0xe146, 0x400, 0xff, 0x0, 0x0, {0x1}}, 0x7) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r8 = socket$nl_audit(0x10, 0x3, 0x9) r9 = socket$inet(0x2, 0x1, 0x0) r10 = socket$inet(0x2, 0x1, 0x0) r11 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r8, r9, r7, r10, r11]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:42 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:42 executing program 0 (fault-call:8 fault-nth:33): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:42 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e6661740002800100020000000af801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) [ 326.986341][ T886] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 [ 327.039221][ T895] loop3: detected capacity change from 0 to 270 [ 327.503897][ T908] FAULT_INJECTION: forcing a failure. [ 327.503897][ T908] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 327.516986][ T908] CPU: 1 PID: 908 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 327.527037][ T908] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 327.537094][ T908] Call Trace: [ 327.540367][ T908] dump_stack+0x137/0x19d [ 327.544809][ T908] should_fail+0x23c/0x250 [ 327.549221][ T908] should_fail_usercopy+0x16/0x20 14:04:42 executing program 1 (fault-call:9 fault-nth:97): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:42 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0xf00000000000000, 0x0, 0x0) 14:04:42 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 327.554279][ T908] _copy_from_user+0x1c/0xd0 [ 327.558917][ T908] ____sys_sendmsg+0x1a3/0x4d0 [ 327.563847][ T908] ? sendmsg_copy_msghdr+0xc4/0xf0 [ 327.568994][ T908] __sys_sendmsg_sock+0x25/0x30 [ 327.573891][ T908] io_issue_sqe+0x231a/0x6750 [ 327.573911][ T908] ? __list_del_entry_valid+0x54/0xc0 14:04:42 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e6661740002800100020000010ef801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:42 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x10, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 327.573928][ T908] ? rmqueue_pcplist+0x152/0x190 [ 327.573945][ T908] ? rmqueue+0x43/0xd00 [ 327.573958][ T908] ? mntput_no_expire+0x64/0x730 [ 327.573981][ T908] ? get_page_from_freelist+0x53e/0x800 [ 327.573996][ T908] ? fget_many+0x178/0x1a0 [ 327.574030][ T908] __io_queue_sqe+0xe9/0x360 [ 327.574118][ T908] io_submit_sqe+0x1887/0x3360 [ 327.574137][ T908] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 327.574159][ T908] io_submit_sqes+0x5bd/0xbd0 14:04:42 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x10, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 327.574176][ T908] __se_sys_io_uring_enter+0x1e1/0xa80 [ 327.574249][ T908] ? fput+0x2d/0x130 [ 327.574266][ T908] __x64_sys_io_uring_enter+0x74/0x80 [ 327.574290][ T908] do_syscall_64+0x4a/0x90 [ 327.574310][ T908] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 327.574397][ T908] RIP: 0033:0x4665d9 14:04:42 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x1402000000000000, 0x0, 0x0) 14:04:42 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x10, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 327.574412][ T908] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 327.574429][ T908] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 327.574449][ T908] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 327.574463][ T908] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 327.574475][ T908] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 [ 327.574487][ T908] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 327.574498][ T908] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 [ 327.596200][ T912] loop3: detected capacity change from 0 to 270 [ 327.679872][ T934] FAULT_INJECTION: forcing a failure. [ 327.679872][ T934] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 327.739330][ T931] loop3: detected capacity change from 0 to 270 [ 327.742161][ T934] CPU: 1 PID: 934 Comm: syz-executor.1 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 327.742183][ T934] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 327.807463][ T934] Call Trace: [ 327.807470][ T934] dump_stack+0x137/0x19d [ 327.807498][ T934] should_fail+0x23c/0x250 [ 327.807530][ T934] should_fail_usercopy+0x16/0x20 [ 327.807548][ T934] _copy_from_user+0x1c/0xd0 [ 327.807571][ T934] ____sys_sendmsg+0x1a3/0x4d0 [ 327.807616][ T934] ? sendmsg_copy_msghdr+0xc4/0xf0 [ 327.807654][ T934] __sys_sendmsg_sock+0x25/0x30 [ 327.807667][ T934] io_issue_sqe+0x231a/0x6750 [ 327.807682][ T934] ? __list_del_entry_valid+0x54/0xc0 [ 327.807772][ T934] ? rmqueue_pcplist+0x152/0x190 [ 327.807790][ T934] ? _find_next_bit+0x188/0x190 [ 327.807810][ T934] ? pcpu_block_refresh_hint+0x191/0x1a0 [ 327.807833][ T934] ? pcpu_block_update_hint_alloc+0x230/0x720 [ 327.807854][ T934] ? kmem_cache_alloc+0x201/0x2f0 [ 327.807915][ T934] ? xas_create+0x96b/0xb30 [ 327.807935][ T934] ? xas_create+0xae3/0xb30 [ 327.807953][ T934] ? fget_many+0x178/0x1a0 [ 327.808004][ T934] ? kcsan_setup_watchpoint+0x26e/0x470 [ 327.808059][ T934] __io_queue_sqe+0xe9/0x360 [ 327.808076][ T934] io_submit_sqe+0x1887/0x3360 [ 327.808174][ T934] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 327.808192][ T934] io_submit_sqes+0x5bd/0xbd0 [ 327.808209][ T934] __se_sys_io_uring_enter+0x1e1/0xa80 [ 327.808246][ T934] ? fput+0x2d/0x130 [ 327.808262][ T934] __x64_sys_io_uring_enter+0x74/0x80 [ 327.808280][ T934] do_syscall_64+0x4a/0x90 [ 327.808298][ T934] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 327.808392][ T934] RIP: 0033:0x4665d9 [ 327.808406][ T934] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 327.808419][ T934] RSP: 002b:00007fa426612188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 327.808433][ T934] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665d9 [ 327.808444][ T934] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 14:04:42 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000200000010f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:42 executing program 0 (fault-call:8 fault-nth:34): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:42 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, 0xffffffffffffffff, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:42 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x2000000000000000, 0x0, 0x0) [ 327.808453][ T934] RBP: 00007fa4266121d0 R08: 0000000000000000 R09: 0000000000000000 [ 327.808464][ T934] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 327.808473][ T934] R13: 00007fffc1f3ec1f R14: 00007fa426612300 R15: 0000000000022000 14:04:42 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x1f) r6 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r6, 0x208200) sendmsg$AUDIT_USER_AVC(r6, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000001c0)={&(0x7f0000000680)={0x1010, 0x453, 0x4, 0x70bd28, 0x25dfdbff, "89c5cffb686700a035ba810334d01858a94c41e7c0b7a449f44a39c913831c8e74ede8e237f2042279fcf4770766148fb47d87f410cb0643d2575ab13b609bf908c8b4703a1be4903fb1bae1e7fc28546a3fcff385976e72f03a9337f99d4439d325a134c279c6f756d43d75efd799a442fbc7862a1a4d98221c2ee5df097a255dfc7fc9e1276b6dc06c1f4540ecb1091c92e3c3dc6114a4f50370b919bf65dc0285e8970f5c6b4e9cc9448e11fc25905ca2f476a0e06bdec2e6ef08b9dbb98ecabe4e5b259c75d8eedd7405d23db94565bcc44edae6d1b30d23ac2e9b5706ee1ceee4538d7234c31a7cab6439cdb4b9bbae00a806245ee866029325e9e7040a0c4909cfba9e7378f46f7ba27ba3f472a3ccb540b6e5c223483cd296ace65452260e17ec95a14ed38a75b7538a380b9b0acdb43e13987c2802a533dc60c3fc6d5ce5723ecf650087e58b34bc94d0aa045ffa813317d38b87d809fda4684f7b7d1f2c00c65acce487f4f69d6d9becf1b0fe9765b9e661b3fdccdc117bc5dadae1d9b0c7df7b3d67f00a99f8d833eb2228746e28d0b18aaf6cb665b3388b1b05351a737d3ad7807caa96554d5d6fc3df32dcbdc4d552a225fb9d2a1c2722473ceb1dd46b87c287ee671d060c5033e1dbf47488df88e27c026637895c09972bfcd09c2dda8b395f0877a93e15c7bc76266dc1edcd1d0180329e01c8793ceff284da0c20f7e5dc682107de82c599dc2babfb0144b3afeda4988d577c9ba387c1a38249c2daf1dfeee1ce0995e539c66117c9aed43eb586faf8ceb376111d5518bf919992cdac004d72072234ef33717afe3aaef9eb101c958853048d4fab5002c433ca2ff5e99a1774c042590d327481a724ca6014c17efe16d9d22ec0b0f0b77a669ee7799caceb832dfac05319e1da6a8e5f60a5d7aa81803948654b3338cee52bf129de63eb961bef1d71479b35b3707074ea6602d146f26ce4298d47fbb3fcb3577df2874e199a7bcfda9f0cffbcec7ee6e45a95a10f2011844beceb5aae0639f1f352c0af4deac3d357ce9cf6493518627ff1b7ed4d03fd7b1af82f87215229f2aa85dc7a6ccfcf6845578a391483e17d019697c54846e4eecd8b7e7495b975b950a0d94b627d876acc826ee14106083e0e11b4d8b0a1eff2b6c38190cc5033b89227cb28bbbd124b5edb4bea09d17a409a3bd4d05e35d80ab65ad91b76840a84b7c8a5af8f0e7cc37f2fcb4f45756700806fabcf5c3bbcfc14efba18c9d3ce33e14daa62cdd1a14e89814ae8fc52843352258d34281486d22d9db3dcde48c774d19f743cab0866c57d21df03e2d34525725df537761ef3f91b15afeab0318f9d75b0c0cfb6cde76381962833ed64fb4abc36d9e802176658e15665e6d99dc52fadc4d5d309002baa7c241fd77cd67ba71ac3044b5fbaa028868f5ab7fb7f508ce0b9c83869f89a53c97868f266532fe6b77fd87e9f686cf9846d7ad17500a0b5e989581fb4af64eafa1dbf5f508a2dfe98d982554ec9b410c6d51a9add11a23518994a14e1284b2d077d7ff7b73a112085b0294b5b59bfdbc59aca3e6fe4de9a3880173df266135bcf4f3604c671864f3866b649481c65f95e23b78cf2c7bf2ada724e99b12b4452e24eb61c2f9382a27196d3a55b9b84175fa7d663a88eec1701ff26daa63037bac2610f2dda19f6c05fe2bb0ac4ff0cf3152972e2c8169d741a5cf70dab37604c064d8a3191d4fbf0b1362fbfe58f9f15233287dfad5303e2c459e2c46b2f1126abfa383f5168fc26d4856f5654424990f5af5ceebca7c8a4857daf9b674ed7126f22c40e286cf33af2e38b0e2bd5ddc3e010731cef1aaaacd83ecef1191b384699906c36bdf4e7850f7f2a683fc533b0d7e5776d65897b21515988d03f119d0bdf63cc63cff6742126d0879718dfa366263704a04ae02cbca6612a961a2ac204324fd4dfc15161e030d0455f84d654e1e64dc4ccbd3c2bd6ef11b219c6cf87317bcd05f892fb06ce3b8f4aff3ba01dfb1664de826c634b14ca3cbf8e636de7e3f3aa92e03522ce8652d5d084107f3aed159b7c85b2e49dae8905914b1841c28c22e079b85830161de4c52b54486834753cc16654046007dd3d5c99fc9086de29976d1b843232875608518d0bd8f1023ec45ed6168818ddcec549c21b5fba08c6b2d5b33fc201cc3a017bb426b95a47f3271f0c743fb70968ebb3b241dc12395e5a08436080eb6467e3b227d0087f73199dfe7746d38323954ae55234686a70b0d5f6bcf443e13196e555a5e88ae039249a3a1bc7e21f8255dbef08f090b2326dde8e2a6bf47ac7e43c7ee0cafe87244671ac2149df62074a6989effa0fe8c14ffea5ac1456eb3ac4b0726600e37be04e079567e30a34311f6785a32c2787ce2578955b96bc7e83d1c5f3881ae82248ad7ebee802c413bd06076913c2ea24da093d4c9f42f63934d614404fda677d3a21b0da6d6c80175af190325fdd7f8dba16c3f2dd95e7860279741101f498159e3dd16ed1c3121f4989552e2c343b0facc49fd38cb1307ed93db08153871a6cae1df024b87b555f76e696f9885f5d1aa74e41b1509e483ba8bb9f1a7298d17c285c91e2e8f1b384cd29c0c67692001aa61e13d53ec9afd0a9f71ab93ca776b2fb665f32e5799c0b86b61394f00c3662f2a8465e484333d659753866fe33c66d76137d51aa19859f27a0230a70f9e536cebed7dee2df3dc7e817ca94f22fc0429998357612129ed10c8b1d3943a6118087c0b2d3f937d97f5658efef1dbc0bcbedf45c7d36a676e93a2a33ef89a344aa277bfc529daa5326f3eed74dc997983f05c05601185d7f211024e7c65915a9efafb6eeb5d2006786e69580db329a7d9d88d07aa27549f8339bccb5339f646180f992e8634e06e5e1a69c5e25b33cb375fdc25f1c583f95cd2c624242cc6bc8dcf8d1fe69dd10ab6c7d5aacc24ed0c7918fe40fa80554fe5018e5173817031fafa5bfcaac661b243bdad67b4ed24f8402586a7deaecc7e18c9e6f40ddd49b627f79ad3b1271a77b68468831c8baaa677e561ac752d388fb3d3f4529eba7da46ffcbd11cc1b22b04ea060a524adb787959506bbc4f25b662615c32fc1cc85b9a30f26e8ff26b56f3cf68f1e1c321cd874aa422facd9bdc565cd43147f8dfad6f3e38cb8286e82a203dcd76a814b9882a69f199281e9b7d0c5b715d77c647d87f5a8e036602166f48b9e5c0964ec73d918a3eb64c5598dc3598a54d1a240759214bc20066d63832c87c0460bf3e4d8787aa2d7750d1651319a2e8ad0671e89e608d7e3a0efe5f4f78caa441a3921c34e903fda8ab6bd55d28055d0e8d0b9fcd5d82a853d7ec3deddb00ca8df6192cb019beed762e9b6f793a6ec43005a7820d5f30c7f83d0a9b1c45baca4ff09464ef07109c69d2f38ec707f14fdd81ba2817c50ecc98cc18f11cc4a3f8de5f9c8478566f5b5db404b366afd213c7d1c9dcdc931f786440fb18d4860b5977eb38c43f0d959652a1746b076279857c86d2d057307af3eb814311cfb2b0d20d97452ba51ae652b61d2da06eca47def081180e9fbef827c8770afdd944f4723bf16af5071b19f2c47a7815b441554503f9d9f4d8bd184af08a458c725c8bf0953c37e013250f3f1e7e9d7daf1b03a6375049e19232ae262acaed7cb9390d91bffacf0881dd654ed53c275cde7088ee8b08fda7c62498baec5e7d6c3de30e9bdde9bfa61d6ae65323f64c36362077cd80c0967d8e311250d6da7ca1555be00a2356b8e335835cf22615964931ea721d0d91bd002dcc00e19bd3af043a33854cfca0cf8bf0a954f2dc40d16def6ddd891016779fa428fb2e25091a20d7a18aa98f15a31861dfec8af64e2dc2f961257a9a54c0d426be8642d265121be770a801b744407c37d58694bb3e54cc0c0cf1f5fcf93f1f72a5e6b76e78cf59a559d152303b5d9187f90f63e4189dc15f3ba0266f58b9c58f380e8882b6e5cf0883a94726c71aa77c23623a44bd2521e3ce30bd388d1ce550525edac2a567c89eede9794f4b0ad10bfb23474e49666b8815ab6a098641a888db6c69b4d85396a497564884d9cf3a3950624f0641f65aa1d5895cb501f019c8682de6b9f92e7effb325d88cbe0d1e05395f8aa1a84090bbf7438e10953e5743c30297012574e5c2fb8eb4c19faef2ea30caa98d07a90c2d409093d9083f9de87252a8cac97ebf49f0376a80294328b96315725cc178945a4665baae3698b17891a6e5c700ea4908b42c746b2eb9afdc375bf014c6f3d922d8c08683726c584146a21f60d32f7090b005d055987eb875e100436b732b3509786d9824f9183a24a77173a4e03072486b941812a71cf8d225cf6029f621ed31820925cdf99772d8f6174dbb88cff4d494a13e547db8c2ff36a415f7f046d592e5cbdafb6859aa900323ecbf59463faf7d87e65b737b49c3a2ce30e42ded07d7fadd5a415ecea8f8519b52d94bce68b62dc61e99ede2043fd7a84c655777de9a025a5c29d69fa050b35f89548f24facac9890388e09ebf35a912d7d4298152564aea19bcbe47751682eab6070b73e6f03cdb6e7c99ae5c08cfc5759e1600b4dfc0bdb72a16a7d25acbb3eb4dd962cdef3b518910671acd35d484ccfa5e4a1c337bd23905282fe67bdc19f6c3c4ca2e0da825bc2653fd5d0296397e5f32401fdd6d3915e6cd3822e07110264c869303d79321fcaec8127919103167c1d1a32ad46de52e6cd37c43b65967a1c63c12085dda83c16a0e75ce485f8bd28b1054db01c68a9d38949d2b67e5ed128dc649ec2f6338fc1559fae1a39f6707055d1aa67b4fa4f73f15380b82d22b50e6cafcf68b814204215c064acb5a8ce010fe6db237e7eaffabb6d232569db16af2cc1f15cb837ca9a833a7ab9b74fbaed3bafaad0f75339289ca88279ba112c6b027c026eaac936ff28cf880c679d2f1f8fe6514bc7a9890706cb276c536b57f6ecd95ff6704994a763835ac0bb95655948d691ec533c9611e4fbf5e91376c86f16e430c18c12f94d8b41a19174686a6fd6cd0f76e9e3bffc465f1e6cf543e0347ddf1890f14d8ba3f2af6f185f6e46de7c51aee4a3d4dd03246798a0bbff6f968ac1bacdf00e1505d2582587a11497c67b91635e11d600733d767b715ea7eeca6bb80e48c0696e035b64c130d67285985b9fc52649cfc5cf62d931f8815120ce835cf62110f67b79f5b0d0a305133554708b72d7895a610fdb8cede41e2a84868dff34146d8263e7d6478d168fab3a95b38a2b2fb975d781202de38afbf61bb0719faa92a965c8f0505134cc969d2f7f39d2f9720c706d5cdc134f1d261cbab3cc6671c418298327e5370f24e6d821bd6e6ab2f01c161c22015d886606b43aae4b88733e74e365142bc0ef407a30f41af73c0995702daec521f29309c02fc8eb17053c133490db79873c2f9b595c9dd194792d14acdcc03d1e6fc50bd39e231474a920a299bc65e384c14ae5f8f8bf057b3c84e27b239e7798c0bfe3593080d4132e823dd07d9865a3034694e4e69dd1fe7da5d52c61c7dae6dd92d851d8e75df18bdd3e68698aa2408a7ac30b97dd4de8b60a3d0f73ed48a1b9ec46398f2f99159111407fc56101f7387163dcdb53458bcbbf507d1765ed21a90dfb7560d4170a424d115339373d10ce381d816c7661822c075f9cf8e9ba43d10951ef4bab9c1ef94bb1863cb2731d40bff4c5f41dcaaa9789e042b8244e85086c78fffd874e7f6fb76b27d6b0af6c8c174fa5c191665df6597a91be1c0", ["", ""]}, 0x1010}, 0x1, 0x0, 0x0, 0x440c0}, 0x24044024) r7 = socket$inet(0x2, 0x1, 0x0) r8 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r7, r8]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) 14:04:42 executing program 1 (fault-call:9 fault-nth:98): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:42 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, 0xffffffffffffffff, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 328.106805][ T964] FAULT_INJECTION: forcing a failure. [ 328.106805][ T964] name failslab, interval 1, probability 0, space 0, times 0 [ 328.119668][ T964] CPU: 1 PID: 964 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 328.119690][ T964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 14:04:42 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000200000064f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) [ 328.119700][ T964] Call Trace: [ 328.119715][ T964] dump_stack+0x137/0x19d [ 328.119747][ T964] should_fail+0x23c/0x250 [ 328.119766][ T964] __should_failslab+0x81/0x90 [ 328.119857][ T964] should_failslab+0x5/0x20 [ 328.119881][ T964] kmem_cache_alloc_bulk+0x40/0x340 [ 328.119965][ T964] io_submit_sqes+0x4a3/0xbd0 [ 328.119980][ T964] __se_sys_io_uring_enter+0x1e1/0xa80 [ 328.119999][ T964] ? fput+0x2d/0x130 14:04:43 executing program 0 (fault-call:8 fault-nth:35): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:43 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, 0xffffffffffffffff, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 328.120060][ T964] __x64_sys_io_uring_enter+0x74/0x80 [ 328.120081][ T964] do_syscall_64+0x4a/0x90 [ 328.120101][ T964] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 328.120119][ T964] RIP: 0033:0x4665d9 [ 328.120129][ T964] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 328.120146][ T964] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 328.120246][ T964] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 328.120318][ T964] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 328.120331][ T964] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 14:04:43 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 328.120344][ T964] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 328.120357][ T964] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 [ 328.131266][ T965] loop3: detected capacity change from 0 to 270 [ 328.210701][ T984] FAULT_INJECTION: forcing a failure. [ 328.210701][ T984] name failslab, interval 1, probability 0, space 0, times 0 [ 328.210722][ T984] CPU: 1 PID: 984 Comm: syz-executor.1 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 328.210783][ T984] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 14:04:43 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 328.210794][ T984] Call Trace: [ 328.210802][ T984] dump_stack+0x137/0x19d [ 328.210827][ T984] should_fail+0x23c/0x250 [ 328.210873][ T984] __should_failslab+0x81/0x90 [ 328.210954][ T984] ? __scm_send+0x3d5/0xa40 [ 328.210983][ T984] should_failslab+0x5/0x20 [ 328.211016][ T984] kmem_cache_alloc_trace+0x49/0x310 [ 328.211082][ T984] __scm_send+0x3d5/0xa40 [ 328.211097][ T984] ? selinux_socket_getpeersec_dgram+0x1de/0x250 [ 328.211120][ T984] unix_dgram_sendmsg+0xc0/0x1610 [ 328.211191][ T984] ? sock_kmalloc+0x77/0xb0 14:04:43 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 328.211211][ T984] ? selinux_socket_sendmsg+0x7e/0x140 [ 328.211232][ T984] ? __kmalloc+0x23d/0x340 [ 328.211253][ T984] unix_seqpacket_sendmsg+0xc2/0x100 [ 328.211351][ T984] ? unix_dgram_peer_wake_me+0x310/0x310 [ 328.211369][ T984] ____sys_sendmsg+0x360/0x4d0 [ 328.211387][ T984] ? sendmsg_copy_msghdr+0xc4/0xf0 [ 328.211403][ T984] __sys_sendmsg_sock+0x25/0x30 [ 328.211416][ T984] io_issue_sqe+0x231a/0x6750 [ 328.211429][ T984] ? __list_del_entry_valid+0x54/0xc0 [ 328.211444][ T984] ? rmqueue_pcplist+0x152/0x190 14:04:43 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, 0x0, 0x0, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:43 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, 0x0, 0x0, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 328.211474][ T984] ? _find_next_bit+0x188/0x190 [ 328.211494][ T984] ? pcpu_block_refresh_hint+0x191/0x1a0 [ 328.211546][ T984] ? pcpu_block_update_hint_alloc+0x230/0x720 [ 328.211570][ T984] ? kcsan_setup_watchpoint+0x26e/0x470 [ 328.211596][ T984] ? kmem_cache_alloc+0x201/0x2f0 [ 328.211617][ T984] ? xas_create+0x96b/0xb30 [ 328.211649][ T984] ? kcsan_setup_watchpoint+0x26e/0x470 [ 328.211673][ T984] __io_queue_sqe+0xe9/0x360 [ 328.211758][ T984] io_submit_sqe+0x1887/0x3360 [ 328.211778][ T984] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 328.211800][ T984] io_submit_sqes+0x5bd/0xbd0 [ 328.211820][ T984] __se_sys_io_uring_enter+0x1e1/0xa80 [ 328.211900][ T984] ? fput+0x2d/0x130 [ 328.211917][ T984] __x64_sys_io_uring_enter+0x74/0x80 [ 328.211942][ T984] do_syscall_64+0x4a/0x90 [ 328.211963][ T984] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 328.211988][ T984] RIP: 0033:0x4665d9 [ 328.212002][ T984] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 328.212073][ T984] RSP: 002b:00007fa426612188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 328.212093][ T984] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665d9 [ 328.212103][ T984] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 328.212112][ T984] RBP: 00007fa4266121d0 R08: 0000000000000000 R09: 0000000000000000 [ 328.212122][ T984] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 328.212132][ T984] R13: 00007fffc1f3ec1f R14: 00007fa426612300 R15: 0000000000022000 [ 328.238469][ T989] FAULT_INJECTION: forcing a failure. [ 328.238469][ T989] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 328.238489][ T989] CPU: 0 PID: 989 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 328.238504][ T989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 328.238513][ T989] Call Trace: [ 328.238518][ T989] dump_stack+0x137/0x19d [ 328.238539][ T989] should_fail+0x23c/0x250 [ 328.238560][ T989] should_fail_usercopy+0x16/0x20 [ 328.238581][ T989] _copy_from_user+0x1c/0xd0 [ 328.238616][ T989] __copy_msghdr_from_user+0x44/0x350 [ 328.238635][ T989] ? unix_seqpacket_sendmsg+0xc2/0x100 [ 328.238654][ T989] ? unix_dgram_peer_wake_me+0x310/0x310 [ 328.238672][ T989] ? ____sys_sendmsg+0x428/0x4d0 [ 328.238687][ T989] sendmsg_copy_msghdr+0x4f/0xf0 [ 328.238703][ T989] io_issue_sqe+0x250b/0x6750 [ 328.238722][ T989] ? __list_del_entry_valid+0x54/0xc0 [ 328.238808][ T989] ? rmqueue_pcplist+0x152/0x190 [ 328.238826][ T989] ? rmqueue+0x43/0xd00 [ 328.238842][ T989] ? mntput_no_expire+0x64/0x730 [ 328.238874][ T989] ? get_page_from_freelist+0x53e/0x800 [ 328.238894][ T989] ? fget_many+0x178/0x1a0 [ 328.238914][ T989] ? kcsan_setup_watchpoint+0x26e/0x470 [ 328.238957][ T989] __io_queue_sqe+0xe9/0x360 [ 328.245038][ T985] loop3: detected capacity change from 0 to 270 [ 328.248780][ T989] io_submit_sqe+0x1887/0x3360 [ 328.747229][ T989] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 328.752763][ T989] io_submit_sqes+0x5bd/0xbd0 [ 328.757451][ T989] __se_sys_io_uring_enter+0x1e1/0xa80 [ 328.757484][ T989] ? fput+0x2d/0x130 [ 328.757503][ T989] __x64_sys_io_uring_enter+0x74/0x80 [ 328.757616][ T989] do_syscall_64+0x4a/0x90 [ 328.757640][ T989] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 328.757664][ T989] RIP: 0033:0x4665d9 [ 328.757678][ T989] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 328.757693][ T989] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 328.757710][ T989] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 328.757724][ T989] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 328.757737][ T989] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 [ 328.757751][ T989] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 14:04:43 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x4000000000000000, 0x0, 0x0) 14:04:43 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, 0x0, 0x0, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:43 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000200020004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:43 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x80400) sendto$inet(r7, &(0x7f0000000680)="2b9c01bbb95cefd9a147fb9eb2ab151f2e9d47e0af92fa6cf7896d119089a1652b6b97ea22af9ce785d18561862df6b24841e7514901c1781d0c50bf73c9e000b24ce2f4a7a9bb9eebbf772a6affa96122eec243a933ac89a8f70e10f57e0cd40170345c1721305f88902e05aae6c52f17ad1468115d5d9807ba724cc03f8eac3c7251751a2fbbf434c692d4ff58d1953d38f5b286ec1e56de48bb38a63958158cf3744dbd732e47e550a774443fa1bcebb249f60dc5f01f3317e2ea439832c5c44225414aeb75ccd35e9fcfd09e11ae45cb99876a6bf84de3bcb83e2e5242a4f51c99069cd2c0cd0430a3d7929018054df341f716099849475ef2dd98c129060ca8acdeba568c9bcb6bfa0ced5eba1bf079eb6a99d843c936f30d181b6019ee4cb4bbd5558eabb840de0f06bcb59248125c2514bf003afd8b55c9c43510489576acd9da4adb5ad38d2509a6cf923c6817ef19972900657793f391ed893d1a3940d945cf8419d8d15abe2ba184c78af056d986fbc33043f0d5825fbca04f24d6c536a1ce21d24df2531f1d3d74f2139aab88d19252c5d9349338f21419e8a8575ccd37ce266de21acc91c627429c02198a87508e64235294de8e6b8834600a846681ccb3b676348ac9790354b8bbe4d2b46eb01835d703fadc0f2a7a4df4eafb377536afc0151a3f47b9a0d0806a58d5adff2f287c5b8329264223a0bb3f87c3aa34bf577575a3592957b639f03454ce295164e5e33468b6f18e8401aadaaad11fae073c1b54eab5b4a81e8e73c305784e701e464c9088b2bf511267d2ad5425fb7e82d7fa40f9713d2e071161301dbbad4d5aef34fd82e9c6bf8c0d30b719670518abd3f418d906be8f9143999e5c48d688b9f4627e85d05ac8d0bb2a252db65bedc4a9aa5f17c9c25be3e5e997016d17ad87ebcfe34b6affa4df910755f3c5e78e7d793c0d63c5f40a635c13c249ca461e10e001d3f78b11dba1bca54f700389bee367af9483db240c93166ffa9022317ae9dd10140e3b443bc6c4934768214506e3ca47f1cc37c16ee32ad21e8927342c27bd9bdf6bf98803f14609d97fe5c9214ded9baba3687acdb768e05cfb7376f32acc1c6694d7710c42f9d122f918104e92afd159013c14915d54a0bc89ef9db93672a814a2cd716ce74de0b667fa94e776ba180d5e8de36328a4f7ebb2a1193d7599e0938941d02f0c9fd28a3629645a2b1446c1984e54c1cc7a6cebd309e1f08244ac38e210facca7ada3b28da9fc915e0f830e37c5ae6acf8c71bd6e3f13810183aae45da21e8b2019f5312c781af187d2c72ab6d88f084bae2343bd0ab50126a679a285f6b885f8ed9a2dfb8aa48bee94fadaa452493c7c2684303fc6dc10b9a798f384595d84c8346594d05658d3490bb05d06625b61793bb6a6e213a91698359021255f70b382fc127b76e6f46cfb4d2a7ef9388a4f2a34e20bf20a6c19afb110ee4081f7e556ecc9eae162f542a6e04251f05d517460fbb5b6f5ad86c166c887d454dd4b3f0bab488ab8c064d469f687c354e987113d68b7388b14fac30ff3159c3785cf0603e3e47eaf5dd5d894eb0e84ecb3998768fcd327595f7ac93f0f48ae788adcd8c2775416bcf2b7e82d9e9996ed97b8195a1b70a92bdb1a1ad8aaa00cc0f717c0d1a13ac5e369bd9558fbc3a4569ad1269d814913eddac574e0bcd04a137d981c167b663cabc22260d41abf53a943854ac9928bf776d2125e8050137faaff1a19f8a74cb1e79bb3a0ba6306afbd47b44169b1cb6701e803e0bf19eefbc805063af28190a96bc9a22790d443f3e6196ad41096bf5b46bc04054dfc21220a0b132c0bd083520f7cc850815f4593ca648e8bfbc5e6590d12ddde20b7f5518d34991838f3421dd73ab36a8cadb9530c164c2f69ddcad2b1ecec8c9105d5f3bcdded79584641371e553647b1ab9fb805b152866ee340dff2255100a5b151a25c5dc0db803a1fcd406aad0d7811694aeb8c1b3a2d6233dd0559aced5bd5b23c645f03a0663ad1d7a3bfc290d5f0b7fe99a35a3f64c98ded67fca7332e398e4de627cadec6700c7f3c5134f189267d6998683e6497826739458db3a5a58152a263a30f2df76c4519a07264706d035e4a45586aeaa66a64bbf0fa1cb52464486452dbd2d55b5fe3f8df1bd98ab28643a4d3580e51e916c44eb320cac8ce0a77c8ea9f9e63c1abc3bae5ea48f29947d6c67453488f528f00c219ec8c82f71953caec28e856bf6159b7af65e526ead115fbb3e9961353ef99243181514ca01ccfdeb37ccace2c7c5840b8a559e7d9bc84cf2b462c17ad3a5233418b6ee6f9c299df3afc96a97237ce2142e768f8e1e70341ffaed120d636f1157bc72b13d500e6be2737cc26e575ecec9e6a2e16e4e2990725eb7040081d725dec9e83d284ea8dee8469aa5d2248473c4a3dd43c1e3cbe7a017fae32da9a9765deb71b7401d2d5f6f3754101dbec98232bfd76e0433f1840391cbc6948681670f5ba8d3c1a0e0f1f425c193c8ce0304725ae8f74b0e8099ffe24026f57a472d0d2a590b94783d057216c7524cd4f537011d6819fe28e5d200c70ea67f54da23a8df748c843adc681c68f6d40379e41e75dcd8c47e5fec91011a16952088bc85b9fb346a53fd8ccde00ba248994e49905eed3a8e121e410b5f71e50db65ebd79efdbdaba6e4fbde8eda3f7238e8318d62b00adcf0453e556443c887926f5991db341fc689b0d639907699c70a141953c84f2e32b8c18f54f2d473663604b0479ed98bf6bf1bbad655e41264c887495590b223e6357d23a3929fd6f0184063283a619c3d79ed6fdf1bd8c15a2e6dfa67d8cf8bc493856b1cc1830faf6e640fca9e7dd8ebd1b6f67b7c9f3dbc22a31a40b930b74b622dd20da9c39c9b7d0519ce9743cce1beae3f35efc6c802c8e06324ae22069619e0c4ec69bf60d00da6348898fdc47b26203530c1c31c9de1d43a6643acf168b6cba1f80cda307914ab9b5931e17a82b1ac2e621cece377c4b1eb83a877783ef92b827ca0370e0c0e9f59324d26b89b77eb98acfa559682128629a6bd8945b045edbbc152e223cfc5c7e9f3a74e3d8cd30a9909428c2c1f47f4c91041411a45b05ac5d1ec7a0cad1bf9ae3e844aa07bd2d4906d086f9e4293b25df000443273d07b9f89029c102a1103da7d971c2109dff71702de8e368063500f846a21c9941f61f1b0dec9a9e231655e0fe29ffb9f9a946c2944f84f3695e351fb6808abeecfb44ffda1670f7ec54016772c58b489d04dbac091126df9bec64d5518d51808fffb6cba366e74fbdd6277c903653d7b98ebb6bae0de0062acf93f58b49674a4bf6539756ade8086e54aeaab5bfe3a2e83c4dbc03a69f36c05f5dbe37edf71ee3399b5cd6140ee53ce6923bc564d0732857cfcd99e0dac33d95df2ca4423a7587e0549b9b96a3ffe785f286333b5d10df3f2b43d87e25064066409d05174db8472d2d3a91ae4f67f27d3bc24aff487bf848827a4d2a79e9542ff93b32c58f3829db6e4456526c079a87e8afbedbdefd857cb5a2d64410f491342913c2da2f8114f1e4d7b46a616c9efbce1eab88ae85244f59a82277890b4f64ab8275f11d1b36029e85efdb75e863a452befd5f3ff6b0a898aa5e2b4ccd8050e96a729503ee907f3f14c606803863a22ee87b6b51391f66fda8792f8c9a369d7c94f988e2ad1010307773eef8e6ec6bbc4ded68d81455bb5e1b514a79ba32a008aa4db13499d5c56d18483d70570711ec373264bc0309c72cea4932942b633328dd1de5de420124a686599feddb9da0ee68bc7089fce79b3360a7dd60721d3b2c56b10251d88d995ebc017b85b640fa2be3ab2cbf68c30a135f095fe5cba301356649b273280eb0705c7dbe1b3ad359b32e0dae5f36a6d3663df9bfca9d200d1254785336d34c5138dad108710d411fc36388b6a2ecc1ce8278f0773c55dbdb8cc232cd2d098ad0ac787fc3325abada5883d71008ca488f097f0ce9cfaf23897362b340766cfe7a9138c41f3dededce08b2ec34b591de01ef6cfdb97e866d649a659a9804932f3e720b9513cdafa08c8e7abef942ec4656d2c4b6f8d25235218b72ce7827c51f9aab3821d242660e44077b7fd8f9d19eb16176297f1d0c437be74dc493e53c02b092d051308252018abfb90371bd87c0bc90548449a608ab31a679b223bad5e33b229a0e9fd5ced6bbe5d21694a54a14db455262a0a246159eb853d1a24ba2925e56e973084522a2453cfadb2a35ab8fde7e1a3d487148d0b28657603813d7270b7ef1d49dafa2131283458fc564061277950158f60ec17391acd88ac66efa19ef0914174fef2ed307add7c17b3925521d4ae992e9bc967ab4058b59564822a5b6d36fc178e16a271c29324e923e0be9b41d778ce513cf2216d1db9d0bb5da83b2d993c76f160d822b8345fe491d38e288d694731e2f0d044c1ef46bcc1478eed4dcc2a03ce1360697e078d20e6ee86db84509536e9fd2c6e7be8a1073b78a40ddd6377ca9a770be626462b915cd0492f0591c0fedcab8ef7e2fb941f62ecd97f13404338d209274677f83e29a481081315683d4884a186edf5633935b3e8b0f71e39d9fd2f7b96801d5eab88db54579cf48a02c0733b865db125ae0a96c36d02664d7ba1b241ee9cf1b42d7fa34fb726a6c16cf351fbced4f794457e1adf19f6123a68cdebc4fbb9f7548054a2f21f42d4e0273fd0b8230087de79a44a347d5c269c8a7ae248ff03de21329a89cff060be4cd1f8c0601774960918575657a6d228eee700df264dee58a5a823fe87799062bda1b03b4f1e90efdc6032b42a8099ef15667a578e9e75cdfe61464965d07e843e9ac7fec04cf79faa3c9587b6d530ef11928815c8d90cfaa9acec605959c203ac3f0fb3004e558c7fefabdb8fc3314fbfe2fcd8d6b456df8dea284d265246ac5fb0d05df65b3ffea4dfc0a5f57bb3c79785626ee586c765ad60c8d2cdd3c70e81d0cacef3b255f4f9a7eadb9b7f60cafa9e0ae693543158425dc9e213cf3607ae9115023df408048dd6692c0183694f47ab6a4f3e668c3219fe90d2bb2cce4b396472f24c1ee63f346fa40ecc1805b16b11ac91fbdd76d034911cfe0231643ec971118f705327695425b4d8fc3fa750db95abf3e2923fa9ef066f98b87f20223e7d47ecf65f67bbe0510e12a0266922a4329fa22880986e6bf314c4094b544888440244bf39dfce8294c6c973c03db5815628dea1310e8bc3935f754551160767dfe3c507e94629b37968490994865c4023316f8b230789ec64817e6ab7519a97f0c4eda91b7546264aac6fdc14a012d6627fe4bd5fda478bc5c6af2cd1ff035cce6f5f9a5301af06b49b4176dbb02a864c6b42d9d9d89b1f8a04bb25cb85f18af87ab6748b362dec62bfb6bc92e3774ae7631e29836c0142b67beb341598d18d8f2f0bd52c5cef6b4eb27882b24b07253694ee88cc3b45ebbc4af966690d90b32c84e717598f9c7e3e27df6b0497b1b96b24537e0d45dc97d4c8049022e568bccfe7a7c1b689d4ee6d204eb1ae925a8a0b680ce7b056bc3b34f40032e2fb4a49e30258c5290877e70f3e48416672f0d203274a43c31700011d1d95b9d47f89867a1689f515c818a41beab71b187a04ef67be0912f541ecd1d778f0c399f744fdf05e808d1c13e3ea1f18abff03a666011148528c1fe873a76d9311405a99dead9e614030b5fe8483204c7d845cc01095e5e33739a74eaa5bf215f49a39de5d6a95006c902e66588aca66937f", 0x1000, 0x4005, &(0x7f00000000c0)={0x2, 0x4e22, @rand_addr=0x64010101}, 0x10) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="24000000000000000100000001000000b1bb1171ea722b805ba7a45f5f236a8b763afa0607103457cbf09e93b26b26b2e580f93740a3b1", @ANYRES32=r4, @ANYRES32=r5, @ANYRES32=r3, @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB='\x00\x00\x00\x00'], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:43 executing program 1 (fault-call:9 fault-nth:99): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:43 executing program 0 (fault-call:8 fault-nth:36): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 328.757763][ T989] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 [ 328.927923][ T1040] FAULT_INJECTION: forcing a failure. [ 328.927923][ T1040] name failslab, interval 1, probability 0, space 0, times 0 [ 328.934351][ T1042] FAULT_INJECTION: forcing a failure. [ 328.934351][ T1042] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 328.940550][ T1040] CPU: 0 PID: 1040 Comm: syz-executor.1 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 328.963672][ T1040] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 328.973712][ T1040] Call Trace: [ 328.976972][ T1040] dump_stack+0x137/0x19d [ 328.981316][ T1040] should_fail+0x23c/0x250 [ 328.985718][ T1040] ? scm_fp_dup+0x3a/0x150 [ 328.990149][ T1040] __should_failslab+0x81/0x90 [ 328.994913][ T1040] should_failslab+0x5/0x20 [ 328.999401][ T1040] __kmalloc_track_caller+0x64/0x340 [ 329.004669][ T1040] kmemdup+0x21/0x50 [ 329.008546][ T1040] scm_fp_dup+0x3a/0x150 [ 329.012773][ T1040] unix_attach_fds+0xa5/0x1e0 [ 329.017521][ T1040] unix_dgram_sendmsg+0x5cb/0x1610 [ 329.022615][ T1040] ? sock_kmalloc+0x77/0xb0 [ 329.027166][ T1040] unix_seqpacket_sendmsg+0xc2/0x100 [ 329.032432][ T1040] ? unix_dgram_peer_wake_me+0x310/0x310 [ 329.038045][ T1040] ____sys_sendmsg+0x360/0x4d0 [ 329.042794][ T1040] ? sendmsg_copy_msghdr+0xc4/0xf0 [ 329.047888][ T1040] __sys_sendmsg_sock+0x25/0x30 [ 329.052718][ T1040] io_issue_sqe+0x231a/0x6750 [ 329.057378][ T1040] ? avc_has_perm+0x59/0x150 [ 329.062031][ T1040] ? avc_has_perm+0xc8/0x150 [ 329.066603][ T1040] ? __fsnotify_parent+0x32f/0x430 [ 329.071761][ T1040] ? mntput_no_expire+0x64/0x730 [ 329.076682][ T1040] ? terminate_walk+0x261/0x270 [ 329.081552][ T1040] ? path_openat+0x19ab/0x20b0 [ 329.086296][ T1040] ? fget_many+0x178/0x1a0 [ 329.090693][ T1040] __io_queue_sqe+0xe9/0x360 [ 329.095262][ T1040] io_submit_sqe+0x1887/0x3360 [ 329.100007][ T1040] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 329.105457][ T1040] io_submit_sqes+0x5bd/0xbd0 [ 329.110149][ T1040] __se_sys_io_uring_enter+0x1e1/0xa80 [ 329.115671][ T1040] ? fput+0x2d/0x130 [ 329.119547][ T1040] __x64_sys_io_uring_enter+0x74/0x80 [ 329.124952][ T1040] do_syscall_64+0x4a/0x90 [ 329.129356][ T1040] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 329.135235][ T1040] RIP: 0033:0x4665d9 [ 329.139110][ T1040] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 329.158698][ T1040] RSP: 002b:00007fa426633188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 329.167091][ T1040] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 329.175043][ T1040] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 329.182996][ T1040] RBP: 00007fa4266331d0 R08: 0000000000000000 R09: 0000000000000000 [ 329.190977][ T1040] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 329.198928][ T1040] R13: 00007fffc1f3ec1f R14: 00007fa426633300 R15: 0000000000022000 [ 329.206889][ T1042] CPU: 1 PID: 1042 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 329.216982][ T1042] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 14:04:44 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0x0, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 329.227036][ T1042] Call Trace: [ 329.230310][ T1042] dump_stack+0x137/0x19d [ 329.234708][ T1042] should_fail+0x23c/0x250 [ 329.237186][ T1045] loop3: detected capacity change from 0 to 270 [ 329.239116][ T1042] should_fail_usercopy+0x16/0x20 [ 329.250371][ T1042] _copy_from_user+0x1c/0xd0 [ 329.250398][ T1042] ____sys_sendmsg+0x1a3/0x4d0 [ 329.250431][ T1042] ? sendmsg_copy_msghdr+0xc4/0xf0 14:04:44 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000200030004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:44 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0x0, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 329.250450][ T1042] __sys_sendmsg_sock+0x25/0x30 [ 329.250468][ T1042] io_issue_sqe+0x231a/0x6750 [ 329.250487][ T1042] ? __list_del_entry_valid+0x54/0xc0 [ 329.250505][ T1042] ? rmqueue_pcplist+0x152/0x190 [ 329.250526][ T1042] ? rmqueue+0x43/0xd00 [ 329.250539][ T1042] ? mntput_no_expire+0x64/0x730 [ 329.250559][ T1042] ? get_page_from_freelist+0x53e/0x800 [ 329.250573][ T1042] ? fget_many+0x178/0x1a0 14:04:44 executing program 1: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:44 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0x0, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 329.250594][ T1042] __io_queue_sqe+0xe9/0x360 [ 329.250611][ T1042] io_submit_sqe+0x1887/0x3360 [ 329.250630][ T1042] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 329.250727][ T1042] io_submit_sqes+0x5bd/0xbd0 [ 329.250744][ T1042] __se_sys_io_uring_enter+0x1e1/0xa80 [ 329.250764][ T1042] ? fput+0x2d/0x130 14:04:44 executing program 0 (fault-call:8 fault-nth:37): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 329.250778][ T1042] __x64_sys_io_uring_enter+0x74/0x80 [ 329.250838][ T1042] do_syscall_64+0x4a/0x90 [ 329.250859][ T1042] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 329.250879][ T1042] RIP: 0033:0x4665d9 [ 329.250890][ T1042] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 329.250920][ T1042] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 329.250937][ T1042] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 329.250946][ T1042] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 329.250956][ T1042] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 [ 329.250975][ T1042] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 329.250986][ T1042] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 [ 329.373284][ T1059] loop3: detected capacity change from 0 to 270 [ 329.408094][ T1066] FAULT_INJECTION: forcing a failure. [ 329.408094][ T1066] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 329.492368][ T1066] CPU: 1 PID: 1066 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 329.492388][ T1066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 329.492400][ T1066] Call Trace: [ 329.492440][ T1066] dump_stack+0x137/0x19d [ 329.492463][ T1066] should_fail+0x23c/0x250 [ 329.492478][ T1066] should_fail_usercopy+0x16/0x20 [ 329.492493][ T1066] _copy_from_user+0x1c/0xd0 [ 329.492595][ T1066] __copy_msghdr_from_user+0x44/0x350 [ 329.492615][ T1066] ? unix_seqpacket_sendmsg+0xc2/0x100 [ 329.492635][ T1066] ? unix_dgram_peer_wake_me+0x310/0x310 [ 329.492739][ T1066] ? ____sys_sendmsg+0x428/0x4d0 [ 329.492753][ T1066] sendmsg_copy_msghdr+0x4f/0xf0 [ 329.492768][ T1066] io_issue_sqe+0x250b/0x6750 [ 329.492784][ T1066] ? __list_del_entry_valid+0x54/0xc0 [ 329.492801][ T1066] ? rmqueue_pcplist+0x152/0x190 [ 329.492820][ T1066] ? rmqueue+0x43/0xd00 [ 329.492836][ T1066] ? mntput_no_expire+0x64/0x730 [ 329.492866][ T1066] ? get_page_from_freelist+0x53e/0x800 [ 329.492884][ T1066] ? fget_many+0x178/0x1a0 [ 329.492929][ T1066] __io_queue_sqe+0xe9/0x360 [ 329.492948][ T1066] io_submit_sqe+0x1887/0x3360 [ 329.492968][ T1066] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 329.493060][ T1066] io_submit_sqes+0x5bd/0xbd0 [ 329.493076][ T1066] __se_sys_io_uring_enter+0x1e1/0xa80 [ 329.493103][ T1066] ? fput+0x2d/0x130 [ 329.493122][ T1066] __x64_sys_io_uring_enter+0x74/0x80 [ 329.493152][ T1066] do_syscall_64+0x4a/0x90 [ 329.493175][ T1066] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 329.493195][ T1066] RIP: 0033:0x4665d9 [ 329.493206][ T1066] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 329.493220][ T1066] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 329.493238][ T1066] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 329.493252][ T1066] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 14:04:44 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x4200000000000000, 0x0, 0x0) 14:04:44 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="24000000000000000100000001000000", @ANYRES32=r4, @ANYRES32=r5, @ANYRES32=r3, @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="8000e4ff"], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) r8 = mmap$IORING_OFF_CQ_RING(&(0x7f00006d5000/0x2000)=nil, 0x2000, 0x8, 0x1010, r7, 0x8000000) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) r11 = io_uring_register$IORING_REGISTER_PERSONALITY(r7, 0x9, 0x0, 0x0) syz_io_uring_submit(r8, r2, &(0x7f0000000240)=@IORING_OP_TIMEOUT={0xb, 0x3, 0x0, 0x0, 0x9, &(0x7f00000001c0)={r9, r10+60000000}, 0x1, 0x0, 0x0, {0x0, r11}}, 0xfffffffb) 14:04:44 executing program 2: syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r0, r1, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(0xffffffffffffffff, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:44 