f0000000240)=[{&(0x7f0000000080)="c3e6caa81d1c1a5f802210f138d5ec988cebe3ccfdae45eec16001028070dffe8e2e8b93e4bb3a7127634040c6718c44ede039574c24073db82299548aa59223aaa002e1475d9364427bb4", 0x4b, 0xfff}, {&(0x7f0000000100)="8491250c23119dc72ea633435f2e4a5382fc88e764e4fa4be430e2aeeb0b612eb540f364c08efaed0d1644707f958a056070467f47738e5429c1ca1e97dde7058f4358347cd2a078194fcf03db362345d3a3388ccff266cf464f3a47d1c8052b81319951850e24d5d673cbfe791a3d8326bdede2d471e8c96bb9ee1a345ba83d2f260c845752daa63d23b7479a8e366bafb14c", 0x93, 0xa5}], 0x8002, &(0x7f0000000280)={[{'qnx4\x00'}, {'qnx4\x00'}], [{@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}, {@euid_gt={'euid>', 0xffffffffffffffff}}, {@fsuuid={'fsuuid', 0x3d, {[0x37, 0x30, 0x56, 0x62, 0x65, 0x34, 0x39, 0x57], 0x2d, [0x66, 0x32, 0x37, 0x64], 0x2d, [0x63, 0x36, 0x24, 0x61], 0x2d, [0x6f, 0x36, 0x62, 0x39], 0x2d, [0xcb, 0x32, 0x62, 0x0, 0x0, 0x38, 0x38, 0x38]}}}]}) 06:18:00 executing program 3: socketpair(0x2b, 0x1, 0x0, &(0x7f0000000100)) 06:18:00 executing program 0: socketpair(0x2b, 0x1, 0x0, &(0x7f0000000100)) 06:18:00 executing program 2: r0 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000000)={0x80000002}) 06:18:00 executing program 1: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x3, 0x2, &(0x7f0000000240)=[{&(0x7f0000000080)="c3e6caa81d1c1a5f802210f138d5ec988cebe3ccfdae45eec16001028070dffe8e2e8b93e4bb3a7127634040c6718c44ede039574c24073db82299548aa59223aaa002e1475d9364427bb4", 0x4b, 0xfff}, {&(0x7f0000000100)="8491250c23119dc72ea633435f2e4a5382fc88e764e4fa4be430e2aeeb0b612eb540f364c08efaed0d1644707f958a056070467f47738e5429c1ca1e97dde7058f4358347cd2a078194fcf03db362345d3a3388ccff266cf464f3a47d1c8052b81319951850e24d5d673cbfe791a3d8326bdede2d471e8c96bb9ee1a345ba83d2f260c845752daa63d23b7479a8e366bafb14c", 0x93, 0xa5}], 0x8002, &(0x7f0000000280)={[{'qnx4\x00'}, {'qnx4\x00'}], [{@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}, {@euid_gt={'euid>', 0xffffffffffffffff}}, {@fsuuid={'fsuuid', 0x3d, {[0x37, 0x30, 0x56, 0x62, 0x65, 0x34, 0x39, 0x57], 0x2d, [0x66, 0x32, 0x37, 0x64], 0x2d, [0x63, 0x36, 0x24, 0x61], 0x2d, [0x6f, 0x36, 0x62, 0x39], 0x2d, [0xcb, 0x32, 0x62, 0x0, 0x0, 0x38, 0x38, 0x38]}}}]}) 06:18:00 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:00 executing program 0: socketpair(0x2b, 0x1, 0x0, &(0x7f0000000100)) 06:18:00 executing program 2: r0 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000000)={0x80000002}) 06:18:00 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:00 executing program 3: socketpair(0x2b, 0x1, 0x0, &(0x7f0000000100)) 06:18:00 executing program 2: r0 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000000)={0x80000002}) 06:18:00 executing program 0: socketpair(0x2b, 0x1, 0x0, &(0x7f0000000100)) 06:18:00 executing program 