executing program 0 (fault-call:8 fault-nth:38): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:44 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000200040004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:44 executing program 1: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 329.493265][ T1066] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 [ 329.493277][ T1066] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 329.493287][ T1066] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 [ 329.785116][ T1088] loop3: detected capacity change from 0 to 270 [ 329.794864][ T1089] FAULT_INJECTION: forcing a failure. [ 329.794864][ T1089] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 329.807924][ T1089] CPU: 1 PID: 1089 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 329.818147][ T1089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 329.828217][ T1089] Call Trace: [ 329.831477][ T1089] dump_stack+0x137/0x19d [ 329.835794][ T1089] should_fail+0x23c/0x250 [ 329.840284][ T1089] should_fail_usercopy+0x16/0x20 [ 329.845326][ T1089] _copy_from_user+0x1c/0xd0 [ 329.849925][ T1089] ____sys_sendmsg+0x1a3/0x4d0 [ 329.854700][ T1089] ? sendmsg_copy_msghdr+0xc4/0xf0 [ 329.859967][ T1089] __sys_sendmsg_sock+0x25/0x30 [ 329.864914][ T1089] io_issue_sqe+0x231a/0x6750 [ 329.869586][ T1089] ? __list_del_entry_valid+0x54/0xc0 [ 329.874958][ T1089] ? rmqueue_pcplist+0x152/0x190 [ 329.879900][ T1089] ? rmqueue+0x43/0xd00 14:04:44 executing program 2: syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r0, r1, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(0xffffffffffffffff, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:44 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000200050004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:44 executing program 2: syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r0, r1, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(0xffffffffffffffff, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 329.884095][ T1089] ? mntput_no_expire+0x64/0x730 [ 329.889030][ T1089] ? get_page_from_freelist+0x53e/0x800 [ 329.894721][ T1089] ? fget_many+0x178/0x1a0 [ 329.894748][ T1089] __io_queue_sqe+0xe9/0x360 [ 329.894766][ T1089] io_submit_sqe+0x1887/0x3360 [ 329.894859][ T1089] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 329.894954][ T1089] io_submit_sqes+0x5bd/0xbd0 14:04:44 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) r8 = accept4(0xffffffffffffffff, &(0x7f0000000180)=@nl=@proc, &(0x7f0000000240)=0x80, 0x80c00) setsockopt$inet_int(r8, 0x0, 0xd, &(0x7f0000000280)=0x5, 0x4) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:44 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 14:04:44 executing program 0 (fault-call:8 fault-nth:39): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 329.894973][ T1089] __se_sys_io_uring_enter+0x1e1/0xa80 [ 329.895001][ T1089] ? fput+0x2d/0x130 [ 329.895015][ T1089] __x64_sys_io_uring_enter+0x74/0x80 [ 329.895034][ T1089] do_syscall_64+0x4a/0x90 [ 329.895055][ T1089] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 329.895111][ T1089] RIP: 0033:0x4665d9 [ 329.895122][ T1089] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 329.895136][ T1089] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 329.895151][ T1089] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 329.895179][ T1089] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 329.895188][ T1089] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 [ 329.895262][ T1089] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 329.895273][ T1089] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 [ 329.943966][ T1109] loop3: detected capacity change from 0 to 270 [ 330.006581][ T1115] FAULT_INJECTION: forcing a failure. [ 330.006581][ T1115] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 330.058143][ T1115] CPU: 1 PID: 1115 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 330.058163][ T1115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 330.058175][ T1115] Call Trace: [ 330.058182][ T1115] dump_stack+0x137/0x19d [ 330.058206][ T1115] should_fail+0x23c/0x250 [ 330.058272][ T1115] should_fail_usercopy+0x16/0x20 [ 330.058293][ T1115] _copy_from_user+0x1c/0xd0 [ 330.058344][ T1115] __copy_msghdr_from_user+0x44/0x350 [ 330.058364][ T1115] ? unix_seqpacket_sendmsg+0xc2/0x100 [ 330.058379][ T1115] ? unix_dgram_peer_wake_me+0x310/0x310 [ 330.058398][ T1115] ? ____sys_sendmsg+0x428/0x4d0 [ 330.058474][ T1115] sendmsg_copy_msghdr+0x4f/0xf0 [ 330.058491][ T1115] io_issue_sqe+0x250b/0x6750 [ 330.058514][ T1115] ? __list_del_entry_valid+0x54/0xc0 [ 330.058585][ T1115] ? rmqueue_pcplist+0x152/0x190 [ 330.058662][ T1115] ? rmqueue+0x43/0xd00 [ 330.058714][ T1115] ? mntput_no_expire+0x64/0x730 [ 330.058740][ T1115] ? get_page_from_freelist+0x53e/0x800 [ 330.058760][ T1115] ? fget_many+0x178/0x1a0 [ 330.058905][ T1115] __io_queue_sqe+0xe9/0x360 [ 330.058918][ T1115] io_submit_sqe+0x1887/0x3360 [ 330.058945][ T1115] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 330.058968][ T1115] io_submit_sqes+0x5bd/0xbd0 [ 330.058987][ T1115] __se_sys_io_uring_enter+0x1e1/0xa80 [ 330.059013][ T1115] ? fput+0x2d/0x130 [ 330.059029][ T1115] __x64_sys_io_uring_enter+0x74/0x80 [ 330.059080][ T1115] do_syscall_64+0x4a/0x90 [ 330.059124][ T1115] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 330.059212][ T1115] RIP: 0033:0x4665d9 [ 330.059223][ T1115] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 330.059242][ T1115] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 330.059299][ T1115] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 330.059312][ T1115] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 330.059325][ T1115] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 [ 330.059335][ T1115] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 14:04:45 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x8000000000000000, 0x0, 0x0) 14:04:45 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 14:04:45 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000200060004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:45 executing program 0 (fault-call:8 fault-nth:40): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:45 executing program 1: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x2, 0x0, 0x0, 0x0) [ 330.059344][ T1115] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 14:04:45 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x118, &(0x7f00000004c0)=0x20013082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) syz_open_dev$vcsn(&(0x7f0000000340), 0x7ff, 0x40801) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd, 0x100000000000000, &(0x7f0000000500)=[{&(0x7f0000000180)=""/22, 0x16}], 0x1}, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) setsockopt$SO_ATTACH_FILTER(r6, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000000)=[{0x6}]}, 0x10) getsockopt$sock_buf(r6, 0x1, 0x1a, &(0x7f0000000100)=""/206, &(0x7f0000000200)=0xce) syz_io_uring_submit(0x0, 0x0, &(0x7f00000003c0)=@IORING_OP_CLOSE={0x13, 0x1, 0x0, r6}, 0x3f) r7 = socket$inet(0x2, 0x1, 0x0) r8 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r8, 0x208200) syz_io_uring_submit(0x0, r2, &(0x7f00000001c0)=@IORING_OP_SPLICE={0x1e, 0x3, 0x0, @fd_index=0x9, 0x8, {}, 0x7b, 0x9}, 0x7) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="2400000092cf9a100102010000000000", @ANYRES32=r4, @ANYRES32=r5, @ANYRES32=r3, @ANYRES32=r7, @ANYRES32, @ANYBLOB="22b41bf1"], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:45 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x0, 0x0, 0x0, 0x0, 0x0) [ 330.359297][ T1139] FAULT_INJECTION: forcing a failure. [ 330.359297][ T1139] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 330.372435][ T1139] CPU: 1 PID: 1139 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 330.372520][ T1139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 330.372530][ T1139] Call Trace: [ 330.372538][ T1139] dump_stack+0x137/0x19d [ 330.372566][ T1139] should_fail+0x23c/0x250 [ 330.372599][ T1139] should_fail_usercopy+0x16/0x20 [ 330.372646][ T1139] _copy_from_user+0x1c/0xd0 [ 330.372663][ T1139] ____sys_sendmsg+0x1a3/0x4d0 [ 330.372679][ T1139] ? sendmsg_copy_msghdr+0xc4/0xf0 [ 330.372739][ T1139] __sys_sendmsg_sock+0x25/0x30 [ 330.372754][ T1139] io_issue_sqe+0x231a/0x6750 [ 330.372767][ T1139] ? __list_del_entry_valid+0x54/0xc0 14:04:45 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0xffffffff}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r4, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}, 0x0, 0x0, 0x1}, 0x0) r5 = socket$nl_audit(0x10, 0x3, 0x9) r6 = socket$inet(0x2, 0x1, 0x0) r7 = socket$inet(0x2, 0x1, 0x0) syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) fcntl$setstatus(r7, 0x4, 0x46c00) poll(&(0x7f00000001c0)=[{r3, 0x1000}, {r6, 0x4080}, {r6, 0x221}, {}], 0x4, 0x65) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="24000000000000000100000001000000cab811f1ddd2f62e86ec1165a009a21ec90836415739181dfdfed15feb90c992422cb456d0d05bed95e67f270689d1217fa3e4850122d32498af5e58293b7188ea197cc5ed8ec988b47704a1b7ea580d52164adadf7d5e460f3b239baa677739562a7c814d40b34b934e639bb94f532eff322cb2a6d3ac15cd50362413da14c51bc3057c34d0b4b2945572c56b2591c664efe701e9b731a4ce2aae67e65ef38014c496d4ae76e161a44860d596922d076f61cd50b6a58fc93c86404dd0a6162accb863c0be462a04dda6a5b5bf01720f183db211c7df53b0df5beddcec13e001e8bde48bf7ad1b9ec0602b9540f713c45e153b02393b9ee25ce8a5fbc5e7cf932ed9899c8abde069d2500574a522fa876bff865af0a99efa6838577995d616371d025303789ff7acc1f5cfeee066eea7c2c945f5", @ANYRES32=r5, @ANYRES32=r6, @ANYRES32=r4, @ANYRES32=r7, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00'], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:45 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000200070004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) [ 330.372787][ T1139] ? rmqueue_pcplist+0x152/0x190 [ 330.372807][ T1139] ? rmqueue+0x43/0xd00 [ 330.372824][ T1139] ? mntput_no_expire+0x64/0x730 [ 330.372858][ T1139] ? get_page_from_freelist+0x53e/0x800 [ 330.372874][ T1139] ? fget_many+0x178/0x1a0 [ 330.372889][ T1139] __io_queue_sqe+0xe9/0x360 [ 330.372907][ T1139] io_submit_sqe+0x1887/0x3360 14:04:45 executing program 0 (fault-call:8 fault-nth:41): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:45 executing program 5: r0 = syz_io_uring_setup(0x6467, &(0x7f00000003c0)={0x0, 0x0, 0xbd9e24ad20c04db2, 0x0, 0x4}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r4, 0x208200) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_STATX={0x15, 0x3, 0x0, r4, &(0x7f0000000240), &(0x7f0000000180)='./file0\x00', 0x52, 0x400, 0x1, {0x0, r5}}, 0x1) r6 = socket$nl_audit(0x10, 0x3, 0x9) r7 = socket$inet(0x2, 0x1, 0x0) r8 = socket$inet(0x2, 0x1, 0x0) r9 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="24010000000000000100000001000000", @ANYRES32=r6, @ANYRES32=r7, @ANYRES32=r3, @ANYRES32=r8, @ANYRES32=r9, @ANYBLOB="c64fab7800000a422207f15f7a321332d94e174930598480e86a725828fd57570bf55994ca3960f643c553aa53332257e07b0cdc"], 0x28}], 0x1, 0x0) [ 330.372922][ T1139] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 330.372943][ T1139] io_submit_sqes+0x5bd/0xbd0 [ 330.372962][ T1139] __se_sys_io_uring_enter+0x1e1/0xa80 [ 330.373022][ T1139] ? fput+0x2d/0x130 [ 330.373091][ T1139] __x64_sys_io_uring_enter+0x74/0x80 [ 330.373183][ T1139] do_syscall_64+0x4a/0x90 [ 330.373200][ T1139] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 330.373218][ T1139] RIP: 0033:0x4665d9 14:04:45 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000200080004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) [ 330.373232][ T1139] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 330.373298][ T1139] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 330.373317][ T1139] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 330.373328][ T1139] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 330.373341][ T1139] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 [ 330.373354][ T1139] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 330.373445][ T1139] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 [ 330.378790][ T1138] loop3: detected capacity change from 0 to 270 [ 330.556713][ T1165] FAULT_INJECTION: forcing a failure. [ 330.556713][ T1165] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 330.560333][ T1167] loop3: detected capacity change from 0 to 270 [ 330.565637][ T1165] CPU: 0 PID: 1165 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 330.683024][ T1165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 330.683037][ T1165] Call Trace: [ 330.683044][ T1165] dump_stack+0x137/0x19d [ 330.700755][ T1165] should_fail+0x23c/0x250 [ 330.700780][ T1165] should_fail_usercopy+0x16/0x20 [ 330.700801][ T1165] _copy_from_user+0x1c/0xd0 [ 330.700856][ T1165] __copy_msghdr_from_user+0x44/0x350 [ 330.700875][ T1165] ? unix_seqpacket_sendmsg+0xc2/0x100 [ 330.700891][ T1165] ? unix_dgram_peer_wake_me+0x310/0x310 [ 330.700909][ T1165] ? ____sys_sendmsg+0x428/0x4d0 [ 330.700931][ T1165] sendmsg_copy_msghdr+0x4f/0xf0 [ 330.700950][ T1165] io_issue_sqe+0x250b/0x6750 [ 330.700997][ T1165] ? __list_del_entry_valid+0x54/0xc0 [ 330.701023][ T1165] ? rmqueue_pcplist+0x152/0x190 [ 330.701043][ T1165] ? rmqueue+0x43/0xd00 [ 330.701060][ T1165] ? mntput_no_expire+0x64/0x730 [ 330.701085][ T1165] ? get_page_from_freelist+0x53e/0x800 [ 330.701127][ T1165] ? fget_many+0x178/0x1a0 [ 330.701143][ T1165] ? kcsan_setup_watchpoint+0x26e/0x470 [ 330.701167][ T1165] __io_queue_sqe+0xe9/0x360 [ 330.701185][ T1165] io_submit_sqe+0x1887/0x3360 [ 330.701205][ T1165] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 330.701229][ T1165] io_submit_sqes+0x5bd/0xbd0 [ 330.701318][ T1165] __se_sys_io_uring_enter+0x1e1/0xa80 [ 330.701345][ T1165] ? fput+0x2d/0x130 [ 330.701383][ T1165] __x64_sys_io_uring_enter+0x74/0x80 [ 330.701402][ T1165] do_syscall_64+0x4a/0x90 [ 330.701419][ T1165] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 330.701457][ T1165] RIP: 0033:0x4665d9 [ 330.701473][ T1165] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 330.701492][ T1165] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 330.701513][ T1165] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 14:04:45 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x803e000000000000, 0x0, 0x0) 14:04:45 executing program 1: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x4, 0x0, 0x0, 0x0) 14:04:45 executing program 0 (fault-call:8 fault-nth:42): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:45 executing program 2 (fault-call:5 fault-nth:0): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 330.701527][ T1165] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 330.701571][ T1165] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 [ 330.701581][ T1165] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 330.701591][ T1165] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 [ 330.780292][ T1178] loop3: detected capacity change from 0 to 270 14:04:45 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000200090004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) [ 330.983880][ T1190] FAULT_INJECTION: forcing a failure. [ 330.983880][ T1190] name failslab, interval 1, probability 0, space 0, times 0 [ 330.996728][ T1190] CPU: 0 PID: 1190 Comm: syz-executor.2 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 331.006795][ T1190] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 331.006807][ T1190] Call Trace: [ 331.006814][ T1190] dump_stack+0x137/0x19d [ 331.006905][ T1190] should_fail+0x23c/0x250 [ 331.006926][ T1190] __should_failslab+0x81/0x90 [ 331.007002][ T1190] should_failslab+0x5/0x20 [ 331.007028][ T1190] kmem_cache_alloc_bulk+0x40/0x340 [ 331.007050][ T1190] io_submit_sqes+0x4a3/0xbd0 [ 331.007070][ T1190] __se_sys_io_uring_enter+0x1e1/0xa80 [ 331.007095][ T1190] ? fput+0x2d/0x130 [ 331.007142][ T1190] __x64_sys_io_uring_enter+0x74/0x80 [ 331.007162][ T1190] do_syscall_64+0x4a/0x90 [ 331.007262][ T1190] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 331.007280][ T1190] RIP: 0033:0x4665d9 14:04:45 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) syz_io_uring_setup(0x65c1, &(0x7f0000000180)={0x0, 0xb966, 0x0, 0x3, 0x1d6, 0x0, r0}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000240)=0x0, &(0x7f0000000280)) r4 = syz_io_uring_setup(0xd1b, &(0x7f0000000840), &(0x7f0000ee4000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000800)=0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000100)=@IORING_OP_CONNECT={0x10, 0x4, 0x0, r7, 0x80, &(0x7f00000002c0)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0x0, 0x0, 0x0, {0x0, r8}}, 0x9) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x1, 0x0, @fd_index=0x8, 0x0, 0x0, 0x0, {0xe522}, 0x1, {0x0, r8}}, 0x3f) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r9, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r10 = socket$nl_audit(0x10, 0x3, 0x9) r11 = socket$inet(0x2, 0x1, 0x0) r12 = socket$inet(0x2, 0x1, 0x0) r13 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="00006eb731b46fe8683314ea3a074e1b7d368a3134d241b433772f1fe443e374835e9a698ca84f79f70e2d8288d94ff29493a6fa72d490704526", @ANYRES32=r10, @ANYRES32=r11, @ANYRES32=r9, @ANYRES32=r12, @ANYRES32=r13, @ANYBLOB='\x00\x00\x00\x00'], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 331.007290][ T1190] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 331.007306][ T1190] RSP: 002b:00007f3d1c1e6188 EFLAGS: 00000246 [ 331.024304][ T1196] FAULT_INJECTION: forcing a failure. [ 331.024304][ T1196] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 331.024937][ T1190] ORIG_RAX: 00000000000001aa [ 331.120365][ T1190] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 14:04:45 executing program 2 (fault-call:5 fault-nth:1): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 331.120379][ T1190] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 331.120388][ T1190] RBP: 00007f3d1c1e61d0 R08: 0000000000000000 R09: 0000000000000000 14:04:46 executing program 0 (fault-call:8 fault-nth:43): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 331.120397][ T1190] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 331.120406][ T1190] R13: 00007ffc81299f9f R14: 00007f3d1c1e6300 R15: 0000000000022000 [ 331.120420][ T1196] CPU: 1 PID: 1196 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 331.120440][ T1196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 331.120448][ T1196] Call Trace: [ 331.120454][ T1196] dump_stack+0x137/0x19d [ 331.120476][ T1196] should_fail+0x23c/0x250 14:04:46 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e666174000280010002000a0004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) [ 331.120494][ T1196] should_fail_usercopy+0x16/0x20 [ 331.120544][ T1196] _copy_from_user+0x1c/0xd0 [ 331.120563][ T1196] ____sys_sendmsg+0x1a3/0x4d0 [ 331.120577][ T1196] ? sendmsg_copy_msghdr+0xc4/0xf0 [ 331.120591][ T1196] __sys_sendmsg_sock+0x25/0x30 [ 331.120607][ T1196] io_issue_sqe+0x231a/0x6750 [ 331.120666][ T1196] ? __list_del_entry_valid+0x54/0xc0 [ 331.120683][ T1196] ? rmqueue_pcplist+0x152/0x190 [ 331.120777][ T1196] ? rmqueue+0x43/0xd00 [ 331.120796][ T1196] ? mntput_no_expire+0x64/0x730 [ 331.120824][ T1196] ? get_page_from_freelist+0x53e/0x800 [ 331.120844][ T1196] ? fget_many+0x178/0x1a0 [ 331.120907][ T1196] __io_queue_sqe+0xe9/0x360 [ 331.120921][ T1196] io_submit_sqe+0x1887/0x3360 [ 331.120939][ T1196] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 331.120974][ T1196] io_submit_sqes+0x5bd/0xbd0 [ 331.120995][ T1196] __se_sys_io_uring_enter+0x1e1/0xa80 [ 331.121022][ T1196] ? fput+0x2d/0x130 [ 331.121041][ T1196] __x64_sys_io_uring_enter+0x74/0x80 [ 331.121098][ T1196] do_syscall_64+0x4a/0x90 [ 331.121124][ T1196] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 331.121228][ T1196] RIP: 0033:0x4665d9 [ 331.121242][ T1196] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 331.121260][ T1196] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 331.121278][ T1196] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 331.121291][ T1196] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 331.121301][ T1196] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 [ 331.121312][ T1196] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 331.121321][ T1196] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 [ 331.193377][ T1208] FAULT_INJECTION: forcing a failure. [ 331.193377][ T1208] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 331.212727][ T1207] loop3: detected capacity change from 0 to 270 [ 331.212822][ T1208] CPU: 0 PID: 1208 Comm: syz-executor.2 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 331.284522][ T1216] FAULT_INJECTION: forcing a failure. [ 331.284522][ T1216] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 331.288464][ T1208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 331.288476][ T1208] Call Trace: [ 331.288483][ T1208] dump_stack+0x137/0x19d [ 331.468655][ T1208] should_fail+0x23c/0x250 [ 331.468675][ T1208] should_fail_usercopy+0x16/0x20 [ 331.468691][ T1208] _copy_to_user+0x1c/0x90 [ 331.468708][ T1208] simple_read_from_buffer+0xab/0x120 14:04:46 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0xeb01000000000000, 0x0, 0x0) 14:04:46 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 331.468769][ T1208] proc_fail_nth_read+0xf6/0x140 [ 331.468786][ T1208] ? rw_verify_area+0x136/0x250 [ 331.468805][ T1208] ? proc_fault_inject_write+0x200/0x200 [ 331.468821][ T1208] vfs_read+0x154/0x5d0 [ 331.468839][ T1208] ? __fget_light+0x21b/0x260 [ 331.468911][ T1208] ? __cond_resched+0x11/0x40 [ 331.468925][ T1208] ksys_read+0xce/0x180 [ 331.468937][ T1208] __x64_sys_read+0x3e/0x50 [ 331.468949][ T1208] do_syscall_64+0x4a/0x90 [ 331.468987][ T1208] entry_SYSCALL_64_after_hwframe+0x44/0xae 14:04:46 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 331.469006][ T1208] RIP: 0033:0x41935c [ 331.469018][ T1208] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48 [ 331.469032][ T1208] RSP: 002b:00007f3d1c1e6170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 331.469047][ T1208] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000041935c [ 331.469056][ T1208] RDX: 000000000000000f RSI: 00007f3d1c1e61e0 RDI: 0000000000000005 14:04:46 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x2, 0x0, 0x0, 0x0) [ 331.469067][ T1208] RBP: 00007f3d1c1e61d0 R08: 0000000000000000 R09: 0000000000000000 [ 331.469076][ T1208] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 331.469090][ T1208] R13: 00007ffc81299f9f R14: 00007f3d1c1e6300 R15: 0000000000022000 [ 331.469103][ T1216] CPU: 1 PID: 1216 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 331.469124][ T1216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 331.469148][ T1216] Call Trace: [ 331.469153][ T1216] dump_stack+0x137/0x19d [ 331.469172][ T1216] should_fail+0x23c/0x250 [ 331.469188][ T1216] should_fail_usercopy+0x16/0x20 [ 331.469205][ T1216] _copy_from_user+0x1c/0xd0 [ 331.469237][ T1216] __copy_msghdr_from_user+0x44/0x350 [ 331.469255][ T1216] ? unix_seqpacket_sendmsg+0xc2/0x100 [ 331.469299][ T1216] ? unix_dgram_peer_wake_me+0x310/0x310 [ 331.469315][ T1216] ? ____sys_sendmsg+0x428/0x4d0 [ 331.469331][ T1216] sendmsg_copy_msghdr+0x4f/0xf0 [ 331.675926][ T1216] io_issue_sqe+0x250b/0x6750 [ 331.675949][ T1216] ? __list_del_entry_valid+0x54/0xc0 [ 331.675971][ T1216] ? rmqueue_pcplist+0x152/0x190 [ 331.676049][ T1216] ? rmqueue+0x43/0xd00 [ 331.676058][ T1216] ? mntput_no_expire+0x64/0x730 [ 331.676148][ T1216] ? get_page_from_freelist+0x53e/0x800 [ 331.676158][ T1216] ? fget_many+0x178/0x1a0 [ 331.676170][ T1216] ? kcsan_setup_watchpoint+0x26e/0x470 [ 331.676208][ T1216] __io_queue_sqe+0xe9/0x360 [ 331.676218][ T1216] io_submit_sqe+0x1887/0x3360 [ 331.676229][ T1216] ? kmem_cache_alloc_bulk+0x28c/0x340 14:04:46 executing program 1: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x7, 0x0, 0x0, 0x0) 14:04:46 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x4, 0x0, 0x0, 0x0) 14:04:46 executing program 0 (fault-call:8 fault-nth:44): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 331.676280][ T1216] io_submit_sqes+0x5bd/0xbd0 [ 331.676296][ T1216] __se_sys_io_uring_enter+0x1e1/0xa80 [ 331.676310][ T1216] ? fput+0x2d/0x130 [ 331.676338][ T1216] __x64_sys_io_uring_enter+0x74/0x80 [ 331.676352][ T1216] do_syscall_64+0x4a/0x90 [ 331.676366][ T1216] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 331.676380][ T1216] RIP: 0033:0x4665d9 [ 331.676389][ T1216] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 331.676399][ T1216] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 331.676459][ T1216] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 331.676466][ T1216] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 331.676473][ T1216] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 [ 331.676485][ T1216] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 14:04:46 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0xf, 0x0, 0x0, 0x0) [ 331.676497][ T1216] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 [ 331.750937][ T1242] loop3: detected capacity change from 0 to 270 [ 331.803383][ T1248] FAULT_INJECTION: forcing a failure. [ 331.803383][ T1248] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 331.864658][ T1248] CPU: 0 PID: 1248 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 331.864733][ T1248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 331.864745][ T1248] Call Trace: [ 331.864752][ T1248] dump_stack+0x137/0x19d [ 331.864777][ T1248] should_fail+0x23c/0x250 [ 331.864797][ T1248] should_fail_usercopy+0x16/0x20 [ 331.864818][ T1248] _copy_from_user+0x1c/0xd0 [ 331.864841][ T1248] ____sys_sendmsg+0x1a3/0x4d0 [ 331.864941][ T1248] ? kcsan_setup_watchpoint+0x26e/0x470 [ 331.864966][ T1248] __sys_sendmsg_sock+0x25/0x30 [ 331.864984][ T1248] io_issue_sqe+0x231a/0x6750 [ 331.865002][ T1248] ? __list_del_entry_valid+0x54/0xc0 [ 331.865018][ T1248] ? rmqueue_pcplist+0x152/0x190 [ 331.865034][ T1248] ? rmqueue+0x43/0xd00 [ 331.865110][ T1248] ? mntput_no_expire+0x64/0x730 [ 331.865129][ T1248] ? get_page_from_freelist+0x53e/0x800 [ 331.865145][ T1248] ? fget_many+0x178/0x1a0 [ 331.865222][ T1248] __io_queue_sqe+0xe9/0x360 [ 331.865237][ T1248] io_submit_sqe+0x1887/0x3360 [ 331.865255][ T1248] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 331.865271][ T1248] io_submit_sqes+0x5bd/0xbd0 [ 331.865286][ T1248] __se_sys_io_uring_enter+0x1e1/0xa80 [ 331.865304][ T1248] ? fput+0x2d/0x130 [ 331.865360][ T1248] __x64_sys_io_uring_enter+0x74/0x80 [ 331.865382][ T1248] do_syscall_64+0x4a/0x90 [ 331.865402][ T1248] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 331.865426][ T1248] RIP: 0033:0x4665d9 [ 331.865439][ T1248] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 331.865512][ T1248] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 331.865538][ T1248] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 331.865550][ T1248] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 331.865563][ T1248] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 [ 331.865575][ T1248] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 331.865610][ T1248] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 14:04:46 executing program 0 (fault-call:8 fault-nth:45): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:46 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e666174000280010002000b0004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:46 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0xf00, 0x0, 0x0, 0x0) 14:04:46 executing program 1: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0xf, 0x0, 0x0, 0x0) 14:04:46 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) r8 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r8, 0x208200) io_uring_register$IORING_REGISTER_BUFFERS(r8, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000180)=""/15, 0xf}, {&(0x7f0000000240)=""/206, 0xce}, {&(0x7f0000000340)=""/75, 0x4b}, {&(0x7f0000000680)=""/4096, 0x1000}, {&(0x7f0000001680)=""/4096, 0x1000}, {&(0x7f00000004c0)=""/237, 0xed}, {&(0x7f0000002680)=""/144, 0x90}], 0x7) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) sendmsg$AUDIT_TTY_GET(r4, &(0x7f0000002740)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f00000005c0)={0x10, 0x3f8, 0x300, 0x70bd27, 0x25dfdbfb, "", ["", "", "", ""]}, 0x10}}, 0x40080) 14:04:46 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0xeffdffff00000000, 0x0, 0x0) [ 332.158760][ T1274] FAULT_INJECTION: forcing a failure. [ 332.158760][ T1274] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 332.171928][ T1274] CPU: 0 PID: 1274 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 332.181996][ T1274] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 332.192171][ T1274] Call Trace: [ 332.195444][ T1274] dump_stack+0x137/0x19d [ 332.199806][ T1274] should_fail+0x23c/0x250 [ 332.204230][ T1274] should_fail_usercopy+0x16/0x20 14:04:47 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0xf5ffffff00000000, 0x0, 0x0) 14:04:47 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x2000, 0x0, 0x0, 0x0) [ 332.209259][ T1274] _copy_from_user+0x1c/0xd0 [ 332.213847][ T1274] __copy_msghdr_from_user+0x44/0x350 [ 332.219230][ T1274] ? unix_seqpacket_sendmsg+0xc2/0x100 [ 332.224702][ T1274] ? unix_dgram_peer_wake_me+0x310/0x310 [ 332.224727][ T1274] ? ____sys_sendmsg+0x428/0x4d0 14:04:47 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x20000, 0x0, 0x0, 0x0) [ 332.224795][ T1274] sendmsg_copy_msghdr+0x4f/0xf0 [ 332.224815][ T1274] io_issue_sqe+0x250b/0x6750 [ 332.224830][ T1274] ? __list_del_entry_valid+0x54/0xc0 [ 332.224849][ T1274] ? rmqueue_pcplist+0x152/0x190 [ 332.224870][ T1274] ? rmqueue+0x43/0xd00 [ 332.224883][ T1274] ? mntput_no_expire+0x64/0x730 [ 332.224906][ T1274] ? get_page_from_freelist+0x53e/0x800 [ 332.225068][ T1274] ? fget_many+0x178/0x1a0 [ 332.225084][ T1274] __io_queue_sqe+0xe9/0x360 14:04:47 executing program 0 (fault-call:8 fault-nth:46): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 332.225097][ T1274] io_submit_sqe+0x1887/0x3360 [ 332.225125][ T1274] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 332.225148][ T1274] io_submit_sqes+0x5bd/0xbd0 [ 332.225162][ T1274] __se_sys_io_uring_enter+0x1e1/0xa80 [ 332.225181][ T1274] ? fput+0x2d/0x130 [ 332.225194][ T1274] __x64_sys_io_uring_enter+0x74/0x80 [ 332.225260][ T1274] do_syscall_64+0x4a/0x90 [ 332.225283][ T1274] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 332.225305][ T1274] RIP: 0033:0x4665d9 14:04:47 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x40000, 0x0, 0x0, 0x0) 14:04:47 executing program 1: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x42, 0x0, 0x0, 0x0) [ 332.225356][ T1274] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 332.225370][ T1274] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 332.225384][ T1274] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 332.225393][ T1274] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 332.225402][ T1274] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 14:04:47 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e666174000280010002000c0004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) [ 332.225411][ T1274] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 332.225423][ T1274] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 [ 332.228766][ T1275] loop3: detected capacity change from 0 to 270 [ 332.367750][ T1303] FAULT_INJECTION: forcing a failure. [ 332.367750][ T1303] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 332.442633][ T1303] CPU: 0 PID: 1303 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 14:04:47 executing program 0 (fault-call:8 fault-nth:47): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:47 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x1000000, 0x0, 0x0, 0x0) [ 332.442654][ T1303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 332.442682][ T1303] Call Trace: [ 332.442690][ T1303] dump_stack+0x137/0x19d [ 332.442718][ T1303] should_fail+0x23c/0x250 [ 332.442753][ T1303] should_fail_usercopy+0x16/0x20 14:04:47 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = socket$inet(0x2, 0x1, 0x0) setsockopt$SO_ATTACH_FILTER(r7, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000000)=[{0x6}]}, 0x10) getsockopt$sock_buf(r7, 0x1, 0x1a, &(0x7f0000000100)=""/206, &(0x7f0000000200)=0xce) bind$inet(r7, &(0x7f0000000180)={0x2, 0x4e22, @empty}, 0x10) setsockopt$inet_MCAST_MSFILTER(r6, 0x0, 0x30, &(0x7f0000000240)={0x23e7, {{0x2, 0x4e24, @empty}}}, 0x90) r8 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB='$\x00\x00\x00\x00\x00', @ANYRES32=r4, @ANYRES32=r5, @ANYRES32=r3, @ANYRES32=r6, @ANYRES32=r8, @ANYBLOB='\x00\x00\x00\x00'], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 332.442773][ T1303] _copy_from_user+0x1c/0xd0 [ 332.442836][ T1303] ____sys_sendmsg+0x1a3/0x4d0 [ 332.442854][ T1303] ? sendmsg_copy_msghdr+0xc4/0xf0 [ 332.442873][ T1303] __sys_sendmsg_sock+0x25/0x30 [ 332.442891][ T1303] io_issue_sqe+0x231a/0x6750 [ 332.442908][ T1303] ? __list_del_entry_valid+0x54/0xc0 [ 332.443002][ T1303] ? rmqueue_pcplist+0x152/0x190 [ 332.443018][ T1303] ? rmqueue+0x43/0xd00 [ 332.443076][ T1303] ? mntput_no_expire+0x64/0x730 [ 332.443099][ T1303] ? asm_sysvec_apic_timer_interrupt+0x13/0x20 14:04:47 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0xf000000, 0x0, 0x0, 0x0) [ 332.443118][ T1303] ? kcsan_setup_watchpoint+0x436/0x470 [ 332.443137][ T1303] __io_queue_sqe+0xe9/0x360 [ 332.443177][ T1303] io_submit_sqe+0x1887/0x3360 [ 332.443193][ T1303] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 332.443246][ T1303] io_submit_sqes+0x5bd/0xbd0 [ 332.443266][ T1303] __se_sys_io_uring_enter+0x1e1/0xa80 [ 332.443321][ T1303] ? fput+0x2d/0x130 [ 332.443338][ T1303] __x64_sys_io_uring_enter+0x74/0x80 [ 332.443356][ T1303] do_syscall_64+0x4a/0x90 [ 332.443372][ T1303] entry_SYSCALL_64_after_hwframe+0x44/0xae 14:04:47 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x20000000, 0x0, 0x0, 0x0) [ 332.443389][ T1303] RIP: 0033:0x4665d9 [ 332.443399][ T1303] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 332.443431][ T1303] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 332.443451][ T1303] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 332.443569][ T1303] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 332.443582][ T1303] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 [ 332.443595][ T1303] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 332.443608][ T1303] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 [ 332.525149][ T1321] loop3: detected capacity change from 0 to 270 [ 332.553163][ T1322] FAULT_INJECTION: forcing a failure. [ 332.553163][ T1322] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 332.711098][ T1322] CPU: 0 PID: 1322 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 332.711122][ T1322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 332.711196][ T1322] Call Trace: [ 332.711202][ T1322] dump_stack+0x137/0x19d [ 332.711225][ T1322] should_fail+0x23c/0x250 [ 332.711241][ T1322] should_fail_usercopy+0x16/0x20 [ 332.711295][ T1322] _copy_from_user+0x1c/0xd0 [ 332.711318][ T1322] __copy_msghdr_from_user+0x44/0x350 [ 332.711337][ T1322] ? unix_seqpacket_sendmsg+0xc2/0x100 [ 332.711356][ T1322] ? unix_dgram_peer_wake_me+0x310/0x310 [ 332.711372][ T1322] ? ____sys_sendmsg+0x428/0x4d0 [ 332.711386][ T1322] sendmsg_copy_msghdr+0x4f/0xf0 [ 332.711399][ T1322] io_issue_sqe+0x250b/0x6750 [ 332.711444][ T1322] ? __list_del_entry_valid+0x54/0xc0 [ 332.711466][ T1322] ? rmqueue_pcplist+0x152/0x190 [ 332.711492][ T1322] ? rmqueue+0x43/0xd00 [ 332.711509][ T1322] ? mntput_no_expire+0x64/0x730 [ 332.711583][ T1322] ? get_page_from_freelist+0x53e/0x800 [ 332.711601][ T1322] ? fget_many+0x178/0x1a0 [ 332.711622][ T1322] __io_queue_sqe+0xe9/0x360 [ 332.711639][ T1322] io_submit_sqe+0x1887/0x3360 [ 332.711657][ T1322] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 332.711716][ T1322] io_submit_sqes+0x5bd/0xbd0 [ 332.711764][ T1322] __se_sys_io_uring_enter+0x1e1/0xa80 [ 332.711851][ T1322] ? fput+0x2d/0x130 [ 332.711943][ T1322] __x64_sys_io_uring_enter+0x74/0x80 [ 332.711968][ T1322] do_syscall_64+0x4a/0x90 [ 332.711989][ T1322] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 332.712010][ T1322] RIP: 0033:0x4665d9 [ 332.712023][ T1322] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 332.712054][ T1322] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 332.712071][ T1322] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 14:04:47 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0xf7ffffff00000000, 0x0, 0x0) 14:04:47 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e666174000280010002000d0004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:47 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x2, 0x0, 0x0) 14:04:47 executing program 0 (fault-call:8 fault-nth:48): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:47 executing program 1: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x1eb, 0x0, 0x0, 0x0) 14:04:47 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="24000000000000000100000001000000", @ANYRES32=r4, @ANYRES32=r5, @ANYRES32=r3, @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="0010a400"], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 332.712084][ T1322] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 332.712094][ T1322] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 [ 332.712106][ T1322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 332.712117][ T1322] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 14:04:47 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x4, 0x0, 0x0) [ 333.036020][ T1363] loop3: detected capacity change from 0 to 270 [ 333.037874][ T1364] FAULT_INJECTION: forcing a failure. [ 333.037874][ T1364] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 333.055345][ T1364] CPU: 0 PID: 1364 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 14:04:47 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e666174000280010002000e0004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:47 executing program 0 (fault-call:8 fault-nth:49): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 333.055367][ T1364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 333.055377][ T1364] Call Trace: [ 333.055385][ T1364] dump_stack+0x137/0x19d [ 333.055406][ T1364] should_fail+0x23c/0x250 14:04:47 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0xf, 0x0, 0x0) [ 333.055474][ T1364] should_fail_usercopy+0x16/0x20 [ 333.055534][ T1364] _copy_from_user+0x1c/0xd0 [ 333.055554][ T1364] ____sys_sendmsg+0x1a3/0x4d0 [ 333.055574][ T1364] ? sendmsg_copy_msghdr+0xc4/0xf0 [ 333.055655][ T1364] __sys_sendmsg_sock+0x25/0x30 [ 333.055671][ T1364] io_issue_sqe+0x231a/0x6750 [ 333.055726][ T1364] ? __list_del_entry_valid+0x54/0xc0 14:04:48 executing program 0 (fault-call:8 fault-nth:50): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:48 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0xf00, 0x0, 0x0) [ 333.055742][ T1364] ? rmqueue_pcplist+0x152/0x190 [ 333.055756][ T1364] ? rmqueue+0x43/0xd00 [ 333.055768][ T1364] ? mntput_no_expire+0x64/0x730 [ 333.055786][ T1364] ? get_page_from_freelist+0x53e/0x800 [ 333.055859][ T1364] ? kcsan_setup_watchpoint+0x26e/0x470 [ 333.055886][ T1364] __io_queue_sqe+0xe9/0x360 [ 333.055900][ T1364] io_submit_sqe+0x1887/0x3360 [ 333.055922][ T1364] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 333.055948][ T1364] io_submit_sqes+0x5bd/0xbd0 [ 333.055998][ T1364] __se_sys_io_uring_enter+0x1e1/0xa80 [ 333.056018][ T1364] ? fput+0x2d/0x130 [ 333.056035][ T1364] __x64_sys_io_uring_enter+0x74/0x80 [ 333.056059][ T1364] do_syscall_64+0x4a/0x90 [ 333.056096][ T1364] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 333.056115][ T1364] RIP: 0033:0x4665d9 [ 333.056128][ T1364] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 333.056188][ T1364] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 333.056202][ T1364] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 333.056211][ T1364] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 333.056220][ T1364] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 [ 333.056232][ T1364] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 333.056244][ T1364] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 [ 333.156369][ T1382] FAULT_INJECTION: forcing a failure. [ 333.156369][ T1382] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 333.156392][ T1382] CPU: 0 PID: 1382 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 333.156413][ T1382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 333.156450][ T1382] Call Trace: [ 333.156457][ T1382] dump_stack+0x137/0x19d [ 333.156481][ T1382] should_fail+0x23c/0x250 [ 333.156501][ T1382] should_fail_usercopy+0x16/0x20 [ 333.156586][ T1382] _copy_from_user+0x1c/0xd0 [ 333.156609][ T1382] __copy_msghdr_from_user+0x44/0x350 [ 333.156628][ T1382] ? unix_seqpacket_sendmsg+0xc2/0x100 [ 333.156647][ T1382] ? unix_dgram_peer_wake_me+0x310/0x310 [ 333.156665][ T1382] ? ____sys_sendmsg+0x428/0x4d0 [ 333.156683][ T1382] sendmsg_copy_msghdr+0x4f/0xf0 [ 333.156702][ T1382] io_issue_sqe+0x250b/0x6750 [ 333.156791][ T1382] ? __list_del_entry_valid+0x54/0xc0 [ 333.156812][ T1382] ? rmqueue_pcplist+0x152/0x190 [ 333.156831][ T1382] ? rmqueue+0x43/0xd00 [ 333.156848][ T1382] ? mntput_no_expire+0x64/0x730 [ 333.156872][ T1382] ? get_page_from_freelist+0x53e/0x800 [ 333.156891][ T1382] ? fget_many+0x178/0x1a0 [ 333.156992][ T1382] __io_queue_sqe+0xe9/0x360 [ 333.157010][ T1382] io_submit_sqe+0x1887/0x3360 [ 333.157029][ T1382] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 333.157049][ T1382] io_submit_sqes+0x5bd/0xbd0 [ 333.157064][ T1382] __se_sys_io_uring_enter+0x1e1/0xa80 [ 333.157144][ T1382] ? fput+0x2d/0x130 [ 333.157161][ T1382] __x64_sys_io_uring_enter+0x74/0x80 [ 333.157185][ T1382] do_syscall_64+0x4a/0x90 [ 333.157207][ T1382] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 333.157232][ T1382] RIP: 0033:0x4665d9 [ 333.157245][ T1382] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 333.157259][ T1382] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 333.157290][ T1382] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 333.157301][ T1382] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 333.157346][ T1382] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 [ 333.157358][ T1382] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 333.157371][ T1382] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 [ 333.189121][ T1381] loop3: detected capacity change from 0 to 270 [ 333.245889][ T1393] FAULT_INJECTION: forcing a failure. [ 333.245889][ T1393] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 333.580654][ T1393] CPU: 1 PID: 1393 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 333.580755][ T1393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 333.580767][ T1393] Call Trace: [ 333.580774][ T1393] dump_stack+0x137/0x19d [ 333.580798][ T1393] should_fail+0x23c/0x250 [ 333.580818][ T1393] should_fail_usercopy+0x16/0x20 [ 333.580838][ T1393] _copy_from_user+0x1c/0xd0 [ 333.580902][ T1393] ____sys_sendmsg+0x1a3/0x4d0 [ 333.580923][ T1393] ? sendmsg_copy_msghdr+0xc4/0xf0 [ 333.580951][ T1393] __sys_sendmsg_sock+0x25/0x30 [ 333.581042][ T1393] io_issue_sqe+0x231a/0x6750 [ 333.581057][ T1393] ? __list_del_entry_valid+0x54/0xc0 [ 333.581075][ T1393] ? rmqueue_pcplist+0x152/0x190 [ 333.581094][ T1393] ? rmqueue+0x43/0xd00 [ 333.581165][ T1393] ? mntput_no_expire+0x64/0x730 [ 333.581191][ T1393] ? get_page_from_freelist+0x53e/0x800 [ 333.581210][ T1393] ? kcsan_setup_watchpoint+0x26e/0x470 [ 333.581236][ T1393] ? kcsan_setup_watchpoint+0x26e/0x470 [ 333.581370][ T1393] __io_queue_sqe+0xe9/0x360 [ 333.581466][ T1393] io_submit_sqe+0x1887/0x3360 [ 333.581486][ T1393] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 333.581508][ T1393] io_submit_sqes+0x5bd/0xbd0 [ 333.581523][ T1393] __se_sys_io_uring_enter+0x1e1/0xa80 [ 333.581546][ T1393] ? fput+0x2d/0x130 [ 333.581564][ T1393] __x64_sys_io_uring_enter+0x74/0x80 [ 333.581661][ T1393] do_syscall_64+0x4a/0x90 [ 333.581705][ T1393] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 333.581729][ T1393] RIP: 0033:0x4665d9 [ 333.581744][ T1393] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 333.581771][ T1393] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 333.581787][ T1393] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 333.581797][ T1393] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 333.581812][ T1393] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 14:04:48 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x2) 14:04:48 executing program 5: r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) preadv(r0, &(0x7f00000003c0)=[{&(0x7f0000000240)=""/164, 0xa4}, {&(0x7f0000000840)=""/165, 0xa5}, {&(0x7f00000004c0)=""/249, 0xf9}, {&(0x7f0000000680)=""/182, 0xb6}, {&(0x7f0000000740)=""/208, 0xd0}, {&(0x7f0000000180)}], 0x6, 0x924, 0x7) r1 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r4, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r5 = openat$incfs(0xffffffffffffffff, &(0x7f0000000180)='.log\x00', 0x400100, 0x0) mmap(&(0x7f00000cc000/0x1000)=nil, 0x1000, 0x1, 0x4000010, r5, 0x11468000) r6 = openat$autofs(0xffffffffffffff9c, &(0x7f00000000c0), 0x145000, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) close(r7) r8 = socket(0x200000100000011, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'sit0\x00', 0x0}) bind$packet(r8, &(0x7f0000000200)={0x11, 0x1c, r9, 0x1, 0x0, 0x6, @remote}, 0x14) sendmmsg$inet6(r6, &(0x7f00000067c0)=[{{&(0x7f00000001c0)={0xa, 0x4e24, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c, &(0x7f0000000b80)=[{&(0x7f0000000900)="b1ca5581f204e936ab761d4a4fd8d509ed29b07c8fd6d0e72442dc67fe9f1d741542a3c04ac194d390f7a61f965184c3d6beb83a6ee7556e48f1a2a6d28a398978fcc601eb2bf115cda592de5bd2ffb92e62f43dbd681c9b40b3d20c995a1df2fd186cd9ca829c2bddc2f4b84e7a42890e611c5173c195169d0f3786962ac3a1c5b86f63ba52cfe36075932d3f5a8ca12b010bec27dbaf41c6296bd91f2691a62c19844abf5dc65b04e3555eb5e16e062211d21beed0103829fbeda582753fb946f87e84dd905d1a4302582aa2ae62be15252e78efb9341c4b37607b1a0b1e4b74dfddb73f455880deb96ca3060cd41143658c6fb0c778eff74ad6", 0xfb}, {&(0x7f0000000300)="a35cd3ec3e9c134722e829c20870714a", 0x10}, {&(0x7f0000000340)="8817e5e97978ff4a31329ba146", 0xd}, {&(0x7f00000005c0)="5ab0a1143c31af66df8e7a22d61120f27979fc1db20c44a9a1d5be117e01c2c6d1bfeb6cfd997140ab5dbb402051b7972293eb6c4da7676be4fe15265cbb6a314ed87c15add1ab584ae3", 0x4a}, {&(0x7f0000000a00)="d90372ed72ed5e78372792341a80e3c66ab68454d0a65b4ab3b6f2225371bfb909727844be4ac8b3926d572b8f36a2be57b8ef1298888040014cf2370380b369cfab00055010ab90dccae415d605695ca9d065350ef846cda9e34d6a5adb4aa4e4d8ad99f136ed93dc7aeb980e1ecf49070ede8c1880dcde6391de85508ff19b4e3312bba3d8e98a8491f5", 0x8b}, {&(0x7f0000000ac0)="195898bd7ff4b49bd2649f18ae6b37487c02f3ddeb858c080965227b731b2e6f5af04c42ee1f44505173f8ec05200e23bcdea667a2d9cd6c991eb13125ec5703a312e3459f9a5d080cb07b3ba2c872fef45e8519f620e617acaf3044568f3e52d0801c0381eca486f0568452dd882f4dedfc65a994e1ca6753e595f5ed35b1e1b364ffef4616adbdaef24cc71e3854b0d1678941753c8e3f8db0b9fca795c826fcf942826f3e45aa75b9c9", 0xab}], 0x6, &(0x7f0000000c00)=[@hoplimit_2292={{0x14, 0x29, 0x8, 0x8}}, @tclass={{0x14, 0x29, 0x43, 0x7}}, @pktinfo={{0x24, 0x29, 0x32, {@ipv4={'\x00', '\xff\xff', @remote}, r9}}}, @hoplimit_2292={{0x14, 0x29, 0x8, 0x2}}, @rthdrdstopts={{0x20, 0x29, 0x37, {0x87, 0x0, '\x00', [@enc_lim={0x4, 0x1, 0xff}]}}}, @hoplimit={{0x14, 0x29, 0x34, 0x1000}}, @dontfrag={{0x14, 0x29, 0x3e, 0x4089}}, @dstopts={{0x20, 0x29, 0x37, {0x87, 0x0, '\x00', [@ra={0x5, 0x2, 0x101}]}}}, @dontfrag={{0x14, 0x29, 0x3e, 0x4}}], 0xf8}}, {{&(0x7f0000000380)={0xa, 0x4e22, 0x80, @loopback, 0x4}, 0x1c, &(0x7f0000000e40)=[{&(0x7f0000000d00)="a4c00c195e83583339540b66ee201f894de8f0d5cdb49cea2020f9ebdabd98934985210f483ba1a445c830aaf17bea6bc7b70967fa1ceb2158525be420cb312fd7af1bed9f94d79d6930c96a471c24619883ddd862c0f82d16762e15", 0x5c}, {&(0x7f0000000d80)="21c3ee6cb0c81bcaeda9d809bc4ff0e1f6b436d4b5bc819cab2a27689be63c272fc318bfcd8cbe2c862257a1de06a1f106adefd0caf06427a69282a067ea56cc60df8753156126e996ed63fb59a2bbdadded31d9b8892fde72f1783d92aa671b10b10229fc5dc1f7e4e60fb06906337ae751bb49ac4b44644c5dadc7f3aa68157405dcfe085f4d8fe2636ab39ebfee0d5dd265667bb61a1cdb474aac40a6eddac488", 0xa2}], 0x2, &(0x7f0000000e80)}}, {{&(0x7f0000000ec0)={0xa, 0x4e21, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}, 0x20}, 0x1c, &(0x7f0000002080)=[{&(0x7f0000000f00)="acf79b4351de91e409dc63917e0cc96dcd11a07d28622d20914daf3b48d712293ebf3ce6d13c18547bf2f1dc0089bd8b460446a7a487fbe53f01a583b508466c919537aa71d652f066b67a9b5b4438e7134741c33079d6f1e513f84f637d1ef9b5c8e24007facc0341a4642e066aff88511de4fec0815791c62badef3e8797167be4eb0b9d8a29570f0224d15a4c123dbbedee3770f3702c96d5fe91de684d8e0534305e9e3c20c49ecf268b4f25b094e805065a93d2022d4ee16e6b", 0xbc}, {&(0x7f0000000fc0)="06471672bce5c7dfc4eddc6334d2600e3984b4b19e6b73be3bd285b39ca749f10c0d5d74a6e37936b21b1bc1b44dc87994c7a5a85559717b98fa462f34c4929b0431264e2f981acbe833e1bbf14b235554d0f46438916592223655f64dbc9d80d0540e3f033562d611fb6330fddbbb6c47630ecdad4b2198bc14880c4f5f59bcf7df526a34c7c41048cd2fd77237", 0x8e}, {&(0x7f0000001080)="8d8b8111670a699c7687c6c2d6fce97eaf44f1333e1be59ea9ee7af36c4f9f764c11ad020c382aa4b35c9203c3de0869b81b882b1be5e3f015a30310af37b4ae8da9fa74b540aced457cb2eced243abc15c5aa3d2851ea24636a8bba137a1478b66dd0169bc56ce3dc5d9db24a7cacd3ec8ae40dfc85d9af1d1fab5fcf1ae32088e87e5d13b227be4c41f2c45abcf7fb9c800d54594551ac6dac3e3ccc86bce2844bef1f0eff89e8b445181e7644ad5fa4770eae89d358cc5444f27b7828def8b2f91af897ad8fd1c532ea1a3fda06b9bf839324279ec364889dd1ad67d879c71a004ee5f110265fd12525df9efddce3b6315fac17dd78d95df0deb2501b6af526451db8d9e748f17900952c63ff0e9f5e28ced2f0f8ee7378da1945cea06ab68f50c11a966c3b77eb592ac3ca7e78dd3688f77e3e248da697a539938d80694f6efec22db316ca22f1ba26b919f6a44644c4546c4a073112a4c0170e31250b4d035789dbb7ff43cf385cbaee383174c94098aed71167c9ad88418ba41d4a04fef0d089a58f5416a0daca0eeae667315e0574f31be73d0936c070124c116df9b2e98ab87d47ca72e7826b3d1da51a14c117b5a98d5c2ec327b8dad1684426d99665abd2a1818b00a6aec3b0e5b8072f260f24b6ffc077727dad2866bd7a4d148b6d7022fe98e6d995ea3c3978f658e487258fa7325e28c2427b93d973a71892a3885f86b81d9376731f8d24a244ec1f9b1b7574b6d3a5d07bd234f1e150b854df93c3616038821b25c86e27d5e24f70bfc4ce54f77c6d7d37da1b56057e36c6dcec0436429fd7e0a22ea3f598ec497849a1d93389f1c45f9852c82d5e0b0c5d31d2c6d5bb76b4a4a79a6b82ed0b1aa3bb92f58ac7f69c9dedbeb350263dd7a8c1daed9bba103b0b7d0a1a454f8325b4bd1979fca48a72442b44dedbbe219a16be0800e8a85c932b4fb2735dff714b290f7894c8e0cf31eed6520d255197b992cb2fe7cc4453c911a085568c1be4f1fac52049b8cf275b3a1dc55a227fff9b27b80f8e81c9b2e835bebea0edc1797149b00b7ac47c44e9924741287805feb33b69d215afb531e710768894b250b75477371b970d108c7660cbb812099dcb23e5d195356d0c63637695adbc4e31bc5671136227e888fefbe7a3c2991b8fae5b178bc013b44607a3cc4f5c00faf5035b1a7d0e4bb04d2018b13e920c5546b4573f9f8ebf920d703ab5d998e7f5905d1aabbc5aa099c6b465271c82b3b0518e76d1330c540f213332148947e8761aa5b6b5de49d16cdade9de1a22243add2d0ed7422bcdba6b0bb559436e66b97f4b4c5e15b825c6c33b08da6cf0fca828e247d992c66016f7fdf130126320cfc5d830c82d264debeddac1c7699e211faaa65e9efea96a9ee48233dfc14e8d44409e730f92d2c02aa6907bb1ef62ed0ecfe2e7324333ac3f80c46b7d114b27f461e1f1375521e7ca20be4f50fc95059fcf67791ebdde2ee398f9b8d1c0e8e68f7c1a4fa49f5f64b352d83d5e024be1479c97ed0e1df848525806ed891d1e0fb1112e893e23c1b6745126ec9e648e23673a20d95ffa3dc9503cee0968cd1ccb6af9a32d4f25a14027565b241b6880d8ac84649b1f93f80bb01d149cf8af08ba98993a0fe359602614b8c8eb169eea59eedf5516b93a1e37f140cb1bf3f104617dc9a1c483616fbef6598741bede6fe13c9a30012f7b3215817e3e75535403a92b78da9c8382b21f0c9661c7d00bfd9823239352bcd5dc0ff98ce18b89981b327607ecf19a60863934e79ba676940f2c39265a4fdef012e15ab06fc320ad16a8bcf5d4a58829dc702a4c73e348d2322d8d1ded7b2dea539eac1f5d4f595941fdd74e1e871560b269bbe60ebd5aae268b1e8f75ccbb258837815e715b9949ec4abd5f33bc780ed5948016a690120d3fa580110c623fdb551ca1d77fa7f406edc94862bf785cd1b3aeaa59044416244e3d5537abd17a68790810fd9c828d664445cbb859dbbc55c666844ffcd30734d89a73938efb78af5a9b6a752305b00c6efa093f0506ce9a1ed93cd342463fed11d9c5d90f15be7c5d68efdd5d229f486cef4a326beaccf5154bb1ecb490f71b7f4ebe346037afc457f3112fc98300747a7509dd7f0ea0a172e2cd9776cf95bbbc561fa306b443c62e4094309cf4e9e50ab8ab8462b8559715e9a485c94a2021a9bec1af4dae385e89f378284da405bc02f1e3554ea5a844283f8c76d124b8f78a61a87dacad85becb515e3e19ee7ea93b6acbbcf2856f9df5b2de11ca234afc26fb0aa046660fabbb0525547213a16d252407721233b761c31f4d5016c0a4890c7d88bfdbce262b0097379401d604ff0addb96f775070d9cd3c5af92afa94d9578be2639557f9a49e18ce8b2d85f0253499bba21ccd1f4a55deec9161b16a3e2fc6242a0864f0fc537f161aecbb035ca88cc369064e4b6fbc84cf3af1788b10210973aedd8b7eb4f0d558c679bd4fffd617e7e84443910fea6cabda0ae021face69545ef43848ced9743388b36ac09a1d3a1fb1779a25b385249a2b725bc359c63752eb85922397ac9757e30b1c9e33cac537ac3bd130ea6d9689d9e01dbff344262586b7fb8b744421bc7e025abcc439f069857f471e0bf7f038e9d490827dc5748125fcd175828f40734dd4ead061a4d3f0ef45ce9fec2be5519937cae5d38aa241f4fd301e0af06f3eaaaf7029f676e3cba736e13ee884bc8d46516c843b7a295d3f3c327609014e8acc54b434811414eb26201d66cf492e2f752b4f832fdac4aac8045c98746707a65c3955b847f77838d3925536a4aafdc81a5ef2df519a0dc46f4a80b6c477dd726bcd8edecf65fcb1cd8a89d1452b851555a980e2189a59bb66d3cce2eb9b54d1dedfbaec90e4c7986955c2c26798165785def357d263d3132ed73606831c64f1f74e019420391079cec6428748d35e841c7402381d72890997e3db9588ed8eb6536cf0923a785e03a485689d0e6711c9333da806791a49a36049c31d4c5c9c30d5eece758d3670f8f3ee52788b6c23d64c88051c8a2076834e9d8e2d19df940d9f4d3d76e8d57e07809a9584464a7ce60fcf5867a4581f617844bcaffa39e2fa9724c005cf9645d65fb49bd07bbbef6054ffafb06b7c2eb5218c2fc911d46e72a188ccbcb853e236ccfbcbbe5b93a457cd2cedeec4c5802814a1c870474be291d9e063f1ea2f437d3bcfbb5a73f0c2d6ad566258365b58505725742e7f6dfa0042eba9b626a255fbc823f30748ba87e6439049e91c6718f190ce56cf25d6ae214440d240006f374c197d1295c307ebaff36fd921c539bccf474a4507782e2c250dd9b3f20e355a614deb74db8ff59968c1338eeb5093ccad07dcde277672aa9a8c9dfe3223b33a0b1b0a7f769260e6b7a321a2284bb4895c8e8611ea1522c406e1592648e74f6812bf1fce788ab0597dedbd0d30cb1f0af4cf7c2619c86806eaf86a8c2ca1a4b1a4e0bf52c8a7fa72dcdf37a73dcb34277bc3313a1e5fbc3f2d454fd011554f7d1e0af02c0be4f72607ba6c7ea0476a95d723fd19d6becac25f073d46d455b891276f05d0a104f3c928e33674af6c038c82a97e35b45bc28b9f3b619ae37c4b367e70748c33779d9d6f3b926ec980eb4d1e0024cc676e4060e42f995891d0849fec93f6050b6a23aec880372033da0e23a686aa23d70d907a477d824ea897b1fb7a49c12b8a330d3381de9ecbcc8c67e0c1351ade6076e4d768487c202fd0282c3602caaf35cf8cca20697ff5d0a606d658d24100f282f762ddf5b4c5d2616c2e4812d10d5abd73b6e08ae39143cb60490ff68ab557561966bcdade4f37b91922af7a28192480ea313a2890710546fb4821eea3dcaf15342b48bbadad24644c3d1b6a25a9c58a83927ba55a5c5a31cbc2bbab891d35db8904b554f7e36785b5721671c97150112bb0c22e5fa4fb2c752a096c2ba5daeaf7fe604db33c3435b1e9dc37454ea1703b22d09edb11f65f9af0680aa03dae07d6103ef8084f272d63220a09cbd3180b12982e010d881d5750bca49e5c764c474cc578a8f4290a532d7b6f6641f497d7d07717addfda74f3e012429fbdff9ae82d0d866d7844e26ed253b8f53812171b0ecb1af882653c86e919ccf45989c50c6dae0e614bbff64fed52efc5f4e6d3fa7ea7663dded68b0c1e2b658257e88578e9a8c4ba3ed5af7925c196eb6b66454cef7237e069c99fcb75c63a8c584f8fa73b84bdd816d294c870f6632c5e1a6f100bebde7a5dc5f8e8fd98bb917c0fcee84e9a73c4db9333a9a9ee71db69f1a7f634f6f2625238ae8680aa319297e349c81816a93cba7c469fee2a0ac8cee45dd55dc4cd97e4f107686d3dad0d7163ae6daf6868106eec7735cca90b6826bc22a52dedcaab66b88681b33a5607139281e2cd61af6b57d1edd5f8781baa6efd8b401065b8af1d93951ddfa024ddac06506a537fa27938b356b03a6e92c72bf16738759c4918cc41c5cdbbf053ddb19f80578be2fab4411435c116d5adb30954f3f8bb263e45817f99f46383e989e9cbf46464b614e87c776e3cf7986536bde21b82bc6b875375fb620769e706b1b9cbed2a2457baa4108999c7f7bbc8f52b8e0f0c715bee2dcdf788ab9ed9d8a43d40ad6672d9e183303037550735ab8caec6cd42af2f1557661f5e93f2a9d50c90c157c16ce1d1c0b189e1c7b9302459bbcc742409423f49adcfb341d80008ae956e0981f0a6707b45196543957897d2b736ee21f02b0dc26cb92e42f8885494856c97bba9e332c28ede3e3bf3d9ac1f8873b3bd939f9fff00430e62f001e4375039d8734e70b36beb51d956f7bbe77a1c5d869b9d240e7d9b2f02e1b092693304ca094d48b4844167f36f38ffc5fa2fa0c99aa2ffb9e4083c6e7b967dcb640a3955ac30be23df327e9bd2b77fc2ea2b8e8193c4eb8c53e4c2f16b5e5f4a38233648ca489042d8ff98686a445b22dc3ed3d0e6ebf53f504d094d0072d1b4a0228ef09a7cba8fcd39edb43765fe8eafcd9b014b1c0de917b059bb4c55707cb80365244fb6eb63e9542d0598845599954062d61e474394d23b9a5155678de3bc7ca94b63afb8b71a561c428834484b3c66c9047e057dcf10de413df252dc411a03d2762f3cbc63efe955a062d8316a53ce863d52cca29c5594fb3d64cee6257c4402c24bcbc44ccc4a7b56d2ec8d0acab32bae1f36381c08a85ce2ba3684a4c958ddcabb25f405346d6a1264df9abc0a9fef276f273b035ffaf9ee75126345cd1db232ac68149f154bea2a44641e8975c307b495bca666d2fcd613a9b267a4908631defbe7348e059c9819a1a5bce21154249d714fd4d96ba5416e362634bef08dce542872cefff3a1514f1e27488f77b97772e945a2f8c55eb987b8aae9d81899998f75afc222c19437c7f843ede5b375e580a70c2272b76f5f9f0d026b6c4b5f0c5000329efe38e2c524194d1346e8d7faa857d50b96e4d85d94ee270e10ef69b7766af0ef5f52511e7893098887ddb8daafb8ce6bd1cb55f8b43455820666f48fedfebfbe846d071edcf51dff0a8f280086f6451e03867a0a3ea8bafc85b9602125300fdcb8875db1b2265fbf2c77709fbbecbb40f1c7a12698655d67ff408ffc76d3091a6dd5ded9382a68fc1f55459165e04ff7a49e258ee88d446602c0c60ce027e43d59c2be4ebf6aa17e5f1ebcd3b86a991b32fba0bbab0b52382625161e2deac9f4592ac398a09725ec3edea1576907182cb2f8201fcce58be2ac89a10f23b3977", 0x1000}], 0x3}}, {{0x0, 0x0, &(0x7f0000002200)=[{&(0x7f00000020c0)="86dd3f3972b3d54513c26079485a326478e1618e9cebfc9474efb625fd7b9d36825479b1f2ff33bf561ff3b423fd5a6eb01c36977c885250254d8d0d29c850adca5bdee8a6af28278e9f71fac1c5ace1386409b42dd2a56a4224525e85b913899ef2746d9ca9e25324490bff76874447301ab7728636426af0c386992bc8272e0f628fc7264af3aaddefd86c89bb40502a0c92049e6bee8a91f30db2d41897096c7bbbdd6bd5f4385a56ff2c10c3e07009e68536817ed31b48cb3ef098c61d50a4f30b5ec741c166ff045f22fa108e5ff4637b7ec779ede5e9e5fa065b3208a960e32b6144d7d5515cd445414b20db30a6bb95", 0xf3}, {&(0x7f00000021c0)="3c11ba7320ed24a54210415687f8165a4d05a0e4c7f0157a44ea6dd0e6a3566171488df41b29fae2748e339af7a3d874fff9e10aa90a3be0dd0181715d569735", 0x40}], 0x2, &(0x7f0000002240)=[@hoplimit={{0x14, 0x29, 0x34, 0x9}}], 0x18}}, {{&(0x7f0000002280)={0xa, 0x4e23, 0xfffffff9, @empty, 0xfffff801}, 0x1c, &(0x7f00000025c0)=[{&(0x7f00000022c0)="bbb9b4774149ebbf939b680c384267916e9b475875893a3f62a865339dac0c4308d83752b71b157c9ea8371d0cb493245e110b7379ab98101e592a3f8df9019fd214e95412ecd8d9a7", 0x49}, {&(0x7f0000002340)="9af8d447ada86d3d185eef29d3eb03db4bc0f020a027711ae014bf60b2d9053ef1e325fc8033df948251cc18ff890e711a42be3187793b3d1c758a51bbdb847a8644a2f5065f0c70e188de2954ec2b28b20866f83a3232d5cdc76bf19c0feedf6c443c8c035678dbac7989706e62e8c618d891db3d10acdb0c245cd05fbcb3dedd0a03fcbdae27e4aa97971095eb5885b6209f3f73b7e29545523cc46e5c72cc27a6082cded85a05976d9efabf42", 0xae}, {&(0x7f0000002400)="e59444a367e2226a97d9dc8a84562b55e31de8aa34010eaaa5c2cd2122375309ccb756479398c3f5ab0b8fb8139b65675d032b37bdfc35ac26cc31b33525c06f5cd9e0b26c3ad4c42775", 0x4a}, {&(0x7f0000002480)="00d967b588a1", 0x6}, {&(0x7f00000024c0)="af01f3243ce25c16f254043bf99a0c2e2651a1fce19e4187acbd9fe5392ca09ef85e2745da1824603b815cd3e8821a5ea8bbb0612fa7c7b05865c420ae0af402f67e6d9f97e4c079ef6911d69603b8342507eaf45ae43158001dea62bdf86642f5b53ed15177d3916db3888c08cbf4ee3ef9fc1e7c7ccc2a2a887ed7953a5f0abc6a6b19bf4bdd842dccc2f4e8f7c40959ec54f87b3cf62f305a087d7484b502037175f9f759386ab20939617c4cccfdff48a8aff481b759020e5085790c937c5c675404aac22ddbb79d9e701103d42ee48238d85cc4", 0xd6}], 0x5, &(0x7f0000002640)=[@tclass={{0x14, 0x29, 0x43, 0x81}}, @hoplimit={{0x14, 0x29, 0x34, 0x1000}}, @hoplimit_2292={{0x14, 0x29, 0x8, 0x8023}}, @hopopts_2292={{0x38, 0x29, 0x36, {0x2e, 0x3, '\x00', [@jumbo={0xc2, 0x4, 0xffffff01}, @pad1, @hao={0xc9, 0x10, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}]}}}, @flowinfo={{0x14, 0x29, 0xb, 0x10000}}], 0x98}}, {{&(0x7f0000002700)={0xa, 0x4e20, 0xe801, @private0={0xfc, 0x0, '\x00', 0x1}, 0xfb9a}, 0x1c, &(0x7f0000002a00)=[{&(0x7f0000002740)="148132f98e8ed85353c07f88d1063e516764f3c3f34814e25746477f046f13e73d58843f70f64c83f614c845e70da4c10d0b03e56a81220a759f832a7c118250d8840d3baa887190c5151d068a3e446d46b05f0e769d2732f4bdd59acf580a716eb7fa480434ebe1ca7d4d68681fe139c000b7a6b68bd0cbdc6696064818d7f645c665d2c5a8aa79d1181d576a7e71db9f2bc289b96e8981c3256366760bb8c2a09b2ec02ab8d97c1a496e471d4ab0cbf243227ae3e714ccddbb9cda5edbd276f4f4ea32df461e7fb375dcb771428eb6726180f3654d7b76019ffc452d92dc810075a9775cd4efbcbabad4da0f9e72", 0xef}, {&(0x7f0000002840)="dd3d2ea55a4fbb1b9a722469dc825df51aab", 0x12}, {&(0x7f0000002880)="7be0a55719a710b1c8c9f4339f346252ffc846af8688ab6ef3da0875c099a24908079429a395f7c3182237f3916d9748ed80d8b209cd94cb43a64737a38362df4a4f4fb7a88ab892df24c0072799524422f1f4bde5b7e2a3098df5ba53116c1b94d18ca19614bec11b4805bab27c293bd6d625617fc0683ccc9b7ef91de9ac400f9c2ddd6998b5cb5f834d9159c103a1a7974e95ea819506f0b33565219475", 0x9f}, {&(0x7f0000002940)="837041eaa3d77bb68992f2ca84a42d74968664774ea4b84867c7d87de65889c5d414d44411e50bd87141b730df8ec62ea8f794107451de3beb6e1370c2b5d07bab612a21e52f7bf212797da641572895167f99d4baf175caaf12300ca746517d3907a81df555a48eb77a5b321fad1b99546fd85d78eecea656785fb0138a1571891e160d278efbf31d633b06b09b36bbbf6c740de42c7fadcccc", 0x9a}], 0x4}}, {{0x0, 0x0, &(0x7f0000002dc0)=[{&(0x7f0000002a40)="62b77ef2ee952795599b95d87753ee33d107e9f6a8a76057ba95b571a697e3707d8fecf6340a6e81b8ae9b264f72db190ba60528a6ff74cc452ba8c8ad32ea9e6a498c652a4ad79e63639f0bb7b5ae1f585a7a1b06a3e490883be2329466bdb5551f29c6024da11243dbbfbba8cdb26f1e3f9af5154633b1d19626b5666fabc2feee83598765b9ff0d7e634eb135f05bdb5cec1b082ad13d44065fdb5860df4cff62128150f10afe752782f94378f5df11d736daa8d01621d2a33580bd7271035e9ce38586e4b8ed29f5182173230c19136684ef6b499979ea59a1519e6191", 0xdf}, {&(0x7f0000002b40)="1bec2e60302649dead2c898bb46ecf4ba9e9a98e719c95c00ff56d55f090997b137f0019918a09fb7a516103f0685286205a744c8a41416735355458f9464c79189bbf729b94f6eff808706edd92f6063a5aea0e13e3415151e42e560705bda19ec940c936675eb3c2f0b62e0b9da837dd57a8d1920f41e7c67e56060566c7e2120dfa2b64ebb8228e2654855b7b9b0c02cdd090425b655548da507959540632fe5b115d4cee634dc0628c3c950d41bf57c02522e4b21df62ba35d4e62cec47312b77a8b786397050a0082f0af743781f719720326701f099d5aeedefc6621fc7b", 0xe1}, {&(0x7f0000002c40)="59a9139d28daae3208f867d6ea883dcf4b80c5a6dc71ab39f821ee587769fb44bbda301b383018cd09890a1b566ccb694c9e3abaa062fd04371598f031d8659ca1ea193c01671e026c6f296d3605f5cbc9a4ba16a2c1a2de3cf7116f7b76fe", 0x5f}, {&(0x7f0000002cc0)="9d7486e3", 0x4}, {&(0x7f0000002d00)="691ea9f1066a65c814f3a702821de2f8fba9032dc956dd2c771f4801ec1be916737aca86cb49ee95033d54c509c5850d6d55262acbedcf66ebabd7bf3dd24539d76eb1d9bbb45a821f806e9334be37f6d90a870236d83e11fa0a017b984d2b9364fa0c5ba55a862a91190c156e9576daff56ce24810bfdc14715bc02e2590c6dba293f8e195b5e1c009f7a389f6640a604946148fa6613156a4bdfc54527a04e1aa5bbf1905588102a403a52", 0xac}], 0x5, &(0x7f0000002e40)=[@dstopts_2292={{0x28, 0x29, 0x4, {0x88, 0x1, '\x00', [@enc_lim={0x4, 0x1, 0x8}, @jumbo={0xc2, 0x4, 0x5}]}}}, @flowinfo={{0x14, 0x29, 0xb, 0x7}}], 0x40}}, {{&(0x7f0000002e80)={0xa, 0x4e22, 0x40, @ipv4={'\x00', '\xff\xff', @private=0xa010100}, 0x400}, 0x1c, &(0x7f0000003f80)=[{&(0x7f0000002ec0)="d99006cb0c0cf2bdeaaeb8f39ad23816e5aff8505e965fe7c0977dee5e3ec62544e164b84a3a9520669a8c12f2a0d48b0ed150c74752edd758c779c1382f3e6f420b79afef8d4987e5db789ffeb8a5260db5ee60f475809f187711a853e00c1495cc8b8550864d992d50ee790e787604a39ccaeddf45e1ec45ec22534c5be6a9ef5431500699d59b6e91ed8845dcfdcb9ca01482373325cd539d0d032edb3b58e95e73359d3c4d8944c049d4222da08d24c2bb4110962e188ba86f7bbf94b915bf81f5544da41603eea1777477009cdfcadf6636c73eab5594d2aaec4f2acc52dc086a5a469092ee0b0c301905ec8f7982406c528be33610a9844587cb6417a2c2d759044568de20380125d011b6296af2e1886ea1f795308c352f7d9a7643e34fddd0e6a8d5005b2c7b72ad09966fdef34e6b6ed4a0a66089b339c6cc9202d19046e7e9b8782b5273f9b292fd3a965c71ae7ba31d25923f53ae7f33b6a17948054aad00cf70eb7fa21b7cae1cdac35d024235aa2f428cb8fef664e22010fb93e69c9774f10d0e38c97163419b4e48019305c8ab1a8d641f8904952bdd0ae6c350a90d69a961ff129db989b8daee190e9e2235e1e776f701e4c7e0ca42b6625ec51a9bc6c813cd07569ca3797c3b2d074152e6f060a8497189193390818d6e3156a5dfbc04ebc0b653561ac0a8510d265e4ac3939ad5a9ee4d270dcf933e8bf6b9284401b3d3de9c24beee916690a93f4311f2ffbf37f933a9482b650a644474c3e6e96f59d16983285b8f2ea68f05ea7fe5b14ec01c559428ae7b533dff2800d70d57568b72460436f17500838177dec5748fd5b88352d3ce306d40e2b9f96fec787987b010e27ced0ba11906eeb75ff7fe9a0b962f58ab171f0adaede2ff083f66fb80e4c462f3528b085782f49c0a643764dfc6dee4660043329b70d9bd8a0c0db5b738641449fa02a494e38230f3783e0a01df2900178aae61dc99e703aeda29a88668350f2552d340ef43b8bb06fa90087b0caaff13f378f0f0d462e51c5c72a3ec893644b80277a1786d7e580ad26a2716f02ab913546059499ce4aaf685d17f60cfe75eeeaf97fc30fd34ccb0b974695498e2ec69459339ae2620a669c039653fa4d63ae8d520bda365a7430f532a1db0ae0527fe55d247de5973e1e1f2e93ff7df530a60a159c78040cd78aa40445fe33ac183f0887b7940649a2439b51f79d43e96a38ad5f4007ff60b23eb5174e61b7f45416fb21c893c904ad1073cc7e443e1978b842789cd13715cc1f256aad5d0218b25eca68c52d5e985c62d504c201c58f1315760b2d530d607362f3888b0d3dccba367f779365a355cca363d263eda72cba9a333075d7eb65d4506f110d4d7c8f5ed0e1bb7b561ff3e4ca2a29204f9881ae2c98557ba8c3e1c637822241ebd79ed55cebd98a27e825341a9b4dfd4d078f03d56cddd193338b5f24919bbb367d7c6e843b58f613ee7609391cb543b316865e94206e90db5e95328e7bca629c6e7ed47c30108b03e30d4d999b432e7219b6ebc7b547092f0306799402bb67cdacd88415788af295bbfcbc432d2854513b7185ea7ae760ce0d10ed9684aa71f390b37ca4cd301590be33b80e7d23ae440ece8c86aca414b30cb963450eced16a55f372cb332a2dd0b139a5d9900ae016042688f5cdd1b8cd55760638ca1e021d9a0aac50087cef2b8e9cf7622a7b20f61e4bf48907399933c49edbbc234d832d509ca77c0c33ee24b61b665846dec91b89c2be8409a240e38559c49b1d90772cbd86d81e20cb8f32b66fba77086d8db56218e3650d0612c8501b346bae8bee1b3fa7908c7052fbab31b3b64cd72c1411b9de7ec3b16f57ea4f7a2668e21d3d047db6879dcbbf6d9e218ce70845a5f93b2fc2ba64a3aa3811dbd89dfab04dc49d74b558211dcadb92ed4db5d1e11ab164cc12c77f0ef84df26908b7b7da73bdaddf5a382a33be825320178789aa1b0e6c30f45209f6c90a4bfb2274bd312efea924614e61e3c1120a5a3ac77273a2ce5f5f86a97cd0df9221dd88c449edd60923c22c65818d7575cf1707b9a19ab1ab45f6f43359bf4884de9c40dbbc7978ecd8fa6252efaadfdd624861af4f889181c136c944e9e4a905154a823a9bc2f42bcb244c2178fcdecfaf7bd1cc99afdf924cbbd09c4e294e2e8c9329c2ae0f837abb822c4f62eca06bc62e2ccea84e02798547fa41c3cce63ae7010614155de47990a118af507f2cb567ee34344092126cc5862be31fe33768218ff7b4792a8781d0d9f52f963e2dc220371ff32948bd8acc1c888ac50eef5e1f1e4c72476d9c513ed13aa6f2c8050c2c686231c46d2e26d4243dee6888d499e0e86295f3440ca76ceb1570821a71dcfd4938bc1ff06f9118601028f3b8ecf02510c3deca2ddb706b27e3ac2207c3655e2e99dbe172322734954806d068fe4372eff49e3e5c1ca54c0973990099c4d93312544f58e017bceba776f90f93cf92da1babb6be1e69fbe7c4b98488140279b65ee05bcaa6b31a2ff1bd41ef5aa5ac1515821a86b7a1fd2c476830a4cb0879ad298a9bed29208988f786a556ac85d43054f9e8e1e5d12fda21ef664e07ab0ae0f2776e5ae416f003535f9cb8f2c0003ac1b2df51d1194f2a4c5e4a03eb626a1e814a6eccd6a83ce3e9bd6a2cac50f6223b7b8b91b536d8ca73bd050b180a8a9fd2d489497381be1b0d4ffe58521fef5ba69edb23e1aa22a49aabdbba27e662bb6dcf6adb994d37c73f957a242c4293b8c5e7337c5db4fd15ddb84136be848fed62c695bfe4ef303c8dff52bb1a45c5de56d651a6553fd0069ecd724a9efb41738a677e38496a88d6305b7d9fc9a410c45587017077dec0d15ce5e8dcd0a5d9fd14e32e2a60ecb95b7e6e266557b634574f133a3990afd6dc4c573ecf64c074b31ccf33a54862f7e4207ab1efed4fe705edf5470566060973eb5a76503679e82ca20439718377a2669376d94ae70cc045632d03215f1fd2244f84d89987c26f8c1c8e4c7f216355fafae8ac635209eefd4853f86e404163cf10392056cd1817144f0a13d9a42ecc10c4b580c1f152e19b95e6f9d72ded126f23aca07d750777cd9feadf7d465e6fb8c07dbbbee18017f2a3223895631b1e01cc6f3bb851fe62cac8b9007c29e881199e587d40261c939e39e51e035c361e116724e21ab026723e3098aacec48c03f4447d25fb1f28dc29d6205ac244e0d763fbb0ed9811a6916a0d119701d008f720f185e991c9c0caeab0e3ad5bf5d157e13f1a803e38cd0452f11b04ac7bc7e46c245337a7bda84354a7bafd9fc1edaef157c98b5ba4c682f96a2d4e272d12f1b0fae45a0a1fd95403d858c257db8f5f6710280eed4d60c31f35cef7a9d4693fc3d18174234f23e7751e271504211e9f9d532b8d776bdbb70887d441119ed9da5b45b59fdceca1487c0e37ebf9aad3f8ee002b03886d0c33e412f441edee2df075cec065a33d854249806f3ca0868578bc071a81a7215baea93d11ff1f3da00f07cf369bd8094810ae46545ab5a2f2b304c69363954ab0ac6662b33e91851a411b61657d342aaf7218cd1bbc8c68f720ae9010274de181e449f930fbf40f7cb8170965d519daa55f6741308df4b6dd1ec4d932cc981649be3db156a3923b361dd5e081c5aa740e9b6b2952c169dc4bce7339969dd6930f2bddbc25f346fa4ac3ef5cd55944ffc59ae8806badc605ede44ea6d3b12aafe9c668e6f673233494dacdd5469d66a381c8122260088859bb458c2b0050d8f3b3d6f44451dc5d672902b018151b7ac742d1a50dcee9a727a84dc5b5bc15d656d4ddea7047a97f715d4a9c64d965fa952d41a701262590fdc042300a9759ed659d115ed7ccee6e13ec706394b37de3a10058f6fd25803f60a16f1f30ff8d68e0206c6fa85a2dfee46f1377ca475554e83c5c324d6c9a6c8ea78974c811d2f24ba27d11f39c98f2ead8aff12c5bdf18ddf974976c21c65f0f1d8e8476452e27184d60281041aca7dd47e6bd2d5682e2a4b9d7e822df6a0fd8494784fac2ac85c0e63cdbf3d42195e5e04012f05f81acff6f28f1fe06e83827c1bebf904a6d6aeb912fa7fa276d8ddefd0ee5c480758afb7ad4875c944279049c8619e85574d623a7d4b93d371c74404e1769df52a81e8137088ebf31e19e4b062a6a899360c0414a4c3bd25bf606ba195938aa0fb625afaad8b643329f74fec0b46ac463c6b35b583c8765f8cffa0a3d9413c17eca99114d122f85ecd11f8cb379d39f222ad9bf6818e0cb3e371f193afca4d4d0cc7a1a389c6a979453d8c2dd5d1392cdcfc2512c106f368f4a788a7f1d48353db500879dfbfd81304d1f885384b70badf2f0747c92a1a95b3103ff1e254dbb022d376f28fbb67c6b075faa805cad4080fbcda351204aab5160ff2a2964b8ea7806d72532fef9f7b0608a8d169ed02327ad632ee3a91232fa0ae7b4efd8c825656448004af860d8881c245afdb1e81891289bc4a9b885ee00268daf1262669badfff8d4cf130e1bfe90f8c01eb140f07d294b1dad04b4a4a278dbe91ee5873fd2e86085ec22cca77011fbf4ae68001c6b3a661f7613bfacc665d409d99e89b151ca7a35137a6ee76e8129a54fb9bf142257be4cf8415671524a38388f7391e8baace22c911d16bfb4d55ec756f0b250eaa7134ee8131cb23103c5261d79c1fd08b854efa2d321855c203848ccbf17ef8f2b2aad98fcc3ba7f9e60fbf8c7296a8991a3f0cd739fd7299a91a56e3d564d487b0d57cb98a4009a69ebcebe0816f4a5d5e409ff837db735bdef96a39e3ccabd6a52799254f29680b34b633d17bb3c02408b6ca37b154409491a0533645f0d539c7c85707318b2853ff97c41aadf4e9b73cd45ac91db65480ffec6f6976d293833c0df019b06d23d8476e90031b1a0721a28aa36af02cb9ceaa0ada7de85c19d4dd3f1a5842ce4050de0e903843c8081e625e0f40d7043ff3f6a609fe376ef2627fe1219dca795f3e2d167cca99901cc30d8f55577009862f0954e52e9fd35597afe2c68dcef72a5cb9f78109faac2171056ce179e564f51b60295da783e25b3cc13bd2c2a392a55563a75dcd07096aa283c77bfc872b08b8f1b2475dc664b9563511c19ae3ede1e48a3dca203123709b28545f436204854633cc92bc1aae4b46827101a6eca0cf1be386eb3ebc36a8fcde1e0758fd622e3a03b9ee7e423692ef2b5080f451470850d48282a812f613a8afba58126ef83b9e4da89c8fefb603a69272e65f73d2cc6372a183baf81d5201f58f3de0b82b732b8119d77e064e94de5490c5358d1fcc6849f90766003eb25d55e1efa066ca5003968deaafb9ccda91dbadf9989eb707a7cee8cd2f68f24ef2f0cbd3527e8a636fca2f0290d9a163b074e85fa0a2ba3113ed9b433da19d01db9f0da5f35746f9491b03dd010bc05fc7d3fdce1c74b2cb525bfdc2464299ff02df127379b11a7ab8f0b7a2f8bf492ee686524b91649c50ac3c7aa9807b510f8778fe229305de3a36d000add5463fcee2cf16d6900f8615c29894a42edbea39d1957c9e33bf4162d39f7051ddbcb5285aa6b8add394a45c144ac3466115eacfad2f3727b9f1c4e0b26b2a65580ce77dc37e2c73e253789eda5a39881efe391362e6326b1e3ae72dab5ddcdb6787a3f4f8298eb58d092137a8e2b4ea5231c6729c941ec87789cdb35d089d2f4d57d5787a26ace9202b8e1d4f9a5aa898a3a38417663677164ef23806943d524301fc758affe1e583c0a163aadd5a", 0x1000}, {&(0x7f0000003ec0)="e1c2053b18524fcd5b89db1dc7182b9abb71de1bba65e7c19896d757ab3c21ca13dfc225e23da521b3a5c2f965fcfab535fc7fe401b03df31058a8ce6c823c89dc0c3c75dbaabb9aeacb5a0022a84853d0e8be6a3f8cf08a2f3bf42e5209a78167b1d34eb190bcf504a175ebf63b27113726fa0d683f42c56497c57afc3e58e62758ac2122b434ff9d5d4ec691200dc6ce4004bef0d20aa6d3a86bef364b977c7d82a518dd70d6e7d8bfd1", 0xab}], 0x2, &(0x7f0000003fc0)=[@rthdr={{0x58, 0x29, 0x39, {0x84, 0x8, 0x2, 0xff, 0x0, [@remote, @private2={0xfc, 0x2, '\x00', 0x1}, @remote, @mcast1]}}}, @hopopts={{0xf0, 0x29, 0x36, {0x89, 0x1a, '\x00', [@calipso={0x7, 0x28, {0x2, 0x8, 0x1, 0x354b, [0x2, 0x1, 0x4, 0x100]}}, @pad1, @ra={0x5, 0x2, 0x7}, @generic={0x83, 0x9e, "af33cde4c4b4d9386b40c01796014ee06f99c4d3d5252e196a4d18c6c00a5acbb2129c2c65415af6eda5a5ba6f1f7bdb5c285b73aac69464ed0327ec4ab8532fc8567f23d7d1fd5cddec8c8124d57c4d76cbfeb9f5445f4ae555ac88cc1032e436837856f80c541568e12f85d01cce046ec056fd73ae3d7dc0113a060d80e1f05c401d877d1df5fea2150ddefe6db319d14f4999c870129b5ed556b903e0"}, @jumbo={0xc2, 0x4, 0x3f}]}}}, @dstopts_2292={{0x58, 0x29, 0x4, {0x16, 0x7, '\x00', [@ra={0x5, 0x2, 0x8000}, @generic={0x40, 0x16, "13711b989920dda1818225d84dc689468bc4047a574c"}, @jumbo={0xc2, 0x4, 0x8}, @generic={0x20, 0x5, "de9f448ab3"}, @hao={0xc9, 0x10, @private0={0xfc, 0x0, '\x00', 0x1}}]}}}, @rthdrdstopts={{0x238, 0x29, 0x37, {0x3b, 0x43, '\x00', [@generic={0xd5, 0xf4, "6bd0d217c6b387847f80ed544c26f9cfcacbbfe6dbb099af060afededd55355e78d8ae23f7cd70057386eee2c73f73a92b865acf6136870ed9fe9971bc0cf0e636c9ce942fefb1fc099661638e27cd2f3b13d12b015c7e09efa83da0f1c899772549a9ffa71c800e6ffa065734c84231f8f47ccc5bd002342d1e2848a355680ec2efb813824f6270a8f2b3bd901f08bebdd501b5e8ecf3ff5a7fdaaf5182baa9294d039caa4abb71b8666c4794c0f88fd00f0824d638cb75448df9881dae044caa6383fe71864ea1732d09b400297e52b3e0fd30e6589ec0db0cffa572ab6940f80318b49a13371db5f816585d30d5a81e75d887"}, @padn={0x1, 0x2, [0x0, 0x0]}, @generic={0x9, 0x65, "46d9c57f49eb8f88e9759a23223251f8dd18214c29dad428f7fca31c1caf8d276356e082ba031a213d81ccdc8fcfb47bca6a4978366accabd758b747b6f16c0afcbe320144ee883b596e70a528a6e388465986d21fe4243fd807aa4669eb5ecea8648fceeb"}, @enc_lim={0x4, 0x1, 0x4}, @enc_lim={0x4, 0x1, 0x1}, @pad1, @generic={0x1, 0xaf, "28da471f1df4d29dfdaa0618f9c1125d2a1bc3ce021374e3ea1f1813872d15f6d496f6daa9dbd75bed862b81d9bfbdf15b376b6630755737f69f190156a08e1bbb9ebc19d060d12b730793817bce441f8aad6f280deecbd2511824dafbe5348b1f343f44bb0da9604310201ab7637593be7d210d8471181c59ca53614d638349b914cd6c11611059800857e2ff76d0cc90b4aa31ff21354845dc4586e7ee35916cb0284e680c4e33b9e54ab875aa7a"}]}}}, @hoplimit_2292={{0x14, 0x29, 0x8, 0x9108}}, @tclass={{0x14}}, @dstopts_2292={{0x50, 0x29, 0x4, {0x2e, 0x7, '\x00', [@generic={0xb3, 0x1e, "3d0a71761f685fa52045d1fb3010dfd9c359768ab013d03bc556a437abd8"}, @enc_lim={0x4, 0x1, 0x9}, @hao={0xc9, 0x10, @mcast1}, @enc_lim]}}}], 0x458}}, {{&(0x7f0000004440)={0xa, 0x4e20, 0x3, @loopback, 0x800}, 0x1c, &(0x7f0000006700)=[{&(0x7f0000004480)="5e919efe24587a684f80cfec5cc48c80daf3faaaadb8b44803382a1f8c35f98401760b136fbeb12cde57c9ac9999d85d2fcaed7c819f9fc01dd7aefe15c1f6f0e11291c91ff0d3ef517e02723db3f5127d75fc8dc2092ba62a5e55dd7ed2f1cf64c3cc673544c50906aa63cf12982c728f3f1a416a5d67fdac09d43cb0265b612d0af0e169882d2d1acbeb1559893cc8df036ddfabc9dbb70c3690a9bf76652878e65f0214b6153010146a552e7a1055e43ef3205e738ea264f73c9bab2b4c45716ef9fdae27dee0e2175efb9edb1ddc664225256a31618419857afde68cc8838d2cf287ee317860a3d46a79a3d9c2e59bdba7fbe95ea8f361d07751a731f5b590bd375f782ad363b393fbc96b2783c70c1dc4a04312e0b5c2bdf0751402a714c7337accca92ddf3210ae370887794c72d6605d9ffb65dc1f2efae0c07829790e5f8b24511640c723d5f86d6d85de114e5b4af8f732609ccb064db2d8d0181f825f259e6acdb1db3d440542a7374ac9bab3c1eb9ed61c59fc8c39bbe077eff5de8e77710e1845fbd9d3b2490db6c3f2bc1fe3564e8fc09a9fb5fea76c2c9b24ab7abd5bef8cfa3d69c41c2afdefebb20362147a21235d0cc9486a828d3508795c6fc5b4cebb1d4dc05e841f5b078985ea682c879050509de56b2e3eeaf490d1cfd9c8b6a02afb849734f17e7ae0edb308fdc5fab6d39e9ee0a1df6e5e386139798c33602d5f1af681147838c458f728e066ef685b64ed929c2d1d0063ae147ec26b23e09723e42f1949b814aeb9fb2bbe503f8d170013db5bb7e910da547af198fa6956066d1daad6c6707104d4149ea7dcc3a734bc84046b6be14bced946d3fa584b3d4e8ed8f594c805037f11a825ceb1f9d069f602320ecfe5fe1606df8ae11b6508e789e8da3f692703558dfdc2e28d664f8b080457d944c393a52d25c203e53c75555bceb5b27fed22829b7db30bfb43998c82476ce34f21e4081d0ce20e302887ce6d83ed677f756bbc100c317d4e03ec6a952ae81e5da24f21b0cdac56897643102333324a942c73d78eb11ed206b7b3634dd66c48003f9d65d13365317eede7361826afa0375732560f3dcf7d58be39475639313604de32eb792d5e4fcff6ca4ad942fbb4120cc6ee158bdae2f4bd7a83bd4c35c760f9968d6b4223fe7d78be702e961e08a25f735e7682c4bf437a17fbf0ec43b7de3b8ae4142f6d9a8b52bb39d1e2bf3dab2887fe4715b795d6924f6e6c9a251173df5653a992f4a9065ec67987c54452bcf6fe759f4352515178f4f45d6608093a59e78b8ef6fc127db1b755dbcf382dd1b23119833e642d5eee33b7b5f899bbf022b602aabaf0122189be573e5d74a0e891c92b42e6b795c02bc75deac77079a13b65d39c05eacff4bf11f4a090f4cbc0a6a005e5a389cc49efc4c2d0bdc2f8493b88a062a35c898f62a7306d7b3030642b3d7d519336d745e90f0a8324ffe81ab9e4775e888a2f430d8ce454a3f99fba14393a750f07c67c47972aab672856e240f7bb7ef74bb4abab6d958f31d36ac8ef64776b2e4b11b4783f821ecd86cfe800bdbbcfaffc50e2b3976706e77d682006ffe3eb4d0fd489e3be1027748edc4aab8c2612b5d822b9b73973428ba37ec9988e004ec55144e88375c69d5320fc4bddd142e090ec5cbaa78f6201f83cce79ab5ebb901daed8d614e663e9d03aa41f1d811a605728bc688c2cb280ab8d51c0f3a1c7aad079b21c01f3a469706c3486d6b7c00addd7d30ad9034146c4f6d990a480e3d15ee86826344a1a08f86a498f545bcd2bb7b76ef8cf351091966032d56bbe241e15bf57dd18ef3977ca6e8f5248335a7a339176ffddb77c9e709c6f6d7665f4738005d8332f68221f4cb257320945e9f81155913cbf67ba5ddda1bc736618767c9dc9527c6f0eab6beb89d3aa565545aac05fca0fabbe57b8be7dbe172a56cce98f2d451f2bfafd90481d724662f27901399cdfcb442e8753132890e91199a1a1fda8ccd0344ae6bf884304686015f95262c3decd9703946cab6bc35bbf2c47c5b5403fc6d2a3705e55b01af9f48f72eb0db83a2b814ec856991dd5cc971bc82027fd0f5ea7ea894cb5bcf13117474b6a9f898010d27b7b79bdc3193b755c47135d3f294c0fcd60b75ece212388301feacd715619dd9a15e931163c0bc07deefb9fd5164d2c76fb192b5250659b6e58ef1e27e0e18b701d86fc7b47211b73864121d96192b73b92340eea4d9ad35a01fa5e4ffa97452408b31408830de20f2b9d71ddaf710182486820d5faf80c067b29d92748b513af6c26ac2bee0ee7c3a6d8e197a5b30eb6317ca8a688680b91b55573ae60529c004fa199e7c7967fad677808f00927626ec9ee8b6a0ad1d0dd1898fdb244684dd9ca2882e31bf3ccd771179d848846fd291261e37b43d4196afbf7c21632e36e39ba57cbcde021f9d87acffad2321de9a1663cd575688148cd2e8df84ab6b6981b3d14e0248689bf179610bbe4620386a918de9aaa0ef70cc83ce7ffa9f9d0db61df68e42d37dc8233c02d99a6477af04173e623d525598cdaee46245c3d9279ef07a6968d13541763193968c043e2d53fd98df320f21dd8eb7e5418f4d43aa60872573ae88af22bb72b50e2c6763ed16f2d011d5d97e769af3ae354e0d66eb62213ded863bb56a6302490e930f461944d1736853b7e3632324dea7a6897836a8b44b21908040eddf005355b4bd19fbabe2f9c63f129c0dc69a588ddaa3cb88f1ccca79037ed60ea5749b652402ea376e945b5a2669d624902824177678423f544d1c0dfa1927e2ae6547b1517255ede5bda02754e04431462e9a45ccaad863c61047955766e7a2aea7f2c26b52afaf18ecab567f49cf6afa879f8e48ab209172b05c43a6e05ce13449df2282f70cc745bc03518ff273c6c052edde5c3d1d8c9c8a80d0409a1cc6554fb063323aae58d033bcd6397be2a9b62cdb8b2e8e1166e50a987511c5c776a2ffedb934240e40816bfd1256c1c03224ba1f8d248d043c8e7586e175959585548aacac86b3e02e5a13b3f2138d946c50f1f32c8ca128fd1a1d403a1cc5c99a9b8737fb3dc0b5ebf0cbf439c56a2d758dffa638545e326b3c37133a4e6ff0bd0080727667d1b3e3ad784ed8d8b2ff967658122dd9b053242e30ff1d190657535efeb73e92d1a92da36c17a7768099e0fd03bc8298569b16f2dfd73ea3cd473e08beaf2a455f20ff5065f8fe360484f4733736cde7b2d78c4bba75da873f859ce10c0078d6cc1bf22398cf93f8e322f391f4c60085b02def62ea39bf2f9211114d6c519a017d1bb8a2ff57d826c9aea8993d2e350f9ea3300ba182bf1fa217d42217379ad14fc67bf772f44316003594fa707fe858d132c45d77fa3fe5d389e36f2694baf29b3d0953cdd8c334ca2e623438edf17060da7f1fd57d1bc448ce0a9de3878030cacf7bfbb3fd734a3ea3575281c9c749816a1573163fa3c1748de9e8430ed29fb74b495e0c49e813cce68ab1aeb5c083cebc1604ea65d4138e1d6299bf66a53d1fc998f6a19952d4fc697b773ca55dc70a0851e2ee8da827b66e79e151587140b25247f8eba5165040da0ed8614b89ce11e811cb1bdefc7d0d1329690f9d5bcfd1e94520a6159b435d6316c4052377f1190c6f4040a6c9ac1fc6d058d8a61772db9e12ad02128d9f73c3583fe7b11d44dae1e2c8ea95af3e0d6b5d508b009a88be4dbc1db6f70208ee0c125bc2a58045f2e0382b53b59a2472e26adeda9301df6599778160c88a32599949355c05f0f70f27d993d49d185e519183b2e59c1f2c1fb8abb2dbabb697a7f18436796fb60e4130b48593280e3912b44557403afdec57c2ec817028956481a6b1a407d03260a4f4dabee4eebe7ea8523a155e5b3c7463fc1729b8dd7962a8fb6e538cebf347661de4b637dcb5189e970502ae38e31d7df5f91dd6275313552cfb79888aadcf721e8f7e0b25f48640fedb8e4ad7b35b81f4958a1af4b7af7ca48a827c3d760b23f618761fc42ea19bb0c1147c44b6499a47afdc58e71c4a4600c4d3155a3e6d0ef190f28441b55ae7b2cc16ef12f77d64d93247c0e9ccb4c202df958658e74d5f4a997692907e418d8bee1e5c3b7c4d60e404d1fae6ae7e4666735fa4da19b20d55fc62ba20f71c436be6b687f7076e13c7cad9ebadc3e20dfa2ac1e11bacbed04fc34c349acb59af7b149c6e134005d5bc27267ad73e0e6fa7afb6d62893cf1e1c1f637bb00e69ee6516d838c1c2ce9dad48a897a82389ac0b86730250cb9c4fe21ceca6d4a2c130b29852db0d1bbd17e11897b3ab26f3bcf5ea86cb7581648892680f5c7ae9c7a03f143e875a2a651bbc7c9cc7f439c06ccbb089440b5b821897f980f0ef0746ccdf3d49e9217a96d5bcecb90f72982b0b1628feb9d90bc051ec299e69010fd3b8c0e1152c879bf1c055e97c989b91f635f58b2d6278e0086576a54e26bc67d9c8ec6bee32e228b937a56b408b2ed4dba4a450f442d32c9659d0254477c493cd4416bf4b05bb4df4501f02ff7447bf6be09baace68a53be150f58fb56f9aebd14d6a4ab6c27ca36a0c8c6c794337a2b966c1d7d742ee5832e60de87bdc15fbb1f0da858949d808f869969d802b05e26803389b72dd28b9d2f677411d46af06751a30be6c0f227cea55fa95f7985d6c49b3b5e911c1911b5dedcb67acbfc2e439a8014d2ac1c962d9267414d938f2de6b6e51e31b0ebabbce59f57b608a8572e213a7e00ee5807fbf7e2fc1b25d6951af413b33c934dc69e0b3b9722495c58b37c21018d6369cf689b54a0900c6bc1465ffb33969a0d9560e0f4fd3f4a28c21d2f51084d50515d362fdfa00c042dd6be47d526fe72ba9ed4baf4f1c8b04bad06f8c66b8cc38f81cc7dd09ac7d2b940edacd08ead5a644295ce5e11287402aa2a61dacb29ae15f22a0bb823c509e3b4eaed32cffd10fa9c903b5a502ff0ac178304454e03312be3bb917eadfe3628a93421863392a64628b154d66f857a0232126d3eaee2269e497cc9ac0512cca0a92136f45f29f87bce04d3a1846ca9163b61bc4c75258240197f01915f2e183fed053e057b72353549980f546d78f89465ccdd0842a1cddd188597ca29e1208ae0e1fee9a1ae35eb11dcea29b1c6786ff2a8262d98d0ed6509a80c2cc5026cfbcb9472cac97e44cb8017e1c1e5a667aaf84b5a414f2c0c4cb3f71ca8beb9ae9dc4d8e9ea59ac8e16097ebfaf67af0af4a2338c3ba9b5809a63fc2079c092bfd9de5db85b46571a543b96eb307a7167f3b68c79aaf1e165c4235eab2cf5eaa22d221d79ca8da1412c168871761d1620d0615169a3f1b31b3376300a921e68e2dde9d1dd4954823073f5495893d2f57a7f558d758d7af3fe6b256dc354f656c9f608f02c17eb856c7a5c6e7c12a76c1c6b6dbdf7dbafbb41b2b26ecd9a6928901341d1cdd9b9f94477d347dfe0290cef67fb0c12e65e101fc5c4c021693c703946caf5f056bf7074496a37ed0bdbfe4c20f232950ac062a05da9c72c83792b4c5f349dd374ceb4ea0f2ad874c297810e8b4f5624979d758aeae9227f330f79259591af2068830017b7f99996745ec76205bbe60357fb47f48601f161bbba9d85901f96573f684d0357287f37b7ac19ff189d4a7ec9e8b9c0e9bcd6eb8bd076dd393a0687bd418bef0b250453985c4013744a516e8207edf2ae62365811821134079ea93690a2746daa1821350c5aceb48fd4d29838d61801c2406329e36bb5bebb6d026e043ac56830f0e3cbd", 