5: syz_mount_image$qnx4(&(0x7f0000000000), 0x0, 0x3, 0x2, &(0x7f0000000240)=[{&(0x7f0000000080)="c3e6caa81d1c1a5f802210f138d5ec988cebe3ccfdae45eec16001028070dffe8e2e8b93e4bb3a7127634040c6718c44ede039574c24073db82299548aa59223aaa002e1475d9364427bb4", 0x4b, 0xfff}, {&(0x7f0000000100)="8491250c23119dc72ea633435f2e4a5382fc88e764e4fa4be430e2aeeb0b612eb540f364c08efaed0d1644707f958a056070467f47738e5429c1ca1e97dde7058f4358347cd2a078194fcf03db362345d3a3388ccff266cf464f3a47d1c8052b81319951850e24d5d673cbfe791a3d8326bdede2d471e8c96bb9ee1a345ba83d2f260c845752daa63d23b7479a8e366bafb14c", 0x93, 0xa5}], 0x8002, &(0x7f0000000280)={[{'qnx4\x00'}, {'qnx4\x00'}], [{@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}, {@euid_gt={'euid>', 0xffffffffffffffff}}, {@fsuuid={'fsuuid', 0x3d, {[0x37, 0x30, 0x56, 0x62, 0x65, 0x34, 0x39, 0x57], 0x2d, [0x66, 0x32, 0x37, 0x64], 0x2d, [0x63, 0x36, 0x24, 0x61], 0x2d, [0x6f, 0x36, 0x62, 0x39], 0x2d, [0xcb, 0x32, 0x62, 0x0, 0x0, 0x38, 0x38, 0x38]}}}]}) 06:18:00 executing program 1: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x3, 0x2, &(0x7f0000000240)=[{&(0x7f0000000080)="c3e6caa81d1c1a5f802210f138d5ec988cebe3ccfdae45eec16001028070dffe8e2e8b93e4bb3a7127634040c6718c44ede039574c24073db82299548aa59223aaa002e1475d9364427bb4", 0x4b, 0xfff}, {&(0x7f0000000100)="8491250c23119dc72ea633435f2e4a5382fc88e764e4fa4be430e2aeeb0b612eb540f364c08efaed0d1644707f958a056070467f47738e5429c1ca1e97dde7058f4358347cd2a078194fcf03db362345d3a3388ccff266cf464f3a47d1c8052b81319951850e24d5d673cbfe791a3d8326bdede2d471e8c96bb9ee1a345ba83d2f260c845752daa63d23b7479a8e366bafb14c", 0x93, 0xa5}], 0x8002, &(0x7f0000000280)={[{'qnx4\x00'}, {'qnx4\x00'}], [{@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}, {@euid_gt={'euid>', 0xffffffffffffffff}}, {@fsuuid={'fsuuid', 0x3d, {[0x37, 0x30, 0x56, 0x62, 0x65, 0x34, 0x39, 0x57], 0x2d, [0x66, 0x32, 0x37, 0x64], 0x2d, [0x63, 0x36, 0x24, 0x61], 0x2d, [0x6f, 0x36, 0x62, 0x39], 0x2d, [0xcb, 0x32, 0x62, 0x0, 0x0, 0x38, 0x38, 0x38]}}}]}) 06:18:00 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB, @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:00 executing program 0: socketpair(0x0, 0x1, 0x0, &(0x7f0000000100)) 06:18:00 executing program 3: socketpair(0x2b, 0x1, 0x9, 0x0) 06:18:00 executing program 2: r0 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, &(0x7f0000000000)={0x80000002}) 06:18:00 executing program 2: r0 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, &(0x7f0000000000)={0x80000002}) 06:18:00 executing program 0: socketpair(0x0, 0x1, 0x0, &(0x7f0000000100)) 06:18:00 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB, @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:00 executing program 3: syz_mount_image$qnx4(&(0x7f0000001440), &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0, 0x2a20400, &(0x7f0000001400)=ANY=[@ANYBLOB="f22b128c076df13e0846be8d00"]) syz_mount_image$qnx4(&(0x7f0000000180), &(0x7f0000000240)='./file0\x00', 0x8000, 0x3, &(0x7f0000001300)=[{&(0x7f0000000280)="4a28f574e6068b7f1181aae8c4dfbfaf311f8b6313eb89225399c6e00c0c180172bce8df568a2e55053e08f8347b9af66c7f9308e30ef102aa382b6821d6c0aa2843ece2857b5aea6980dbbfef0c1c446a45c7e4aa84291c885f03d668eb5be403184b458819721fc41680f87bf1bf1a35dd0889cf21525629bdd7e728e4c10eaadc5cd7d8dfd1f4f5b458608a82b775a5795f3d80ba579c054966428f017993286261ddc1664798b2785060278f056020d92aec62df7e1514e4c3ce0120e129ba61cbb69d9b94a33f404f3913aa7e1e646de7c83726d248ee95756fe19558c4b9cefff5c5d4e836bb7a3cd38336ad9cf3529ca7356b2686da38343b7069f95fd6aad2138367dbed3147b5fed24fa7f83165a37ac5df05d25abc7a8e1370c3cb07dfd468897d607e3c29b56c48ef9d7c846435416b16c6c3d8367489d35fd2b474acbb204f89de723dfeeb6a869ddd04139eb9084d94a457ac203eb86bd9f21f4b06e8a431f82137b143e0c8052fe99715979be5303b8f6e3fd438b2116ad312fdaa3233f50bc8393ab12462fbb5f3feaab73033c5c95529fe0d28a2ffefefb9cb28638d176f1f2fce63fa493750dd869958e32d63bc04dcec979b176e9531cbaf9666b7f5867b75072edbe810c0082eda8cea088e101520eb9bfa84c3e44e536498d168f6e5ab38e3983734b39b14caeccac201631c4ef5aa0e4f004b5812be0c8a8321683b6150e7f36427488a38171d6e7e8980605b3a85c655acedb2ac9305879f2a7d4c617b366a2005e8c4dc031cac4b960054e48c43356550c90d3c3ad39329d0ebc7d4c18ea9b15d6a29df6abd979962e5c2030733e217abdaa015272d0812a00ed913b5d8560803982b88233fd769fc90ba1a74d17723edd41d315c53fe76f26f5e9095ad47cc6c2eac603f9191b31642e70e727165194638bb601b41979ab5af1fb4bfaadacc17af1c3359fe930d0d11418ba78ed13962359335e19fe59e6c47d5dcc8f26d8f16082eaf66a8b82035d947dca432de1504ccd2ceb30b3764c3e85f040ad544fc85077a59f3cdc3d651234d81b08149dbc6352c2e3d2c4ea78368abb4006efa6f778f51b833973777e601e6507635aac265472ab4f378e8241c2515039b7bd40069566bd01000ed4fd65050945010abda019a408995d21ca1116be98ba0068009e98776a92f8c703b5e3b114eaffac2e422c66389b5158faa1dcac1b0344fe9e1eafa8298478cd182d88013ac6e7253e51c735bf68f031340f27af038579e86e36cdd7299b5c1893fe208362268cb21d1a0cc0061d4eb4db1029f21594b705dd09fe415c073bafb9fe849537760e0e99338f1a23b7e5fe7373e0532793ceb6f9a3e921f2a4b783bcacfa7d7441b9d2a20a180db40ad11dbec1541a1811756574111b9c0d0786a3b6a298d3e890317fde7fb74f634241c3050edc0427d50147c93121713b3c796107b0b406c88a1980911de0cc11c68cafdef6c6c7c5b58a41093d22550598f7f63f0b32c3a36ef377559c34da4be35a9d15546bbfb8877e948e08e9caf0a755f941d052db9df35af568055419934b5b91092a3999d6235a25eea2dadff7aa62393192b7e26fc35fba595ce9ca6169ece2cfbff24e18ee3d99258cde14f5e133b4faa40475f7d7c8c04d7ac7919ad6d48ea592aaaddf7b0127d7f3bc9ab6b1e6c85b097c5a2298d2e8808ab40f93ded7bcd9badc15d0950b7e9ec2b6379c67a55c8e3c7f920a74ab40f5d6e5cc37b7e49ee2e3a2d386cf2636a974e4ee11bd23ec4f12ffc5013f37c709e79cd19db120f05f11a4941fe34dee4159717a75032b72a3d622f4cea0b224ddfc8a54df453ac347dc3e11d357a0e27201a0cbc27c421ea33c8b449218e36ba145fa4f40364c6e427d91231450b3433fb603ea7988bf97f2378943dac0ac1c40e15bacaec37c3071786b1e2ba4d2f1ecd0fa6f9cdccec31f69389ea1397e064c4325761f3f38e47af3f4082c2770afc0eeb396db7168b1e024b50b9329f8fb393f30d6ae5312fdd611529d2ff84fc95ed5e23234939de8348943cf88cf273f69f459e536080ae16a27b5975d779761072032dd841c9befea51bc16ecc7ba39c055f865a09c98e95bb5db8327746d0977b3ae1f6793c0789d036714fa13814340a644fafb60620f0c79150569c84504c10828f8d8d960dafed3b6ec1a2de1d711c06395225af1aef684395a888d57bbc8c71e7d0986c8e7704259b2538d3a52ec9a1f64d6a399f0d007569356077e678cbce1f756d6ea0310db4179c355d081b2e6f5772cbb5bb496de4bb118ec08654d726286e9182483f1258f33983525741fcdad1c36297cadb9d6310e542b8a87337ea82b0f072577efbdc797671f9ed63c05c90f7a260e8e064be47d8301be76f422fa218e045c54de28fcf0808aeda7dea2ef858d8034a7127e2319e2e2e505d244c4519f98314c74121a156abd31e0cde0faa44770ff5b9fecafd5051a50dfc69e6afe56d451938d502bd35ae044aa744f5548e64c22660b47a146900b3b59370d40fbacd228bd0888c347ae4cb0c59f7507ccc7b0863a85caf9977125ac8099c8080ffcd7b78fdb662643cf23ce4d82be935624ee25bbcb1315d08189c3d3d7d17821120a8fe913cfdc67d28dce784f198e8fb887d73914b57f615d014411eb24517a7a583dff9ac9c30a51db00e651c7d731cc13eb7c503f37528b4917a775c0996f8878381fea351ad31747972bcd3dcdf8615b7577e580d0ebe81a62ce9c4fe0329839be00c59f8fcf4e2f2dff684fdfa8f50a44cddd393718a5638cda88c9128c525c5344104b0cd45360f93158f7bae380d87cbc40682a364cdb5cf2cf7177d625a022ef8054e832fefe059a0ef775095169c227b4effd5bcb9ab9a380668189dc842466ff5f073a05b73aa55d90e276f3b7c392e4ce1020bf35bdb7f5d2529bd96390708c41d1d65f3b5f6cd6923da89c95c10335b6f94db83c3d460130cdfaf9f566b2cf32381fe402dd148a1ccc639174099c5228d5362017929f70780267591952c61cdb91998f4ee855e25eb983d56bf72483d4144b97b986c9bd7044d0c8950b6bbeb9e19aefb59c0441952570132279182730d860da85af13e8bf2514cf4b5e864326faa431b8ac15b581b71cede3ee54df0140a8ab46946b71dad6b8c1198e35f35c7ccf5ddad79c9835d548a5cefa1d1a4149610fede82cb00122c9fab6406c6a180f8155dbb188f88880f20c243e392b74d27b44ad7509bd0929030dadbea040a1e08dd6b94288566fec1f1a013b46d52278fa2cfacd1cea11e2821f250437b4fed37addf1167b98f0769a0cd8bf305d3c16d6f0a00b260b4190847cee395e63618a443e0cd6b1955679b4371c6b61fa7078c82b1f6c0411db087945ba31121515607382d0ed32047834ca17ef43e891166312bf2bcf722dea5eb66b8cfbd29aaa17d37f6607197840d669ceee40d67ed48a6324a39973d5b9b6377a930b9cd7f398aafea90dfe3d773eedaca684733bc28857b575da874a170c21652bd3892e921ba273ac2cf633491ca2dcac85ee753abef80875825d5d31956dc0edeed452352460a89719b56a7df98415602e25ed4af3f7abb8aa4dc8e8cb193bca34f3d8bb44109a72aced598ca21e0d427b8be987ca95e15383cb5168fc3e6b6d454b81e1f6cc5b163c1604a4f5735a8be154afdf2510562ae3e5fd10c69c4a2fb84f95357f05d5063a1a2d805ae1ee4f15ee3e50cd55eee7a0571826