0x1000}, {&(0x7f0000005480)="964107acae74189ab6e946816afe7a14fd1564af0c7d8b0a5ee42fdc92dca59d4b7a656171bdcfb25382364c68dee6f2598ac1c825678f456387729a680feb6827b6928249f38e61ecdc633e3f22ea8aee5422936e424b8ee6e528d68b0f0124177b0e0da58aa4105037e3c79d3e0bfc0eb908d5b9019d2aac482f886ecabf81d9b526eb7731a40dd303d8163b0557f4252f7bacfb50621231662fc1b137232fd883835c3f01", 0xa6}, {&(0x7f0000005540)="cff349bfcca1905baad001548383d7540f1ae98d1224821d5848457c6d94dc892f241ad02520addd84d243bc82e8603fc2d21d5cfc08d15d64b2ad4d046231ed1a648aaf59f1aa892dd9d3dee8ff06c4d593ba39464d3a96537d6bd5fe590898b9fac00b1cf3f979b819a35589882a5b1e705de33b60871b122cffef27af3e41c1e5d8fd786ad37be9973af7b9e1d7f1a818c08997358de8b1611aa0d4a675f7b963a7e9ce7b8ac9b6b85400024a5506b2c42468b5e3b140ca33a04d6af666b90dd1017c1e9803583498eca9441eeb8e85b4e2ca2d0d017bbf7a363b9b029987f94b461b36ce54ee88152b566e38e9a47682a9d4fbe919034858cb58027a67edcdd9f8f844ebe8232161bba92a4fa54ecf573f7337dc8a45510d197b2bdb3286e7370d1984a57ddc374a4fcdac6f0f5c23c98b5fbc9b41099be508c2700231c05fd8edd905d462d257c925a4d2d597a4750de00571f9e3335ed5c57269840da291434c7741b420cd37bbf93feebd4abbe8fe3446d01d2a3d1ece01c4d469b2117f84f275044fa10105a59509176e8ae0c4d4369eaa64b3d0c9131bc75839fdfcf7dab7f644f22044b9d7425d4c2b2a8506f621f0c07412ccd06367c8189c013f4d332f22e3cae0c7a47a401ed874554be8e963dd22bbe47dbe9609a979f6726ec5d11dc0b020668b3d879f9dcbe06521f993b455079ef50b810a5f1fe5cf24c607b5c2cbbe85d86d26dcc70ea490614c15a36407fa680364322f06454e3ba0dd3196f47e7e33eb444d27c71a1856887ab56fa6d8d8067e330222c28072ba4213343a0491b7b1c0708548e05825833397f0208a24fc35ace656b40827aa2ef66797becdaca701548d03602949f540d91dbd7ad05f9cc4d178167c3866d4ca4779e003cf59677efaaf0f628b84ad34a974e39de0ee7ed6ac05b3b3f39a6c485ca4444f84908f55eee1aa9cf103c65ffed28fb114fe437e8874c224ac41b755c4e37fc7023de3b9eecae574b9f15143f81fb0ab166a836ae5f3f3a46967cd17b61631c1e7dc48f537ce15f88dc38a51e81a87855bb4f53e0917ed5827744440d81f84a17d82d19267abc4d50b626a3ad6d68a2c1d78af70c5a2a1c72a31050a496e1e172083a0fec037fd1ed94a643aca25921360228c80afabbe8362621cb2dd82c5fc8bdca62df506492e7930b95c5fb996dd0fff7ad0b509c951a1e2d28c710170e819ce10e558cd47115d33764f7cc5bed73204893146a69b1ddb542428c7c154cb9355041aa009c3664ae4d6e4276b426b628cf5a88796941725fc87dff5084dd176e6c2e1a804ced958c66f04ecd1b22454f58972884db66f0e5a88d4028f15db2956b2644cbf30bb639afe0111ade2b40ed25a0df70c99e7388d5a045577a4a3201bba246ceb9889ad80d657f77aeb675f9141fcc600e130bfe6fc884de0f53e7c9fa61582c2ef30b674a06ec6df15a5913ef7e35e380f2b9e24fe6b7a230ab94f004390376a1ce1e503a55a56325781f5423e847b7fce07c85241d6a88ff7afd41142f20ced325e202d4281d4d6167951927b9c387610a84e5e00de22666e59a9ce84533edce6905f457333d986a4d5ef1337134a8afc4d57ab6f172dae5cb256b038757594cd6238f4abada37d30fba36c5c824da22c86e7bc9f18f75ba647fc193eb6190cdf75704a80ba76e628d8f6731b6fc7ffb8d70002f4666b84907fd1fbf7de008caddfb8049b62f1bf09e63ac51a84dd633c68223765467bf1b0b10d755055bc066f256be6c20379381484919ff166291f9e8c2319c832fc3cc970f7efe62fdd709cd2348645fb5adc92093dc01e2f8a44e69b716eca645146a617e374f8e5ae44acc81df067f78b2ace2124d26b28842b0e8649b31a5c7187f43e5e3d38755290775bca53a329f130155263c94f4c0af9455ad3646e1ba0587794fc2225e348fc4b1b0ab899d6b5ac938cd1593e4af6dfa310c26550bda2f79dc4588f11f84b47a8d598bbe5393cbfc2bdd5e231e720341730c454a788306879bcd74a99518896d1a6b7a018fed28e39b54777eaf3c0e25e805842d7f1bbe7ce41a70659733c0e10150a7751712c295cc2835a2d3e849caa8934dd2d6323468a9d3c3edfba8ea1c9864df81b8cb1be5c133d021dd8ec511e9422f2c5b80bc70a8b6b54809a6bf8f8f652931db504ae611e6680626f7c93e0ab2dbc5b478a70b7bb60ef246befba0049366f70db1133fab4e93e82eff2482ce45677f4bd6e2fcdef3ddef6d7131db4bc06200a12d65def54d09f3afe7634c13742c7dbf009e66f91f20adfd10efa29fccf73d234fab6fe09d2f306831b5728ea40092314fabf65e28c14ea76b413c1891368bfa6eff979920797148d77194e7028da918ec8346e96ce18d53dd55393375e07d67b5f47e2cb4e52e6d2c7993f1f05b77e3a6540e7e283cccb28cfa673bdc5cb76b07860bdbe55de19a3fe395c67c17a8e7f1f89dcb273bccfa3d252fee27ddf8bd0e054412e0998c02d5dba27b042ec1113e75706592d7bb937e4cbc68fdfa2ad3b9e349f00fe86c4489923cff8f847fa893a942e321a5e5e63fb297398b0c91f4c079456f2817a7402cf2b2222819cb6ebccc2e5072a3a933ef6616e98cb187b6ef583b45f8e2f4520f6b2a9d7d6cf53074fa0cde644b6cf176f1207f5bd87c235cd9cf0ac51113a6916f5969a6a9ad7247aa1cde27dcbd9b5c8c71f45daa700ae3fc8e18ab4f83d6ea1c3990b3c2ec4312de438d7d03f0d671eee7418c3cc0382bedd86d25f1e64df361aae669ccc2277d4d7dbdeed73352fce13b549d79f8e33e7f8ccb93cc216c10873b73522158818a81525154d67d664eaa60ff523a6b3cb3ee246b195a4a4f0d8ea82c2362568bc395a101978a3e949c42f61de515bebe3a1210d4dd1176f7919424b1fd2b79369236d76460657fa0157aa39da6f4ab827b29657b28d489ce3ffa6b3a776de2c429392319230613502a398b2701a9c2868aa29d5230a4812809015f6908a90d18735ff0f1fb40fcab019eea9fc6bf38557b6b0bf3467a7264bab4fbe34b118cf4ca58557509b767c2923163ecc0ada75e9587555b720ffbacbfdf4ac75bdcf646fdd0cb81f68abd0518b557fa02b47419b8f1c3808770b3e839bdf25b7df9fbc0d692e6f79dc3ef072d960177dd96f011d2dd3e0aed2f4f75186f7fdf553fbb388f34dda59cd2638cbd5cafccb9ee2bc781221a82cad62f54d7e391738cfb5357cffac7815ca6ae279436b21e1c90da1c8031b255f6c5f75b1e2034e6696cf955023890390199d403f1f8c0011eb48670bc9e02bcc2520fbf83ab312fa54fec9d8b08f49cb6e5deb6f35fe88318702ae0d96d5c03b2bf18e93bdcb49f45d2cb010bfb083029ec37ff74b57a4d63238cc6fbbd4000da6785763d3e8e7a243657dbfece4e2da92c60a21751ee76ffdd065d7e1fc77d9cb10784b554639c068c0c642ab3d7c7ff2b43eb12d6b8c778e383d5af3926c464eadccc703342d55707f4e903c5d037cbf4623ad96a2d5e33ea2d48aa959dac08a16a806676ffb8117b0937cbefbb55e79aba9c018a63dd89d54a9f251d5d78f520a94d98e6ed538f96214ea5c4bf9796cbbca133cf351db04d338f45a857fd8332e4a1994f1d1beadec84769fdefa13d3a28e44c4984d260625037c48f0423f52305e49b3d7c2232774610f21eef67933fc85e59f4aa835a108c908baf741de70124dc459b8c0bf56f0bee767a6ee39df153b53c21eaa9b4f480f5131cdfd55190e3c983a9776768dc6a2efdc321b0665a079ae0e0cc356edfb8c2f5544966f222fa90ac828c65e4d2a13f969138fa83a00121ce407b6545d9128706c806087c70434cec623fb17075fc0725a02b12156185ee5b5ad309849f5d60440fb916b23e592cefc55d786fc0eee7a0f01aa76360740cb1da63c065c8d9aecf113b3d65e3377a7b5c41cfaa802c387ff09f43f3b225c1f2e0e0f017f3bfda30794547084aa3e65f362aa317ac1e1a122c9ff5b1723a1247aab6eab2eaf09b249808ccd07caf3153bc28da121b9adf7c9234a0f668afb3313afa26006e3ec7431ca1ba4db284a031fb78278ebd684c8b5330d0b48528b902f7b998accf8b8c1038c055b9854c61e571085406be59833da355d17f2594d5c253ba961bff5d26bd007fe41276099b46221071755b7d33dbf9e0f05cc0e9edf08505a4e60fb37a9ce2a4fba9ac893cfe72efc13800da2e821ef82ff4a47fc80256bfa2e50d3cf7b475b105799ae7c32ce9d4f73fec6b4c3e923d523312e0708ede4c4d55762e6d07686da7586af5396125667a5c722d045296d93a58a9de5a413423caa33e55db7196c5043ed08e960535c637f80cecc3a000a1113b7a758d508c845e9d34f4b8afbfc8a8972bf2a0994752d865cc22bc7aeffde0578b18b0bbc789a2af5caacfecca0b39c1afa6489a2e9e89cc21bcd49bf2a44875fa53c86f67093864b23cade4e340c413a936b1f81013a4777516e579ffda0d8fd27988bb6a4368b656e62e1241d75b04751a20033e75ed0d62004f35ac681313dad4639fe0b56a81f1ebf8e34007d801719d2f897c90fb03e1ee39e50bd632ecfd51b55ee91ca4c5c8f5fd4b61e459c0d87df36179ce187f4f2c3abae636276f8135d8b3f91f43c6f8bf60a077f92f752db38cf31b44212ff6b5b4fe3052f147598cb389ec9abc437f0923cc589f55baabf6babc80f5a430af358b7bacb8da65c4ced9f0d84f5ad7557d30c35917534f94976542ae04f42f7c2c95b8ca572c190b38b48b0d07c8914f6ae1cdb61d63d39f05840d0d873432cb952ac08c1e0efbf76199297b1ea68d7c0bed4de139bc8329e0b30e8a1a20e482cc4eca84d8f2365dbb7e5cbf0ac68f68004b8d82ccba7a3f13dd34d4346584513652c056e2cdb3b4285b6b0d54865b4c39436be766b5c5a87b165f08183427ea4e774c1410cc5d2a3aa01743153dca9f6dfe62b5618fc8296f3726673d23532f5c23a0a133637f65be40571c1fea17dc65e93b3aca489d791c7bfac46a949f343c8b6a917845f05f1ba41208b02a20e3715297a32bfc9dd0868b2669add2bd2d9d9b42c488940a2a63f9117c23daa17d96fa013ca222655d97ebc3c5cf8f374291abc300bb5a76201526438efb6a7a4dd923fe1671af870e3499d9f177643abe43bd78a6f0760da1e946b820c83a72889706c185804cef7a9d76deffb316b36a3fabfdfef2752708a7314f92e8a765d93b7c0e933d702e38fe54b5bf877082a2248b2b7b73144592ffdf94ce86d3b23f21232cdb90b47d69fcc279f98720b80820c546002fdca02970ea8d68408cf65498336a8cd8246583ec32b02ae79ca2d174e7fe4cc2f16241b21a9179dff37a394d6e6577fc47d89995c18edd091d4c281bab95a34dee2371ecac6cb03eec967b2d1fdb626979c79d7ea520a2f3b40c1f1d565e7dd608f9ef95e564430e739ba31ad8fd271e496c782dd572ef94a329dda851e0375411b39b264bd4d3099687f6b34223cc30308829bd183187b02b513ff2d7645117c90913c1be7664adcad343e2000617fcbb12046ca5c7add508d9b81412a37a6ff611ae548e4f2e4a9a6c20ab030515524219ce7df9ef54970823827ee44655cf467b56fd8951cd8818bfed93e24148df46b34b16fcdd1bf2b9af4759e1af3aea8cabeef3264d98a0149cc3e57ea67fccb30680ec7f749799250fb2a362c8338f1e72110248e1baf17704b31cf27abaf74d20761ee6fec5ef5444a09c1dc5583", 0x1000}, {&(0x7f0000006540)="0e4f0dee3535469757b8792fc591386ae883bb474e456c6d4f27933fc2ec6a3f23d95e835e0be437a1d801bcffdae326926cc4ca16661a2e7d6bb7a309a9daf2ac874f192c9ac7f9fc6e39caa8fe18ac01711103f7798dab4821de39c12209fa3cddf10e1a1e10ec2829a7a804da5998f9ef82824475ae870df24c48ebbf6e5860d8e11fb88867660a2154f55acd543a99a18541ead71dd0ddc6e03c06fc8622ee4b188eabf01460cb67d0ab8055654bfe0c77ad921b2c6f3ab1c9941beecf89", 0xc0}, {&(0x7f0000006600)="da5466542465e1b773f87c9f73955d215f0af538edc7fe36da8f4f3cbbdc23c025d3eff0e4b3ea1f5f5a3ad477065b808693b8429294e487deddf3cd01045a3b575a9918365d3c8e9561cb319f8c35efa66041b5c8a4ab197b2d9094cf78905a3f4f1eaab6f185cf60c20845a8024fdc0dfc2939fc8620bccdeb16fefe473b8461c94d0aae0564c237678732734fc47520ab015c49b4b5c96da88b363677c73c14f2c0e1407d45d805d15d9ce1e48ee7214a5bdf02c28e108509947952f75033b36a7d30e0359cc5be2d8287f135b806da6aea2542ec2925ca367507069f56efb5db535688040003a33f0f7f22f471649391", 0xf2}], 0x5, &(0x7f0000006780)=[@tclass={{0x14, 0x29, 0x43, 0xabd}}], 0x18}}], 0x9, 0x40000) socket$nl_audit(0x10, 0x3, 0x9) socket$inet(0x2, 0x1, 0x0) socket$inet(0x2, 0x1, 0x0) syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) io_uring_enter(r1, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:48 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e666174000280010002000f0004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:48 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x2000, 0x0, 0x0) 14:04:48 executing program 1: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x204, 0x0, 0x0, 0x0) 14:04:48 executing program 0 (fault-call:8 fault-nth:51): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 333.581822][ T1393] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 333.581835][ T1393] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 [ 333.876429][ T1415] loop3: detected capacity change from 0 to 270 [ 333.896011][ T1422] FAULT_INJECTION: forcing a failure. [ 333.896011][ T1422] name failslab, interval 1, probability 0, space 0, times 0 [ 333.908676][ T1422] CPU: 1 PID: 1422 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 333.918740][ T1422] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 333.928934][ T1422] Call Trace: [ 333.932296][ T1422] dump_stack+0x137/0x19d [ 333.936627][ T1422] should_fail+0x23c/0x250 [ 333.941116][ T1422] __should_failslab+0x81/0x90 [ 333.946015][ T1422] should_failslab+0x5/0x20 [ 333.950532][ T1422] kmem_cache_alloc_bulk+0x40/0x340 [ 333.955740][ T1422] io_submit_sqes+0x4a3/0xbd0 [ 333.960411][ T1422] __se_sys_io_uring_enter+0x1e1/0xa80 [ 333.965979][ T1422] ? fput+0x2d/0x130 [ 333.969875][ T1422] ? __fpregs_load_activate+0x8f/0x1b0 14:04:48 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000200100004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:48 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x20000, 0x0, 0x0) 14:04:48 executing program 1: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x214, 0x0, 0x0, 0x0) [ 333.975390][ T1422] __x64_sys_io_uring_enter+0x74/0x80 [ 333.980905][ T1422] do_syscall_64+0x4a/0x90 [ 333.985317][ T1422] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 333.991201][ T1422] RIP: 0033:0x4665d9 [ 333.995090][ T1422] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 334.014860][ T1422] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa 14:04:48 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x40000, 0x0, 0x0) 14:04:48 executing program 0 (fault-call:8 fault-nth:52): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 334.014882][ T1422] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 334.014969][ T1422] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 334.014979][ T1422] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 [ 334.014988][ T1422] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 14:04:48 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x1000000, 0x0, 0x0) 14:04:48 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x4) [ 334.015001][ T1422] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 [ 334.090828][ T1448] loop3: detected capacity change from 0 to 270 [ 334.115929][ T1451] FAULT_INJECTION: forcing a failure. [ 334.115929][ T1451] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 334.134232][ T1451] CPU: 0 PID: 1451 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 334.134252][ T1451] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 334.134263][ T1451] Call Trace: [ 334.134271][ T1451] dump_stack+0x137/0x19d [ 334.134297][ T1451] should_fail+0x23c/0x250 [ 334.134317][ T1451] should_fail_usercopy+0x16/0x20 [ 334.134371][ T1451] _copy_from_user+0x1c/0xd0 [ 334.134446][ T1451] __copy_msghdr_from_user+0x44/0x350 [ 334.134467][ T1451] ? unix_seqpacket_sendmsg+0xc2/0x100 [ 334.134486][ T1451] ? unix_dgram_peer_wake_me+0x310/0x310 [ 334.134504][ T1451] ? ____sys_sendmsg+0x428/0x4d0 [ 334.134522][ T1451] sendmsg_copy_msghdr+0x4f/0xf0 [ 334.134617][ T1451] io_issue_sqe+0x250b/0x6750 [ 334.134631][ T1451] ? __list_del_entry_valid+0x54/0xc0 [ 334.134650][ T1451] ? rmqueue_pcplist+0x152/0x190 [ 334.134665][ T1451] ? rmqueue+0x43/0xd00 [ 334.134677][ T1451] ? mntput_no_expire+0x64/0x730 [ 334.134695][ T1451] ? get_page_from_freelist+0x53e/0x800 [ 334.134731][ T1451] ? fget_many+0x178/0x1a0 [ 334.134750][ T1451] __io_queue_sqe+0xe9/0x360 [ 334.134766][ T1451] io_submit_sqe+0x1887/0x3360 [ 334.134784][ T1451] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 334.134805][ T1451] io_submit_sqes+0x5bd/0xbd0 [ 334.134829][ T1451] __se_sys_io_uring_enter+0x1e1/0xa80 [ 334.134891][ T1451] ? fput+0x2d/0x130 [ 334.134905][ T1451] __x64_sys_io_uring_enter+0x74/0x80 [ 334.134926][ T1451] do_syscall_64+0x4a/0x90 [ 334.134943][ T1451] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 334.134994][ T1451] RIP: 0033:0x4665d9 [ 334.135005][ T1451] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 334.135024][ T1451] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 334.135043][ T1451] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 334.135057][ T1451] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 14:04:49 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) getsockopt$IP_VS_SO_GET_TIMEOUT(r3, 0x0, 0x486, &(0x7f0000000180), &(0x7f00000001c0)=0xc) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:49 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0xf000000, 0x0, 0x0) 14:04:49 executing program 0 (fault-call:8 fault-nth:53): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:49 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000200110004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:49 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x7) [ 334.135069][ T1451] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 [ 334.135079][ T1451] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 334.135088][ T1451] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 14:04:49 executing program 1: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x402, 0x0, 0x0, 0x0) [ 334.441366][ T1480] loop3: detected capacity change from 0 to 270 [ 334.468456][ T1480] FAT-fs (loop3): Directory bread(block 270) failed [ 334.468618][ T1486] FAULT_INJECTION: forcing a failure. [ 334.468618][ T1486] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 334.475186][ T1480] FAT-fs (loop3): Directory bread(block 271) failed [ 334.488104][ T1486] CPU: 0 PID: 1486 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 334.488128][ T1486] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 334.494736][ T1480] FAT-fs (loop3): Directory bread(block 272) failed [ 334.504801][ T1486] Call Trace: [ 334.504809][ T1486] dump_stack+0x137/0x19d [ 334.504831][ T1486] should_fail+0x23c/0x250 [ 334.514893][ T1480] FAT-fs (loop3): Directory bread(block 273) failed 14:04:49 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x20000000, 0x0, 0x0) 14:04:49 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000200120004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) [ 334.521420][ T1486] should_fail_usercopy+0x16/0x20 [ 334.524732][ T1480] FAT-fs (loop3): Directory bread(block 274) failed [ 334.551570][ T1486] _copy_from_user+0x1c/0xd0 [ 334.556165][ T1486] ____sys_sendmsg+0x1a3/0x4d0 [ 334.560967][ T1486] ? sendmsg_copy_msghdr+0xc4/0xf0 [ 334.566103][ T1486] __sys_sendmsg_sock+0x25/0x30 [ 334.570981][ T1486] io_issue_sqe+0x231a/0x6750 [ 334.575719][ T1486] ? __list_del_entry_valid+0x54/0xc0 [ 334.581142][ T1486] ? rmqueue_pcplist+0x152/0x190 [ 334.586115][ T1486] ? rmqueue+0x43/0xd00 [ 334.590353][ T1486] ? mntput_no_expire+0x64/0x730 [ 334.595300][ T1486] ? get_page_from_freelist+0x53e/0x800 [ 334.600869][ T1486] ? kcsan_setup_watchpoint+0x26e/0x470 [ 334.606425][ T1486] __io_queue_sqe+0xe9/0x360 [ 334.611008][ T1486] io_submit_sqe+0x1887/0x3360 [ 334.615768][ T1486] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 334.621248][ T1486] io_submit_sqes+0x5bd/0xbd0 [ 334.621274][ T1486] __se_sys_io_uring_enter+0x1e1/0xa80 [ 334.621298][ T1486] ? fput+0x2d/0x130 [ 334.621345][ T1486] __x64_sys_io_uring_enter+0x74/0x80 14:04:49 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x2000000000000, 0x0, 0x0) 14:04:49 executing program 0 (fault-call:8 fault-nth:54): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 334.621367][ T1486] do_syscall_64+0x4a/0x90 [ 334.621385][ T1486] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 334.621404][ T1486] RIP: 0033:0x4665d9 [ 334.621419][ T1486] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 334.621439][ T1486] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa 14:04:49 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x4000000000000, 0x0, 0x0) 14:04:49 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x100000000000000, 0x0, 0x0) [ 334.621464][ T1486] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 334.621478][ T1486] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 334.621530][ T1486] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 [ 334.621540][ T1486] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 334.621567][ T1486] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 [ 334.700986][ T1504] FAULT_INJECTION: forcing a failure. [ 334.700986][ T1504] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 334.701006][ T1504] CPU: 0 PID: 1504 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 334.701022][ T1504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 334.701076][ T1504] Call Trace: [ 334.701082][ T1504] dump_stack+0x137/0x19d [ 334.701105][ T1504] should_fail+0x23c/0x250 [ 334.701123][ T1504] should_fail_usercopy+0x16/0x20 [ 334.701190][ T1504] _copy_from_user+0x1c/0xd0 [ 334.701206][ T1504] __copy_msghdr_from_user+0x44/0x350 [ 334.701225][ T1504] ? unix_seqpacket_sendmsg+0xc2/0x100 [ 334.701243][ T1504] ? unix_dgram_peer_wake_me+0x310/0x310 [ 334.701260][ T1504] ? ____sys_sendmsg+0x428/0x4d0 [ 334.701275][ T1504] sendmsg_copy_msghdr+0x4f/0xf0 [ 334.701291][ T1504] io_issue_sqe+0x250b/0x6750 [ 334.701383][ T1504] ? __list_del_entry_valid+0x54/0xc0 [ 334.701403][ T1504] ? rmqueue_pcplist+0x152/0x190 [ 334.701423][ T1504] ? rmqueue+0x43/0xd00 [ 334.701470][ T1504] ? mntput_no_expire+0x64/0x730 [ 334.701491][ T1504] ? get_page_from_freelist+0x53e/0x800 [ 334.701508][ T1504] ? fget_many+0x178/0x1a0 [ 334.701528][ T1504] __io_queue_sqe+0xe9/0x360 [ 334.701582][ T1504] io_submit_sqe+0x1887/0x3360 [ 334.701596][ T1504] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 334.701656][ T1504] io_submit_sqes+0x5bd/0xbd0 [ 334.701672][ T1504] __se_sys_io_uring_enter+0x1e1/0xa80 [ 334.701691][ T1504] ? fput+0x2d/0x130 [ 334.701704][ T1504] __x64_sys_io_uring_enter+0x74/0x80 [ 334.701723][ T1504] do_syscall_64+0x4a/0x90 [ 334.701772][ T1504] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 334.701798][ T1504] RIP: 0033:0x4665d9 [ 334.701811][ T1504] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 334.701824][ T1504] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 334.701839][ T1504] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 334.701849][ T1504] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 334.701859][ T1504] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 [ 334.701871][ T1504] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 334.701882][ T1504] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 [ 334.739694][ T1514] loop3: detected capacity change from 0 to 270 [ 334.760180][ T1514] FAT-fs (loop3): Directory bread(block 270) failed [ 335.024460][ T1514] FAT-fs (loop3): Directory bread(block 271) failed [ 335.024493][ T1514] FAT-fs (loop3): Directory bread(block 272) failed 14:04:49 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) symlinkat(&(0x7f0000000180)='./file0\x00', 0xffffffffffffffff, &(0x7f00000001c0)='./file0\x00') r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0xe196, 0x1edd, 0x2, 0x0, 0x0) 14:04:49 executing program 0 (fault-call:8 fault-nth:55): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:49 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0xf00000000000000, 0x0, 0x0) 14:04:49 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0xf) 14:04:49 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000200180004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:49 executing program 1: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x406, 0x0, 0x0, 0x0) [ 335.024528][ T1514] FAT-fs (loop3): Directory bread(block 273) failed [ 335.024546][ T1514] FAT-fs (loop3): Directory bread(block 274) failed [ 335.024560][ T1514] FAT-fs (loop3): Directory bread(block 275) failed [ 335.024573][ T1514] FAT-fs (loop3): Directory bread(block 276) failed [ 335.024586][ T1514] FAT-fs (loop3): Directory bread(block 277) failed [ 335.024600][ T1514] FAT-fs (loop3): Directory bread(block 278) failed [ 335.024655][ T1514] FAT-fs (loop3): Directory bread(block 279) failed 14:04:49 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x2000000000000000, 0x0, 0x0) [ 335.164661][ T1538] FAULT_INJECTION: forcing a failure. [ 335.164661][ T1538] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 335.177920][ T1538] CPU: 0 PID: 1538 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 335.187984][ T1538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 335.198073][ T1538] Call Trace: [ 335.198081][ T1538] dump_stack+0x137/0x19d [ 335.198104][ T1538] should_fail+0x23c/0x250 [ 335.198120][ T1538] should_fail_usercopy+0x16/0x20 [ 335.198135][ T1538] _copy_from_user+0x1c/0xd0 [ 335.198152][ T1538] ____sys_sendmsg+0x1a3/0x4d0 [ 335.198170][ T1538] ? sendmsg_copy_msghdr+0xc4/0xf0 [ 335.198189][ T1538] __sys_sendmsg_sock+0x25/0x30 [ 335.198205][ T1538] io_issue_sqe+0x231a/0x6750 [ 335.198226][ T1538] ? __list_del_entry_valid+0x54/0xc0 [ 335.198241][ T1538] ? rmqueue_pcplist+0x152/0x190 [ 335.198333][ T1538] ? rmqueue+0x43/0xd00 [ 335.198346][ T1538] ? mntput_no_expire+0x64/0x730 14:04:50 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x2) 14:04:50 executing program 0 (fault-call:8 fault-nth:56): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 335.198365][ T1538] ? get_page_from_freelist+0x53e/0x800 [ 335.198379][ T1538] ? fget_many+0x178/0x1a0 [ 335.198418][ T1538] __io_queue_sqe+0xe9/0x360 [ 335.198435][ T1538] io_submit_sqe+0x1887/0x3360 [ 335.198455][ T1538] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 335.198473][ T1538] io_submit_sqes+0x5bd/0xbd0 [ 335.198545][ T1538] __se_sys_io_uring_enter+0x1e1/0xa80 [ 335.198645][ T1538] ? fput+0x2d/0x130 [ 335.198658][ T1538] __x64_sys_io_uring_enter+0x74/0x80 [ 335.198681][ T1538] do_syscall_64+0x4a/0x90 14:04:50 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x4) [ 335.198700][ T1538] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 335.198726][ T1538] RIP: 0033:0x4665d9 [ 335.198740][ T1538] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 335.198758][ T1538] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 335.198778][ T1538] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 335.198792][ T1538] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 335.198801][ T1538] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 [ 335.198810][ T1538] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 335.198819][ T1538] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 [ 335.212612][ T1547] loop3: detected capacity change from 0 to 270 [ 335.274976][ T1555] FAULT_INJECTION: forcing a failure. [ 335.274976][ T1555] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 335.376354][ T1547] FAT-fs (loop3): Directory bread(block 270) failed [ 335.383567][ T1555] CPU: 0 PID: 1555 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 335.383589][ T1555] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 335.391702][ T1547] FAT-fs (loop3): Directory bread(block 271) failed [ 335.397765][ T1555] Call Trace: [ 335.397773][ T1555] dump_stack+0x137/0x19d [ 335.397798][ T1555] should_fail+0x23c/0x250 [ 335.412378][ T1547] FAT-fs (loop3): Directory bread(block 272) failed [ 335.417355][ T1555] should_fail_usercopy+0x16/0x20 [ 335.417381][ T1555] _copy_from_user+0x1c/0xd0 [ 335.417456][ T1555] __copy_msghdr_from_user+0x44/0x350 [ 335.428592][ T1547] FAT-fs (loop3): Directory bread(block 273) failed [ 335.437467][ T1555] ? unix_seqpacket_sendmsg+0xc2/0x100 [ 335.437503][ T1555] ? unix_dgram_peer_wake_me+0x310/0x310 [ 335.437517][ T1555] ? ____sys_sendmsg+0x428/0x4d0 [ 335.437531][ T1555] sendmsg_copy_msghdr+0x4f/0xf0 [ 335.445304][ T1547] FAT-fs (loop3): Directory bread(block 274) failed 14:04:50 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000200190004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:50 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0xf) [ 335.447365][ T1555] io_issue_sqe+0x250b/0x6750 [ 335.447386][ T1555] ? __list_del_entry_valid+0x54/0xc0 [ 335.451755][ T1547] FAT-fs (loop3): Directory bread(block 275) failed [ 335.456137][ T1555] ? rmqueue_pcplist+0x152/0x190 [ 335.456159][ T1555] ? rmqueue+0x43/0xd00 [ 335.456176][ T1555] ? mntput_no_expire+0x64/0x730 [ 335.464277][ T1547] FAT-fs (loop3): Directory bread(block 276) failed [ 335.467823][ T1555] ? get_page_from_freelist+0x53e/0x800 [ 335.467845][ T1555] ? fget_many+0x178/0x1a0 [ 335.473276][ T1547] FAT-fs (loop3): Directory bread(block 277) failed [ 335.477784][ T1555] __io_queue_sqe+0xe9/0x360 [ 335.477805][ T1555] io_submit_sqe+0x1887/0x3360 [ 335.485506][ T1547] FAT-fs (loop3): Directory bread(block 278) failed [ 335.489888][ T1555] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 335.489912][ T1555] io_submit_sqes+0x5bd/0xbd0 [ 335.496178][ T1547] FAT-fs (loop3): Directory bread(block 279) failed [ 335.500442][ T1555] __se_sys_io_uring_enter+0x1e1/0xa80 [ 335.500471][ T1555] ? fput+0x2d/0x130 [ 335.607636][ T1555] __x64_sys_io_uring_enter+0x74/0x80 [ 335.607665][ T1555] do_syscall_64+0x4a/0x90 [ 335.607684][ T1555] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 335.607727][ T1555] RIP: 0033:0x4665d9 [ 335.607742][ T1555] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 335.607761][ T1555] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa 14:04:50 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0xffffffff}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) io_uring_register$IORING_UNREGISTER_PERSONALITY(r0, 0xa, 0x0, r3) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r4, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r5 = socket$nl_audit(0x10, 0x3, 0x9) r6 = socket$inet(0x2, 0x1, 0x0) r7 = socket$inet(0x2, 0x1, 0x0) r8 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r5, r6, r4, r7, r8]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:50 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0xf00) 14:04:50 executing program 0 (fault-call:8 fault-nth:57): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:50 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x42) 14:04:50 executing program 1: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x604, 0x0, 0x0, 0x0) [ 335.607773][ T1555] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 335.607807][ T1555] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 335.607898][ T1555] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 [ 335.607909][ T1555] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 335.607918][ T1555] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 [ 335.682924][ T1583] loop3: detected capacity change from 0 to 270 14:04:50 executing program 1: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x700, 0x0, 0x0, 0x0) [ 335.814218][ T1602] FAULT_INJECTION: forcing a failure. [ 335.814218][ T1602] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 335.827300][ T1602] CPU: 1 PID: 1602 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 335.827337][ T1602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 335.827348][ T1602] Call Trace: [ 335.827354][ T1602] dump_stack+0x137/0x19d [ 335.827377][ T1602] should_fail+0x23c/0x250 [ 335.827395][ T1602] should_fail_usercopy+0x16/0x20 14:04:50 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x2000) 14:04:50 executing program 0 (fault-call:8 fault-nth:58): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 335.827410][ T1602] _copy_from_user+0x1c/0xd0 [ 335.827428][ T1602] ____sys_sendmsg+0x1a3/0x4d0 [ 335.873874][ T1602] ? sendmsg_copy_msghdr+0xc4/0xf0 [ 335.873982][ T1602] __sys_sendmsg_sock+0x25/0x30 14:04:50 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000200220004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) [ 335.873999][ T1602] io_issue_sqe+0x231a/0x6750 [ 335.874014][ T1602] ? __list_del_entry_valid+0x54/0xc0 [ 335.874031][ T1602] ? rmqueue_pcplist+0x152/0x190 [ 335.874047][ T1602] ? rmqueue+0x43/0xd00 [ 335.874060][ T1602] ? mntput_no_expire+0x64/0x730 [ 335.874108][ T1602] ? get_page_from_freelist+0x53e/0x800 [ 335.874128][ T1602] ? fget_many+0x178/0x1a0 [ 335.874147][ T1602] ? kcsan_setup_watchpoint+0x26e/0x470 14:04:50 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x20000) 14:04:50 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x1eb) [ 335.874171][ T1602] __io_queue_sqe+0xe9/0x360 [ 335.874188][ T1602] io_submit_sqe+0x1887/0x3360 [ 335.874262][ T1602] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 335.874281][ T1602] io_submit_sqes+0x5bd/0xbd0 [ 335.874295][ T1602] __se_sys_io_uring_enter+0x1e1/0xa80 [ 335.874315][ T1602] ? fput+0x2d/0x130 [ 335.874327][ T1602] __x64_sys_io_uring_enter+0x74/0x80 [ 335.874404][ T1602] do_syscall_64+0x4a/0x90 [ 335.874496][ T1602] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 335.874520][ T1602] RIP: 0033:0x4665d9 14:04:50 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x40000) [ 335.874534][ T1602] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 335.874552][ T1602] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 335.874570][ T1602] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 335.874580][ T1602] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 335.874589][ T1602] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 [ 335.874597][ T1602] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 335.874647][ T1602] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 [ 335.885963][ T1583] FAT-fs (loop3): Directory bread(block 270) failed [ 335.885987][ T1583] FAT-fs (loop3): Directory bread(block 271) failed [ 335.886083][ T1583] FAT-fs (loop3): Directory bread(block 272) failed [ 335.886098][ T1583] FAT-fs (loop3): Directory bread(block 273) failed [ 335.886111][ T1583] FAT-fs (loop3): Directory bread(block 274) failed [ 335.886127][ T1583] FAT-fs (loop3): Directory bread(block 275) failed [ 335.886145][ T1583] FAT-fs (loop3): Directory bread(block 276) failed [ 335.886162][ T1583] FAT-fs (loop3): Directory bread(block 277) failed [ 335.886180][ T1583] FAT-fs (loop3): Directory bread(block 278) failed [ 335.886267][ T1583] FAT-fs (loop3): Directory bread(block 279) failed [ 335.930991][ T1619] FAULT_INJECTION: forcing a failure. [ 335.930991][ T1619] name fail_usercopy, interval 1, probability 0, space 0, times 0 14:04:50 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f00000cb000/0x2000)=nil, 0x2000, 0x2000002, 0x810, r0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r4, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r5 = socket$nl_audit(0x10, 0x3, 0x9) r6 = socket$inet(0x2, 0x1, 0x0) r7 = socket$inet(0x2, 0x1, 0x0) r8 = socket$inet(0x2, 0x1, 0x0) setsockopt$SO_ATTACH_FILTER(r8, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000000)=[{0x6}]}, 0x10) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f0000000380)=0x0) sendmsg$AUDIT_SET(r5, &(0x7f00000004c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x38, 0x3e9, 0x4, 0x70bd29, 0x25dfdbfb, {0x9, 0x0, 0x2, r9, 0x9, 0xffff, 0x7, 0x15c84e1a, 0x0, 0x9}}, 0x38}, 0x1, 0x0, 0x0, 0x4048185}, 0x1) r10 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000240)='.log\x00', 0x200200, 0x100) io_uring_enter(r10, 0xd9a, 0xd8f7, 0x0, &(0x7f0000000280)={[0xf87]}, 0x8) getsockopt$sock_buf(r8, 0x1, 0x1a, &(0x7f0000000100)=""/206, &(0x7f0000000200)=0xce) r11 = gettid() fcntl$lock(r8, 0x7, &(0x7f00000000c0)={0x1, 0x7, 0xe8, 0x3214, r11}) r12 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="2400b94693674740c35cb2aa55f198b3f61eba330e8b5a5f2e306710859bf13b9dc0ba4312462d2f9381dbc44a105fecba0bbfbb1a491984acad4cec40ce67087434798500327531e321b125f3cec94f220878b05ae69eaae33ac5c6480abcffe5807fb1a24e2c3e35eab1bc80a9e090ea69b83739c75d5edd84fe08ce256fee35444f5892480cf7bb85732ac794302541bb3add268196097e34568885d3da6fb20ac4faaab6f47ea4a2cfd1b90eee50c74a0b74348ef1cc9a4d1403a2d2f09b64ad8061d71af3708ceb28b8dd9f1f", @ANYRES32=r5, @ANYRES32=r6, @ANYRES32=r4, @ANYRES32=r7, @ANYRES32=r12, @ANYBLOB="32cd3bfb2cebe819f05f04d150e2fa5f36e7f8b06378541d5a1982db5f07ffffffffffffffff21f451c309aeac40e5e586d1388852a3f1cd2b0bec4be0dd0d236836145fc8781c4d21a3e8e7c8080ab14e30dda10c6a19e20cd95a01d226f225fb7148a346b3449bf76a976047fd85b5d5490bb93cb4e8467ddd53406d45edacbc00ae620badc4a77d71552954b6f5851ed721c043875db2ad717d6e09b763fb2804b0f4ffb62be4c0a57da250858a0b"], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:50 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x1000000) [ 336.160530][ T1619] CPU: 1 PID: 1619 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 336.160552][ T1619] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 336.160561][ T1619] Call Trace: [ 336.160568][ T1619] dump_stack+0x137/0x19d [ 336.188226][ T1619] should_fail+0x23c/0x250 [ 336.192642][ T1619] should_fail_usercopy+0x16/0x20 [ 336.197704][ T1619] _copy_from_user+0x1c/0xd0 [ 336.202335][ T1619] __copy_msghdr_from_user+0x44/0x350 [ 336.207706][ T1619] ? unix_seqpacket_sendmsg+0xc2/0x100 14:04:51 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x204) [ 336.213227][ T1619] ? unix_dgram_peer_wake_me+0x310/0x310 [ 336.213304][ T1619] ? ____sys_sendmsg+0x428/0x4d0 [ 336.213327][ T1619] sendmsg_copy_msghdr+0x4f/0xf0 14:04:51 executing program 1: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0xf00, 0x0, 0x0, 0x0) 14:04:51 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0xf000000) [ 336.213347][ T1619] io_issue_sqe+0x250b/0x6750 [ 336.213401][ T1619] ? __list_del_entry_valid+0x54/0xc0 [ 336.213424][ T1619] ? rmqueue_pcplist+0x152/0x190 [ 336.213476][ T1619] ? rmqueue+0x43/0xd00 [ 336.213493][ T1619] ? mntput_no_expire+0x64/0x730 [ 336.213519][ T1619] ? get_page_from_freelist+0x53e/0x800 [ 336.213539][ T1619] ? fget_many+0x178/0x1a0 [ 336.213559][ T1619] __io_queue_sqe+0xe9/0x360 [ 336.213578][ T1619] io_submit_sqe+0x1887/0x3360 [ 336.213708][ T1619] ? kmem_cache_alloc_bulk+0x28c/0x340 14:04:51 executing program 0 (fault-call:8 fault-nth:59): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 336.213732][ T1619] io_submit_sqes+0x5bd/0xbd0 [ 336.213752][ T1619] __se_sys_io_uring_enter+0x1e1/0xa80 [ 336.213779][ T1619] ? fput+0x2d/0x130 [ 336.213797][ T1619] __x64_sys_io_uring_enter+0x74/0x80 [ 336.213823][ T1619] do_syscall_64+0x4a/0x90 [ 336.213913][ T1619] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 336.213994][ T1619] RIP: 0033:0x4665d9 [ 336.214009][ T1619] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 336.214028][ T1619] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 336.214049][ T1619] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 336.214063][ T1619] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 336.214077][ T1619] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 [ 336.214090][ T1619] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 336.214171][ T1619] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 14:04:51 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x20000000) 14:04:51 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x2000000000000) [ 336.264844][ T1653] loop3: detected capacity change from 0 to 270 [ 336.392475][ T1673] FAULT_INJECTION: forcing a failure. [ 336.392475][ T1673] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 336.434274][ T1673] CPU: 0 PID: 1673 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 336.434294][ T1673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 336.434315][ T1673] Call Trace: [ 336.434322][ T1673] dump_stack+0x137/0x19d [ 336.434348][ T1673] should_fail+0x23c/0x250 [ 336.434363][ T1673] should_fail_usercopy+0x16/0x20 [ 336.434383][ T1673] _copy_from_user+0x1c/0xd0 [ 336.434470][ T1673] ____sys_sendmsg+0x1a3/0x4d0 [ 336.434484][ T1673] ? sendmsg_copy_msghdr+0xc4/0xf0 [ 336.434497][ T1673] __sys_sendmsg_sock+0x25/0x30 [ 336.434515][ T1673] io_issue_sqe+0x231a/0x6750 [ 336.434537][ T1673] ? __perf_event_task_sched_in+0x471/0x4c0 [ 336.434556][ T1673] ? __list_del_entry_valid+0x54/0xc0 [ 336.434573][ T1673] ? rmqueue_pcplist+0x152/0x190 [ 336.434588][ T1673] ? rmqueue+0x43/0xd00 [ 336.434671][ T1673] ? finish_task_switch+0xce/0x290 [ 336.434693][ T1673] ? mntput_no_expire+0x64/0x730 [ 336.434718][ T1673] ? get_page_from_freelist+0x53e/0x800 [ 336.434736][ T1673] ? fget_many+0x178/0x1a0 [ 336.434820][ T1673] __io_queue_sqe+0xe9/0x360 [ 336.434837][ T1673] io_submit_sqe+0x1887/0x3360 [ 336.434872][ T1673] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 336.434892][ T1673] io_submit_sqes+0x5bd/0xbd0 [ 336.434907][ T1673] __se_sys_io_uring_enter+0x1e1/0xa80 [ 336.434925][ T1673] ? fput+0x2d/0x130 [ 336.434941][ T1673] __x64_sys_io_uring_enter+0x74/0x80 [ 336.435026][ T1673] do_syscall_64+0x4a/0x90 [ 336.435042][ T1673] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 336.435063][ T1673] RIP: 0033:0x4665d9 [ 336.435077][ T1673] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 336.435109][ T1673] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 336.435128][ T1673] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 