d046386b735ab101aa8e7f65c4b9a4f4520c31094d15d035362fa93098d30467040e2db85fd02a72fcb24e1e98a6145b82fb4c2c80219983f7d00facbc084a463bc06f25a11018b6f46e75f1c82390922d57ab843f5dc5bd39c8b291487e663fee9806ff7ca15edd5c17a69ddbbce5f3aad19d6c40675d32dda35c0a65ea767829d537d808449856d5aebda479c3e282a1b89049f606153aa60ee647baf2649f92c8df73e6715ce7ef25b047de5fdf8ff5a8fd2a1f04051953ef673ede1ec8203563378b887ee856471860c8f02bf136a1920d558a6f9cdb42f6aa4342ec17376ef0299af84b6caf608afc17b3ec7e7e12d2c08868e3c477b0c3a35a0fe7234683689facef56902eeea40f216ff6c6f435ea5773a2488d2a0bd7793c72aedb878661313540f214b3a01410cfac21d37b0110d6ecf8ad0c3159ed625934a3e7a4d00fd9757ae39323c825dce65e415ec3fa72ecca97ab80817f1f8dd205d9fea91b6301eca644732620bca99fc35cf69b09f6775ae80db7b1f01b43661ff9a734aa065e993eeb1165164d195323ee2b4cd1f8c388be871912c9fa5257284f7da8ba2c4b9bd6cdf9bdd594b7e445e879a37d3f7f63f72233d54fa4ab8adf1866dbb16ad4d0a34d9610bbd79b94250167d4c3021fcd7a0da9a75e5f8df3265d5d96a4727fec39ec94b13beb9db3f8ad6a10bb845057c0d58650a70c3396558cc539974e9cf57c319f08885b3650475963c56480bb1b28d8ee5ab4d00792fcc15fb32291579cbf342a73f666edb5528743c10ad0ed1289e0d149d4063f04a5a942aa074b408f3c9de28b472ef39c6352244296ce4eef53b9445079a70d8d4d76782f0a32de501548bd3b1ffe75429baade40a54c7c5f027679b955d9ed3272c7b40a9937bec72b1270a4743e29ec0c24553a2ff632eebad86f094525f9c55b7e24671d412e6498c73e0d813fec1a7ab8e1aaf065a08af99c8b23769825f062ac28584b743eec05460f9ffce6327747b50c11ad5ec72548007073c417e2017e9b7981aa0aea280202547f460c0407b718d00f4f34bc65f24f173ac0223348b66d3cfcd99b0846c91dcd7586574401f6350ccae29468bbf9815af2f7ff8a046f0f89a938ac1c438a112f357325a8f7beedf801553ff6d20c5c0f7d7aa0aa309169beb2b1247bd55df69031c4c01de2e11427657cc7c3a9730105934eea88f38386a8a7ab366b3e45e3e8230478d87d74046aae1951a680a89272b902892af7f1672254a1e671bd51173a29cd769999645632b51b7014b7643743da91d6975e8ff3c9353a096bbdd25dfc372f120c5816ba321ed9fa0bb6101948bd1d1f11e1e47961fd1e024246cf6cc2bbe01037e94d6937325eb2cf16f9bd07ffab305c4270eee9b6180be80600596586c0dd6b05ef99e85b8a6d8398af2b252e7998632c5734c19a2b9ad08333fbfcecdf781689312010ba3c590eff690cf31d1a21e2231a6d10be25b7651bf99fa216da9383bf15c6d44cbb4869864133b87d850118cf550c84ac73d52c20cea10d4b690854a2edfb8a7a37117c3cbae447373e0866736fb65dbeb409cd4feb02199dee754ac05cf75c1d2856419417244e9cf30c0bc53ed3c79d4f60fe55b4d316691ff04e7d7f45383d259ef90bae22510e200c7b4f42a6f04a005c0f514556b29af98572fab0a4366ff388f8cf6716be65de2c9f59ce8ee94c41b85a210ecd4458ab9261ad8cb2ba07398a6144cd49262885dd42aab10163d06a1d79fa397a617c3dc51c5866d61919bc5aeaa2de6f52baaccaa2c6840401059ca8d22c5fed28b66e65a2ede538dfc1ffcc15ca1fbf2f73750568792569885c3e6b350445789ceff34ca929d8267ebe0cfcdcad1c6a03662ebc94f25a8f587e5795707b98a5b30e899908dfe8351bd3d1203b1e7fd5ebcd6dac511b001af864153f58455a8859dd9e821a5ca86c8130431cb5c6c13605018d7879a9cfd69084b94499dbb53659b1c2ac03cab336e51ccd3642faa", 