336.435151][ T1673] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 336.435165][ T1673] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 [ 336.435178][ T1673] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 336.435192][ T1673] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 [ 336.545944][ T1653] FAT-fs (loop3): Directory bread(block 270) failed [ 336.665009][ T1653] FAT-fs (loop3): Directory bread(block 271) failed [ 336.671601][ T1653] FAT-fs (loop3): Directory bread(block 272) failed [ 336.678465][ T1653] FAT-fs (loop3): Directory bread(block 273) failed [ 336.685355][ T1653] FAT-fs (loop3): Directory bread(block 274) failed [ 336.691949][ T1653] FAT-fs (loop3): Directory bread(block 275) failed [ 336.698807][ T1653] FAT-fs (loop3): Directory bread(block 276) failed [ 336.705799][ T1653] FAT-fs (loop3): Directory bread(block 277) failed [ 336.712883][ T1653] FAT-fs (loop3): Directory bread(block 278) failed 14:04:51 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000200480004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:51 executing program 0 (fault-call:8 fault-nth:60): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:51 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x4000000000000) 14:04:51 executing program 1: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x1402, 0x0, 0x0, 0x0) 14:04:51 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x214) 14:04:51 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r4, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r5 = socket$nl_audit(0x10, 0x3, 0x9) r6 = socket$inet(0x2, 0x1, 0x0) r7 = socket$inet(0x2, 0x1, 0x0) r8 = gettid() ptrace$setopts(0x4206, r8, 0x0, 0x5) tkill(r8, 0x36) ptrace$cont(0x18, r8, 0x0, 0x0) ptrace$setregs(0xd, r8, 0x0, &(0x7f0000000080)) sendmsg$AUDIT_SET(r5, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x38, 0x3e9, 0x400, 0x70bd25, 0x25dfdbff, {0x0, 0x0, 0x2, r8, 0xfff, 0x3ff, 0x4, 0x61a2, 0x0, 0x1}, [""]}, 0x38}, 0x1, 0x0, 0x0, 0x8080}, 0x800) r9 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r5, r6, r4, r7, r9]}}], 0x28}], 0x1, 0x0) r10 = accept4(r3, 0x0, &(0x7f00000002c0), 0x0) fcntl$lock(r10, 0x5, &(0x7f0000000300)={0x2, 0xd3b7bcfbb43690e3, 0x9, 0x80, r8}) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 336.719542][ T1653] FAT-fs (loop3): Directory bread(block 279) failed [ 336.782386][ T1705] ================================================================== [ 336.790478][ T1705] BUG: KCSAN: data-race in unix_attach_fds / unix_inflight [ 336.797677][ T1705] [ 336.797683][ T1705] write to 0xffffffff83a498c8 of 8 bytes by task 1708 on cpu 1: [ 336.797702][ T1705] unix_inflight+0x22a/0x280 [ 336.797721][ T1705] unix_attach_fds+0x10c/0x1e0 [ 336.797736][ T1705] unix_dgram_sendmsg+0x5cb/0x1610 [ 336.797753][ T1705] unix_seqpacket_sendmsg+0xc2/0x100 [ 336.797770][ T1705] ____sys_sendmsg+0x360/0x4d0 14:04:51 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="24000040000000000100000001000000", @ANYRES32=r4, @ANYRES32=r5, @ANYRES32=r3, @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB='\x00\x00\x00\x00'], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:51 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x100000000000000) [ 336.797788][ T1705] __sys_sendmsg_sock+0x25/0x30 [ 336.797805][ T1705] io_issue_sqe+0x231a/0x6750 [ 336.797822][ T1705] __io_queue_sqe+0xe9/0x360 [ 336.797838][ T1705] io_submit_sqe+0x1887/0x3360 [ 336.797852][ T1705] io_submit_sqes+0x5bd/0xbd0 [ 336.797867][ T1705] __se_sys_io_uring_enter+0x1e1/0xa80 [ 336.797891][ T1705] __x64_sys_io_uring_enter+0x74/0x80 [ 336.797914][ T1705] do_syscall_64+0x4a/0x90 [ 336.797935][ T1705] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 336.797958][ T1705] 14:04:51 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x402) [ 336.797962][ T1705] read to 0xffffffff83a498c8 of 8 bytes by task 1705 on cpu 0: [ 336.797975][ T1705] unix_attach_fds+0x4d/0x1e0 [ 336.797987][ T1705] unix_dgram_sendmsg+0x5cb/0x1610 [ 336.797999][ T1705] unix_seqpacket_sendmsg+0xc2/0x100 [ 336.798015][ T1705] ____sys_sendmsg+0x360/0x4d0 [ 336.798031][ T1705] __sys_sendmsg_sock+0x25/0x30 [ 336.798047][ T1705] io_issue_sqe+0x231a/0x6750 [ 336.798062][ T1705] __io_queue_sqe+0xe9/0x360 [ 336.798073][ T1705] io_submit_sqe+0x1887/0x3360 [ 336.798085][ T1705] io_submit_sqes+0x5bd/0xbd0 14:04:51 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0xf00000000000000) [ 336.798097][ T1705] __se_sys_io_uring_enter+0x1e1/0xa80 [ 336.798118][ T1705] __x64_sys_io_uring_enter+0x74/0x80 [ 336.798140][ T1705] do_syscall_64+0x4a/0x90 [ 336.798160][ T1705] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 336.798182][ T1705] [ 336.798185][ T1705] Reported by Kernel Concurrency Sanitizer on: [ 336.798192][ T1705] CPU: 0 PID: 1705 Comm: syz-executor.1 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 336.798214][ T1705] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 336.798224][ T1705] ================================================================== [ 336.800810][ T1709] FAULT_INJECTION: forcing a failure. [ 336.800810][ T1709] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 336.958322][ T1725] loop3: detected capacity change from 0 to 270 [ 336.960529][ T1709] CPU: 1 PID: 1709 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 336.960551][ T1709] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 337.015071][ T1725] FAT-fs (loop3): Directory bread(block 270) failed [ 337.017908][ T1709] Call Trace: [ 337.017917][ T1709] dump_stack+0x137/0x19d [ 337.028115][ T1725] FAT-fs (loop3): Directory bread(block 271) failed [ 337.034527][ T1709] should_fail+0x23c/0x250 [ 337.034550][ T1709] should_fail_usercopy+0x16/0x20 [ 337.034569][ T1709] _copy_from_user+0x1c/0xd0 [ 337.039434][ T1725] FAT-fs (loop3): Directory bread(block 272) failed [ 337.042154][ T1709] __copy_msghdr_from_user+0x44/0x350 [ 337.049562][ T1725] FAT-fs (loop3): Directory bread(block 273) failed [ 337.053216][ T1709] ? unix_seqpacket_sendmsg+0xc2/0x100 [ 337.053239][ T1709] ? unix_dgram_peer_wake_me+0x310/0x310 [ 337.053254][ T1709] ? ____sys_sendmsg+0x428/0x4d0 [ 337.053270][ T1709] sendmsg_copy_msghdr+0x4f/0xf0 [ 337.059677][ T1725] FAT-fs (loop3): Directory bread(block 274) failed [ 337.062923][ T1709] io_issue_sqe+0x250b/0x6750 [ 337.070060][ T1725] FAT-fs (loop3): Directory bread(block 275) failed [ 337.074972][ T1709] ? __list_del_entry_valid+0x54/0xc0 [ 337.082206][ T1725] FAT-fs (loop3): Directory bread(block 276) failed 14:04:51 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e666174000280010002004c0004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) [ 337.087092][ T1709] ? rmqueue_pcplist+0x152/0x190 [ 337.087114][ T1709] ? rmqueue+0x43/0xd00 [ 337.087131][ T1709] ? mntput_no_expire+0x64/0x730 [ 337.093715][ T1725] FAT-fs (loop3): Directory bread(block 277) failed [ 337.097644][ T1709] ? get_page_from_freelist+0x53e/0x800 [ 337.103138][ T1725] FAT-fs (loop3): Directory bread(block 278) failed [ 337.109250][ T1709] ? fget_many+0x178/0x1a0 [ 337.109280][ T1709] __io_queue_sqe+0xe9/0x360 [ 337.114826][ T1725] FAT-fs (loop3): Directory bread(block 279) failed 14:04:52 executing program 0 (fault-call:8 fault-nth:61): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 337.120493][ T1709] io_submit_sqe+0x1887/0x3360 [ 337.120513][ T1709] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 337.190815][ T1709] io_submit_sqes+0x5bd/0xbd0 [ 337.190844][ T1709] __se_sys_io_uring_enter+0x1e1/0xa80 [ 337.190867][ T1709] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 337.190926][ T1709] __x64_sys_io_uring_enter+0x74/0x80 [ 337.190945][ T1709] do_syscall_64+0x4a/0x90 [ 337.190971][ T1709] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 337.190993][ T1709] RIP: 0033:0x4665d9 14:04:52 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x2000000000000000) [ 337.191007][ T1709] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 337.191074][ T1709] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa 14:04:52 executing program 0 (fault-call:8 fault-nth:62): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 337.191089][ T1709] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 337.191099][ T1709] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 337.191108][ T1709] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 [ 337.191118][ T1709] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 337.191130][ T1709] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 [ 337.258429][ T1753] FAULT_INJECTION: forcing a failure. [ 337.258429][ T1753] name fail_usercopy, interval 1, probability 0, space 0, times 0 14:04:52 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1, 0x0, 0xfa}, &(0x7f00002c0000/0x4000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) r3 = syz_io_uring_setup(0x6ad4, &(0x7f0000000080), &(0x7f0000ee8000/0x3000)=nil, &(0x7f00006d7000/0x1000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) r6 = open(&(0x7f0000000000)='./bus\x00', 0x103042, 0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r6, 0x100000000000000, &(0x7f0000000500)=[{&(0x7f0000000180)=""/22, 0x16}], 0x1}, 0x0) r7 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r7, 0x208200) io_uring_enter(r7, 0x7a50, 0x19a8, 0x3, &(0x7f00000002c0)={[0x9]}, 0x8) io_uring_register$IORING_REGISTER_FILES(r7, 0x2, &(0x7f0000000300)=[r7], 0x1) syz_io_uring_submit(r1, r5, &(0x7f0000000040)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140)="8d36a9e23ae5ae096d4e5467391ea46b6c0caec4441d675e4f31e79d04098792981764ee9bce5b9bafc1364e3125c0328277a3cb9bff5bb3f344bcaae90a4db0de7408916145f28ead55dd0227718c6b42861910a455962123d827cc8b92d5a2b3825be43e85b1a4121db38bbdff842b025671fee8881597596c61cc83c8f05e32c54e27b2ec082a83d0df83cdd82d96d508301097", 0x95, 0x2400c004}, 0x1) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r8 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) syz_io_uring_submit(r1, 0x0, &(0x7f0000000380)=@IORING_OP_TEE={0x21, 0x1, 0x0, @fd=r3, 0x0, 0x0, 0xff, 0x4, 0x1, {0x0, 0x0, r0}}, 0x10001) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r8, 0x0) r9 = socket$inet(0x2, 0x1, 0x0) setsockopt$SO_ATTACH_FILTER(r9, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000000)=[{0x6}]}, 0x10) getsockopt$sock_buf(r9, 0x1, 0x1a, &(0x7f0000000100)=""/206, &(0x7f0000000200)=0xce) fcntl$F_SET_RW_HINT(r9, 0x40c, &(0x7f0000000340)=0x2) syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x2, 0x0, 0x0, 0x3, &(0x7f0000000200)="2aebe0a44f40b81ec82fda527dc9f18f84132b8adc43278f34492872f04c9f947f34bb1898dfe83915d9afd051d6ed1196f7ab3d76df5ff032c030710edf9fde7761ee3b9143046da94ef15d453ccfb3fce2564997d97836bdea2e", 0xffffffff, 0x0, 0x1, {0x2}}, 0x1ff) preadv(r8, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 337.258453][ T1753] CPU: 1 PID: 1753 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 337.258547][ T1753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 337.258564][ T1753] Call Trace: [ 337.258570][ T1753] dump_stack+0x137/0x19d [ 337.258592][ T1753] should_fail+0x23c/0x250 [ 337.258612][ T1753] should_fail_usercopy+0x16/0x20 [ 337.258631][ T1753] _copy_from_user+0x1c/0xd0 [ 337.258648][ T1753] ____sys_sendmsg+0x1a3/0x4d0 [ 337.258737][ T1753] ? sendmsg_copy_msghdr+0xc4/0xf0 [ 337.258755][ T1753] __sys_sendmsg_sock+0x25/0x30 [ 337.258772][ T1753] io_issue_sqe+0x231a/0x6750 [ 337.258787][ T1753] ? __list_del_entry_valid+0x54/0xc0 [ 337.258803][ T1753] ? rmqueue_pcplist+0x152/0x190 [ 337.258822][ T1753] ? rmqueue+0x43/0xd00 [ 337.258839][ T1753] ? mntput_no_expire+0x64/0x730 [ 337.258962][ T1753] ? get_page_from_freelist+0x53e/0x800 [ 337.258977][ T1753] ? fget_many+0x178/0x1a0 [ 337.258992][ T1753] __io_queue_sqe+0xe9/0x360 [ 337.259005][ T1753] io_submit_sqe+0x1887/0x3360 [ 337.259069][ T1753] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 337.259133][ T1753] io_submit_sqes+0x5bd/0xbd0 [ 337.259147][ T1753] __se_sys_io_uring_enter+0x1e1/0xa80 [ 337.259171][ T1753] ? fput+0x2d/0x130 [ 337.259189][ T1753] __x64_sys_io_uring_enter+0x74/0x80 [ 337.259363][ T1753] do_syscall_64+0x4a/0x90 [ 337.259381][ T1753] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 337.259400][ T1753] RIP: 0033:0x4665d9 [ 337.259414][ T1753] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 337.259433][ T1753] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 337.259453][ T1753] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 337.259537][ T1753] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 337.259550][ T1753] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 [ 337.259569][ T1753] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 337.259582][ T1753] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 [ 337.269316][ T1757] loop3: detected capacity change from 0 to 270 [ 337.340259][ T1775] FAULT_INJECTION: forcing a failure. [ 337.340259][ T1775] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 337.417687][ T1757] FAT-fs (loop3): Directory bread(block 270) failed [ 337.420839][ T1775] CPU: 0 PID: 1775 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 337.420861][ T1775] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 337.425504][ T1757] FAT-fs (loop3): Directory bread(block 271) failed [ 337.430292][ T1775] Call Trace: [ 337.430301][ T1775] dump_stack+0x137/0x19d [ 337.437251][ T1757] FAT-fs (loop3): Directory bread(block 272) failed [ 337.440469][ T1775] should_fail+0x23c/0x250 [ 337.440489][ T1775] should_fail_usercopy+0x16/0x20 [ 337.440506][ T1775] _copy_from_user+0x1c/0xd0 [ 337.446889][ T1757] FAT-fs (loop3): Directory bread(block 273) failed [ 337.449821][ T1775] __copy_msghdr_from_user+0x44/0x350 [ 337.449845][ T1775] ? unix_seqpacket_sendmsg+0xc2/0x100 [ 337.455927][ T1757] FAT-fs (loop3): Directory bread(block 274) failed [ 337.459576][ T1775] ? unix_dgram_peer_wake_me+0x310/0x310 [ 337.459597][ T1775] ? ____sys_sendmsg+0x428/0x4d0 [ 337.459628][ T1775] sendmsg_copy_msghdr+0x4f/0xf0 [ 337.466408][ T1757] FAT-fs (loop3): Directory bread(block 275) failed [ 337.469362][ T1775] io_issue_sqe+0x250b/0x6750 [ 337.469383][ T1775] ? __list_del_entry_valid+0x54/0xc0 [ 337.489673][ T1757] FAT-fs (loop3): Directory bread(block 276) failed [ 337.497346][ T1775] ? rmqueue_pcplist+0x152/0x190 [ 337.505898][ T1757] FAT-fs (loop3): Directory bread(block 277) failed [ 337.513267][ T1775] ? rmqueue+0x43/0xd00 [ 337.521943][ T1757] FAT-fs (loop3): Directory bread(block 278) failed [ 337.529208][ T1775] ? mntput_no_expire+0x64/0x730 [ 337.529237][ T1775] ? get_page_from_freelist+0x53e/0x800 [ 337.537955][ T1757] FAT-fs (loop3): Directory bread(block 279) failed [ 337.543399][ T1775] ? fget_many+0x178/0x1a0 [ 337.543422][ T1775] ? kcsan_setup_watchpoint+0x26e/0x470 [ 337.733000][ T1775] __io_queue_sqe+0xe9/0x360 [ 337.733028][ T1775] io_submit_sqe+0x1887/0x3360 [ 337.733048][ T1775] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 337.733069][ T1775] io_submit_sqes+0x5bd/0xbd0 [ 337.733080][ T1775] __se_sys_io_uring_enter+0x1e1/0xa80 [ 337.733150][ T1775] ? fput+0x2d/0x130 [ 337.733160][ T1775] __x64_sys_io_uring_enter+0x74/0x80 [ 337.733175][ T1775] do_syscall_64+0x4a/0x90 [ 337.733196][ T1775] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 337.733218][ T1775] RIP: 0033:0x4665d9 [ 337.733231][ T1775] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 337.733248][ T1775] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 337.733266][ T1775] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 337.733342][ T1775] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 14:04:52 executing program 1: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x2000, 0x0, 0x0, 0x0) 14:04:52 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_setup(0x6ad4, &(0x7f0000000080), &(0x7f0000ee8000/0x3000)=nil, &(0x7f00006d7000/0x1000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) r6 = open(&(0x7f0000000000)='./bus\x00', 0x103042, 0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r6, 0x100000000000000, &(0x7f0000000500)=[{&(0x7f0000000180)=""/22, 0x16}], 0x1}, 0x0) r7 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r7, 0x208200) syz_io_uring_submit(r1, r5, &(0x7f00000000c0)=@IORING_OP_EPOLL_CTL=@mod={0x1d, 0x5, 0x0, r7, &(0x7f0000000040)={0x20000003}, r0}, 0x45e) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:52 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000200680004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:52 executing program 5: r0 = fsmount(0xffffffffffffffff, 0x0, 0xf4) setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f0000000240)=0x3, 0x4) r1 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r4, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r5 = socket$nl_audit(0x10, 0x3, 0x9) r6 = socket$inet(0x2, 0x1, 0x0) r7 = socket$inet(0x2, 0x1, 0x0) r8 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r5, r6, r4, r7, r8]}}], 0x28}], 0x1, 0x0) io_uring_enter(r1, 0x6196, 0x0, 0x0, 0x0, 0x0) r9 = mmap$IORING_OFF_SQ_RING(&(0x7f00006d5000/0x1000)=nil, 0x1000, 0x3, 0x80010, r1, 0x0) r10 = mmap$IORING_OFF_SQES(&(0x7f00006d5000/0x9000)=nil, 0x9000, 0x3, 0x80010, r1, 0x10000000) r11 = socket$inet(0x2, 0x1, 0x0) setsockopt$SO_ATTACH_FILTER(r11, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000000)=[{0x6}]}, 0x10) getsockopt$sock_buf(r11, 0x1, 0x1a, &(0x7f0000000100)=""/206, &(0x7f0000000200)=0xce) syz_io_uring_submit(r9, r10, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x2, 0x0, 0x0, 0x3ad54e77, &(0x7f0000000180)=[r11], 0x1}, 0x10001) 14:04:52 executing program 0 (fault-call:8 fault-nth:63): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:52 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x406) [ 337.733354][ T1775] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 [ 337.733412][ T1775] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 337.733422][ T1775] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 [ 337.904005][ T1800] FAULT_INJECTION: forcing a failure. [ 337.904005][ T1800] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 337.917083][ T1800] CPU: 1 PID: 1800 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 337.927154][ T1800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 337.937268][ T1800] Call Trace: [ 337.940612][ T1800] dump_stack+0x137/0x19d [ 337.944956][ T1800] should_fail+0x23c/0x250 [ 337.949353][ T1800] should_fail_usercopy+0x16/0x20 [ 337.954480][ T1800] _copy_from_user+0x1c/0xd0 [ 337.959057][ T1800] ____sys_sendmsg+0x1a3/0x4d0 [ 337.963832][ T1800] ? sendmsg_copy_msghdr+0xc4/0xf0 [ 337.968972][ T1800] __sys_sendmsg_sock+0x25/0x30 [ 337.973805][ T1800] io_issue_sqe+0x231a/0x6750 [ 337.978464][ T1800] ? __list_del_entry_valid+0x54/0xc0 [ 337.983821][ T1800] ? rmqueue_pcplist+0x152/0x190 [ 337.988749][ T1800] ? rmqueue+0x43/0xd00 [ 337.992964][ T1800] ? mntput_no_expire+0x64/0x730 [ 337.997898][ T1800] ? get_page_from_freelist+0x53e/0x800 [ 338.003424][ T1800] ? fget_many+0x178/0x1a0 [ 338.007822][ T1800] __io_queue_sqe+0xe9/0x360 [ 338.012392][ T1800] io_submit_sqe+0x1887/0x3360 [ 338.017140][ T1800] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 338.022608][ T1800] io_submit_sqes+0x5bd/0xbd0 [ 338.027267][ T1800] __se_sys_io_uring_enter+0x1e1/0xa80 [ 338.032713][ T1800] ? fput+0x2d/0x130 [ 338.036590][ T1800] __x64_sys_io_uring_enter+0x74/0x80 [ 338.042004][ T1800] do_syscall_64+0x4a/0x90 [ 338.046414][ T1800] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 338.052290][ T1800] RIP: 0033:0x4665d9 [ 338.056163][ T1800] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 338.075836][ T1800] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 338.084243][ T1800] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 338.092198][ T1800] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 14:04:52 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) syz_io_uring_submit(r1, 0x0, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x3, 0x0, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000140)="13d0dab185e91cceff599414e02797bf0a10806a5cb6df3a89359d31ac100742353ce1fe1c485adc15ff0bf7fc81cd68adc2d581301e6a111d2a1b4ce497c92c1e8df0b56442b6f968afdbf8cc61ecb2c7c1287616d9e9e8dc0a98dd13e4f70e9516f86f23c502c016378e732182cc6db807d8b683ea4dcd4e3752e55822f39f4fe428816ce3de6d86", 0x89}], 0x1}, 0x0, 0x4008090, 0x1}, 0x8) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 338.100149][ T1800] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 [ 338.108101][ T1800] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 338.116050][ T1800] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 14:04:52 executing program 1: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x3e80, 0x0, 0x0, 0x0) 14:04:52 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="24000000002200000100000001000004", @ANYRES32=r4, @ANYRES32=r5, @ANYRES32=r3, @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB='\x00\x00\x00\x00'], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:52 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x604) [ 338.151654][ T1803] loop3: detected capacity change from 0 to 270 14:04:53 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r4 = socket$inet(0x2, 0x1, 0x0) mknodat$loop(r3, &(0x7f00000000c0)='./file0\x00', 0x100, 0x0) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x6, &(0x7f0000000040)=[{0x6}, {0x1, 0x40, 0x6, 0x80}, {0x9, 0x1, 0x2, 0x80}, {0x89e, 0x20, 0xff, 0x4}, {0x9, 0x0, 0x8, 0x2}, {0x9, 0x8, 0x40, 0x5}]}, 0x10) getsockopt$sock_buf(r4, 0x1, 0x1a, &(0x7f0000000100)=""/206, &(0x7f0000000200)=0xce) ioctl$F2FS_IOC_COMMIT_ATOMIC_WRITE(r4, 0xf502, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) r5 = openat(r3, &(0x7f0000000240)='./file0\x00', 0x123000, 0x42) getsockopt$inet_pktinfo(r5, 0x0, 0x8, &(0x7f0000000280)={0x0, @private, @remote}, &(0x7f00000002c0)=0xc) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) r6 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(r6, 0x8982, &(0x7f0000000300)) [ 338.204771][ T1803] FAT-fs (loop3): Directory bread(block 270) failed [ 338.216991][ T1803] FAT-fs (loop3): Directory bread(block 271) failed [ 338.227965][ T1803] FAT-fs (loop3): Directory bread(block 272) failed [ 338.238154][ T1803] FAT-fs (loop3): Directory bread(block 273) failed [ 338.246004][ T1803] FAT-fs (loop3): Directory bread(block 274) failed 14:04:53 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) syz_io_uring_setup(0xfea, &(0x7f0000001640)={0x0, 0xbcf2, 0x2c, 0x3, 0x2f}, &(0x7f000024c000/0xc000)=nil, &(0x7f00003ea000/0x4000)=nil, &(0x7f00000000c0), &(0x7f00000016c0)) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) close(r4) r5 = socket(0x200000100000011, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'sit0\x00', 0x0}) bind$packet(r5, &(0x7f0000000200)={0x11, 0x1c, r6, 0x1, 0x0, 0x6, @remote}, 0x14) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) close(r7) r8 = socket(0x200000100000011, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'sit0\x00', 0x0}) bind$packet(r8, &(0x7f0000000200)={0x11, 0x1c, r9, 0x1, 0x0, 0x6, @remote}, 0x14) sendmsg$ETHTOOL_MSG_CHANNELS_SET(r3, &(0x7f0000001800)={&(0x7f0000001700)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000017c0)={&(0x7f0000001740)={0x70, 0x0, 0x100, 0x70bd26, 0x25dfdbfc, {}, [@ETHTOOL_A_CHANNELS_HEADER={0x5c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}]}]}, 0x70}, 0x1, 0x0, 0x0, 0x4}, 0x20000001) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) vmsplice(r3, &(0x7f00000015c0)=[{&(0x7f0000000040)="5c350b8b", 0x4}, {&(0x7f0000000140)="6887e6d484d2d233af4ed46600c3e0c41aff79d638113f772debb2bfd3400f5f9a11381250579107068ed50a2477f8f5e6af3dcf65db8605e97dbfad462dd14feba6c3f407cbe19ae16aef6a81fe71", 0x4f}, {&(0x7f00000004c0)="95cf560fd20aad20a3e93667482c50ba05b925a18dbd9cc5eb0cc1e27e084d92970050bdf4196cc3b1a616d24cdc1532887eaf497ad01069b8d354d98b05e00160f0cedd69374f5e0db0cff4fb65c6edcdc8a635a3eb178813229de7e30e8be5e0e1d04f0c79285a3218f087c5ea4abd05ea46c5a907cb0b922a0e2867454b10f062fb1d30aa732db9eebb0168aeded3c10ecba4c6827d57a3d7fe8e49fe83dc13d80ecedbb21d429b98567bb2868746ad881429f18ee2d1381fb23bf3d62c8155a0900885f581df23190db0a9097515c2c194c363f99f4becea659cab442b2069a2f227b72982452d8e8f6470a8ab99e7b3c7c4544309169138495d2bc5c95261b6dd5a2c8d3f366cb39186e8535f8b2de7061999e111e112a835800c74cbddfdb26a35362308b19c1c09988c045bec2291f534f7a2c111684edaf4dc6457ca95701c0c615d8ca6c2454dcab91e6af0a13198eb9fff01d2383a4840059c95219b51c6726ecdf0ca40c3d40a485f302aa18c477844589d08d8a5d4086f15c6a266bb6d87f3e1c82c92aba25a6a820de37eed9cb0781b8c9938fa9d05359a645de0a67c6bf10408fcd3d6a07ab3a174b7e40e170fb34e96721fa7438fb409b7584c9777eec732c86673f445fc1f5859ef7729042fdea0d49a90e081071f225f4fc485b59c5da77ce10e6155fb907d8788bf884ea9b8948dddbbbb9954da0049448cb4a2c498599f3f221c0428ac944daf26e588af8ddbdb149d6d76714a0252d86166f94590c7ccc3a1e5e845dfa68503f04d09fb3c3cb2ddbcc093018e73b498bb886d7c3ae02080beae7bac43c80b1bbf9c3bfea642c77c104444bfa7500e00bff7416af54c20a5bc6ea2906c56569bdbc1f3542f0b92dcd701a5521395f2c72af24a3c92b11c4fafee7720e485484e211505e857044b8100e7842e604a846ed44ccb06e7c77a994908ef986bfc88322587db1f57088d1b1e71bd83883e875499b55d2388dca9c88a102e097afec6bd42925c20f6923d5b90811dad426b684a52734735da52ce8e884be1eab6fdf6215d8f2a7b1edaff20b80def9ffa145a9a61cd57295cd5d6297512374bdb6147f6cda0de94537a2ad75fd457f7ffd815a24fb7ee0ea50ebbfe2dab1d207bc0181499f5295c3f3012b9ae078293890ac7efa6e375c125bf82df6c4b2404aa3a0c9c4b824cc2bf43f6b2b9070ba7720d1a6cd19df7678be579342fa1ca2c1206dc3ce7c611db4b072e324df2eeae053833534d45f6297837bd2ef8e19a32576e811459202641de53c2859d8ae254853c50ddbf3e216645e3aa0dc64db13e4ccb3a259f6c376a06e99ab2d49249f435001d2483ecf94aec47d3cddef27c06e3b86928e1e02da27c26e5816e5e189e1e40a12c78b0195002bebfd00633dc872f4f4fe738ee23bf5166eb0788255116851b5bd6c7dafb1b8027d6d3f65987a3406ecb3ea978dd0b78f348f6d0b8a1eb5493ba938d448ea5c61be09dcca4d1775059c88ccc54e7cdae79a94bdfafb23c42db10dc9a4e918604bc11211b0302121110938677f48d2d55b39c3d9b05a0fe04f37e9850ed47e41b5e8319cebd30b83bbfbd41525a4d844366f916a1a513152f65de3da2e00ca1a218cbcf183537ce558b3b24a1574132662a1479ee8ce229a50b063d9cc69c6022ffd381331936261d90570f7afb3cc8a80d5fbb520a0d588e5bcbfa1de1d62db6278e57217623b64a8b9bf9e5764029557f24abcf83458f9cd580931a2b1cbf5399769470e67ffc24668fc3427d9871554d40bfb88b623cd1b4bd233403f50b87cb00350f77bebc130d4d805ea3f952240d42f445b4dc0fe1c8c265f3069c66e822bbd206ffc21bea1b50fc25ea6585380476711fe95213e3b9a31aff148ac11f7d073196c09a693a38fc6e6cc5cab06004dcca2e0aa3fd266cabf454cf1eea022cdc1150d3507c604bea4c382f829a5e4536e2ed26b52f9050620df84068f293fe6527c2bec68ed6487a7833cc3d4cd2b5d279d79ac9c0d91d7ae208161867f1e80981c513908c63b1a751bfe9885ca419b18c893fc0a83337fc29ac7163c8ad22428f5d1c371f5f6b97b3c02ebc2235e45adb490f2528ee7edfe93fdba0b86113ae1d8d6ab69cfe1eead9b4416dfb13161e131f533b043874444e0264e4de54ff5b060d6ac9ae080cda5d8f6b6efbf5217ed4c7586bf3bd3132d06d57ede69af8da21e7c1bac0c74af0a44521a9188dcda429311e9ee05b8b48c9ac3f3b6744f8d57da5fb70816332a0db0923d4db280a848f57e8d71f85950fc34868e14ad837d7d324b5ade36bf2aa546d32da97dd4b22adcaf1bea50f1bde7891c7d449b63fe30387be9e058859dd2f61e00d176b3c4944d774fb0869e62415c6c5524208e4d7ed7dd9acdbd16da4f1d695436e1a8d26a58665129580e14af83f06cea3bb2832804ab9f7fb68f0784f83faf6a62ea739e334703267843da83a94ccd05f3a00b4721081de7ab32aa28040810e06e2758c9daa6f935ba7045b879f51a18ffae797522d557958949084bf493e2c8cebb4bbad111ac25809d306f73e6699242283789f4aea0fb57f592a1747ae814366bfa4aaa52c51569647de0bcf61e1fcb203621510b11bc247ea4f8a4645b090b584b88e08073842362156d4dffe2f5ba7283f940716a5eb2cd2166d6642ba05571b2c1c8800c48fac2e579e5a0998c2ba991d29ad8d0da8c15f170463f64c0d4e2cb002ecd9d281be2b73dd43eca12d94726de00571de3541665591da9176b346e5af06f720d6d3477c61f8c1f580469af79f7678d6e273e16a2e8327c2a02ce9f20a20a7ffe8884ccafd718febec89a594cffba2faff08afffb5dc06d119a2150d7a8b0cda42b8972d0cab9759e8ffefecf751b13bfcf60d4f561a7028ad46a8ab742092edfead8f91b93131ac07daaf2d4318c9483a22c3a187c726fb88cf097c5ec2af6f13fd335e4269f3e766e25614dc31145bc84f748021924c3c5df412d11781684bb554378c3951ee2a230590108ac5f8d1b5404f107ee6404df9247d25fc07ed7209621c5fa383c5542955fd323c13de43c18cda9cd29dc0032226905ec34f484b6e69340929c4449e5e910523a955fd5d5b35b45e077c0017c7ca371902c5c8dd9063cb502a9ef9bbdb4eeb1db8d3bba50442c6f2d0ce2b9c8c5e91bda56a68377cf18ec0e2bf4afc0b566bccf592de450571e12af95f519d0357c5efd9a6709d0369efd4147ca259132187ecfaf865b9b513253c1fe341dac7038d15927db7c3d07dd7574795213ecc696edb2cbeda8ae9669d08e13d2b27533581e8117889fcafbf5f6cdb1b94f65ac3cfbeef6f438deac628d6df82eb01ee4958e3b287a1a7b76f54d007c1e4eecc57dcaa2344d7e2a34ae4bb4b82901bb70fb94cbd9ce0bb29bf135608bd4cda721ca8f5c447f2fc2889bb4676ea3146979014a2dce23f2f9957d4b9a8a2fea200d429f373d300630eb55484947009f52f1315bdb2b25d35a091560a33e77a30726ff277ae09db6ec8bd36e1be90e1b4c1336a173a41d38035b0711d912bd7c45f46f7afe653f776e03d51a6c446b5970959831ccfe26bb0c7c39d55073c4bf3ca97c933cfde184ed344cf4465ee0e180d590636f2f2183c8dfc908635e1d8c12061fb2c8c0b549937b1e805da6e57c16bb55c79fbd3bec31236309b7a702817b0f9ca51e3b47388045fbe1548e2edad996fd04a4afb4a864682f4348176dbd301dd364f3463c29d9dc5beaaea78e99234750350cbb632d58f33dc9eec7c2f97f5673dfd6487e41added609b1e2eb8d5a97c9906b874b605fa5ce7fdb069d29828eea5f1d3f13e087f0ed7f54cf4df5b9713a54075dc1eb6b845428dd6829a2dfbbf24a083aa841276f0a2d5f173357454ef94ef7e9c7ce5d0e41cd96583e50a09bf66a72a1884950d104d43bb512ffaeaefa5bafe2e9e65e014477a6b09e414280e7d2d71cd40c6e67b22a4d2085413bd01b1cbf998bca9b29e95f9e25faae967f877bf09ae981d7f53ef6055607d651fb21fa097f542d08bc671cbc5256a6318d782510bda18c334f4612afacb0d2b6e76e8a3f8545176f2f333d292ea3c01cf205cca42b0b5ff9a6bbe1417c350a3d78ef3c8ccec27931b751c06400bb7b6fba3502f0fa5401c3b2d3cbddb18a483cd774f4e75ee8394d93c593cb6b2241399793a8976fc02a1cb2233c7809b6bc0e280d157787498f578d3dedfb730e3abb373bdc9844cbec2009d008e10669e523db40ce23c6465add28a46aa923d4da891fce559367099a56e8c2b93c497ca7d9a1d6143896a481eece1c9f5e5b9f32fce13e3188dff92ad1b3499dbea74ff13283dcc2fdfce02e0583c86558c4d38c782af7960d5d4078467e87f538ac3136b1dd10fb101dd2fcdcdf071808b2d24dcab166106f38e6b220edd6d36117bbd73bc9cf35134768bdf86d14a686746bed8c338aab88210a225bbc13899c1a0034a5bd5564fbd5bed42fc2af1f3f5f0847104d2bb80d320855f45037bf77497cd236b571c4c02cd6852536cc8b62e042f547c98c83302e87688f39752a21fa460be8369c38584c0824823c057b53d5c6f6c9e18cf06ba3a1236bb377dc958a1c21720b6c3897fb7214ef6dd3bed0b40fe93b97ab27069217e429b322564d84b13f7242b039ecded759302558adbfd9730f36c400f3434c772c72cc3d716eac5158a43745458f5acb54bf25ec26f5e85a2fad34cdd50da63e179d1fa1177c9c1c18db7179ff8fc51b9d76884c2e5d770ce1c2a83783ac985723cde1b342cd1bb270fcc51d1603592f44b375558d840f58fe5823ac9651e743d715ba9761c71bb597cda7504a3503eba55c350bb1bf86b8a6a42d39560fd55786c96eb8a47537255a4232473527516f11125b6ce401ddffbe6faeea927261b909c47b496c3813c309ecb643bc087545f687c276ae58d5ba62fdedf3406353ac01db3e2d46f788eff46fa91e09cf2e1ce2dacd73dbed41057bebb71e5d22ebfd35d7b329b1705afc3cc0a09c9275eedb5587ff46fdc17fd5fac705fb47a9ad08f41b6351c0b77685812733d9787a9cdbdeb9b0ba38e47cd70c9fd003dd9a4b36fb6e8f3ecd3d5fcd8dfafdf2e1ab43f11b30317a5a4b51769538a9c71d66996f627649317877ca2ed693a8cc602a512a35e1da8111ae6c5eaf523af6a5f5fc7401080d130434d3f09b8234f6aa934215596aee2ff0269aa82dc2c53d6d97757c2213d43a445df0cd7a73c5284963d2d23465d076c1674784e01bb852a67e1e139ffee93eddfbcda53b882ee3fde9eb2fa176e921dfd094014f4d6751cbdd12a791a2ab5c02b8590a60105352ef261227dbd47a5d5c95ffdff0419b512b4bc7841133127cfb255a233c316d7bee8a0971226c943e8c91c35043f64d33dcc10d576a9f0d1978e8077bbe21633e4393b1d18b2010deb5a68e6d5f62a434351c2bb04782219d5fc3009e5917fc18abd90c602659324e1f713d48f925a6150983b3382ade6287c7df0c80e8e7e8e3b3fc3df29f87def6f151eac9559a949c0fbc918dad022f5befbdffc502d6a77075f0c1512336e43408ec9f039dd0401a0440d159a2691c059c8c42b3739f4cb4cd22b312f2ba600287cb6ae28012bb58d4e1cb069016291343dd19b871a528ce55ff9d52d7154466b2dd54bc0d6f24c535e52dc2356c0e4ae8eb863bdee6ada196dfc8c7f3d6be5d0b99610fbe8d59b962c47da8f13a9d2ec293cb4a223288c0887cbad8966caff68ed9151", 0x1000}, {&(0x7f00000001c0)="bffee40330345ada60076a054cd3d0a49f94c521703ef2d15ab724ea27a79ac24b391a73fb3acb94d67c63e8682dd0880bdf363390e9b0505fd7a90c87c8a0036594b97d64247d982e3be7a7d7a09a9c2388af86f08b01a15504937b4f757fed3208d50f5221e02e9afae67e77bf089740d16ac8870375dcc68405c94fc54e2ea750ac137bcbfb265a16168aa1cfe8bd331b54841fc99d3e36640fe02e7ec2d665a1b569215894bfbd87a51ea317638ef2", 0xb1}, {&(0x7f0000000280)="bf0e87a973ab1b03bc91aacabceb45273ae6ae428589b96dde04e4255df68780a872d238bfe718383b40e94240b490c5bfadbd80102bb0c56db8383b5931d3596a20ec1b15e961a28bb65da953f3e96904ad77fab7df24c7e4090b1df19d9d96", 0x60}, {&(0x7f0000000300)="ecf85e10ab1a41aa45c05d66ef9a8a68a791853cb59029acd0f13d9b3cf0b881706aa0dc61e86c46859ac09cae74a31ad820112d4c404ade78c14d3450908aeec180f8581cab17046ed9ef9984fc9a7cd339e4850b37328cb2d26c43f3270523ee19f462cd536de94cdb929325cc00258eb1c2b40faee1450fb865e17315e15f1f08522aea1a34294a0dcc578706ccafc6bab454d8efbcfd5111a56594921ad6832f", 0xa2}, {&(0x7f00000003c0)="b3fdc1ac4eed814a3a90317c676e8a1753eafb22d11bf75a3a6d54f1821352a9a7bb08e6c5a1049d1bcf03929288ab43707434b48e13dfc1f4ea53bda88ce15eee6fe3edc8a74d84c36b827d5053bbfd29", 0x51}, {&(0x7f00000014c0)="8fb2edbf967602be65e5b47088bafc587150f079ba5408879b8617746809ab855e2e59f26fd8f64e784b1c4db179fe47661d8575cc0462545d93dc91030c95d38e228b4a37db6d1a400da27ed46ffc9e77a6506585ea654ec8ebfea5f07bbba4029e1009c2ef6bd68a5dceacb3d2f4d8ececdf3f2df29af96a7dddcafb23f5f52c11c6240f7d5085665bcf3cd74fe5aaa471e2459792798e5beff9018ab5d04dd3bc534713076e05cb4e2fa44d6eaa3059e7b4b7b57349707d16511d10bc94027db8b6084eb06cf7016d38dadda118a3727e2f73263594ae07989ef47890793c021a262367b90d39f7a1", 0xea}], 0x8, 0x0) 14:04:53 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) dup2(r0, r7) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:53 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x700) [ 338.255376][ T1803] FAT-fs (loop3): Directory bread(block 275) failed [ 338.262044][ T1803] FAT-fs (loop3): Directory bread(block 276) failed [ 338.269143][ T1803] FAT-fs (loop3): Directory bread(block 277) failed [ 338.276064][ T1803] FAT-fs (loop3): Directory bread(block 278) failed [ 338.282992][ T1803] FAT-fs (loop3): Directory bread(block 279) failed 14:04:53 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e666174000280010002006c0004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:53 executing program 1: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x4000, 0x0, 0x0, 0x0) 14:04:53 executing program 0 (fault-call:8 fault-nth:64): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:53 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000), &(0x7f0000000080)=0x0) syz_io_uring_setup(0x6ad4, &(0x7f0000000080), &(0x7f0000ee8000/0x3000)=nil, &(0x7f00006d7000/0x1000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000092000/0x4000)=nil, 0x4000, 0x0, 0x2010, r0, 0x0) r5 = mmap$IORING_OFF_SQES(&(0x7f000070b000/0x4000)=nil, 0x4000, 0x4, 0xa7010, r0, 0x10000000) syz_io_uring_submit(r4, r5, &(0x7f00000001c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2, 0x0, 0x0, 0x0, 0x23456}, 0x3) r6 = open(&(0x7f0000000000)='./bus\x00', 0x103042, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r6, 0x100000000000000, &(0x7f0000000500)=[{&(0x7f0000000180)=""/22, 0x16}], 0x1}, 0x0) syz_io_uring_submit(r2, r1, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r7 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r8 = socket$inet(0x2, 0x1, 0x0) setsockopt$SO_ATTACH_FILTER(r8, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000000)=[{0x6}]}, 0x10) getsockopt$sock_buf(r8, 0x1, 0x1a, &(0x7f0000000100)=""/206, &(0x7f0000000200)=0xce) mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x4, 0x13, r8, 0xf5f13000) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r7, 0x0) preadv(r7, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:53 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0xf00) 14:04:53 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x0, &(0x7f0000000180)=0xffffffff, 0x0, 0x4) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:53 executing program 1: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x4200, 0x0, 0x0, 0x0) [ 338.413448][ T1858] loop3: detected capacity change from 0 to 270 [ 338.452685][ T1858] FAT-fs (loop3): Directory bread(block 270) failed 14:04:53 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000200740004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) [ 338.461839][ T1858] FAT-fs (loop3): Directory bread(block 271) failed [ 338.470672][ T1858] FAT-fs (loop3): Directory bread(block 272) failed [ 338.480841][ T1858] FAT-fs (loop3): Directory bread(block 273) failed [ 338.487881][ T1858] FAT-fs (loop3): Directory bread(block 274) failed 14:04:53 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x3, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r3, 0x6199, 0xb91c, 0x0, 0x0, 0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) 14:04:53 executing program 0 (fault-call:8 fault-nth:65): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 338.487897][ T1858] FAT-fs (loop3): Directory bread(block 275) failed [ 338.487911][ T1858] FAT-fs (loop3): Directory bread(block 276) failed [ 338.487998][ T1858] FAT-fs (loop3): Directory bread(block 277) failed 14:04:53 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x0, 0xd9f, 0x0) vmsplice(r0, &(0x7f0000000040)=[{&(0x7f0000000140)="24fed9ba4bc7de1fa64f4a52e6fee6709395a9d0e5ee7a2b06deb69d988b31194cc6814a4087d9e0989edada2d8098287b2b1aae5b14cc6d4a34bb106ac4e690804c13d2ae096dbae3618148f0628ff958dd28295027e1fb7bd11b4aae0d47069abc4bcd3d1a77baa67361e3bc5622efa88631dcf3e6925a7d0fc022412fe879599795dfbf4d1dc373200cd73f3ee71998b9daa06fa599b777e308f162d6bb760f24fa09bb0d7d2ca0abe1d1574cb8864f7801d4", 0xb4}, {&(0x7f0000000200)="7228454a735c1fe23a054392b4abc99a0020350462cce5c22f23552ded6390d3a28412ab95114d3378d8d672e11ead7485f03f9601918fc7f77756914fb34ec52065cb25eb33dbe0031805e0675da001a746e3dbb7400112ff01f42fcc36fc743166d329", 0x64}], 0x2, 0x2) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:53 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x80) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r4 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r4, 0x0) ioctl$FS_IOC_FSSETXATTR(r4, 0x401c5820, &(0x7f0000000040)={0x8}) r5 = gettid() sendmsg$nl_generic(r4, &(0x7f0000000200)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000001c0)={&(0x7f00000004c0)={0x1584, 0x25, 0x8, 0x70bd29, 0x25dfdbfb, {0x3}, [@generic="98a0fc4ed857ce", @nested={0xc8, 0x19, 0x0, 0x1, [@generic="d8fe1ee463c4e82110a9aab742d225229f84211c40563c6be94f1c66d2684aa889eb9fb2f09f303df89b5dade091198e0f5e2f051eba5c603fc88904ee37b349a7c3e0306ba7d6d7946a684c2e14c861b149fd3f46c67109033b90669693d7be7bb6907bca9446b0b00e5f834a7e69ffd278328428329319aeeb6e1c1c664c17a6f2aef5ba5ced", @typed={0x8, 0x66, 0x0, 0x0, @uid=0xee00}, @typed={0x8, 0x6c, 0x0, 0x0, @u32=0x7fff}, @generic="704762450319d02014358b9c76e67c3de764914ff61d4c569024379055bc12c45e1f51e362dfa5bef523cb3811"]}, @typed={0x8, 0xc, 0x0, 0x0, @pid=r5}, @typed={0x8, 0x55, 0x0, 0x0, @ipv4=@empty}, @nested={0x119c, 0x5b, 0x0, 0x1, [@typed={0x8, 0x42, 0x0, 0x0, @ipv4=@empty}, @generic="7ac6c25a9378d6857cbf7eb65afd08cadf6320e5768656d11997ae4f2e0cdf2b0258406d8e87388a47491e671b5fe1666da7dee8287d157a8465d79339e9f084ba88c86c94824d7d70b59c0ba74ebaeaf558059294498e0c76f4b8e95a699a2d", @generic="d15a9c480f216667bdc96cfe1cc8cf5db1287fa06f5ac5157a24fbdab7af1966e70cc17098f8d7fd244562062cf07a53033e5b6a3552d08438ba4afae882b6e4c77a5aa21fdd28fc0309ec3029e6b3b08f655edf60805f099b38", @typed={0x4, 