0x1000}, {&(0x7f0000001280)="fe72df7f951a17457024e6425d", 0xd, 0x100000000}, {&(0x7f00000012c0)="40572525aea018582790681594be1966ec73eb34f49b2eeb6aa135e392", 0x1d, 0x8000000000000001}], 0x2002, &(0x7f0000001380)={[{'\'%'}, {'qnx4\x00'}], [{@smackfsfloor={'smackfsfloor', 0x3d, 'qnx4\x00'}}, {@obj_type}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x31, 0x66, 0x63, 0x38, 0x66, 0x7e], 0x2d, [0x32, 0xf, 0x62, 0x64], 0x2d, [0x39, 0x34, 0x65, 0x31], 0x2d, [0x62, 0x60, 0x62, 0x63], 0x2d, [0x34, 0x31, 0x39, 0x62, 0x32, 0x33, 0x66, 0x32]}}}, {@hash}]}) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100)={0x9, 0x0}, 0x8) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000140)={r0}, 0x4) r1 = socket$igmp(0x2, 0x3, 0x2) recvfrom$inet(r1, &(0x7f0000000000)=""/165, 0xa5, 0x40000140, &(0x7f00000000c0)={0x2, 0x4e22, @local}, 0x10) 06:18:00 executing program 1: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x3, 0x2, &(0x7f0000000240)=[{&(0x7f0000000080)="c3e6caa81d1c1a5f802210f138d5ec988cebe3ccfdae45eec16001028070dffe8e2e8b93e4bb3a7127634040c6718c44ede039574c24073db82299548aa59223aaa002e1475d9364427bb4", 0x4b, 0xfff}, {&(0x7f0000000100)="8491250c23119dc72ea633435f2e4a5382fc88e764e4fa4be430e2aeeb0b612eb540f364c08efaed0d1644707f958a056070467f47738e5429c1ca1e97dde7058f4358347cd2a078194fcf03db362345d3a3388ccff266cf464f3a47d1c8052b81319951850e24d5d673cbfe791a3d8326bdede2d471e8c96bb9ee1a345ba83d2f260c845752daa63d23b7479a8e366bafb14c", 0x93, 0xa5}], 0x8002, &(0x7f0000000280)={[{'qnx4\x00'}, {'qnx4\x00'}], [{@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}, {@euid_gt={'euid>', 0xffffffffffffffff}}, {@fsuuid={'fsuuid', 0x3d, {[0x37, 0x30, 0x56, 0x62, 0x65, 0x34, 0x39, 0x57], 0x2d, [0x66, 0x32, 0x37, 0x64], 0x2d, [0x63, 0x36, 0x24, 0x61], 0x2d, [0x6f, 0x36, 0x62, 0x39], 0x2d, [0xcb, 0x32, 0x62, 0x0, 0x0, 0x38, 0x38, 0x38]}}}]}) 06:18:00 executing program 0: socketpair(0x0, 0x1, 0x0, &(0x7f0000000100)) 06:18:00 executing program 5: syz_mount_image$qnx4(&(0x7f0000000000), 0x0, 0x3, 0x2, &(0x7f0000000240)=[{&(0x7f0000000080)="c3e6caa81d1c1a5f802210f138d5ec988cebe3ccfdae45eec16001028070dffe8e2e8b93e4bb3a7127634040c6718c44ede039574c24073db82299548aa59223aaa002e1475d9364427bb4", 0x4b, 0xfff}, {&(0x7f0000000100)="8491250c23119dc72ea633435f2e4a5382fc88e764e4fa4be430e2aeeb0b612eb540f364c08efaed0d1644707f958a056070467f47738e5429c1ca1e97dde7058f4358347cd2a078194fcf03db362345d3a3388ccff266cf464f3a47d1c8052b81319951850e24d5d673cbfe791a3d8326bdede2d471e8c96bb9ee1a345ba83d2f260c845752daa63d23b7479a8e366bafb14c", 0x93, 0xa5}], 0x8002, &(0x7f0000000280)={[{'qnx4\x00'}, {'qnx4\x00'}], [{@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}, {@euid_gt={'euid>', 