0x4d}, @generic="abc115501e4727c0573361d18794021dd60c2e75d7b98643f5bba5d3c870fc17944ff4df13b379f04acc0dee7ed54a09ea947e65559f6d4552b766da6c788a9f51c1960879aa8bcfa02b001d2ebfd61eb76663c9be90aa1a48f8fec216c8bbf653f344ac8fd12b4498f7bfeaf04a3a06c4f6042d14ea025d64f6779daed8a5ca327224d755729f0f39be28e8a4f755dea821f866b1d9b500df579c4a09cb6acd91b77e3a2e629d30c496c2e7275a7d0897e6b616b654b90188f5aa90a2b18e4383ce333ad538faa921fb648c297836f4b5e369d5ee41f4cd8714b485de409933c5434bc4d90c1fafa02f88321ec342959e1fab82c52b782652b790f2b87b4308039e1e1210beee39c1bf4679ee4b5f1ba26faf5880c10880ca66eb11f5bb7f69c391ee4da24800e989f8d575f3dca588b30a35711dfa180b3f40e95a440ef981993f50912ab3bebf29b4960c99619b55d7626a4e2a44dd84d0239ae31b6c723165d663618e194b5c195426bbd872b47394e560bc27aae7cefc74837cf1632da91df072b3fcdbb927dd302409fd299e6824c5ebfa5dd2321dc594bb30b2845a75c31fa74f37ca7164500d637b760b23ab3b203eb7c576acbc98e0f6a44e94015bf0bf64cb913bb99195c2df9b155c3956af185080b745ee96b5c9491e761ed03b864a2df8e16536adb7e27e4eb2b336f30420e093d3fb72866d6a9b864ee7929f47c69e4cf21ff08da176b26ba96795aaef0f5f8faa0996ec5d06224ca5dec5b31ee1ca198ed2928cb985b1e5fa787263313eec916d8070fdec93e5059fda905617196814d19e5a21a6779b779edb4f579f5ae6f86084edade89b437a077b8b4716edb28896510535b731f421771e89483d934b3b1b155d4017bf27ef2bd58a48c288c5746fa19a319a0a6202513b6c183d9c55c75369210bde430b908187c8ef29bbce65a4e8a1d348c6b1eaf089a312dc27e866dfe2e5b95d4fd079443102779f80cccd89f1ba44b357cbe6ef899bc651f5ec79b693981d870c5f8e73bb276cc9d3efa5f356552755ddb1ee15ccfc785c7fb1ded297661504532d87191d81c7aa835b0ff6712b371d3052c3e0cbf02a86fddd55a1ab2178834c07551c38ab1878234a35c8a5b3b8e8c1934bc5dcd37b9788b6b95a82a01aa16d0a8f2594ab37a77c02c69e8c30112c74c603c9e26f2e76c39b2d4049c5acd9376a53f2e2e353f5bd6cf6b74fbdaf6d2e1531c567962eb7c545324a9ed2cf9ca343eadcf7874dda2ce1ee831cfee739ed341bcbd15e3d52f8f9e26f87acda728464a6114bbd06588e2d7f7b11294bc07450a4f21ddda0519309f8a9826c72f6e3a9cc5662ba09e84089777f2a3fff0d830aa9ecf8a5975c003cf47870c0b7b837d4bc491c32b8b6c4a8e9556fba754eab165db812234c31b5ce4c7725741bbc110e64726f41c09704cee9a943fbb72368cfa3933cc8bde8e93b2085a22dc41813d4a057e227e0eaeac96e905a3cb63b63e71db2568e5b31c9a4017bb63c698132e0096a951759c5c481981f903057fc1fbbbc435c88b0578710d6c111139d7bc8fb15eb5c82b6f514108d4d30d767238ba214bb878cd363554d17004d3c1bb58f7bbb108b1ab50f81dfd305dd2b8c544d883e624e5ab98bc6be4f6ef419ea7b1ef3d4f55b287657bb0dcb81c9a952520dfb038260a25d603e868e0469bf11e704ee57207d64f38d041c9f4aafb723a4ea0421ebe0abf89d337ba48cdd6b56be3572357f7640671f2174ab9512a25bc11b3926f8b63570550b8bfc52767a98b95a3c98e580014d07ff1a723519f9bce16dfbfeed16821ee7806aaecc8efc5906f4e213d595b4673db5b6c41240e6e11be3fac32af2a879d5d7637f022978c4c39af25bd8d9c2582f216f9758d0dd91463220f5d5670e74d977a2532f85a635ab29a7d5dac4233233b2970647ed4830cdce8bdbe0db8608b3d369b1396fa95ab32be1be4c67a005f6ad8a15bcb30524dc48db4097e306b23ec53b3956a5f7ccf95edcaed20d8602358e8d5cdb9e05455f4122bdb7648a9e3af3e84d1546758289bc61eee565b4981acc353dddc1182c40fc36b4bfb7ab1cb9d237663e1c7f53c6e7d4e118722d85247e21ffc18ac5a444f3503e07ddb4925f1904e33341ed14df26c24a71b6bc8dfe838b070e7cc23b0d0afe2fb5c22153e110f7c4f5a18cefa08b3a5160a81f6a5e71f7ead90b8d0add109dce0b7a2c10677aa92e35d2f89f19f0a043e05dab5e3d7ec0b8eebc9fc670daf8aa6dfc25f40dfd6ee7bdccec9aa2549693651727a678a7604c962b3cc99d7acc3a11a3820b1c6fd31da875b16144a26fe2be08bc71f37d41f90c7625e4be9a489314dac2d1cf9aaf05cbf91c8657bd5245d6af3dcc76bf5d5aca86fdf4ecb51b200a5bbede8a46644e6dee3c810e5b560d19391a80b24a81367eecad990e2cd11d75723817ed68e3358b1adccebbbcb8463fda6cbb9d98a63c4369a9d3a04f263730732bb84ce3cd90f4da7540c237c7469a30530b4d6ce486acdc944022db2944ab14131ccb85118f70cd8da93ffc611fac1ab6ae57fdb04173adc530daa4ad25310ba0bc9eda1684c744624c3f4f461d454be14c32dc263e41d82eb9ba521699f915cd016ac87a132f69555820ac72dd2b6e4a2df42870a301b689cd079d5284a9e8360f27e2562cdb938443be808da1d0c60abfc0d233e65e8e57cd453e6599d56681924856fc4423843ae97fb0f5216dd733f1f23e3208d6a98a63b978b328ade523164319128de070bba81d938af5e52e8ef291214cab3bb61f0a4f993737e9a042ce531cfcbaa5284761c4efea1d8415782fc5777da0e9913fb91797fd4f2a468caa80d9d2fce23b36a2327dfef845b6766146d940a92ff920d582e4f47eaa25ce8efe36baf9cd225e1dfc84c90faa5fac2ee900c2ef5088f9cea675b021d6583670818f64ee5ef2008c18af85c6985f91c53bc0dad70e8de9a63f908e4efaf9de406537bf59802fed0de07d9c874fb5a2cc84f5d0888ff1a462621fdb289f4cc22b3decec66458da6295941efb32cc95294811ecc2f37699d61535c4f981bfcd6723a6a0169b9562e70bde68146f781c5be11080feb00c24baac3785a631d93cb41ef6126f0d4c2432db8500b1840d48c9bbea366a8b81d3a5922eacd9c98673aaa61643ef521ec1863acbe7cf53fa611354c95160930cb0d05fc0c82fff847e747ca757d48990518967669ddd4fe6712036add339c82df2f22574e9d0854039500a7ab27ad976b7b2e30d9f20eb8c5a581d87f6c38e57abb6c49cda23f82e2779996cc364e0a2d56b58a5ebcf0fb4313d40927cba85807c6a1dc3ee6b539c318dea80851ceb184ceacde06d6297e4e042cad4abd6c35146f0fe909c1489c63d26e51968440551d9be35ec43e884256fa1a29ee2e60130abd80ce066621bfcc85f16f97a2947499b5ddb19a7994e4fd49094f60a94341e710e8c2d37f7b5cc5822f878b1b3f54561b6c57355585d167c0c069600427a75e904aca0bd4b50176e4b37d14d0413c3d60f9daaf8c9d62a327fb7d944b9c8478b95da11258525cc139598c48d9398e6bb48db6f22defd72b39da86fd7d53f22469d10e29918aba227e551c7c6b140d3e884db6e2438236e2f52621f4576364b776cbc86710dcaefa94f89ed53a12612ddc7f5c34eb2754fa123d11136d1fdf49e76d4c88aee63787ee94addb24aee38eaaf91fda372b6caf255fb7e8b280c8d1595090d285814e4cdc036268438a8f94326c94b3196ba84891bb6f1486d5c84feb41590fe615e179c67ca98ddd8c531497d53054ccff805192c0b2496eb1215e40f46d40e8738dc23eae400fba29722ef5f0655f5bcf31ff9107245714aa30f9b97d8c335df5d19493feac56c649b44d88e98cbabf007e530a65d24a4407aad99fb4552948a89a381661657efe04f3b2e87643235850d3217f4a629c34dafbd916780510554b83a36c283baced5116355122211a42d15f46bd3cf9822524314898aa37837edcea718c568b60e9784f7c1a228a445c5083c030e08db4df6bdd6e33d88cdf34e36e3c42dcb28f5c0725f7e05ed7295cad4e498a5872e178a78e12b10247bce28b2f01b0cd0adf964aec43008a2983e13d47f3ceb582cfa029054b017b3936f29b4e1fe22788a56290031f0476a01500e158f54ecfa4753635941ab57313170906c3992f3bc903172035ef0a1efb446966c292efecf9fe7bf03de13edefa27a8f732036de39ea9976ac7ccdc1842cbbba04bccaebcecdab7d95472ce56f0f3dc7ecd044579fc75dfb9a15fb6514ecebd2da5e44265c10ec13feb039bab4ac29eb415565007d67ddb893016466dad5a9627b24363d68840d494b0a6801c2df6d0434743f93b51c9c361629141725ac421e080116c09ebd6fd6df109d9bb34e296b911bc1abd2967ed6dd692fce9cabace0b0fa716c9d92fe34e2b8ec9ef8869b416cfcc9fa7d4ddf586e5165f67e48b3f196d2427d1c16142fb01620ec8f13a608f38dcec6c8bbde10256e2cb5db0255d4795605cf33af5c442daea8d50fe4ffb37694689fbabc82319c33f13d54d4a4276b6e8f8e7247b83dff28f409af080c5b8b39f9551543c890b846f4dd2921393503fc3bfdcf7247f60b9b30e352728e09d1a1248574ac9670bedec47feaabcf25dcf60c4f7c36b260017e153249236424bf0e49383757c37346ee0f3000ba592d0b3a65d755eeb280c82ea94d2a10b5068bb4641102c4e8a88e238900cd7ecf74f9752a8cc8596d16e3b0146979ba36cbc199772d187e9daf020d9801dde8d326ada91067c595e41e947ed0a01fa1f0551ae7bd05276c781f9837cb0eb0acb3b135d8d09982afa0126cf7dc097eb6268298bf97ab332abd992781b85990d4e8be35069bc7a216a28bf718aba573ce408cc83d83d0f8297fde93abb49647a5bfd4a80f49ffbdd236fb12c74415b9230d6717866b502c6bbc57023f2196a1ed1be0dac82541721f5668f5685eb870984aee27021eb47815ab58380be29ae4b280a399268e2eccd80fffc25a35f5b15b4c3b5f6ff9b8dfadb8b5cf021ff4f68fc9c05dddfd08c82f16c7515acbfee28b39cc4d3218afc1ff655efd85f02d79d5cac9c346a032eeae428dffab08e8000b36bc553ddcca541644f73cdf253946659d012a05bfd34e04929c6f3bb85cae07d4148c02b99ddfa35e772ff8d5ab85c9046b895125259924a5b319f0499dee2da0f835657c85b62ee5b63b810ef1b5c0d43e83af70266892f19ca9b51d6b97ba3079da06a26e6e10ed7ff516d7384110bf017739aa1163e65e5287804aad1cd2e72cd17209b73d9d2aa54c88bdc25e6d14a4396a038776309b6c6d332bb0ba47f61f7e999eedfd503f7bd7121e39cac67cb4442cc15253d469d906e0d0f28fe465f737f1c638db5f09ac23b3978ada6582b799eeee6bf097ebb7deb30bcf0d02eb450a4723024c80bfcf0e5627f5101bb03dc8893fd81219f570fa3e6952aff7efac6ae7dc24df752ef15cb42af393df3103b2518d49010686567552116e5caa8a5c0f733df72b0187d97a6e7bb9070724df5ef1ea1f7c822416a5c9460fbc3acf802fed6227fa81dd33d6a301170cbd92aa6d5ff234df1345c9665fea88bbec8c95c7fadc98a50642039a41b6fb546ae0de22fa7e67f4422f71eec5c6f6da4175d9e9344ec17debf5f68a529f0b49c0941d05a20b8c66ddaf979d28923c7884ffbd53c11536b233d9b2ee258cbc8592f63b160a61310", @generic="68472b792080b4334f1c80dc98bd3a30d74bb7728984fc91e0681f1840b124a2c6377d940ade7ccaa3e054f0ac7acfefde70059adbc28e3b61d2f98a52192f9b5376d1ea88d5b09d73fe73da7fdcd622d8cecc95e0520ab78d2e906a8fcef64e14b82b9dc4ed00a9073ac0a6cf6b9cc5558954707fe267ad829fc7bf61631c8d924466d5e4430d372116791ac0ee1d1219c95f6bfe586f482d6c01040d63d1fccdedf9b01123369e7d84a2a565b241a72a89b9930ee58edb6ab87de1a9d4792a14f4", @typed={0x8, 0x5e, 0x0, 0x0, @pid}, @typed={0x8, 0xc, 0x0, 0x0, @ipv4=@loopback}, @generic]}, @typed={0xc, 0xe, 0x0, 0x0, @u64=0x2682}, @nested={0x2e6, 0x57, 0x0, 0x1, [@typed={0xc, 0x41, 0x0, 0x0, @u64=0x8000}, @typed={0x8, 0x8d, 0x0, 0x0, @ipv4=@rand_addr=0x64010100}, @typed={0x64, 0x2b, 0x0, 0x0, @binary="4418cc54b63196c2112b103f5a238624fac0d85f5511ec0c745a6d96efa1f5e040139917c6796790e5ddf59327b17d37a9921d1f8069b98a4d31d9441d187947f52180af4e261ab186454540ad96b752f5d0eb886c600d73f5c3b8d7a046e9bf"}, @typed={0x80, 0x94, 0x0, 0x0, @binary="5335f7ab2e4ffc5f52e6c7109c32ed043471c3965932b5cd17a8fd4ba09e5db68a4fd29d97ef92c15111d1fbb0b956c2807de5ecaebf4c03f696f18b0d43d778f6edcec9d364479c34775b2f7dafd3abba5262984b716d501060a4b1324d63489e28b7e396c9c741bb75ad53ef6e58f67943fcaa0306d1181640e970"}, @generic="5febd6d575da5d0b09d2ccaa2449fa", @typed={0x8, 0x45, 0x0, 0x0, @ipv4=@empty}, @generic="fc719783ef92515f781addf3696fbed5e6cb0dd0235c17793338ee7aee4b22f112611cac5652f651b2475867798fb891e556c1d3ce44222ff107e23bb8c0e7bc5a9be6cefa7e3d058ab6212107cfe9f7894b7f2305b708b38444df4c8e883db9e8328e94d612821efb82953fdb7533e0648716bd1ef3ad669ff3ae6120edad3bac843c299e52936d3151bc1f80c5640cef9a5df852af4fe45537d194fd64f9a1945f076fae6a16106050f60b9c47c02459d0cee0c71898026554df8fd3094a38d6043db023aef83be95d444032f22408e034c5409d416bcf69d6393fa1e0ed4751c42fe4bafead0ded308411263f727cc1458a5537aecb5c7848da9e3ad0d5", @typed={0x8, 0x5c, 0x0, 0x0, @u32=0x7}, @generic="3be9741f2b9b88e0312c245fcb3cc1f16d5803ef45592c50eee979a65f18c9dad0f836aaf8b59f2da8d0982070596192e9e9b3e629bd8e8205a95e17e180480073683b842c150016b6c6617c2b550ef24a24df7816a41428deb1763b2f7d1efafbcca65b50791204d87729678df26a8af6a5353e87ad38b4d0ccf27f3967f531cd04eb77c46c44f47797fdcd177cb702c086e665b2bcc2da19efa834434db856a85943cef497cb10bfda6188ef7db8cf881fca4019fe60130287cd94087b0dce3037f37e3b57f5868afca2f7"]}]}, 0x1584}, 0x1, 0x0, 0x0, 0x4000841}, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) r6 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) ioctl$MON_IOCX_MFETCH(r6, 0xc0109207, &(0x7f0000000140)={&(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x7}) [ 338.488011][ T1858] FAT-fs (loop3): Directory bread(block 278) failed [ 338.488024][ T1858] FAT-fs (loop3): Directory bread(block 279) failed [ 338.502334][ T1875] FAULT_INJECTION: forcing a failure. [ 338.502334][ T1875] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 338.502355][ T1875] CPU: 1 PID: 1875 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 338.502375][ T1875] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 338.502385][ T1875] Call Trace: 14:04:53 executing program 1: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x803e, 0x0, 0x0, 0x0) [ 338.502392][ T1875] dump_stack+0x137/0x19d [ 338.502468][ T1875] should_fail+0x23c/0x250 [ 338.502536][ T1875] should_fail_usercopy+0x16/0x20 [ 338.502635][ T1875] _copy_from_user+0x1c/0xd0 [ 338.502657][ T1875] __copy_msghdr_from_user+0x44/0x350 [ 338.502676][ T1875] ? unix_seqpacket_sendmsg+0xc2/0x100 [ 338.502694][ T1875] ? unix_dgram_peer_wake_me+0x310/0x310 [ 338.502712][ T1875] ? ____sys_sendmsg+0x428/0x4d0 [ 338.502729][ T1875] sendmsg_copy_msghdr+0x4f/0xf0 [ 338.502809][ T1875] io_issue_sqe+0x250b/0x6750 [ 338.502827][ T1875] ? __list_del_entry_valid+0x54/0xc0 [ 338.502846][ T1875] ? rmqueue_pcplist+0x152/0x190 [ 338.502865][ T1875] ? rmqueue+0x43/0xd00 [ 338.502882][ T1875] ? mntput_no_expire+0x64/0x730 [ 338.502905][ T1875] ? get_page_from_freelist+0x53e/0x800 [ 338.502923][ T1875] ? fget_many+0x178/0x1a0 [ 338.502979][ T1875] __io_queue_sqe+0xe9/0x360 [ 338.502995][ T1875] io_submit_sqe+0x1887/0x3360 [ 338.503014][ T1875] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 338.503046][ T1875] io_submit_sqes+0x5bd/0xbd0 [ 338.503064][ T1875] __se_sys_io_uring_enter+0x1e1/0xa80 [ 338.503088][ T1875] ? fput+0x2d/0x130 [ 338.503104][ T1875] __x64_sys_io_uring_enter+0x74/0x80 [ 338.503128][ T1875] do_syscall_64+0x4a/0x90 [ 338.503149][ T1875] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 338.503267][ T1875] RIP: 0033:0x4665d9 [ 338.503280][ T1875] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 338.503297][ T1875] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 338.503315][ T1875] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 338.503328][ T1875] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 338.503340][ T1875] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 [ 338.503352][ T1875] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 338.503364][ T1875] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 [ 338.580938][ T1893] FAULT_INJECTION: forcing a failure. 14:04:53 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000200780004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) [ 338.580938][ T1893] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 338.657810][ T1891] loop3: detected capacity change from 0 to 270 [ 338.663322][ T1893] CPU: 1 PID: 1893 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 338.663341][ T1893] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 338.663351][ T1893] Call Trace: [ 338.663359][ T1893] dump_stack+0x137/0x19d [ 338.689631][ T1891] FAT-fs (loop3): Directory bread(block 270) failed [ 338.692226][ T1893] should_fail+0x23c/0x250 [ 338.692249][ T1893] should_fail_usercopy+0x16/0x20 [ 338.697824][ T1891] FAT-fs (loop3): Directory bread(block 271) failed [ 338.702849][ T1893] _copy_from_user+0x1c/0xd0 [ 338.702875][ T1893] ____sys_sendmsg+0x1a3/0x4d0 [ 338.702894][ T1893] ? sendmsg_copy_msghdr+0xc4/0xf0 [ 338.708647][ T1891] FAT-fs (loop3): Directory bread(block 272) failed [ 338.711929][ T1893] __sys_sendmsg_sock+0x25/0x30 [ 338.711956][ T1893] io_issue_sqe+0x231a/0x6750 [ 338.717160][ T1891] FAT-fs (loop3): Directory bread(block 273) failed [ 338.722134][ T1893] ? __list_del_entry_valid+0x54/0xc0 [ 338.722158][ T1893] ? rmqueue_pcplist+0x152/0x190 [ 338.727420][ T1891] FAT-fs (loop3): Directory bread(block 274) failed [ 338.732253][ T1893] ? rmqueue+0x43/0xd00 [ 338.732272][ T1893] ? mntput_no_expire+0x64/0x730 [ 338.732297][ T1893] ? get_page_from_freelist+0x53e/0x800 [ 338.736852][ T1891] FAT-fs (loop3): Directory bread(block 275) failed [ 338.741504][ T1893] ? kcsan_setup_watchpoint+0x26e/0x470 [ 338.746417][ T1891] FAT-fs (loop3): Directory bread(block 276) failed [ 338.751787][ T1893] __io_queue_sqe+0xe9/0x360 [ 338.751808][ T1893] io_submit_sqe+0x1887/0x3360 [ 338.756386][ T1891] FAT-fs (loop3): Directory bread(block 277) failed [ 338.775262][ T1893] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 338.775288][ T1893] io_submit_sqes+0x5bd/0xbd0 [ 338.775307][ T1893] __se_sys_io_uring_enter+0x1e1/0xa80 [ 338.784498][ T1891] FAT-fs (loop3): Directory bread(block 278) failed [ 338.791745][ T1893] ? fput+0x2d/0x130 [ 338.791765][ T1893] __x64_sys_io_uring_enter+0x74/0x80 14:04:53 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) syz_io_uring_setup(0x6ad4, &(0x7f0000000080), &(0x7f0000ee8000/0x3000)=nil, &(0x7f00006d7000/0x1000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) r5 = open(&(0x7f0000000000)='./bus\x00', 0x103042, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000000)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r5, 0x100000000000000, &(0x7f0000000500)=[{&(0x7f0000000180)=""/22, 0x16}], 0x1}, 0x0) r6 = syz_mount_image$nfs(&(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x7, 0x1, &(0x7f0000000300)=[{&(0x7f0000000240)="c08383b9e339fa95d117fb5367b59b23c8a3c80e121d2b3b316fc20b433d196729d0753a1e5a80c057a16d4b0bb30aedbe05666d0b91fe036fb229b1c4da14abeb2e564f032b57bcc584dd1940702224f2c4c4be7bf18bec9f787895959fc6c54c1da4c4feea0e366eaa54262147e3f89cfda250bba4cdf825fd9acd057e6ff21f44", 0x82, 0xfffffffffffff183}], 0x8024, &(0x7f0000000340)={[{'\x00'}, {'/dev/vcsu#\x00'}], [{@hash}, {@func={'func', 0x3d, 'MMAP_CHECK'}}, {@seclabel}, {@fscontext={'fscontext', 0x3d, 'system_u'}}]}) syz_io_uring_submit(r1, r4, &(0x7f00000003c0)=@IORING_OP_OPENAT={0x12, 0x5, 0x0, r6, 0x0, &(0x7f0000000380)='./file0\x00', 0x2, 0x8000, 0x31713}, 0xdb9d) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r8 = socket$nl_audit(0x10, 0x3, 0x9) r9 = socket$inet(0x2, 0x1, 0x0) r10 = socket$inet(0x2, 0x1, 0x0) r11 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r8, r9, r7, r10, r11]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 338.800269][ T1891] FAT-fs (loop3): Directory bread(block 279) failed [ 338.807690][ T1893] do_syscall_64+0x4a/0x90 [ 338.807715][ T1893] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 339.044509][ T1893] RIP: 0033:0x4665d9 [ 339.044526][ T1893] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 14:04:53 executing program 0 (fault-call:8 fault-nth:66): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 339.044542][ T1893] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 339.044558][ T1893] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 339.044570][ T1893] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 339.044580][ T1893] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 [ 339.044592][ T1893] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 14:04:53 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x1402) [ 339.044658][ T1893] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 [ 339.081269][ T1912] loop5: detected capacity change from 0 to 16369 [ 339.113570][ T1919] FAULT_INJECTION: forcing a failure. [ 339.113570][ T1919] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 339.147323][ T1923] loop3: detected capacity change from 0 to 270 [ 339.159333][ T1919] CPU: 0 PID: 1919 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 339.159357][ T1919] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 339.185736][ T1919] Call Trace: [ 339.185745][ T1919] dump_stack+0x137/0x19d [ 339.185768][ T1919] should_fail+0x23c/0x250 [ 339.185788][ T1919] should_fail_usercopy+0x16/0x20 14:04:54 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e666174000280010002007a0004f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:54 executing program 0 (fault-call:8 fault-nth:67): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 339.185808][ T1919] _copy_from_user+0x1c/0xd0 [ 339.185831][ T1919] __copy_msghdr_from_user+0x44/0x350 [ 339.185848][ T1919] ? unix_seqpacket_sendmsg+0xc2/0x100 [ 339.185862][ T1919] ? unix_dgram_peer_wake_me+0x310/0x310 [ 339.185939][ T1919] ? ____sys_sendmsg+0x428/0x4d0 [ 339.185958][ T1919] sendmsg_copy_msghdr+0x4f/0xf0 [ 339.185974][ T1919] io_issue_sqe+0x250b/0x6750 [ 339.185990][ T1919] ? __list_del_entry_valid+0x54/0xc0 [ 339.186011][ T1919] ? rmqueue_pcplist+0x152/0x190 [ 339.186054][ T1919] ? rmqueue+0x43/0xd00 [ 339.186072][ T1919] ? mntput_no_expire+0x64/0x730 [ 339.186091][ T1919] ? get_page_from_freelist+0x53e/0x800 [ 339.186106][ T1919] ? kcsan_setup_watchpoint+0x26e/0x470 [ 339.186128][ T1919] __io_queue_sqe+0xe9/0x360 [ 339.186146][ T1919] io_submit_sqe+0x1887/0x3360 [ 339.186161][ T1919] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 339.186179][ T1919] io_submit_sqes+0x5bd/0xbd0 [ 339.186195][ T1919] __se_sys_io_uring_enter+0x1e1/0xa80 [ 339.186217][ T1919] ? fput+0x2d/0x130 [ 339.186270][ T1919] __x64_sys_io_uring_enter+0x74/0x80 [ 339.186294][ T1919] do_syscall_64+0x4a/0x90 [ 339.186316][ T1919] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 339.186403][ T1919] RIP: 0033:0x4665d9 [ 339.186415][ T1919] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 339.186476][ T1919] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 339.186491][ T1919] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 339.186503][ T1919] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 339.186516][ T1919] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 [ 339.186586][ T1919] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 339.186596][ T1919] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 [ 339.209277][ T1923] FAT-fs (loop3): Directory bread(block 270) failed [ 339.209296][ T1923] FAT-fs (loop3): Directory bread(block 271) failed [ 339.209314][ T1923] FAT-fs (loop3): Directory bread(block 272) failed [ 339.209329][ T1923] FAT-fs (loop3): Directory bread(block 273) failed [ 339.209347][ T1923] FAT-fs (loop3): Directory bread(block 274) failed [ 339.209363][ T1923] FAT-fs (loop3): Directory bread(block 275) failed [ 339.209386][ T1923] FAT-fs (loop3): Directory bread(block 276) failed [ 339.209567][ T1923] FAT-fs (loop3): Directory bread(block 277) failed [ 339.209586][ T1923] FAT-fs (loop3): Directory bread(block 278) failed 14:04:54 executing program 0 (fault-call:8 fault-nth:68): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 339.209604][ T1923] FAT-fs (loop3): Directory bread(block 279) failed [ 339.267772][ T1934] FAULT_INJECTION: forcing a failure. [ 339.267772][ T1934] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 339.505451][ T1934] CPU: 1 PID: 1934 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 339.505474][ T1934] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 339.505581][ T1934] Call Trace: [ 339.505586][ T1934] dump_stack+0x137/0x19d [ 339.505655][ T1934] should_fail+0x23c/0x250 [ 339.505671][ T1934] should_fail_usercopy+0x16/0x20 [ 339.505690][ T1934] _copy_from_user+0x1c/0xd0 [ 339.505708][ T1934] ____sys_sendmsg+0x1a3/0x4d0 [ 339.505721][ T1934] ? sendmsg_copy_msghdr+0xc4/0xf0 [ 339.505738][ T1934] __sys_sendmsg_sock+0x25/0x30 [ 339.505787][ T1934] io_issue_sqe+0x231a/0x6750 [ 339.505802][ T1934] ? __list_del_entry_valid+0x54/0xc0 [ 339.505821][ T1934] ? rmqueue_pcplist+0x152/0x190 [ 339.505837][ T1934] ? rmqueue+0x43/0xd00 [ 339.505852][ T1934] ? mntput_no_expire+0x64/0x730 [ 339.505949][ T1934] ? get_page_from_freelist+0x53e/0x800 [ 339.505964][ T1934] ? fget_many+0x178/0x1a0 [ 339.506023][ T1934] ? kcsan_setup_watchpoint+0x26e/0x470 [ 339.506043][ T1934] __io_queue_sqe+0xe9/0x360 [ 339.506059][ T1934] io_submit_sqe+0x1887/0x3360 [ 339.506076][ T1934] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 339.506093][ T1934] io_submit_sqes+0x5bd/0xbd0 14:04:54 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e666174000280010002000d0104f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) [ 339.506129][ T1934] __se_sys_io_uring_enter+0x1e1/0xa80 [ 339.506149][ T1934] ? fput+0x2d/0x130 [ 339.506164][ T1934] __x64_sys_io_uring_enter+0x74/0x80 [ 339.506209][ T1934] do_syscall_64+0x4a/0x90 [ 339.506293][ T1934] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 339.506378][ T1934] RIP: 0033:0x4665d9 [ 339.506389][ T1934] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 339.506403][ T1934] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 339.506481][ T1934] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 339.506490][ T1934] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 339.506500][ T1934] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 [ 339.506509][ T1934] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 339.506518][ T1934] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 [ 339.543353][ T1940] loop3: detected capacity change from 0 to 270 [ 339.561347][ T1940] FAT-fs (loop3): Directory bread(block 270) failed [ 339.564588][ T1944] FAULT_INJECTION: forcing a failure. [ 339.564588][ T1944] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 339.568119][ T1940] FAT-fs (loop3): Directory bread(block 271) failed [ 339.573048][ T1944] CPU: 1 PID: 1944 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 339.573072][ T1944] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 339.577877][ T1940] FAT-fs (loop3): Directory bread(block 272) failed [ 339.582367][ T1944] Call Trace: [ 339.582376][ T1944] dump_stack+0x137/0x19d [ 339.582400][ T1944] should_fail+0x23c/0x250 [ 339.587623][ T1940] FAT-fs (loop3): Directory bread(block 273) failed [ 339.592340][ T1944] should_fail_usercopy+0x16/0x20 [ 339.597089][ T1940] FAT-fs (loop3): Directory bread(block 274) failed [ 339.602379][ T1944] _copy_from_user+0x1c/0xd0 [ 339.602407][ T1944] __copy_msghdr_from_user+0x44/0x350 [ 339.602425][ T1944] ? unix_seqpacket_sendmsg+0xc2/0x100 [ 339.607472][ T1940] FAT-fs (loop3): Directory bread(block 275) failed [ 339.611462][ T1944] ? unix_dgram_peer_wake_me+0x310/0x310 [ 339.611483][ T1944] ? ____sys_sendmsg+0x428/0x4d0 [ 339.616452][ T1940] FAT-fs (loop3): Directory bread(block 276) failed [ 339.621903][ T1944] sendmsg_copy_msghdr+0x4f/0xf0 [ 339.621924][ T1944] io_issue_sqe+0x250b/0x6750 [ 339.626463][ T1940] FAT-fs (loop3): Directory bread(block 277) failed [ 339.631833][ T1944] ? __list_del_entry_valid+0x54/0xc0 [ 339.631856][ T1944] ? rmqueue_pcplist+0x152/0x190 [ 339.636522][ T1940] FAT-fs (loop3): Directory bread(block 278) failed [ 339.641193][ T1944] ? rmqueue+0x43/0xd00 [ 339.641212][ T1944] ? mntput_no_expire+0x64/0x730 [ 339.646959][ T1940] FAT-fs (loop3): Directory bread(block 279) failed [ 339.651500][ T1944] ? kcsan_setup_watchpoint+0x26e/0x470 [ 339.651526][ T1944] ? fput+0x2d/0x130 [ 339.718547][ T1912] loop5: detected capacity change from 0 to 16369 [ 339.724328][ T1944] ? io_dismantle_req+0x142/0x1d0 [ 339.724357][ T1944] ? _raw_spin_lock_irqsave+0x25/0x80 14:04:54 executing program 2: r0 = accept$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000040)) recvmmsg(r0, &(0x7f00000004c0)=[{{&(0x7f0000000140)=@nfc_llcp, 0x80, &(0x7f00000000c0)=[{&(0x7f00000001c0)=""/180, 0xb4}], 0x1, &(0x7f0000000400)=""/43, 0x2b}, 0x10003}], 0x1, 0x2, &(0x7f0000000500)) r1 = syz_io_uring_setup(0x184, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000006c0)=0x0) r4 = openat2(0xffffffffffffffff, &(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)={0x200080, 0x1d8, 0x3}, 0x18) preadv(r4, &(0x7f0000000680)=[{&(0x7f0000000300)=""/255, 0xff}, {&(0x7f0000000540)=""/202, 0xca}, {&(0x7f0000000640)=""/21, 0x15}], 0x3, 0xfd, 0x1) syz_io_uring_submit(r2, r3, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) socketpair(0x25, 0x3, 0x80, &(0x7f0000001a80)) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r5, 0x0) recvmmsg(r5, &(0x7f0000002040)=[{{&(0x7f0000000700)=@ax25={{0x3, @default}, [@null, @null, @bcast, @rose, @netrom, @null, @netrom, @netrom]}, 0x80, &(0x7f0000000a40)=[{&(0x7f0000000780)=""/141, 0x8d}, {&(0x7f0000000840)=""/195, 0xc3}, {&(0x7f0000000080)=""/59, 0x3b}, {&(0x7f0000000940)=""/229, 0xe5}], 0x4, &(0x7f0000000a80)=""/4096, 0x1000}, 0x20}, {{0x0, 0x0, &(0x7f0000001a80), 0x0, &(0x7f0000001ac0)=""/139, 0x8b}, 0x2}, {{&(0x7f0000001b80)=@tipc, 0x80, &(0x7f0000001f80)=[{&(0x7f0000001c00)=""/234, 0xea}, {&(0x7f0000001d00)=""/28, 0x1c}, {&(0x7f0000001d40)=""/12, 0xc}, {&(0x7f0000001d80)=""/143, 0x8f}, {&(0x7f0000001e40)=""/86, 0x56}, {&(0x7f0000001ec0)=""/183, 0xb7}], 0x6, &(0x7f0000002000)=""/33, 0x21}, 0x4}], 0x3, 0x40000000, 0x0) preadv(r5, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r1, 0x6196, 0xd936, 0x0, 0x0, 0x0) 14:04:54 executing program 0 (fault-call:8 fault-nth:69): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 339.955292][ T1944] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 339.955388][ T1944] ? percpu_counter_add_batch+0xc0/0xd0 [ 339.955486][ T1944] ? io_submit_flush_completions+0x30d/0x3e0 14:04:54 executing program 1: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0xeb01, 0x0, 0x0, 0x0) [ 339.955509][ T1944] __io_queue_sqe+0xe9/0x360 [ 339.955528][ T1944] io_submit_sqe+0x1887/0x3360 [ 339.955548][ T1944] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 339.955572][ T1944] io_submit_sqes+0x5bd/0xbd0 [ 339.955592][ T1944] __se_sys_io_uring_enter+0x1e1/0xa80 [ 339.955693][ T1944] ? fput+0x2d/0x130 [ 339.955719][ T1944] __x64_sys_io_uring_enter+0x74/0x80 14:04:54 executing program 0 (fault-call:8 fault-nth:70): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 339.955745][ T1944] do_syscall_64+0x4a/0x90 [ 339.955774][ T1944] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 339.955799][ T1944] RIP: 0033:0x4665d9 [ 339.955814][ T1944] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 339.955833][ T1944] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 339.955906][ T1944] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 339.955921][ T1944] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 339.955934][ T1944] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 [ 339.955948][ T1944] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 339.955962][ T1944] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 [ 340.000701][ T1956] FAULT_INJECTION: forcing a failure. [ 340.000701][ T1956] name fail_usercopy, interval 1, probability 0, space 0, times 0 14:04:54 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e666174000280010002000e0104f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) [ 340.000726][ T1956] CPU: 0 PID: 1956 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 340.000747][ T1956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 340.000839][ T1956] Call Trace: [ 340.000846][ T1956] dump_stack+0x137/0x19d [ 340.000871][ T1956] should_fail+0x23c/0x250 [ 340.000891][ T1956] should_fail_usercopy+0x16/0x20 [ 340.000911][ T1956] _copy_from_user+0x1c/0xd0 [ 340.001040][ T1956] ____sys_sendmsg+0x1a3/0x4d0 [ 340.001060][ T1956] ? sendmsg_copy_msghdr+0xc4/0xf0 [ 340.001078][ T1956] __sys_sendmsg_sock+0x25/0x30 [ 340.001095][ T1956] io_issue_sqe+0x231a/0x6750 [ 340.001169][ T1956] ? __list_del_entry_valid+0x54/0xc0 [ 340.001189][ T1956] ? rmqueue_pcplist+0x152/0x190 [ 340.001208][ T1956] ? rmqueue+0x43/0xd00 [ 340.001225][ T1956] ? mntput_no_expire+0x64/0x730 [ 340.001252][ T1956] ? _raw_spin_lock_irqsave+0x25/0x80 [ 340.001269][ T1956] ? percpu_counter_add_batch+0xc0/0xd0 [ 340.001341][ T1956] ? io_submit_flush_completions+0x30d/0x3e0 [ 340.001360][ T1956] __io_queue_sqe+0xe9/0x360 [ 340.001374][ T1956] io_submit_sqe+0x1887/0x3360 [ 340.001390][ T1956] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 340.001409][ T1956] io_submit_sqes+0x5bd/0xbd0 [ 340.001428][ T1956] __se_sys_io_uring_enter+0x1e1/0xa80 [ 340.001506][ T1956] ? fput+0x2d/0x130 [ 340.001523][ T1956] __x64_sys_io_uring_enter+0x74/0x80 [ 340.001548][ T1956] do_syscall_64+0x4a/0x90 [ 340.001569][ T1956] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 340.001592][ T1956] RIP: 0033:0x4665d9 [ 340.001606][ T1956] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 340.001673][ T1956] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 340.001694][ T1956] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 340.001706][ T1956] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 340.001719][ T1956] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 [ 340.001817][ T1956] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 14:04:55 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00000d0000/0x4000)=nil, &(0x7f00000cd000/0x4000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_setup(0x79ff, &(0x7f0000000180)={0x0, 0x6c61, 0x0, 0x2, 0x2f6, 0x0, r0}, &(0x7f00000cb000/0x2000)=nil, &(0x7f00000cc000/0x2000)=nil, &(0x7f0000000240)=0x0, &(0x7f0000000280)) r4 = mmap$IORING_OFF_SQES(&(0x7f00000cb000/0x1000)=nil, 0x1000, 0x8, 0x20010, r0, 0x10000000) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x4, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x2, r5}}, 0x5000) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r6, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_OPENAT2={0x1c, 0x4, 0x0, 0xffffffffffffffff, &(0x7f0000000140)={0x200000, 0x0, 0x1f}, &(0x7f0000000300)='./file0\x00', 0x18, 0x0, 0x12345, {0x0, r7}}, 0x1) r8 = socket$nl_audit(0x10, 0x3, 0x9) r9 = socket$inet(0x2, 0x1, 0x0) r10 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r10, 0x208200) io_uring_enter(r10, 0x3668, 0x45ff, 0x0, &(0x7f0000000380)={[0x2576]}, 0x8) r11 = socket$inet(0x2, 0x1, 0x0) r12 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r8, r9, r6, r11, r12]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:55 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f000052b000/0x3000)=nil, 0x3000, 0x2000004, 0x10, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x6ad4, &(0x7f0000000080), &(0x7f0000ee8000/0x3000)=nil, &(0x7f00006d7000/0x1000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) open(&(0x7f0000000000)='./bus\x00', 0x103042, 0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd_index=0x800000, 0x6, 0x0, 0x0, 0x2, 0x1, {0x1}}, 0x0) syz_io_uring_submit(r3, r5, &(0x7f0000000340)=@IORING_OP_WRITE_FIXED={0x5, 0x4, 0x4004, @fd_index=0x8, 0x5, 0x4, 0x3, 0x5, 0x0, {0x2}}, 0x3ff) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r7 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) readlinkat(r7, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)=""/161, 0xa1) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r6, 0x0) preadv(r6, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r8 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040), 0x141000, 0x0) syz_io_uring_setup(0x7e9a, &(0x7f0000000140)={0x0, 0xa78f, 0x8, 0x1, 0x2ae, 0x0, r8}, &(0x7f0000461000/0x2000)=nil, &(0x7f000057c000/0x3000)=nil, &(0x7f00000000c0), &(0x7f00000001c0)=0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000000)=[{0x6}]}, 0x10) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000100)=""/206, &(0x7f0000000200)=0xce) preadv(0xffffffffffffffff, &(0x7f0000000880)=[{&(0x7f0000000540)=""/99, 0x63}, {&(0x7f00000005c0)=""/88, 0x64}, {&(0x7f0000000640)=""/77, 0xffffffffffffff77}, {&(0x7f00000006c0)=""/207, 0xc6}, {&(0x7f00000007c0)=""/184, 0xb8}, {&(0x7f00000009c0)=""/177, 0xaa}, {&(0x7f0000000500)=""/64}, {&(0x7f0000000a80)=""/203}], 0x6, 0xffff, 0x1) pipe2(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) syz_io_uring_submit(r1, r9, &(0x7f00000004c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r10, 0x80, &(0x7f00000003c0)=@ipx={0x4, 0x0, 0x101, "ec828d03391a", 0x3f}, 0x0, 0x0, 0x1}, 0x8) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 340.001829][ T1956] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 [ 340.030163][ T1962] loop3: detected capacity change from 0 to 270 [ 340.096752][ T1972] FAULT_INJECTION: forcing a failure. [ 340.096752][ T1972] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 340.378896][ T1972] CPU: 1 PID: 1972 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 340.378919][ T1972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 340.378928][ T1972] Call Trace: [ 340.378934][ T1972] dump_stack+0x137/0x19d [ 340.379027][ T1972] should_fail+0x23c/0x250 [ 340.379046][ T1972] should_fail_usercopy+0x16/0x20 [ 340.379067][ T1972] _copy_from_user+0x1c/0xd0 [ 340.379088][ T1972] __copy_msghdr_from_user+0x44/0x350 [ 340.379103][ T1972] ? unix_seqpacket_sendmsg+0xc2/0x100 [ 340.379122][ T1972] ? unix_dgram_peer_wake_me+0x310/0x310 [ 340.379177][ T1972] ? ____sys_sendmsg+0x428/0x4d0 [ 340.379190][ T1972] sendmsg_copy_msghdr+0x4f/0xf0 [ 340.379203][ T1972] io_issue_sqe+0x250b/0x6750 [ 340.379217][ T1972] ? __list_del_entry_valid+0x54/0xc0 [ 340.379232][ T1972] ? rmqueue_pcplist+0x152/0x190 [ 340.379251][ T1972] ? rmqueue+0x43/0xd00 [ 340.379268][ T1972] ? mntput_no_expire+0x64/0x730 [ 340.379313][ T1972] ? _raw_spin_lock_irqsave+0x24/0x80 [ 340.379335][ T1972] ? percpu_counter_add_batch+0xc0/0xd0 [ 340.379354][ T1972] ? io_submit_flush_completions+0x30d/0x3e0 [ 340.379369][ T1972] __io_queue_sqe+0xe9/0x360 [ 340.379384][ T1972] io_submit_sqe+0x1887/0x3360 [ 340.379403][ T1972] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 340.379552][ T1972] io_submit_sqes+0x5bd/0xbd0 [ 340.379570][ T1972] __se_sys_io_uring_enter+0x1e1/0xa80 [ 340.379657][ T1972] ? fput+0x2d/0x130 [ 340.379675][ T1972] __x64_sys_io_uring_enter+0x74/0x80 [ 340.379700][ T1972] do_syscall_64+0x4a/0x90 [ 340.379749][ T1972] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 340.379800][ T1972] RIP: 0033:0x4665d9 [ 340.379811][ T1972] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 340.379824][ T1972] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 340.379839][ T1972] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 14:04:55 executing program 5: syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_io_uring_complete(0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x2, 0x6000, @fd=r1, 0x1}, 0x0) r2 = socket$nl_audit(0x10, 0x3, 0x9) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$BTRFS_IOC_TREE_SEARCH_V2(r2, 0xc0709411, &(0x7f00000004c0)=ANY=[@ANYRES64=0x0, @ANYBLOB="09000000000000002fbf000000000000050000000000000005000000000000000100000000000000ff0300000000000008000000810200000800000000000080110500003b2fda5fff7f00000000000059060000000000000180000000000000180000000000000000000000000000000000000000000000000000000000007eb3f0d1a3e287a670cc318c00984615c36d56136be1275415336f456728b86bfb75c0086d1a36e6923412326bb1312971cbaf4b8f2050bd8533c4b08d288fed43b64c0ac2ad89003aed50c88d50a89290afd2ffe3085325721ca7fdf74282fbe7555ba2d52fc0"]) ioctl$BTRFS_IOC_TREE_SEARCH_V2(r3, 0xc0709411, &(0x7f0000000300)={{r5, 0x8033, 0x80000001, 0x60af, 0x8, 0xff, 0x6, 0x9, 0x6, 0xfffff421, 0x8, 0x9, 0xdb7, 0x2a03, 0x1}, 0x10, [0x0, 0x0]}) r6 = socket$inet(0x2, 0x1, 0x0) r7 = socket$inet(0x2, 0x1, 0x0) r8 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(r8, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r2, r6, r0, r7, r8]}}], 0x28}], 0x1, 0x8050) r9 = socket$inet(0x2, 0x1, 0x0) setsockopt$SO_ATTACH_FILTER(r9, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000000)=[{0x6}]}, 0x10) getsockopt$sock_buf(r9, 0x1, 0x1a, &(0x7f0000000100)=""/206, &(0x7f0000000200)=0xce) ioctl$BTRFS_IOC_SNAP_CREATE_V2(r9, 0x50009417, &(0x7f0000000680)={{}, 0x0, 0xc, @inherit={0x50, &(0x7f0000000440)={0x0, 0x1, 0x885, 0x1, {0x20, 0x5c, 0xfffffffffffffffb, 0x1e, 0x4}, [0x7]}}, @devid}) io_uring_enter(r4, 0x4251, 0x76c1, 0x1, &(0x7f0000000400)={[0x7]}, 0x8) open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x8) io_uring_enter(0xffffffffffffffff, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:55 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x2000) 14:04:55 executing program 0 (fault-call:8 fault-nth:71): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:55 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000200f30104f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:55 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x1, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = socket$inet(0x2, 0x1, 0x0) setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000000)=[{0x6}]}, 0x10) getsockopt$sock_buf(r3, 0x1, 0x1a, &(0x7f0000000100)=""/206, &(0x7f0000000200)=0xce) accept$packet(0xffffffffffffffff, &(0x7f0000007540)={0x11, 0x0, 0x0}, &(0x7f0000007580)=0x14) ioctl$sock_SIOCDELRT(r3, 0x890c, &(0x7f0000007600)={0x0, @llc={0x1a, 0x0, 0x2, 0x4, 0x7f, 0xe, @local}, @ethernet={0x1, @broadcast}, @xdp={0x2c, 0xa, r4, 0x2c}, 0x9, 0x0, 0x0, 0x0, 0x1, &(0x7f00000075c0)='vxcan1\x00', 0x9, 0x121e, 0x401}) r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r5, 0x0) io_uring_enter(r0, 0x588, 0xe6dc, 0x2, &(0x7f0000000040)={[0xfffffffffffffbff]}, 0x8) preadv(r5, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 340.379857][ T1972] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 340.379870][ T1972] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 [ 340.379881][ T1972] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 340.379894][ T1972] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 [ 340.431713][ T1987] loop3: detected capacity change from 0 to 270 [ 340.722300][ T2003] FAULT_INJECTION: forcing a failure. [ 340.722300][ T2003] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 340.735491][ T2003] CPU: 1 PID: 2003 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 340.745545][ T2003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 340.750732][ T2012] loop3: detected capacity change from 0 to 270 [ 340.755589][ T2003] Call Trace: [ 340.755598][ T2003] dump_stack+0x137/0x19d 14:04:55 executing program 1: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x20000, 0x0, 0x0, 0x0) [ 340.755622][ T2003] should_fail+0x23c/0x250 [ 340.755639][ T2003] should_fail_usercopy+0x16/0x20 [ 340.778848][ T2003] _copy_from_user+0x1c/0xd0 [ 340.778879][ T2003] ____sys_sendmsg+0x1a3/0x4d0 [ 340.778899][ T2003] ? sendmsg_copy_msghdr+0xc4/0xf0 [ 340.778930][ T2003] __sys_sendmsg_sock+0x25/0x30 [ 340.779010][ T2003] io_issue_sqe+0x231a/0x6750 14:04:55 executing program 0 (fault-call:8 fault-nth:72): r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 340.779029][ T2003] ? __list_del_entry_valid+0x54/0xc0 [ 340.779076][ T2003] ? rmqueue_pcplist+0x152/0x190 [ 340.779096][ T2003] ? rmqueue+0x43/0xd00 [ 340.779114][ T2003] ? mntput_no_expire+0x64/0x730 [ 340.779139][ T2003] ? _raw_spin_lock_irqsave+0x25/0x80 [ 340.779161][ T2003] ? percpu_counter_add_batch+0xc0/0xd0 [ 340.779179][ T2003] ? io_submit_flush_completions+0x30d/0x3e0 [ 340.779243][ T2003] __io_queue_sqe+0xe9/0x360 14:04:55 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x5c42, 0x0, 0x3}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00007d5000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000080)=0x0) mmap(&(0x7f0000206000/0x2000)=nil, 0x2000, 0x4, 0x810, r0, 0x84c92000) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) mmap(&(0x7f00003d6000/0x2000)=nil, 0x2000, 0x2000002, 0x40010, 0xffffffffffffffff, 0x7463d000) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 340.779260][ T2003] io_submit_sqe+0x1887/0x3360 [ 340.779279][ T2003] ? kmem_cache_alloc_bulk+0x28c/0x340 [ 340.779301][ T2003] io_submit_sqes+0x5bd/0xbd0 [ 340.779320][ T2003] __se_sys_io_uring_enter+0x1e1/0xa80 [ 340.779377][ T2003] ? fput+0x2d/0x130 [ 340.779389][ T2003] __x64_sys_io_uring_enter+0x74/0x80 [ 340.779411][ T2003] do_syscall_64+0x4a/0x90 [ 340.779433][ T2003] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 340.779457][ T2003] RIP: 0033:0x4665d9 [ 340.779472][ T2003] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 340.779619][ T2003] RSP: 002b:00007f2bdfcf3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 340.779646][ T2003] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 340.779655][ T2003] RDX: 0000000000000000 RSI: 0000000000006196 RDI: 0000000000000003 [ 340.779667][ T2003] RBP: 00007f2bdfcf31d0 R08: 0000000000000000 R09: 0000000000000000 14:04:55 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="24000000000000000100000001000000", @ANYRES32=r4, @ANYRES32=r5, @ANYRES32=r3, @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="000000005125a3cd6f05b156f89cbf3254d077487a9d8ecdf35fc799b66bfab971ef8993e54afadeebfa83b252ab24bfd1e0d83e572634630505ba0ea96b02c68e50e8e2b51ea098872e641da537f1419e3c2f5a17c81caf63331f62fb2a766a755c8f5df39d162e5cc56eba138ca4aa15"], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 340.779740][ T2003] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 340.779758][ T2003] R13: 00007ffe209e266f R14: 00007f2bdfcf3300 R15: 0000000000022000 [ 340.844583][ T2012] FAT-fs (loop3): Directory bread(block 270) failed [ 340.844603][ T2012] FAT-fs (loop3): Directory bread(block 271) failed 14:04:55 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:55 executing program 1: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x40000, 0x0, 0x0, 0x0) 14:04:55 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0xb902, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) r3 = mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1000004, 0x40010, r0, 0x10000000) r4 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000040)='syz0\x00', 0x200002, 0x0) syz_io_uring_submit(r1, r3, &(0x7f00000000c0)=@IORING_OP_FADVISE={0x18, 0x1, 0x0, @fd=r4, 0x8, 0x0, 0x7f, 0x1}, 0x10000) openat$cgroup_ro(r4, &(0x7f0000000140)='memory.stat\x00', 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r5, 0x0) preadv(r5, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:55 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x3e80) 14:04:55 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) r8 = creat(&(0x7f0000000180)='./file0\x00', 0x0) preadv(r8, &(0x7f00000001c0)=[{&(0x7f0000000240)=""/168, 0xa8}, {&(0x7f0000000300)=""/227, 0xe3}, {&(0x7f00000004c0)=""/141, 0x8d}], 0x3, 0x0, 0x3) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:55 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:55 executing program 2: syz_io_uring_submit(0x0, 0x0, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(0xffffffffffffffff, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 341.281709][ T2012] FAT-fs (loop3): Directory bread(block 272) failed [ 341.288486][ T2012] FAT-fs (loop3): Directory bread(block 273) failed [ 341.295786][ T2012] FAT-fs (loop3): Directory bread(block 274) failed [ 341.302530][ T2012] FAT-fs (loop3): Directory bread(block 275) failed [ 341.309139][ T2012] FAT-fs (loop3): Directory bread(block 276) failed [ 341.315740][ T2012] FAT-fs (loop3): Directory bread(block 277) failed [ 341.322536][ T2012] FAT-fs (loop3): Directory bread(block 278) failed 14:04:56 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000200040204f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:56 executing program 1: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x1000000, 0x0, 0x0, 0x0) 14:04:56 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r0, &(0x7f00000000c0)=[{&(0x7f0000000140)=""/108, 0x6c}, {&(0x7f0000000040)}, {&(0x7f00000001c0)=""/104, 0x68}, {&(0x7f0000000240)=""/156, 0x9c}], 0x4, 0x3, 0xe1c) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:56 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x4000) 14:04:56 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="24000000001f00000100000001000000", @ANYRES32=r4, @ANYRES32=r5, @ANYRES32=r3, @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB='\x00\x00\x00\x00'], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:56 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x2, 0x0, 0x0, 0x0) [ 341.329179][ T2012] FAT-fs (loop3): Directory bread(block 279) failed 14:04:56 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unshare(0x4a060480) r4 = syz_io_uring_setup(0x185, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f00006da000/0x2000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) io_uring_enter(r4, 0x45f5, 0x0, 0x0, 0x0, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:56 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x4, 0x0, 0x0, 0x0) 14:04:56 executing program 1: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x2000000, 0x0, 0x0, 0x0) 14:04:56 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) io_uring_enter(r0, 0x6079, 0x7311, 0x0, &(0x7f0000000180)={[0x4]}, 0x8) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) r8 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r8, 0x208200) r9 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r9, 0x0) ioctl$FS_IOC_FSSETXATTR(r9, 0x401c5820, &(0x7f0000000040)={0x8}) io_uring_enter(r8, 0x20006197, 0x0, 0x1, 0x0, 0x0) 14:04:56 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e666174000280010002000c0204f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:56 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x4200) [ 341.465278][ T2102] loop3: detected capacity change from 0 to 270 14:04:56 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0xf, 0x0, 0x0, 0x0) 14:04:56 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1, 0x0, 0x1000000}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) r3 = signalfd4(r0, &(0x7f0000000040)={[0x1]}, 0x8, 0xc0800) io_uring_enter(r3, 0x4373, 0x92c7, 0x2, &(0x7f00000000c0), 0x8) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) r5 = syz_open_dev$vcsa(&(0x7f0000000400), 0x0, 0x1010c0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) close(r6) r7 = socket(0x200000100000011, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'sit0\x00', 0x0}) bind$packet(r7, &(0x7f0000000200)={0x11, 0x1c, r8, 0x1, 0x0, 0x6, @remote}, 0x14) sendmsg$ETHTOOL_MSG_RINGS_SET(r5, &(0x7f0000000700)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000600)={0x8c, 0x0, 0x1, 0x70bd28, 0x25dfdbfd, {}, [@ETHTOOL_A_RINGS_HEADER={0x70, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vxcan1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}]}, @ETHTOOL_A_RINGS_RX_MINI={0x8, 0x7, 0x80000000}]}, 0x8c}, 0x1, 0x0, 0x0, 0xc0}, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r9 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCDELRT(r9, 0x890c, &(0x7f0000000180)={0x0, {0x2, 0x4e22, @private=0xa010100}, {0x2, 0x4e20, @multicast1}, {0x2, 0x4e20, @local}, 0x210, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000140)='gre0\x00', 0x7, 0x2e3, 0x5}) socketpair(0x2, 0x2, 0x200, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) bind(r10, &(0x7f0000000280)=@vsock={0x28, 0x0, 0xffffffff, @my=0x0}, 0x80) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:56 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000200000304f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:56 executing program 1: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x2040000, 0x0, 0x0, 0x0) [ 341.556368][ T2130] loop3: detected capacity change from 0 to 270 14:04:56 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:56 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) fsetxattr$security_evm(r5, &(0x7f0000000180), &(0x7f00000001c0)=@v1={0x2, "b8480e158d3359672c9937153642"}, 0xf, 0x1) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:56 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x803e) 14:04:56 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0xf00, 0x0, 0x0, 0x0) [ 341.687530][ T2159] ================================================================== [ 341.695751][ T2159] BUG: KCSAN: data-race in unix_inflight / wait_for_unix_gc [ 341.703036][ T2159] [ 341.705358][ T2159] write to 0xffffffff8458b114 of 4 bytes by task 2154 on cpu 1: [ 341.705376][ T2159] unix_inflight+0x1e8/0x280 [ 341.705394][ T2159] unix_attach_fds+0x174/0x1e0 [ 341.705411][ T2159] unix_dgram_sendmsg+0x5cb/0x1610 [ 341.705427][ T2159] unix_seqpacket_sendmsg+0xc2/0x100 14:04:56 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x284}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) ioctl$sock_SIOCOUTQ(0xffffffffffffffff, 0x5411, &(0x7f0000000240)) r3 = socket$inet(0x2, 0x1, 0x0) setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000000)=[{0x6}]}, 0x10) getsockopt$sock_buf(r3, 0x1, 0x1a, &(0x7f0000000100)=""/206, &(0x7f0000000200)=0xce) getsockopt$EBT_SO_GET_INIT_ENTRIES(r3, 0x0, 0x83, &(0x7f00000004c0)={'broute\x00', 0x0, 0x4, 0xb7, [0x1, 0x80000000, 0x2, 0x401, 0x6, 0x3], 0x9, &(0x7f0000000280)=[{}, {}, {}, {}, {}, {}, {}, {}, {}], &(0x7f0000000340)=""/183}, &(0x7f0000000400)=0x78) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) openat(r4, &(0x7f0000000200)='./file0\x00', 0x200202, 0x4) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r5 = syz_open_dev$vcsn(&(0x7f0000000040), 0x288b, 0x115401) syz_io_uring_setup(0x5410, &(0x7f0000000140)={0x0, 0xf40d, 0x2, 0x3, 0x24, 0x0, r5}, &(0x7f0000702000/0x4000)=nil, &(0x7f0000127000/0x3000)=nil, &(0x7f00000000c0), &(0x7f00000001c0)) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:56 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) socket$nl_audit(0x10, 0x3, 0x9) socket$inet(0x2, 0x1, 0x0) socket$inet(0x2, 0x1, 0x0) syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) socket$inet(0x2, 0xa, 0x5) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff}) sendto$inet(r4, &(0x7f0000000680)="9c928b7db929b086066ac1f1f3f6e06ba179c20348e9315600ec53e76709abb16aa86f703c09e26cfee992ca4be3c926f887d6a876021409a9638721292b7b54752c81a0c4d26e22c311096b578d3b5bfaea05aca2dc4f1afaa930ec1d49ce0b7cdb34a301858e6f35ab13f92768457993b932ab2e7e916a3aecb7ab06394a1916fe8c22c564c8c7863c358ff6637c1a86fba7f984cbfc6d234621db05860751b1c7a152defd1cb2468b357d5cca546aa97561429e93431bee31e00cad4a56c573c3fb8134231532d675d787772a646af06dab544e5cfc8135329d2fbf6acf06a68b87a46c5ae85bd37c31de98f0bc96d67f654ba3cf6b95c2838ac93687f815b340cad0971ecbe106da55c9c41f3861a4c614be9553cad9fe9765c7e50e73de7541b662becc4a3cfdb1810b8821b11a0975531279306206766e5f924b5198f61c95383fc1b610b59f5e9db2cafc1450831078cb03fa4363e374933428495798c90ae2a1d180fe25e97e89fbc6541cb4ff32e533d5782610d8cd6a5c539695b9e6dfe1e8f22026016c513302418ed40b7af52adce106c6fe9467571e243caf7d33dc3df4f5d541092f6ba14d7971a094050885411048904c50618b946dfc2cdc7dbef64c8eae551d5c62afde6367f076cc5e38aec7b6d92de982b9a8e6ac92ff975240ff9a7a653e42c1f854cc71c6841925e84d8185522785b1b1befeb84e34d893b51c1e33e5e6df29913119e75afda3aba8fc7bb4770020e787d60b25466b7f619a5b83f9de34d60e559be39c4e52d7586bc20eb2482956e6c2395496373f4d62dd80abb046994911605f946b87d7f8ad2b3819ac0639e3eca06383a45eb1e30f8d31f5b38049cda566862b09b5f8118c0d2b8b03d6ff123c65f1047206865d6ea2223db8e424f96b98b53f1cbc8d41bc8858ea072ad064f4735d2ebce24a38fc96efae4f288a109ed3aeac5f97a9683889e0d145ef3cb25f58bf96487d1c703aab86c69eb7c5f8635ab2fdb375bf95b06925ca20198f0a130db517ad8007755981fd138f7e5f6a1e11b00b63c719fb3e4bc4cb96e78884649cfedad4c3774bba78c74a9e3798b2bb2f0d895322f8aa3ad654b0624fd317bf353e7c6fadcdc19f2ddd1f91e74d75f76eff006f9037d82ab6e8b7807b1467743d1406b2a2f5de5ffcd81df60e1ba588c55a2a102d0dbfb3ae814f1646081cd3db96e78c813a18c37ec256e48e0c1339b66582bb060377f8ce2385bf8d7fe1336c4c959ee72b3ac7eeccf7d53fd4b09348ed13b68c0ffcb0801c529fbe5b9358fde306d713d92379fc4a0efabcca2f02a73d59420d665ab0c899e9f2b30bffa3d2fcf803f761b44bda5b60cf6bd9bb3c5a1e14b2fc7c4e556e81ffecae909263c0ae48926d5b9e77985c46f12185e03d164e44ecb9fbfc9f356204d98e12c7c13d35edbbe1faf63933419a0d9f17f426b116707a69c87fd1fc880fdaeb88fa3e509c09b62fa0b6a18764020580ac36c79e99a66ce67a2cf94ef593f8bfd0d02fa055ac936f2889192a51631dbebed55fc80a86cc36bb1bc6ac7e5d6f1d93cc5647c312794506a175cfccb435fc2531ae04f47e418a25e5c0bff977cee4aef49a0fc18ac92685651253521d63f4638d36cf4fe8e3f1bf83a68afc7f3fff96ba72cd9c844af5da72d9312bcd9838076cf3b8924f8daf0c874eb216f61534a0b6cf652ae2b7f3f176e7e2be4c693b80b1652afd05adfb09edc276655e37cf7d15212d5f901a395aeaf177ab39e311a8fb2a18ffcb0520ae1826d0826470c18679549a450b2736f1f8938ee4b22c649eb09a70e99585654a33801904868a4952774ce5475fed96d9022b58c327c69fe4eb55f04e507f75c55120c652851c948ac0437db64726735bd4adf76185125829efe2e0acb873ad6b66d5def5e74ba64322725ea2de49448276938df71d9508d04ffc64d1173571f04177c9802f030814e567ec80642c0f4bc4139edf8a5e1b5aa6639a10311b00ffb01bfa0bd298785bd7cb4bd5028ad8cf1e807ea7f38d5aa41f80cdf7adb158b58d205a804213a155da478a9f1ed1c8c8d0051009fb852247da6d34e8e6e9ba6be9440b677edae81cb41db1c09cedd836d1dc8e6d3b9d0b7f115d0e40151d2a350a6b0dca4bf73fa400f80e1fd7dedf43281570df7d203af0882092f387198e91a2c02c77d665386342839668ec8de619950edb7ad3f163048ed26bf9fa5c69e52f70ac57afd5563247ab0339e1bdda143de97d0c44a6a175c8d692c1a3002270fb0a10fb3b13241feb2c18cd679a6ea3a49916790287629a69d489ce1c4812c353721b9cd2091d030e9f986e8746d62791c8dccc86afb03edb830093ed4aa73b45120832d8492fec8a47b946a4a1438a19da6d5d2891564dbba0d5d1a23946f396cafedb17102127fb6644df70f2b7f92a5ded0eb63e38d203df3b09e1a9f6ae898ffe88d7df3316e2e92fbfb10d6f1f7d3c9628cb723d7653836d99a48eac5cdc5cd90eac3a34c6f2def9938a0af79c0e3b97db6384feab97b98b5ead87eb6692da2b67f4b1c1f1bfee4b75ab7b0a0479847f79e112e6eac96d819c16e896d4db0b7439b1a36f7925bb31fc1433b654d6a61ce53ac07e525d60abce3e026cf33b0d6ce17d052d1bc9621b9ee8daf21a038aeec2289fb2d5b95b16ad52cce4a223be9d9d034cd9dae74f1ce8bbb32114efab35426372ed0858ffede9edfd0c2748581b61e81a3a7082583a47ba60a67be93c738d4430731ece6af471ba510ca95ff8cf55a9cfd479c01942b41ae6bbbc8723c21c7020e170235f375b15e1e3f970f3dd1c12be521e39f0609f35f0f4bac1276f89e6f33ada7a7cfa60dab20d1f3b784869c143cd15419e596f247c5ecadc5a04cc9b07df5346bfd6a745e3c084bd69bcd9ee04dad9f32259a92f754fbb6ba2e327ec16f99b5ff4d6325e66e6f34884ebfd53ca2f9a077b2d1e89ef1e68b16a79afd7bd2380d734fb46193e68c1bfe47168dc7a657f4b6b7f82ad1e469409acedea02b8f6b63b5c56a3b7776b94db2f01c5286103f5594fc4023a39e679b0ff38718e675168ac52491644249850859b02e518baa435b45b38cfa7c8114911c6655f08899002461519dd48dcd1a285f938aea1694f5e4be6385c0c28f5b0437571d2dc0b6a3e4d49e75ffc2daa0f2fa2c094258d24f00fbccdbfa2ec0975c14cc063ccc3fd2ea13a834deadc2b3acdc95947d315dfc42233c29e011d3c27f9a8d671fa189089b51770fba86b70f495db361bddbc2fdaba8a9f479afcdceae2aa78731727d7ddb82f2b3a522523d84b6a2bbb07202ddb858eb48740cd866430dfadb7709140821d7414d2ac354cfbc48a7825ea0c83155fd1c8865110db77fd57bfd4ecdb25fd38d6ca2c099884d86e3513e19cc4a9b6a487d1021ec27be4195aa8e3d80e4bcc63daecdbebd10dc1842538e915fee17723de4e5d4afb796ef7a2813da6970c02955f2977d113bc4c577da7e36435a55a6562b402b73af7d42c74bc614e543e09ba62948a29f0cb196ee113741fb6e5518e6931a3121e4199ba64e5240613967ceffda6bbbcae1452ceddaea87e07338086db823dad9158157640579d784634ad2f16a57cf00ec79b1fc9fd7f40ce9150a2f8cb8be16428f81857f7a63cbe2c533af1e6b5297df64ddec0c78a316a4511ce18cf602b47e0e500baf311ae41fba75880ef8e394eecc2dc78486efa3da6822177e4394e0a002856c857142dc95fcad535780d69119598e0ba30aed8c6b4191f9280f9a25954ef7b525c00f7956009aa7aba2f6805b6c4690558fcad07a8534791f975ca0a3abf2cfdd410a7387eb8ac1f24689cb3bc3952680a5eb70b16586d14e2d69517a7c5f84468aa9b5aece0b6bc056c7923cfd2042e3ae4c3514998597e65cfc40f697c18a653a1dc701e92a4d87f76c8aa6fc735bd4afedeab484bd728cc4d83cdf72518343cb6320f097995a0b9ca1a7f33dd0eafeff807c8a580946772b1a5e5be0b11909cda8baa0dde9a8a57c8b88b74579ad8ec1d3460af3c0f07b088a233f2b7999e24944e2f98e74b5265b93d5781adaf5a01c6278d061edb1a1ef1ac7675e66bb3e942868bc65c9991728da4bffe95038ce434d05da31954757d120a46fc7842582d48d6b0a46c484accd31fc6319f59a60d63212571e5975e02fafdee6ae6a316bcc88ded8ac6c85c63a5ab1605fe49a523bf1c2a4ddd8974a67679772ab990123df639dd084f2e3841ec6f1aef16fa0c25046e4511906887be242ef507e82dad1112f20f1eac73455950a1d2d1eea1509068a0bde74270f335ca724118676ab6fbf095ebaddeab01a09d603f1a4ea3c017a1ecd7696fdc49a2700511536052ca113d4c46d15fe329f29ba170fe2dec2405bb9170fb9c47cb2d69e6fa252ebc80fdf230cbdc9e3ab5c26d36b686c1954747a39b81af1ec3cd8f134a966cf8ee06f87a0d5c3b363480970eff731194b06932291118db6954641c54f1ccb717edfb3321f3fdb0dd0b3b2aa6900093da380ae35fb21cc1728517abf81a00ab325a4db8bba51cccc96586ed3c48eab1465feb85b6063370ab3dac96b2afab3f5bc7a0b951887bf4231302810f880e0f0b74c0c016bdeef627e1ae31e445c3096a68560d1d99ce4ebb0b22b7272ae4b971ed86a9bf1a9b62653d6cba245adb91fdec756037a01e759362955bd27d2e7b6bcf7414b3fbac431bf38dd736b5080412930b6ab2fcd8b81f2be1b61c93d5e4588e8cafd48e96de2add48f8b6ab0bed17d340c6e12cb003a074c742f61355c15aec067fdc9e7917b4c70703463a2edb9ef5d1fe79b2a5fb45be7c98aa927e737ba8deffff42b2ddd09da7313df4bd7e22254c43bdd41ff676f3ab2cd4df662452f0d9196881a23abfe5bcc3ccda83b82d795c9e318e4b030cc4ebd0e84f9cad5b8c5c13df49ab3aa7e4847899b2bed01cfa492d0c41cd90093cb0393b71ae4143e8abd58aae2c95499890148b5684875264a10896c6615b3e71ae8151aa7663631175b92e420bb4e51a0e1db41694cb5c87aa4e37ada4622ac2a012663a5fdadba310347c62eefcff07080cd449a7e80b7d0d6b4e9004fb725334794750a41efe1fb80fd8f70d6921a6e906e4119bbd1205a09fa2e4ad435270379899897cfa8e6764a8669e13f37493aa91b4382cbd2b11e7f615c74b57c2b668a56385557d7e5f0c73ea511b15d78f61ed9dbbe6dec645ba1b4c451311c0f99043d3aef3ea6b472a08d52ed0bb3d42211513ce0495e0d3edcc49335e417475a829fa8260444d75c0ff3ab33d69c7da54fe1b7fbb959c6185d6213b84e16f287b93770dc45281852c723f241d37e46e58042b0729c62e3e1bccc8875e09a084c237a48be95fbf5c4800bbb287d4e0561da69c5156a9bdb1c9305e4b0fd41a6c084b669ec7db2a470d60556a1d4fa0d75853c21179bba17c5c62bdf856120f01891894e359b35dcc3e23283c862cdc208419be0a5a0f86542cd6a9a645c975445e1030c9ca0dab98af5fb93d461281be2b5bf2751a7ae704c89c498514a7550aee7c0ee3b3988da0259bf2c10b664a508e9e5a6c8a671089c9bf70c20a3a40b9457e8172a03e6d52f58eaae2243eef08f147eedf9b0abeab0d0b348532702f0584182869905f81e653c96ac34b13097c78ee64295efe391f733ab1dfae82284372fe919af3363e7a618418d319547f1759b888358be677cec8ea475e1a932a909a2de4912c7cb60858834e6ac21eef5d488f11284316d8", 0x1000, 0x8010, &(0x7f00000001c0)={0x2, 0x4e23, @multicast2}, 0x10) 14:04:56 executing program 1: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x6040000, 0x0, 0x0, 0x0) [ 341.705443][ T2159] ____sys_sendmsg+0x360/0x4d0 [ 341.705459][ T2159] __sys_sendmsg_sock+0x25/0x30 [ 341.705475][ T2159] io_issue_sqe+0x231a/0x6750 [ 341.705491][ T2159] __io_queue_sqe+0xe9/0x360 [ 341.705506][ T2159] io_submit_sqe+0x1887/0x3360 [ 341.705523][ T2159] io_submit_sqes+0x5bd/0xbd0 [ 341.705539][ T2159] __se_sys_io_uring_enter+0x1e1/0xa80 [ 341.705562][ T2159] __x64_sys_io_uring_enter+0x74/0x80 [ 341.705584][ T2159] do_syscall_64+0x4a/0x90 [ 341.705603][ T2159] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 341.705625][ T2159] 14:04:56 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x2000, 0x0, 0x0, 0x0) [ 341.705630][ T2159] read to 0xffffffff8458b114 of 4 bytes by task 2159 on cpu 0: [ 341.705644][ T2159] wait_for_unix_gc+0x24/0x140 [ 341.705660][ T2159] unix_dgram_sendmsg+0x5f/0x1610 [ 341.705676][ T2159] unix_seqpacket_sendmsg+0xc2/0x100 [ 341.705692][ T2159] ____sys_sendmsg+0x360/0x4d0 [ 341.705708][ T2159] __sys_sendmsg_sock+0x25/0x30 [ 341.705723][ T2159] io_issue_sqe+0x231a/0x6750 [ 341.705738][ T2159] __io_queue_sqe+0xe9/0x360 [ 341.705753][ T2159] io_submit_sqe+0x1887/0x3360 [ 341.705770][ T2159] io_submit_sqes+0x5bd/0xbd0 [ 341.705786][ T2159] __se_sys_io_uring_enter+0x1e1/0xa80 [ 341.705809][ T2159] __x64_sys_io_uring_enter+0x74/0x80 [ 341.705831][ T2159] do_syscall_64+0x4a/0x90 [ 341.705850][ T2159] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 341.705871][ T2159] [ 341.705874][ T2159] Reported by Kernel Concurrency Sanitizer on: [ 341.705881][ T2159] CPU: 0 PID: 2159 Comm: syz-executor.0 Tainted: G W 5.13.0-rc2-syzkaller #0 [ 341.705902][ T2159] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 14:04:56 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) r4 = syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x2ba, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="41dfa4d835a6d98e635e33dc25d106b2abbfe4419bf27506703aab09ac5f9599514d5f0c1d67b50d17fa91ecf811149feffaa542c365614e9123ffcd1236a2c6759eb9342893b89a46f9257677265ce62560a9662579235239502668b8e83ab3e46bbb6a6e7d2090ccec8efdfbc42c", 0x6f, 0x1}, {&(0x7f00000001c0)="8b5a3070642555be9664d164b24b5ef950ff0449", 0x14, 0x7f}], 0x2000, &(0x7f0000000240)={[{@errors_remount}, {@user_xattr}, {@prjquota}, {@debug}, {@orlov}], [{@pcr={'pcr', 0x3d, 0x40}}]}) ioctl$FITHAW(r4, 0xc0045878) 14:04:56 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x3e80, 0x0, 0x0, 0x0) 14:04:56 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x803e, 0x0, 0x0, 0x0) 14:04:56 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000200870304f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:56 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0xeb01) [ 341.705911][ T2159] ================================================================== [ 341.711960][ T2158] loop3: detected capacity change from 0 to 270 14:04:56 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="24000000000000000100000001000000", @ANYRES32=r4, @ANYRES32=r5, @ANYRES32=r3, @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB='\x00\b\x00\x00'], 0x28}], 0x1, 0x0) r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) r9 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000280)='/proc/bus/input/handlers\x00', 0x0, 0x0) perf_event_open$cgroup(&(0x7f0000000180)={0x1, 0x80, 0x6, 0x7, 0x1f, 0x3, 0x0, 0x6, 0x80, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, @perf_config_ext={0x2, 0x7fff}, 0x501, 0x4, 0xa61, 0x4, 0x1000, 0xfa91, 0x1f, 0x0, 0xff5, 0x0, 0x3}, r8, 0xe, r9, 0x1) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:56 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x20000) [ 341.970569][ T2193] loop2: detected capacity change from 0 to 1 14:04:56 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x20000, 0x0, 0x0, 0x0) 14:04:56 executing program 1: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x7000000, 0x0, 0x0, 0x0) [ 342.029123][ T2206] loop2: detected capacity change from 0 to 1 [ 342.065913][ T2209] loop3: detected capacity change from 0 to 270 14:04:56 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x40000, 0x0, 0x0, 0x0) 14:04:56 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x40000) 14:04:56 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000180)={0x0, 0x0, 0x2, 0x0, 0x2000000}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x4, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x5, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) r8 = mmap$IORING_OFF_CQ_RING(&(0x7f00006d5000/0x2000)=nil, 0x2000, 0x8, 0x11, r0, 0x8000000) r9 = mmap$IORING_OFF_SQES(&(0x7f00006d6000/0x1000)=nil, 0x1000, 0x13, 0x20010, r7, 0x10000000) syz_io_uring_submit(r8, r9, &(0x7f0000000240)=@IORING_OP_WRITE_FIXED={0x5, 0x0, 0x4004, @fd=r3, 0x1, 0x0, 0x6, 0x10, 0x0, {0x3}}, 0x0) 14:04:57 executing program 2: r0 = io_uring_setup(0x50ff, &(0x7f0000000080)={0x0, 0xdbe, 0x1, 0x1, 0x3ad}) r1 = syz_io_uring_setup(0x30d9, &(0x7f0000000440)={0x0, 0x5341, 0x7, 0x0, 0x200, 0x0, r0}, &(0x7f00003df000/0x2000)=nil, &(0x7f0000418000/0x1000)=nil, &(0x7f00000019c0)=0x0, &(0x7f0000001a00)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) io_uring_enter(0xffffffffffffffff, 0x2aa7, 0xbad, 0x3, &(0x7f0000000040)={[0xc0000000]}, 0x8) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r5 = socket$inet(0x2, 0x1, 0x0) setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000000)=[{0x6}]}, 0x10) getsockopt$sock_buf(r5, 0x1, 0x1a, &(0x7f0000000100)=""/206, &(0x7f0000000200)=0xce) r6 = socket$inet(0x2, 0x1, 0x0) writev(r0, &(0x7f0000001900)=[{&(0x7f00000002c0)="051200207061d581eab732cf2b40cc918cdf189da6d20e0f10864b421a63f0caaa77ffb34ddda13afde7181edeef0b43678054874f81ce91ee9dbcc65ab24e7f180a41df201b70f0b334b5d0ccfa58a90dba84dbf6d9c50c68520a58785f574e71c8070b120c31d25dbcf532161d472c6a2c279f27065bfb06832b", 0x7b}, {&(0x7f0000000340)="f3dfd9b85b563dce2e27c1c12bbd8eaffd6053a09c93eeb28c44d44d266c710319faaef718c001d6a67e29ef9d07ee5a22", 0x31}, {&(0x7f0000000380)="62725fe36cbad9f1005801bfeb46feb77cd12d5052eceb5f68490e1cc68efe434b69963030bb251b0346d1075ecc898fc6a30e5858ae3c31322c07719137eeed3059838a6ac0df321c09003ea1dff37f148b78c1dde5e3dd909b22d10f5f228eaf0276a031cfa8", 0x67}, {&(0x7f00000004c0)="aac0fdb0197164b8a1e269391fa915331833682438ea2e8e125c872d0c8291ab3b524570ebf032b59e53a37b629a2d84da31af8c00582b5b13b263d707a2cc6b990162a558f95889e908e6d1173c12c1f8d905e080cd450ebd91c5d70405487f24326dc6e72f57253fe61acab56e634c91058f468e154b0457a7f8be6526ba65c11c2c1233ad5979aca4249d6ca61d233daa30dd86d66cd6a735c0cf808445fd047f44a388bf838df3f2e71bf164c5f089b45fa1e1e0bf72f571d18ee6cc5eaab8f9030b10fc84fb17b9c5c077e68893ce", 0xd1}, {&(0x7f00000005c0)="dc655dea7a048231c30b619a26d8462890008a757eb4057fcf26aad8967f1d72aecf2f7176fc4d26362979bdd6db046f1c8db9199cd43e059e6298e6efbd214ee01625dc546dacc09d7c12cfe023beb909df52c2b88f8f032874cf3788ab95df73bf14fb7533f1d4cf411a4c9c14acb59f01799cbce8334d8f3971f7ab6693ef847096fe5cf818f658627f2d25e9a3af58808193ec5eccc3bf1d23276e3076d5463bb6a7a60d7709677234bdffdf85a851d0f46b20c798acf31af687601ac639ccb889505371b08def76ff958295f8a1a58de27ee2d8081d8b75b75c1b4cabaed0af5faa944fedee9e1dd375217c93385a3c", 0xf2}, {&(0x7f00000006c0)="239892501189ed5ab65957abad9072aea4fe9a0d9d53f996e71bfbeaf5255fc12182ac2161134ff44801798ff272e958ea6fdf71cf7fac9881c61c2a2ba05cc1c8e939869e7388d99c6903b268f65049cd906421a1a86aee4e89aadea7b93434ac1ce9f2d0a91940715bada73a39d54c224f6e36447ecf752a8b885e874a8dbd5318d4b160dc3d1eab73cf434f03f03deeb8dc6beb0a1cb7a817ac60e92938e1c531379f6d9697608e0ddc99860e93f0738cd94551c85f7ab4a062c679f154fb4a89d9a395f70eefae6c85007d2c081e839f9f4ebf859088c2bf1e33244172583942c8ca0238f86f8876796feb9b9f0fa7b00c23d4f4db8e881392dd28d49e90ae19a35c026a647bb0c3224ea5418da439e2feb90a774b0987c88d0405263c17d2416a402ac191a4c6c4a1d256cbcc9481f00231675e17cf38ec8938127f66dc4006614436bf0860f823a7fce99d95cd9257cf05e4492b81dda87aff37630e090f8d084aa935768a3c40660f3b913338b7dedff4536acff28799ebae31b0b78a51a11e95e11c144f939c3a588ef8c0890a794efe2b1eb218221b8f5dfd68a0c57bf4563e04d2fadad8f7f7c286c57da68d86cfb4b23c76bb1f4717bbeb49c6227f77b44e1488510b0f931321da746687ec1e591abee193239c630c867a1ae9f151d12ed9c0b731f71cb1448fc9239e6b71309a2b492f5ee11337cff9f07e88fedc6b702947fc620c045d5ace94cf7bac07b8801691c06944005915f2431161553ce5d619b092d765cfc194468d557aaec86031e140c044279d686a2fb4d4aea59d9f7c78e8c379647ae7bd3997bd13b5c92ea47e17ace185f4307de433e5deb96625a7e18ed2a4e1db35542790aa11b308a99aa69ea3cb5ea6382b5c349b5354bb64ff4007a35e18f40029dd211b08a1f93112ee158db59615afc765f8ebb989724300ec72b3f84f8226cef7544eb16d55df15f8e66ec1486483d59f7cbafa2ac276789f5dcb7de816cdee51f4c195e972eeadf9cce4fe7b9698f29a6b6832baa0c1cfb9f6fb003f966ca75b8a6a57d7a92e3d1ae4dd6fd90ec8122eb80104639ca8d008c1e090ecefefd15608846efb8bb6b0c1f2a67617ac6623d3bfe8cbc535e15c160ea0b018b18659921f4c2fe5f4dc34969e411b9a25edf4b98700aeb3f1902a33193830cc9d17d755cb53e45656a9c2516dc45202770dc5e50e364ec2cf6d8ba7e97c279249167f2326c08a189c65dfb258dadb2baa693a594ecdc2e4f573e9c5682f479223480a81270130d545be95669f1f7297057e383c5d87f748a85a7549ae1dedadb9bcabb0038eb94ce04248e5369d34d6f8fc25065b6357c1fa5e2abe2d5df9fe89ca931130aff3b208a26bcb0a2dbe0482017b2001ab4ce78b91848f16e1339118d1f080932cf13c33eebffbd8a914225a26c9a5c32a2fd2cbff6c41eddfb748d1058b98f336a892ea6c5d8244389caf3306abbd9fcea7ee733f04c54944b185aac088fe482670b7e38efb1af8a2c34c7bbd0dd4ac083d81b723b5f54dd038374b6a7cbddd266b1fe48bbb7362771a43046d10c8d45352c0c1c6d3094dcfd0565fd2db59b589e2567b50841c6752c127eb5e09c3348816c6fe737e8f442f40abec3eafc8aec87b8a4426542a86ad56e5fb8d77be55d6a6cd74c2367e291883ed7fc2b7d0fa713dc1774cd98cf590a3e1de37a1de96e24820728823d7b7da7f100b4c24b6b16d16606a9504c861f9bca036b427c8ac8404ae1608e3726e6946b204acdf9c3b0a4d45189e80991ccb774940e037e96b4cb6647f34db32aed0f99648281e1df3759785b2e1f853b0ae281bcba7a50753ee616a08620cbb4ec221b27c22589f7f34b719dd2038d1aa47bf481d9c5bf3667ae01178b348f215f8e15ab92318973e03e0e6aff43d99d2bdaa46005e9835bfe18a08c7b4947d54f2640932d6c3184c424edd767287c5b0c4e77dbd83a59b42804f1737d76693bc176a72ae45f1280f636d0ba232091dd15fca6599e0f837c85c7c6c1a6f5a6e62b67af4fcd2e34212392cfc773614a3437b1afbfa44a7c50648340c2f02f3c2091d22ecf85d5ac79f20fae585513a7bb19206297945a5728373510bd3545b6df8a98cdfe841364fc9dc594a6cac6e8292e1014b303ce83c243353f59f8de72eb70a783006ec903a78259896a7c81912cfe3a6f1926e2e79814b3692e3dd9f25b0a9acb2e65fb8d5b746a06a0c732e16e90cc6a3b3f742594bcb1c43ab61af4eb2ded9d8190d1dee2058b614ff38ae209b2a1b3c8183c8dcc26dd6ace61b352a798a057b4c8cf78b6c677374742537d8b6f0a2980fdd9462e7f331c21d7b38d10a6149913e4682edc2b33733a633f15e358064e630bb199d304ce4242e582757ed0a9615cf159ed55d347c61f8d6e3bce67df97e610d9bb79565faedc34a40627313d27acdd69d5d4fe89eaf5cb41e5b15cb450e4a01218e4fb6e7f85903e17eabf13ef368280d543bfefd9631287ee11a4e8e876c5f008b2570aacd0da32b989b16ce800de70ce3ae61f4ca42791addbe5aeb5767a7cb261cc0450a1fca9fd0ec4ef3b23eb725dfe797aba127e8a5011f6c4ae3670d27655abcf4b672efe69d802fbfca4f93947e64991034e12bfbcc1a29271ab850f7883bd6bd3648db6a5df095c064659fa1bb525af3898dde6ee6d9a1a6d022f1944a7acdd17cd681e0859bd7a31fba677d13979f0d0ee3564ce219c9a9672e9a39e967a3c4b0e7ee25075617da1e09485357a1113293196cf2fa1497509774684b5db7e73d43158c5438af4a862c552426e7fae44371604a10f1265a9190fe7372e0dd9f00d687c347db73803df3533b2a30f1bdc1892b6320b2de7557d7d3605fd6b1b86b18068b96e19894438b594fa113c4516d210422466e14b612c8c5b5ad132be26e24cd363c24fae147e4b5c26f6b4717a6ca5c59465163f3786cf7e429a85339a27ff582559dabab4c32249d5cf142b3076163e171787e817bef0738d0b8b1b88fb0c2c85ab2d6935a2d06498a6faed36d64ff62ed3a40978653d39418220689ecd6662d041f9085538c2fdbc74b911a37def00597c992617b5717fdc1c9deb3e2b97093a5fec0f2a2c2754b885a411eb8c3e9960ec13172545ba1d22515c578bd19ae4f966b8419139d236bf4b7c52b5bb2694c650a2952e2960ae9870edb2ba661ec981b1a5270eccfd78160349315d2a60978217d5bd7676dae6dd95b7cd5e2efe252ba0dbc758b27ed7235bc0b2d1a63efe9487c5e9113a498f5073778bf3f306b4584ba81e730e09f6313fdfbca92cbd8eb9251ef40ef92e6d650bf212e0fffcd3dd8f242a1e6e094053865a650cfd4a7746470ec3a32b89124288161ec8115048e790c8e4d0289d7141b7e19a682d22adda6180dc2eac2d4d170a72ff3de8c2f9e32d9893449c40af87400b9b22a14bf0c2f238bda69ba9a5741220886d1aacdd6a218f8512bcbeaab7b2663efe8c3e46b5fbf28e70c5b136cd4c430ff54009f53f3ff56f1d6b9fa428d786fb8024af71d35700d2aea368fb7b66e8597a7323349d200e2cc719dfe88fc1eade93a89b7397a35e4fcd81a69106ac8d857c6ba952f80789436f570b601c57b6caf69fb5cd54dcfa50d0cff8f38cfeda448712fef4321f8c7e5be68c9bfdc011cbc309f7b7c36ab1513782f531143f19cfca0198e1fc705d22d3343ce1006427ce2b83a62edf0b7679a78ba40f4dcea1e1169d6603d55fc042fc58c083337edd3cf0d86374bfc8ec2a016c73f8427476188ca4f086601a1fa54a6a084433db7bfd6bd3ae575f096cd01a041a834a0c7395b31209714aadaced80c8d58f74883d510e7348b3f4e219973413203ba632cdef2a0ab8c3e1d3553831512a59edb82979d6354628c8e3497dd44a94d136494015c8f6977fb3cc5f561b71a1257034788bd759738cb1265615d23899abf51dbd290a2aa1c5d383b2787bf4d66f26bace7901baf50a4f1b1eae9929743dc178af429c8184af240d2e9b8ab2f6b83f0951800fada7c544e4a4baa7bc95250cdb82cc31d1d379796891c01e24fb0b446d7066fa3aa92b09c22dd399ae2b0a86c82185fd29a8d1dfbad2cf3c1652c76b0e718387558bfa9bab48e17d45e81106bb0ac13ff79cbbb057e75f380b52a52822312f453a23b9ab7f0e1e9e68c76d5025ee5ced68a78be673338b3e13547e19947180830d894fb85971401919eb28079a96f5725ebc3054cdd6e9cfd18471f397dd260c4ca8833572bf73d45e9e415450b75762992f295661768e0a24fa1c2141d462c704e75a61ec79f5f1c517153790bcd5a67436edbe30bb68d290e3416e5b5caba5487167c1d602333e2d2ba3ab69bab3c91ba0343a448a3c0a28dd9d0548743f774c0357f624efdd4ef3be721f1752cc0322d244e553017bd4879514f6f7ba1664cd456b2cc7b86f41c4c601b7d1e2fcd2938da12293159d3aa51e47523d832815a2e6fdbeda0bb39f3509efc63552f8968649ce1a282994c809e1e5e11876cddb27bf502671a91ed23d4c76e431e1fb20ee2c102a08a1d142db49d7c177f409e0939786875cfcdb06d212923ccb85981df9016eaf789c6da8e9ad2e96e4c787ddd5c36bf930f7e84633c9d6e679a059cb0cd3089d4517f9eddca2d21cd04e232b00f07e32c331808224b8342894d79774d07632081eda0acec7448b9d64f1cb58ff382bdfc7c7ff7c02dc99842c4a76b65e1c633b170e33846887096bd4e390e90f34791773b26e86af0a13d6456e3d260ecbb714558afb4ee0192ea687a33a2576bf836b4b68e3b46e339a32a410c441169318eedf3024542823ecbc764ae4b7c7addcbc4141aeb6aed2efb001802fa99a521b0add65967685ed38e917b552a64e4b9ea2ced2d1415d3efeb163e4a89faea128c8c831b743cd3880d454a8ec25da0925d257dc4b8f7dd5c09ff2fde133997567315a1c28e169a98da0ae4f1ceda9e3ad09e86a19b390faa3d9a1a5f78f6a9183c3e0902ff3a8e8e1f91798f593eec68e87ab53b662a549f3080b3d3b8bd28cd6f1664e6f93e692d1d89a256a950e103e8b795ef314a9ff4c26346a641a152f9ce9a6b197c10074c021615256c35ed141d5fa9ae29222b9db6a132c462a18389ada8df1bc8370bb2b55aab835421d692da39e5b7cb0660540cf636d49be5c646db426a43b7497af91f58f5fb61cc27e54eef1027e518fdbcf56672a03f0580be811468d5bc7843be8283430f76bace2583feaaab48a2507fc404be3b885788330f1a43aa758d67225e67b8a5975d519cdf07127737c09cee052c7417b8fa37b3bc8f7f506e0adb5380e132b03941a9734413d1dbb5deb596fb2f3a6d59337680dc5337d32239576ebbc406f712f3ebab7f56d0f626d301fcd13eb02c9d3b00ef087298ca681bc7d1b7b0c051ddf13591433ee315541b678cf9d5e223353a66ccfb727e707dcb1d88630edcc3849dd8128cdd19f07cb8ad75b49d1bb2d5396577e86ede478cf44f4d6abb84657572a966b5e0c0e83e14ba4d3c02d423d05c85f614c8d991a43f4f192b5c12eb638e67834258c26203e412133ce3ff606142925b97bfd3496e6d899379439f8130334d1135bc3a503fad1a8023d86716706276406adcae5f994a353ae83e386093f350bfe7c5a97ff058c70a4d9f73fdb6018fe08ad30958bab9ff67b669dbbf9332d80378d0a96aba5c38d75399e42c4ade6259201b6d384313b14428778464d23eed60adc9804be9f5284385f90f8ff2fd06", 0x1000}, {&(0x7f0000000400)='rD', 0x2}, {&(0x7f00000016c0)="0f411bcc73893ece5e15853650c14677d0d1e68ed48a7548a8a7e501712befb34297ddc6b1fed474376a811419aa8d755a237d6e55b92db5145095e0192a0a46cc072d2c75f1c2a24df29eaa4572e09380cd1d8f3c229e40187c1ac7", 0x5c}, {&(0x7f0000001740)="41d7d7de587e73b2606eadaab70adc4334117d7103538cb687351eae713e720b31152951086c964f57afba406dfd6b990b4035ac080222b3bdfaba15d803884b60cfdbce5bbb3846f551794f947965f99f41301e13d34559392c02520961c86a51e663429ad4c9dee6decf9bfbee71b776f5ce280a1bc514f05918e0a566e3fd1abb5a97a95be71904e658cbc6b5da94937648e7b30cbb5a72fc7bf173f5d9501787aa3d9ea6ed", 0xa7}, {&(0x7f0000001800)="7e4a7aa905cfe8613bb532856ec1f28aed94d5a55b9c99f8b20397c81533e88cbc78c0b64fe085ae71d14b20e47454518aa154365301fb301f29758149a5d9356a218c06ec2c06180bb859cab0f1b2aac08a68126039b14b308e6f6c2e572f83575f2f1cd58e343aadb9028db9da7e5be02c1a34d5f9cc9720593587f164c81413379eeef72081e5b24504dea6fbc6401e9988f9f1bae675fbb9117e75cc1973da7bfe161743999dd1b0f12c18bd3c0a1952e139b9b513ca9d43097662addd7c85c4b50d46db7e8ec963a3fc175b3a7e9da3e4695cfa4af0386eaa3a4f122526165231e513fd", 0xe6}], 0xa) r7 = syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000002580)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000240)={&(0x7f00000003c0)={0xb8, r7, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_LINK={0x10, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_NODE={0x10, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x8}, @TIPC_NLA_NODE_ID={0x4}]}, @TIPC_NLA_LINK={0x84, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3ff}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x54, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x49}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x318a6420}, @TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0x4}]}]}, 0xb8}, 0x1, 0x0, 0x0, 0x20000040}, 0x800) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000001c80)={&(0x7f0000001a40)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000001c40)={&(0x7f0000001a80)={0x1ac, r7, 0x200, 0x70bd26, 0x25dfdbfb, {}, [@TIPC_NLA_PUBL={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x49}]}, @TIPC_NLA_MEDIA={0xfc, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xda}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x2}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1b}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1000}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xff}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfa}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}]}, @TIPC_NLA_MEDIA_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xe3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x81}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}]}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x80}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1000}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}]}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1000}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}]}]}, @TIPC_NLA_BEARER={0x90, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e24, 0x9, @rand_addr=' \x01\x00'}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0x2, @private0={0xfc, 0x0, '\x00', 0x1}, 0xd9}}}}, @TIPC_NLA_BEARER_NAME={0x11, 0x1, @l2={'eth', 0x3a, 'macvtap0\x00'}}, @TIPC_NLA_BEARER_PROP={0x4}]}]}, 0x1ac}, 0x1, 0x0, 0x0, 0x10}, 0x10) setsockopt$SO_ATTACH_FILTER(r6, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000000)=[{0x6}]}, 0x10) getsockopt$sock_buf(r6, 0x1, 0x1a, &(0x7f0000000100)=""/206, &(0x7f0000000200)=0xce) setsockopt$inet_int(r6, 0x0, 0x0, &(0x7f0000000240)=0x7673b2b8, 0x4) io_uring_enter(r1, 0x10006196, 0x0, 0x4, 0x0, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r5, 0x891b, &(0x7f0000000280)={'sit0\x00', {0x2, 0x0, @initdev}}) [ 342.137983][ T2209] FAT-fs (loop3): Directory bread(block 270) failed [ 342.168098][ T2209] FAT-fs (loop3): Directory bread(block 271) failed 14:04:57 executing program 1: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0xf000000, 0x0, 0x0, 0x0) [ 342.203503][ T2209] FAT-fs (loop3): Directory bread(block 272) failed [ 342.215603][ T2209] FAT-fs (loop3): Directory bread(block 273) failed [ 342.227615][ T2209] FAT-fs (loop3): Directory bread(block 274) failed [ 342.237559][ T2209] FAT-fs (loop3): Directory bread(block 275) failed [ 342.245272][ T2209] FAT-fs (loop3): Directory bread(block 276) failed 14:04:57 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0xf000000, 0x0, 0x0, 0x0) [ 342.252025][ T2209] FAT-fs (loop3): Directory bread(block 277) failed [ 342.264219][ T2209] FAT-fs (loop3): Directory bread(block 278) failed [ 342.275068][ T2209] FAT-fs (loop3): Directory bread(block 279) failed 14:04:57 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000200c40304f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:57 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x1000000) 14:04:57 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x20000000, 0x0, 0x0, 0x0) 14:04:57 executing program 1: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x14020000, 0x0, 0x0, 0x0) 14:04:57 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = syz_mount_image$msdos(&(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x1, &(0x7f0000000340)=[{&(0x7f0000000240)="267826cc15453491a7772be041137c8fcded20d17432e4bc585f4c503a9259c23a03f7cdb23dc3616bdfccf5f4322b4de4c410ca8227602aa7bf4878c12240145cbf4e082e0dec0eb8f7a3272b25d15262b38881be3232d97909762b40c9056b18e64fe103b86680bed57ad29f2cc7b51b5ce8c2034d680a30c7e51ad6e5292dff7bd388a880ffc9bb804dc2ea60fe8198cfb30cfaf3fe09fa98b66419fa82cb26b5e52bf702f5af57529df18b21f593b4243d47b812d00cfff480118a26d5e9fb", 0xc1, 0x200}], 0x4000000, &(0x7f0000000380)={[{@fat=@dmask={'dmask', 0x3d, 0x1}}], [{@smackfstransmute}, {@obj_user}, {@fsmagic={'fsmagic', 0x3d, 0x2}}, {@subj_user={'subj_user', 0x3d, '\x00'}}]}) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r5, 0x800c6613, &(0x7f0000000400)=@v1={0x0, @adiantum, 0x2, @auto="fa163168237a12b0"}) r6 = socket$inet(0x2, 0x1, 0x0) r7 = socket$inet(0x2, 0x1, 0x0) r8 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="24000000000000000100000001000000", @ANYRES32=r4, @ANYRES32=r6, @ANYRES32=r3, @ANYRES32=r7, @ANYRES32=r8, @ANYBLOB='\x00\x00\x00\x00'], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 342.400019][ T2279] loop5: detected capacity change from 0 to 2 [ 342.407902][ T2279] FAT-fs (loop5): Unrecognized mount option "smackfstransmute=" or missing value 14:04:57 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x803e0000, 0x0, 0x0, 0x0) [ 342.447693][ T2286] loop3: detected capacity change from 0 to 270 [ 342.472805][ T2286] FAT-fs (loop3): Directory bread(block 270) failed 14:04:57 executing program 1: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x20000000, 0x0, 0x0, 0x0) 14:04:57 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0xeaffffff, 0x0, 0x0, 0x0) 14:04:57 executing program 2: r0 = syz_io_uring_setup(0x734, &(0x7f0000000440)={0x0, 0xd0b8, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) syz_io_uring_setup(0x6ad4, &(0x7f0000000080), &(0x7f0000ee8000/0x3000)=nil, &(0x7f00006d7000/0x1000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) r6 = open(&(0x7f0000000000)='./bus\x00', 0x103042, 0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r6, 0x100000000000000, &(0x7f0000000500)=[{&(0x7f0000000180)=""/22, 0x16}], 0x1}, 0x0) ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f0000000340)={0x0, 0x100000000, 0x8000}) ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000280)={0x0, 0x407, 0x401, 0x1}) ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001200)={0x0, 0x0, {0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct}}) ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000001600)={0x0, 0x0, {0x2, @usage=0x1ff, 0x0, 0x8, 0x200, 0xf, 0x2, 0xffffffffffff8001, 0xe0, @struct={0x1}, 0x3, 0x1, [0x8, 0x4, 0x58, 0xffff, 0x6]}, {0x100000000, @usage=0x9ca, r7, 0x2, 0xfff, 0xffffffffffffffff, 0x9, 0x80, 0x62, @usage=0x100, 0x100, 0x0, [0x5, 0x6, 0x6, 0x1, 0x8, 0x7946]}, {0x200000007, @struct={0x8, 0x12}, 0x0, 0x20, 0x2, 0x83, 0x10001, 0x15b575bac000, 0x28, @struct={0x5, 0x1f}, 0x87, 0x8, [0x20, 0x4, 0x7fff, 0x538b7e3d, 0xfffffffffffffffb, 0x80000001]}, {0x401, 0x1f, 0x96}}) ioctl$BTRFS_IOC_DEV_INFO(0xffffffffffffffff, 0xd000941e, &(0x7f0000000100)={r7, "ccc6029f7be2467faa10185bac2e832b"}) ioctl$BTRFS_IOC_SCRUB(r6, 0xc400941b, &(0x7f0000000540)={r7, 0x4, 0x3, 0x1}) r8 = mmap$IORING_OFF_SQES(&(0x7f00006a7000/0x1000)=nil, 0x1000, 0x2, 0x80010, 0xffffffffffffffff, 0x10000000) r9 = socket$inet(0x2, 0x1, 0x0) setsockopt$SO_ATTACH_FILTER(r9, 0x1, 0x1a, &(0x7f0000000280)={0x4, &(0x7f0000000240)=[{0x7, 0x6, 0x20, 0x5}, {0x101, 0x8, 0xff, 0x9}, {0x4600, 0x5, 0x20, 0xfff}, {0x1, 0x88, 0xfd}]}, 0x10) getsockopt$sock_buf(r9, 0x1, 0x1a, &(0x7f0000000100)=""/206, &(0x7f0000000200)=0xce) syz_io_uring_submit(r4, r8, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x3, 0x2000, @fd=r9, 0x29e939ce, &(0x7f0000000140)="ff71e7c5e056ce2ba387610042a14dafca57f223b9aa6d18679ae0da83539cd342f3de576cc9e2b02d2058dcc0f70fe2673fb4004072120b42ea92692998c6a2a1ed8caa1eb995cad89f83bebe8ebc9d9664dc7b4e6e4ad977f7e26d1876c12ac55d8e861376f7ee3296a4f308a5093c1576314eb0a8955d776e8f471eac119ce9f8d0c1135b9768fc3e3daa6caae89a5f1698d039d4bdd1831f4bbffe16ba4c3ab14f9a59df", 0xa6}, 0x7fff) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 342.472826][ T2286] FAT-fs (loop3): Directory bread(block 271) failed [ 342.472937][ T2286] FAT-fs (loop3): Directory bread(block 272) failed [ 342.473033][ T2286] FAT-fs (loop3): Directory bread(block 273) failed 14:04:57 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00006d5000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_setup(0x6ad4, &(0x7f0000000080), &(0x7f0000ee8000/0x3000)=nil, &(0x7f00006d7000/0x1000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) r5 = open(&(0x7f0000000000)='./bus\x00', 0x103042, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000000)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r5, 0x100000000000000, &(0x7f0000000500)=[{&(0x7f0000000180)=""/22, 0x16}], 0x1}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x11c, &(0x7f0000000180)=0x9, 0x0, 0x4) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) r6 = syz_open_dev$char_usb(0xc, 0xb4, 0xfff) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TEE={0x21, 0x4, 0x0, @fd_index=0xa, 0x0, 0x0, 0xee2, 0xb, 0x1, {0x0, 0x0, r6}}, 0x3) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r8 = socket$nl_audit(0x10, 0x3, 0x9) r9 = socket$inet(0x2, 0x1, 0x0) r10 = socket$inet(0x2, 0x1, 0x0) r11 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r8, r9, r7, r10, r11]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) r12 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r12, 0x0) ioctl$FS_IOC_FSSETXATTR(r12, 0x401c5820, &(0x7f0000000040)={0x8}) sendmsg$NFNL_MSG_CTHELPER_GET(r12, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[@ANYBLOB="380000000100fcffffffffffff0000000300000a080003400000bb9f08000640000000000905010073797a31000000000800054000000015"], 0x38}, 0x1, 0x0, 0x0, 0x4004014}, 0x0) 14:04:57 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000200c50304f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) [ 342.473053][ T2286] FAT-fs (loop3): Directory bread(block 274) failed [ 342.473068][ T2286] FAT-fs (loop3): Directory bread(block 275) failed [ 342.473081][ T2286] FAT-fs (loop3): Directory bread(block 276) failed 14:04:57 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x3f) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:57 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0xeffdffff, 0x0, 0x0, 0x0) [ 342.473094][ T2286] FAT-fs (loop3): Directory bread(block 277) failed [ 342.473107][ T2286] FAT-fs (loop3): Directory bread(block 278) failed [ 342.473123][ T2286] FAT-fs (loop3): Directory bread(block 279) failed [ 342.494749][ T2279] loop5: detected capacity change from 0 to 2 14:04:57 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x2000000) 14:04:57 executing program 2: ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f00000004c0)=0x0) waitid(0x1, r0, 0x0, 0x2, &(0x7f0000000500)) ioctl$sock_inet_SIOCGIFADDR(0xffffffffffffffff, 0x8915, &(0x7f0000000400)={'syzkaller0\x00', {0x2, 0x0, @empty}}) r1 = socket$inet(0x2, 0x1, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000000)=[{0x6}]}, 0x10) getsockopt$sock_buf(r1, 0x1, 0x1a, &(0x7f0000000100)=""/206, &(0x7f0000000200)=0xce) ioctl$sock_SIOCGSKNS(r1, 0x894c, &(0x7f00000005c0)=0x8) r2 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) r5 = fsmount(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGIFVLAN_GET_VLAN_VID_CMD(r5, 0x8982, &(0x7f0000000680)) syz_io_uring_submit(r3, r4, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r6 = openat(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0x202000, 0x140) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r6, 0x0) preadv(r6, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmsg$OSF_MSG_REMOVE(r6, &(0x7f00000003c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="68020000010501010000000000000000000000055402010002000000ff7f00000209200003001a0073797a300000000000000000000000ec0000000000000000000000000000000052c1e16c5e19eaf65c221d88fa7019da795834431957b4fed6d26ff8a2fcd1c9bbb537e06828dd480c0b9abf9a571d5f13dc35136592534b167b88dbcf0f87d00000030000000000050000000100060c01000000020000000700ce990100000004000000c20a030003000000bb96ffffff0100100100000001000000ba060800010000007d030000000009c500000000080000001f0000000300000092040500010006000000000005007c0000c0ff03000300000024030000fdffff7f00000000da0a0000faff060000000000010001000900080001000000050000000200f0000100000009000000030008000100000080ffffff00800900010000000700000002000000c2e2fa51000000000200030000000000ffffff7fc4a5000001000000000000000900000003000000080000003f0003000100000000000000ff07ff01000000000600001008000200000001000080593e010000000000020000000000c0000100000082000000ac0600000200000005000000010407000200000039c100002c00ed0e00000000ff0700000100050001000000010000001d3c08000100000020000000ab00040001000000fdffffff890b06000300000000800000b100010000000000010000008100400003000000080000000002180a02000000ffffffff0300001000000000030000000200070001000000350000000500010001000000000000007400ff0100000000ab05000000106ebd030000000800000000"], 0x268}, 0x1, 0x0, 0x0, 0x11}, 0x40) r7 = openat$full(0xffffffffffffff9c, &(0x7f0000000600), 0x8c00, 0x0) fcntl$setownex(r7, 0xf, &(0x7f0000000640)={0x1, r0}) io_uring_enter(r2, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:57 executing program 1: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x40000000, 0x0, 0x0, 0x0) [ 342.494972][ T2279] FAT-fs (loop5): Unrecognized mount option "smackfstransmute=" or missing value [ 342.653574][ T2322] loop3: detected capacity change from 0 to 270 14:04:57 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) r8 = fsmount(r7, 0x0, 0x72) ioctl$sock_inet_SIOCADDRT(r8, 0x890b, &(0x7f0000000240)={0x0, {0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x38}}, {0x2, 0x4e24, @private=0xa010100}, {0x2, 0x4e23, @multicast1}, 0x100, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000180)='ip_vti0\x00', 0x5, 0x3f, 0x2}) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:57 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x6ad4, &(0x7f0000000080), &(0x7f0000ee8000/0x3000)=nil, &(0x7f00006d7000/0x1000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) r6 = open(&(0x7f0000000000)='./bus\x00', 0x103042, 0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r6, 0x100000000000000, &(0x7f0000000500)=[{&(0x7f0000000180)=""/22, 0x16}], 0x1}, 0x0) syz_io_uring_setup(0x6ad4, &(0x7f0000000080), &(0x7f0000ee8000/0x3000)=nil, &(0x7f00006d7000/0x1000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) r9 = open(&(0x7f0000000000)='./bus\x00', 0x103042, 0x0) syz_io_uring_submit(r7, r8, &(0x7f0000000000)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r9, 0x100000000000000, &(0x7f0000000500)=[{&(0x7f0000000180)=""/22, 0x16}], 0x1}, 0x0) r10 = openat$cgroup_netprio_ifpriomap(r3, &(0x7f00000000c0), 0x2, 0x0) syz_io_uring_submit(r4, r8, &(0x7f0000000140)=@IORING_OP_EPOLL_CTL=@mod={0x1d, 0x4, 0x0, r3, &(0x7f0000000040)={0xd0000014}, r10, 0x3, 0x0, 0x1}, 0x1) 14:04:57 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0xf5ffffff, 0x0, 0x0, 0x0) 14:04:57 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x2040000) [ 342.739995][ T2322] FAT-fs (loop3): Directory bread(block 270) failed [ 342.764906][ T2322] FAT-fs (loop3): Directory bread(block 271) failed 14:04:57 executing program 1: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x42000000, 0x0, 0x0, 0x0) [ 342.800440][ T2322] FAT-fs (loop3): Directory bread(block 272) failed [ 342.807923][ T2322] FAT-fs (loop3): Directory bread(block 273) failed [ 342.825376][ T2322] FAT-fs (loop3): Directory bread(block 274) failed [ 342.843039][ T2322] FAT-fs (loop3): Directory bread(block 275) failed 14:04:57 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0xfffffdef, 0x0, 0x0, 0x0) [ 342.851159][ T2322] FAT-fs (loop3): Directory bread(block 276) failed [ 342.861310][ T2322] FAT-fs (loop3): Directory bread(block 277) failed [ 342.873656][ T2322] FAT-fs (loop3): Directory bread(block 278) failed [ 342.885280][ T2322] FAT-fs (loop3): Directory bread(block 279) failed 14:04:57 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000200c60304f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:57 executing program 5: r0 = syz_io_uring_setup(0xa8000187, &(0x7f0000000180)={0x0, 0xd8e9, 0x4}, &(0x7f00000cb000/0x4000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) socket$nl_audit(0x10, 0x3, 0x9) r4 = socket$inet(0x2, 0x1, 0x0) socket$inet(0x2, 0x1, 0x0) r5 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)}], 0x1, 0x40000) recvmmsg(r4, &(0x7f0000000380)=[{{&(0x7f00000002c0)=@can, 0x80, &(0x7f0000000240)=[{&(0x7f00000000c0)=""/9, 0x9}], 0x1, &(0x7f0000000340)=""/5, 0x5}, 0x2952}], 0x1, 0x20, &(0x7f00000003c0)={0x77359400}) sendto$inet(r5, &(0x7f0000000240), 0x0, 0x20004000, &(0x7f0000000280)={0x2, 0x4e24, @private=0xa010101}, 0x10) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:57 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0xffffffea, 0x0, 0x0, 0x0) 14:04:57 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x6040000) 14:04:57 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) r4 = socket$inet(0x2, 0x1, 0x0) lstat(&(0x7f0000000300)='./file0/file0\x00', &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0}) quotactl(0x1000, &(0x7f00000002c0)='./file0/file0\x00', r5, &(0x7f00000003c0)="0a6f2ebd7541332db5057b9748ee12e1f82b115951be00907733fac2a3203d2aa79f23fd272e1c09f23048585de0f63c39dfc27a478396b1808fd2dbbdae5ee69af35b3467") r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000233000/0x3000)=nil, 0x3000, 0x2000000, 0x40010, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f00000004c0)=@IORING_OP_NOP={0x0, 0x3}, 0x6) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000000)=[{0x6}]}, 0x10) connect$inet6(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x67, &(0x7f0000000100)=0x2e4, 0x4) getresgid(&(0x7f0000001d40), &(0x7f0000001d80)=0x0, &(0x7f0000001dc0)) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001f00)=[{&(0x7f00000004c0)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f00000007c0)=[{0x0}, {&(0x7f0000000640)="561f3c6b263e45805ea346a0d12f3bb686a99af706974930d50f16615a734614f7c0cd43848713ad18e72ea1b52b91679bfa1e371d873ca950b6c8ab2c1ac9982c0632147ec6462fb104d287e8ed9a9f49002c432d676ae8a77d7dce67e0", 0x5e}], 0x2, &(0x7f0000000940)=[@rights={{0x1c, 0x1, 0x1, [r3, r4, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xa0, 0x4}, {&(0x7f0000000a00)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000d40)=[{&(0x7f0000000a80)="b704552cd93c4261106eafcb62f9cde3b9dac082bb10f596b40cbf86cb4f81c83f25c862c1e49c07dec3b1562b81d8963f7a620931f24f8c1ffe57361c21ed126c68d1f4fdfe7a7ef03503913d945a5e652225cee0b0a8df931cf45e6b866eb08a58f8baffe67b8a4d12388af2f7ee04bc7da55c513d0fa7965350ed69ba06c67c3cc2496a90bdd0b6c84f2498c9314ac86e2e6699f7391e05", 0x99}, {&(0x7f0000000b80)}, {&(0x7f0000000c40)}, {&(0x7f0000000cc0)}], 0x4, &(0x7f0000000ec0)=[@cred={{0x1c}}], 0x20, 0x5}, {&(0x7f0000000f00)=@abs={0x1}, 0x6e, &(0x7f0000001180)=[{&(0x7f0000000f80)="91ada61214e529265cc3c648429ec1dc3006121ff36f924f803329e11f3ef746214290f6efcbae3faf8d60ebd71a29", 0x2f}, {&(0x7f0000001000)="f453", 0x2}, {&(0x7f0000001040)}, {&(0x7f0000001080)="df35c2793bba6d525edfc4243c49045c334d2c7d8d6984574e3f11cd087701b103212f4aadf8350645bb2a6904e096067792f512da5f8996f9bfd84bbaad1dc419d484323d2c821be324882919ef6b164c1be55b270365396391b268a876738de37e015fa30927bf528ba50e3611623937b0900a72570475df08c453f8f603f32eed09d74d91fa218d42d095873866671a101155275784b9e46eadf8063b2d5dabd68ee0b20e6cf55863db7e88974a0ca26dc24444993bbf28cf306f1ac13f680628bf5a14d7f432e1351615ac1987097b619adc3bdae63ab3259ac6878376e277b63309d3d55e3afecee953286b7b14fd895337c514fafab0e89e513c8ac1", 0xff}], 0x4, &(0x7f0000001400)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0x38, 0x10}, {&(0x7f0000001500)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000001640)=[{&(0x7f0000001580)="8fc3eb01813c78c5f3ec69367ecc321633cbdaf82e860e164c9adbadc36d376e23d953737c4efbfc4769ca552d1ef3948afbf75b52ba0114a5bac2511fe2734a78c740394215334657bed33cd4c4384ea4945e8212e09a428a07349c8c7222a9b9516fd2f1bfb9ebb8fc74565d22bcdd139832f885c8ccd848fab06b700863814e672042152b76a0fccb95b93406ca64e53b593e3975d0d262e7a8ed15248989ca1932f932210047108814059b82261c7cc2ca", 0xb3}], 0x1}, {&(0x7f00000019c0)=@abs={0x0, 0x0, 0x4e20}, 0x6e, &(0x7f0000001b00)=[{&(0x7f0000000800)="fc852c93067ad3e209aaca5121f27c50fff959060038ffc65c9538b24783fc2462a660a3fa2277249894248fb4a30cf59ddb760717d44cec1f93c07c79c1b48201e81cc1d5c12131b284f2f307f790b5259f3e52f8124940f4e530a9b38749e9543b874e19af7b33f0ce8888d93fce878b6aad023a62f7b101c801190026d170a1846890b81406000000000000007980ed5d96f6f6474a8c32235d77e73ccbe305d7aef382731662ee0174b19e57c6cc9be52a745a70eae395ef9368ec2e74458feb262070133beab4c4ad2a11d27f15965c75176f4b3eb789e9e8a0fa5445d0a8ce420ab5168ffe13e302f25fb3a602b839e0b2ac1c54147e9b925c115f94f86cc45174a72d", 0x106}], 0x1, &(0x7f0000001e00)=[@rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x10}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xffffffffffffffff}}}, @cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xee00, r7}}}], 0xd8, 0x805}], 0x5, 0x4040100) chown(&(0x7f0000000500)='./file0/file0\x00', r5, r7) getsockopt$sock_buf(r4, 0x1, 0x1a, &(0x7f0000000100)=""/206, &(0x7f0000000200)=0xce) preadv2(0xffffffffffffffff, &(0x7f0000000280)=[{&(0x7f0000000140)=""/116, 0x74}, {&(0x7f00000001c0)=""/142, 0x8e}, {&(0x7f0000000080)=""/38, 0x26}], 0x3, 0x40, 0x8, 0x0) openat(r3, &(0x7f00000000c0)='./file0/file0\x00', 0x13d483, 0x11c) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:57 executing program 1: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x803e0000, 0x0, 0x0, 0x0) 14:04:57 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) socket$nl_audit(0x10, 0x3, 0x9) r4 = socket$inet(0x2, 0x1, 0x0) r5 = socket$inet(0x2, 0x1, 0x0) r6 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="24efff0000000000a11afd7f6f759e5e", @ANYRES32=r3, @ANYRES32=r4, @ANYRES32=r3, @ANYRES32=r5, @ANYRES32=r6, @ANYBLOB='\x00\x00\x00\x00'], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:57 executing program 1: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0xeb010000, 0x0, 0x0, 0x0) 14:04:57 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x7000000) 14:04:57 executing program 2: syz_io_uring_submit(0x0, 0x0, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) lsetxattr$security_selinux(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), &(0x7f0000000400)='system_u:object_r:su_exec_t:s0\x00', 0x1f, 0x0) preadv(r0, &(0x7f0000000300)=[{&(0x7f0000000040)=""/51, 0x33}, {&(0x7f0000000140)=""/141, 0x8d}, {&(0x7f0000000080)=""/94, 0x5e}, {&(0x7f0000000200)=""/34, 0x22}, {&(0x7f0000000240)=""/167, 0xa7}], 0x5, 0x3f, 0x7ff) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(0xffffffffffffffff, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:57 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0xfffffff5, 0x0, 0x0, 0x0) [ 343.047335][ T2396] loop3: detected capacity change from 0 to 270 [ 343.081016][ T2396] FAT-fs (loop3): Directory bread(block 270) failed 14:04:57 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) socket$inet(0x2, 0x1, 0x0) r5 = socket$inet(0x2, 0x1, 0x0) r6 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) r7 = socket$inet(0x2, 0x1, 0x0) setsockopt$SO_ATTACH_FILTER(r7, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000000)=[{0x6}]}, 0x10) getsockopt$sock_buf(r7, 0x1, 0x1a, &(0x7f0000000100)=""/206, &(0x7f0000000200)=0xce) r8 = socket$inet(0x2, 0x1, 0x0) setsockopt$SO_ATTACH_FILTER(r8, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000000)=[{0x6}]}, 0x10) getsockopt$sock_buf(r8, 0x1, 0x1a, &(0x7f0000000100)=""/206, &(0x7f0000000200)=0xce) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=[@rights={{0x24, 0x1, 0x1, [r4, r8, r3, r5, r6]}}, @rights={{0x18, 0x1, 0x1, [r7, r4]}}], 0x40}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 343.087913][ T2396] FAT-fs (loop3): Directory bread(block 271) failed 14:04:57 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000200c70304f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:57 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xedf209fb81ca5202, 0x0) open(&(0x7f00000000c0)='./file0\x00', 0x10800, 0xd1) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 343.087942][ T2396] FAT-fs (loop3): Directory bread(block 272) failed [ 343.087960][ T2396] FAT-fs (loop3): Directory bread(block 273) failed [ 343.087978][ T2396] FAT-fs (loop3): Directory bread(block 274) failed [ 343.087992][ T2396] FAT-fs (loop3): Directory bread(block 275) failed [ 343.088021][ T2396] FAT-fs (loop3): Directory bread(block 276) failed [ 343.088090][ T2396] FAT-fs (loop3): Directory bread(block 277) failed 14:04:58 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x2, 0x0, 0x0) 14:04:58 executing program 1: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0xeffdffff, 0x0, 0x0, 0x0) 14:04:58 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f000016a000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) r3 = syz_io_uring_setup(0x6ad4, &(0x7f0000000080), &(0x7f0000ee8000/0x3000)=nil, &(0x7f00006d7000/0x1000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) r6 = open(&(0x7f0000000000)='./bus\x00', 0x103042, 0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r6, 0x100000000000000, &(0x7f0000000500)=[{&(0x7f0000000180)=""/22, 0x16}], 0x1}, 0x0) syz_io_uring_setup(0x31ed, &(0x7f0000000140)={0x0, 0xc1b8, 0x1, 0x0, 0x7e, 0x0, r0}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f000054e000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000000c0)=0x0) syz_io_uring_submit(r4, r7, &(0x7f00000001c0)=@IORING_OP_WRITE_FIXED={0x5, 0x1, 0x6000, @fd=r0, 0x6f6, 0x80000000, 0x1, 0x13, 0x1}, 0xef) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r8 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) io_uring_enter(r3, 0x2387, 0x30ec, 0x2, &(0x7f0000000240)={[0x7]}, 0x8) openat(0xffffffffffffff9c, &(0x7f0000000200)='./bus\x00', 0x400000, 0xc3) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r8, 0x0) preadv(r8, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 343.088106][ T2396] FAT-fs (loop3): Directory bread(block 278) failed [ 343.088121][ T2396] FAT-fs (loop3): Directory bread(block 279) failed 14:04:58 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0xf000000) 14:04:58 executing program 1: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0xf5ffffff, 0x0, 0x0, 0x0) [ 343.239362][ T2431] loop3: detected capacity change from 0 to 270 14:04:58 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) fcntl$setown(r3, 0x8, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:58 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x4, 0x0, 0x0) 14:04:58 executing program 2: openat$vcsu(0xffffffffffffff9c, &(0x7f0000000400), 0x40c0, 0x0) r0 = openat2(0xffffffffffffffff, &(0x7f00000002c0)='./bus\x00', &(0x7f0000000300)={0x20400, 0x6, 0x10}, 0x18) r1 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1, 0x0, 0x0, 0x0, r0}, &(0x7f00002ac000/0x4000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) openat2(r4, &(0x7f0000000240)='./bus\x00', &(0x7f0000000280)={0x1, 0x41, 0x10}, 0x18) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) ioctl$BLKPBSZGET(r4, 0x127b, &(0x7f00000001c0)) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) chmod(&(0x7f0000000200)='./bus\x00', 0x42) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000016000/0x1000)=nil, 0x1000, 0x2000004, 0x100010, r1, 0x8000000) r6 = syz_io_uring_setup(0x6ad4, &(0x7f0000000080), &(0x7f0000ee8000/0x3000)=nil, &(0x7f00006d7000/0x1000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) r9 = open(&(0x7f0000000000)='./bus\x00', 0x103042, 0x0) syz_io_uring_submit(r7, r8, &(0x7f0000000000)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r9, 0x100000000000000, &(0x7f0000000500)=[{&(0x7f0000000180)=""/22, 0x16}], 0x1}, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) r10 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040), 0x2024c2, 0x0) r11 = openat(r9, &(0x7f0000000340)='./bus\x00', 0x210100, 0x2) renameat(r11, &(0x7f0000000380)='./bus\x00', 0xffffffffffffff9c, &(0x7f00000003c0)='./bus\x00') syz_io_uring_submit(r5, r8, &(0x7f00000000c0)=@IORING_OP_EPOLL_CTL=@del={0x1d, 0x4, 0x0, r10, 0x0, r4}, 0xca45) io_uring_enter(r1, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:58 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x14020000) 14:04:58 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000180)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) syz_io_uring_submit(r1, 0x0, &(0x7f0000000100)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x5, 0x0, 0x683a}, 0xfbb00000) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) sendto$inet(r7, &(0x7f0000000240)="547909e91bc48e405ac05f0b819379742cb553d112255e63cfd6f6359abf0a8abb33066bdc6c6a055a0bc8f2131c50652101196ac43cb2c881d55bf52e58802f1afa4129cca1e9aa1d7bd77b888bf19e2c9dc0a9a836d141cebd77ae91df6d6c93ce2188918d2a551fc690942e958048b9121109efe9b45f185961f1ca51ee6a630bb9ce43885a12975400f8bc9f024b7d1e14a31142487c455dc32d879fea0eb8430922a349441ee82c9e27a456dd09e0ad8399e421441395837f8b782703", 0xbf, 0x40040, &(0x7f00000001c0)={0x2, 0x4e24, @empty}, 0x10) [ 343.323029][ T2431] FAT-fs (loop3): Directory bread(block 270) failed [ 343.358962][ T2431] FAT-fs (loop3): Directory bread(block 271) failed [ 343.409086][ T2431] FAT-fs (loop3): Directory bread(block 272) failed [ 343.445060][ T2431] FAT-fs (loop3): Directory bread(block 273) failed 14:04:58 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000200c80304f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:58 executing program 1: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0xf7ffffff, 0x0, 0x0, 0x0) [ 343.468819][ T2431] FAT-fs (loop3): Directory bread(block 274) failed [ 343.475779][ T2431] FAT-fs (loop3): Directory bread(block 275) failed [ 343.483419][ T2431] FAT-fs (loop3): Directory bread(block 276) failed [ 343.490034][ T2431] FAT-fs (loop3): Directory bread(block 277) failed [ 343.497012][ T2431] FAT-fs (loop3): Directory bread(block 278) failed [ 343.503666][ T2431] FAT-fs (loop3): Directory bread(block 279) failed 14:04:58 executing program 2: r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_BEACON(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000d00)=ANY=[@ANYBLOB="e0070000", @ANYRES16=r0, @ANYBLOB="00002abd7000fedbdf250e0000005f010f001001448c188c06c1a3e263f6703f9db1a64f410887ba5d5952d523f1842503000981069c56d905a566ecb5912a2ad68b05885c735a221c099694c343e66072c3120edebaeaa36d7c2f53bd4afd5b8994e010356a58d7b12ea40885dc3b77363623eb4b7ccf1c9a00b31b84475a1538d33197a70b38938f88e18f8c7a82a0dafe1cae81be904c3e0c3da34db3bf9a02bcc8f53d4305f5d51d1132dcc98d7363845a1f2e327bdacb50a976ebae66d6e093f765707e3ff403cd2b6fa4ccf5b2609a0602040003956a71aac463843bfd704fb05eb1e7fa31fc45ab63a8f91417f91812d8f1c6a8e70eae82199d6b1453c6da71b54437664b647e690528138baeda66203be5fc332acdcabb5fe9756348a8e9bdb0f3ae90c6c8ace47b63f414a73f0a37961af55243bfaf222aef1962f7c9ec25ac4720e3f189bde150eb8a4202f587287b484443c7af6289a29cd92bd1ed89fa68f26dd40bbd400688e5002b0080008325400681ffffffffffffd1c300000802110000000800000008000000ffffffffffff07000000003e060e0080240800ffffffffffff080211000000080211000000f2030001000000000000640008010006020202020202010230160406c1790001020006020100250301ad003c040100ab092d1a0003100000000000000000ff004000030000000200000400000272060303030303037606800915000001ddb96b9c2792c75f1641b04890b79869062468c08dd685471668f5f92a71099b2c5e33206b9e6d60e3deb491957086dbb20c12927eea08830843652bd1d2e15ce4cb31666cbb20451e219b4d8fa95a78b7d2a7d5bdb2aae6f9a2971c32bfa31e5aa4bcbd6fef0f26167f891e5f890a05bab5e5a9f8d943ea869eb46bfd05e5b0e485ee5d615e023ba19c40ae96140b3c6c48c21d5a545ae59d9fd76c7a720306b4807cc8415bc8d27893605177c535111b64dba8baaf34f711e798ddd982b5e89399ea5f31c65089d73f91d5f670f1e0644b24b85dc417d4ba623ed4ebb29001dd1ac4a1f937f6c6409ce014a6aa69eb939e6d099941ede0215f562ee122e8b23f011ebcb493e07aab1b39b6d1e56e52295f324c8a1c6afcf06c82361ab1005c74f8737ecddc0d2dc271da4cb4c51f1aefa64328e878f96cf2faac2899a4ef77bad8ed96078385466e6c0615442339849b92526bb9c3823b7c0fe468c95cc1957b04f3c525b8dd729bf457f729e37c753e9824f4ace7a25ed8f85fa4872092d0f21e98de4b4ae04479dcf8c3785a2468c851cf7f89cedde7e0abfcd0289031816c730b7859be39b4dcc1f28699cbf8e47c08530d5219291a171e0bd309ff495e87d358add0622d3df09a0ee4ce62d85041985360f052c73e198506864f2974fd532ed4d997dfb342c485927cee4b11982230e110c9d14201be49034ed0499cac3fa020e60dbd7282badf672e857d1b5039b47b071656945da6ab896bcd4d864c14f23b03746169f21c6e771628e08a5a4c45c7f930289566980d4d1f85636b44399062ebd880f7cb57efa96303c30da4edcf9e2596a55e7d2fb7c3084e0954ef38b9e53219d9c3ecc5a09b003363e6fe3c91ca4b6dcf4668951fc900c510dadd46c2610cca80136a8dd02a63d29fe3849d83e6cf5323aaa5aecba4d53ff09a2fbe8aa0ceecc5b3aa6f545749e062d8562a26b65f5260d1d10e8096a5f36fb4a2ecf762336899b2dd9d15d9c4b52f0780ad9b985601e2a8eda0f395b2e7c7ada3f6569b91ef08ecb09a11c3bc72371aad822ebf347f8baf3ef79582a2cb8d61638ba9e24164a252360f395febae7754fa5055de1fa40a781939e9e46e10b53b99e54258a02ed3ee7ca2f95caeb1d271cd4fff1b481bcc31f1592aa729bda41eed3ffeeff7683247adb3f88970f60ab2422aa4d9b8a1572286d1cb4cb5020fc2a9843105105079dde4a876a132b3228443029d16c9306efcba4d018fd7de71ba5fa6599a91b842e2d38e1fe0ff81ed87ec3b5b79bc7abf92277419db8d77d01ba5066b16c190b1baf3efdd59db82ed9a784e220a69d5981339b119df5c67cc1c50de94d1ee5528c83863121a3208d99798df0592409112ddfec8a7a9b7d4c7e6cbf77bddcfdeda6c65fb18fe7b39962d2cc4fab3efcfb4e980c3a1f43ddfab2626dcedf9e85c4da2c591617a874896b471ddc30c5c7bc05e091939a94a354baca720b80b5c95a586fd074cbcbf524d8ef9d69520de4859f403f223d1ab040145a7e6dfcf8bdf52c36d4876b9c2dd98fe08d031f8267b4bfb8341251c36aad32937614b3b5b3689b4574867063cc33eb19a88996df7243f5056f6fded47a55d88b8630608e69fe612e22e8bea242438b38fcfee012ac5900158f18b2538124f73c5bb5244146a68f62b38277f7a476e403bacca93f04774c341f83249133bd3cd9227e6f62f7534136c14ffdd98f89668bdadda398374f2c8fe73edc4910d9bf9a5a986a6aa1fe3dddf468c3b714acd9a4a9f87758ca6103b3a0898aaf721cdfbb1bf669a3f0941c9a404cd940ad1dc852e4ecab96bcd386a84d12f2a348e17a4455cbf95f26873e2ddeed852b5f8473f76b9ee0582467a92b934846cf544e595688429cbf8f406c6ae9609c5b28474661b5f5a3a1d4a59efea4147234360a9e14934d34b5c8b855b6fef9c7030fa2807560656b4746f7299c6591d42d5a980093bb76d5b73c738ad04a7d05f14f55da3017fd33ad7f910ba0ceb3008126337a387372048d878888bc9e895d77b3cf34c7d5da9679a3c3342e03b374223cb9f464bfc4349d5d01d3a0000573f927c654880e7de736fb118fad7541f6601653c4658213d28be5c56175138b10c2f39307f95ee94168a8645706ff0051a94ffad78ba5aa9006b99"], 0x7e0}, 0x1, 0x0, 0x0, 0x20000004}, 0x10) r1 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) r4 = pidfd_getfd(0xffffffffffffffff, r1, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f00000000c0)=@IORING_OP_OPENAT={0x12, 0x2, 0x0, r4, 0x0, &(0x7f0000000040)='./file0\x00', 0x144, 0x2400, 0x23456}, 0x7) ioctl$sock_SIOCSIFVLAN_SET_VLAN_INGRESS_PRIORITY_CMD(r4, 0x8983, &(0x7f0000000140)={0x2, 'ipvlan0\x00', {0x20}, 0x81}) syz_io_uring_submit(r2, r3, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r5, 0x0) preadv(r5, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r1, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:58 executing program 5: r0 = syz_io_uring_setup(0x18b, &(0x7f0000000440)={0x0, 0x5185, 0x10}, &(0x7f00000cc000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) clock_gettime(0x0, &(0x7f00000004c0)={0x0, 0x0}) clock_settime(0x2, &(0x7f0000000500)={r6, r7+60000000}) r8 = socket$inet(0x2, 0x1, 0x0) r9 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) r10 = socket$inet(0x2, 0x1, 0x0) setsockopt$SO_ATTACH_FILTER(r10, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000000)=[{0x6}]}, 0x10) getsockopt$sock_buf(r10, 0x1, 0x1a, &(0x7f0000000100)=""/206, &(0x7f0000000200)=0xce) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000680)=ANY=[@ANYRES64, @ANYRES32=r4, @ANYRES32=r5, @ANYRES32=r3, @ANYRES32=r8, @ANYBLOB="5ce6b0bbdbbc1449e14b03758db254cb81376fc22777e7d8cd87b6992ba0559e5bb762d725871f4b69c7afc167887b82b52185d928114297b86fc2a88236323e4fb5e31df95851c3af9d349a579bb3afa29286d21769a7f22df2835e8a2030ceb1ccef8588b717b8b9f1c9c13b629a8f0e94bc6ef4c19c2d10a011630bdd131653a13ff9f7c7407b51f57ba781fedd18921a00b413ab93d07e3b395fc528b49df58778d8428c1106cfe9f42ec0932120cb3b0b3f06f8c46ecac828d354666484df8765b53ba56b65181ab73e2eb5539fbd1060d615fa60", @ANYRESOCT=r10], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) fspick(0xffffffffffffffff, &(0x7f00000003c0)='./file0\x00', 0x0) sendmsg$AUDIT_GET_FEATURE(r4, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x10, 0x3fb, 0x400, 0x70bd2c, 0x25dfdbfb, "", ["", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x4001}, 0x0) r11 = fcntl$dupfd(r9, 0x406, r8) setsockopt$IP_VS_SO_SET_EDIT(r11, 0x0, 0x483, &(0x7f0000000400)={0x16, @multicast1, 0x4e21, 0x4, 'dh\x00', 0x0, 0x6, 0x3b}, 0x2c) sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r11, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x30, 0x0, 0x100, 0x70bd2c, 0x25dfdbfc, {{}, {@val={0x8}, @val={0xc, 0x99, {0x4, 0x2c}}}}, [@NL80211_ATTR_MAX_CRIT_PROT_DURATION={0x6, 0xb4, 0x107a}]}, 0x30}, 0x1, 0x0, 0x0, 0x41}, 0x40000) 14:04:58 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x20000000) 14:04:58 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0xf, 0x0, 0x0) 14:04:58 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) io_uring_enter(r0, 0x667f, 0xd9c8, 0x1, &(0x7f00000000c0)={[0x6]}, 0x8) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x200801, 0x0) dup2(r0, r4) 14:04:58 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x40000000) 14:04:58 executing program 1: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0xfffffdef, 0x0, 0x0, 0x0) 14:04:58 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) mmap(&(0x7f00004ae000/0x1000)=nil, 0x1000, 0x4, 0x1010, r0, 0xaca6000) r4 = socket$inet(0x2, 0x1, 0x0) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000000)=[{0x6}]}, 0x10) getsockopt$sock_buf(r4, 0x1, 0x1a, &(0x7f0000000100)=""/206, &(0x7f0000000200)=0xce) vmsplice(r4, &(0x7f00000003c0)=[{&(0x7f0000000140)="6d68d703843c53d506bd3c5a94db2a838a6e30addb8a0515df90abd83b6d43e2f2e7f4c7aa3806eac0a20bdde45805ef493f903b0ee0670ee9f95afe571de177f2ca7051043eef47e69902237f85eb5f1b3e0d093cabc2932ac266f66cc44056ab772cc8dca0b4859838e877793e6f4b4b1a70768e9975a09e808919fa94cdf8b13ac48d8bd82ed90bc0ad", 0x8b}, {&(0x7f0000000200)="4ebbbce7cf5f22cece0014a7dfe0057fdc872211767104d27d2d9a7d78cfb759f401ec90778092f952662f10a3913dbb7a98c3ce05cb2790728ccc486ff8bd4267206b0b2f83a73e809ba6616901153bf8807fb1ca614951725612103d3a1f768e4f914dc6700b5fa2a92a28af54c9cb878d6e363eff3a0a52e4b616004848ccd174d8fa8db8ce454f7b5433c8b6184b912328aa870baac62e67e36b46cbeda1b3e65f20005b8cb4136c67d55168c84a01efdbf77b37ff1bea58c903a4a399263b8c8edd964fdb1e85c19a0607c769f2e8f7f24f07f7cfbcbc9c4f7bf7", 0xdd}, {&(0x7f0000000040)}, {&(0x7f0000000300)="f0f5be4cbc18dfd8e0bb6645b3e96124ede4b46f5bc499eebaa927cdc53a595f8fe94dbab580648fcb074e2b19517d6589b4d05ec891095d7a127c2bbdcdd37dc2c669340feeb2eddd53e772f7377a1a2800b2d8441d4208b6c1b3b6a86deda0b4fb11b3291952e670cf6320bacd51b8206ab6331336ddc358d6d4ad2f4baa0894ef00e1f0091c9d54ebac6ac782d1648a311d6c32f683a014da655f32a4eaed398960c35e0461cb4c8a32a1436d27ebb805980864195b9f0980a6bb86a4dc", 0xbf}, {&(0x7f00000000c0)="6f09a154b8cb9e239b3d8b6bd166222627e654bdb4d77b0ea8e144faee", 0x1d}], 0x5, 0x2) 14:04:58 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0xf00, 0x0, 0x0) 14:04:58 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = syz_io_uring_setup(0xd1b, &(0x7f0000000840), &(0x7f0000ee4000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000800)=0x0) connect$unix(r3, &(0x7f00000004c0)=@file={0x1, './file0\x00'}, 0x6e) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0) syz_io_uring_submit(r6, r7, &(0x7f0000000100)=@IORING_OP_CONNECT={0x10, 0x4, 0x0, r8, 0x80, &(0x7f00000002c0)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x9) r10 = socket$inet(0x2, 0x1, 0x0) setsockopt$SO_ATTACH_FILTER(r10, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000000)=[{0x6}]}, 0x10) getsockopt$sock_buf(r10, 0x1, 0x1a, &(0x7f0000000100)=""/206, &(0x7f0000000200)=0xce) r11 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_STATX={0x15, 0x3, 0x0, 0xffffffffffffffff, &(0x7f0000000340), &(0x7f0000000240)='./file0\x00', 0x1, 0x4000, 0x1, {0x0, r11}}, 0x1) socket$nl_audit(0x10, 0x3, 0x9) r12 = socket$inet(0x2, 0x1, 0x0) r13 = socket$inet(0x2, 0x1, 0x0) r14 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r12, r4, r13, r14]}}], 0x28, 0x800}], 0x1, 0x955) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 343.637061][ T2500] loop3: detected capacity change from 0 to 270 [ 343.699181][ T2500] FAT-fs (loop3): Directory bread(block 270) failed [ 343.719384][ T2500] FAT-fs (loop3): Directory bread(block 271) failed [ 343.729010][ T2500] FAT-fs (loop3): Directory bread(block 272) failed [ 343.735849][ T2500] FAT-fs (loop3): Directory bread(block 273) failed [ 343.742650][ T2500] FAT-fs (loop3): Directory bread(block 274) failed 14:04:58 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000200c90304f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:58 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x42000000) 14:04:58 executing program 1: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0xfffffff5, 0x0, 0x0, 0x0) 14:04:58 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x2000, 0x0, 0x0) 14:04:58 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) socket$inet(0x2, 0x1, 0x0) socket$inet(0x2, 0x1, 0x0) r5 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) io_uring_register$IORING_REGISTER_FILES_UPDATE(r0, 0x6, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000180)=[r4]}, 0x1) sendmmsg$unix(r5, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x10}}], 0x10}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:58 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) r3 = syz_io_uring_setup(0xd1b, &(0x7f0000000840), &(0x7f0000ee4000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000800)=0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000100)=@IORING_OP_CONNECT={0x10, 0x4, 0x0, r6, 0x80, &(0x7f00000002c0)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0x0, 0x0, 0x0, {0x0, r7}}, 0x9) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_WRITE_FIXED={0x5, 0x1, 0x6000, @fd=r0, 0x809c, 0x9, 0x1, 0x0, 0x0, {0x2, r7}}, 0x0) r8 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r8, 0x0) preadv(r8, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) [ 343.750882][ T2500] FAT-fs (loop3): Directory bread(block 275) failed [ 343.759183][ T2500] FAT-fs (loop3): Directory bread(block 276) failed [ 343.766082][ T2500] FAT-fs (loop3): Directory bread(block 277) failed [ 343.772894][ T2500] FAT-fs (loop3): Directory bread(block 278) failed [ 343.779554][ T2500] FAT-fs (loop3): Directory bread(block 279) failed 14:04:58 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x3e80, 0x0, 0x0) 14:04:58 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r4 = pidfd_getfd(r3, r0, 0x0) io_uring_register$IORING_UNREGISTER_BUFFERS(r4, 0x1, 0x0, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:58 executing program 1: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0xfffffff7, 0x0, 0x0, 0x0) 14:04:58 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440)={0x0, 0x0, 0x1}, &(0x7f00003ed000/0x2000)=nil, &(0x7f00005d9000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3800007, 0x12, r3, 0xceeef000) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r4 = socket$inet(0x2, 0x1, 0x0) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000000)=[{0x6}]}, 0x10) getsockopt$sock_buf(r4, 0x1, 0x1a, &(0x7f0000000100)=""/206, &(0x7f0000000200)=0xce) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r5, 0x208200) kcmp$KCMP_EPOLL_TFD(0x0, 0xffffffffffffffff, 0x7, r4, &(0x7f0000000040)={r5, r3, 0x7fffffff}) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:58 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) accept4$inet(r5, &(0x7f0000000180)={0x2, 0x0, @loopback}, &(0x7f00000001c0)=0x10, 0x400) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="24000000000000000100000001000000", @ANYRES32=r4, @ANYRES32=r5, @ANYRES32=r3, @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="f139f89f11fe532d40000000c590cf5096b49f34d6730152b4d0514dd697df236fab468c4613e2a24b0acb304c2bac33978b540ac5a8e371662696c225712dd1ababe688b4432093f7806091894c1172cef11d429e1923574171d9c91b512a4ac26007e5b164fa86f1d2496adfdf6656abf36205000000198ea3517c840f3ac6bd8ce5046442f65e0c62a2211f312e3c23b2b569a2cc656d30eee1f5a12df940fcebdf37a38218de30cca6e9a2c3a836e1954eddc7225c7f3e8a45db403a24583f66e30eb88a6ccee3fc451e691e060d937ff8a6c8eeee91d4b6c9796c8839b6552e27c218c39951bb063efcf6734a1d32dd134ccac0ea8a77f753fd0b83c833b2afca6cb5e164570100d911f230e05228c5931d82ae834a630b65de40f580b791127e3e1f321e1fc2ffa32f3c8f67c5a44a7a5b216a9d3779d8908ac96c7a42ccb83bf057c31e68b890b720c5dd48be80fdea534037d0f6298896ef3d0eff0b9cf62060c7442f95462e2f9d"], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:04:58 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) r5 = socket$inet(0x2, 0x1, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) r7 = syz_open_dev$vcsu(&(0x7f0000000080), 0x9c, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [r4, r5, r3, r6, r7]}}], 0x28}], 0x1, 0x0) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x803e0000) [ 343.916921][ T2553] loop3: detected capacity change from 0 to 270 [ 343.975781][ T2553] FAT-fs (loop3): Directory bread(block 270) failed [ 343.983785][ T2553] FAT-fs (loop3): Directory bread(block 271) failed [ 343.991871][ T2553] FAT-fs (loop3): Directory bread(block 272) failed [ 343.998594][ T2553] FAT-fs (loop3): Directory bread(block 273) failed [ 344.007195][ T2553] FAT-fs (loop3): Directory bread(block 274) failed [ 344.013870][ T2553] FAT-fs (loop3): Directory bread(block 275) failed 14:04:58 executing program 3: set_mempolicy(0x3, &(0x7f0000000100)=0x3f, 0x8) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000200ca0304f801", 0x17}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000180)) 14:04:58 executing program 0: r0 = syz_io_uring_setup(0x187, &(0x7f0000000440), &(0x7f00006d5000/0x2000)=nil, &(0x7f00000cc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x3082, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0x20