0xffffffffffffffff}}, {@fsuuid={'fsuuid', 0x3d, {[0x37, 0x30, 0x56, 0x62, 0x65, 0x34, 0x39, 0x57], 0x2d, [0x66, 0x32, 0x37, 0x64], 0x2d, [0x63, 0x36, 0x24, 0x61], 0x2d, [0x6f, 0x36, 0x62, 0x39], 0x2d, [0xcb, 0x32, 0x62, 0x0, 0x0, 0x38, 0x38, 0x38]}}}]}) 06:18:00 executing program 2: r0 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, &(0x7f0000000000)={0x80000002}) 06:18:00 executing program 0: socketpair(0x2b, 0x0, 0x0, &(0x7f0000000100)) 06:18:00 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB, @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:00 executing program 2: r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000000)={0x80000002}) 06:18:00 executing program 0: socketpair(0x2b, 0x0, 0x0, &(0x7f0000000100)) 06:18:00 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB='\b\x00', @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:00 executing program 0: socketpair(0x2b, 0x0, 0x0, &(0x7f0000000100)) 06:18:00 executing program 2: r0 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, &(0x7f0000000000)={0x80000002}) 06:18:00 executing program 3: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB, @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:00 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), 0x0, 0x3, 0x2, &(0x7f0000000240)=[{&(0x7f0000000080)="c3e6caa81d1c1a5f802210f138d5ec988cebe3ccfdae45eec16001028070dffe8e2e8b93e4bb3a7127634040c6718c44ede039574c24073db82299548aa59223aaa002e1475d9364427bb4", 0x4b, 0xfff}, {&(0x7f0000000100)="8491250c23119dc72ea633435f2e4a5382fc88e764e4fa4be430e2aeeb0b612eb540f364c08efaed0d1644707f958a056070467f47738e5429c1ca1e97dde7058f4358347cd2a078194fcf03db362345d3a3388ccff266cf464f3a47d1c8052b81319951850e24d5d673cbfe791a3d8326bdede2d471e8c96bb9ee1a345ba83d2f260c845752daa63d23b7479a8e366bafb14c", 0x93, 0xa5}], 0x8002, &(0x7f0000000280)={[{'qnx4\x00'}, {'qnx4\x00'}], [{@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}, {@euid_gt={'euid>', 0xffffffffffffffff}}, {@fsuuid={'fsuuid', 0x3d, {[0x37, 0x30, 0x56, 0x62, 0x65, 0x34, 0x39, 0x57], 0x2d, [0x66, 0x32, 0x37, 0x64], 0x2d, [0x63, 0x36, 0x24, 0x61], 0x2d, [0x6f, 0x36, 0x62, 0x39], 0x2d, [0xcb, 0x32, 0x62, 0x0, 0x0, 0x38, 0x38, 0x38]}}}]}) 06:18:00 executing program 5: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000080)="c3e6caa81d1c1a5f802210f138d5ec988cebe3ccfdae45eec16001028070dffe8e2e8b93e4bb3a7127634040c6718c44ede039574c24073db82299548aa59223aaa002e1475d9364427bb4", 0x4b, 0xfff}, {&(0x7f0000000100)="8491250c23119dc72ea633435f2e4a5382fc88e764e4fa4be430e2aeeb0b612eb540f364c08efaed0d1644707f958a056070467f47738e5429c1ca1e97dde7058f4358347cd2a078194fcf03db362345d3a3388ccff266cf464f3a47d1c8052b81319951850e24d5d673cbfe791a3d8326bdede2d471e8c96bb9ee1a345ba83d2f260c845752daa63d23b7479a8e366bafb14c", 0x93, 0xa5}], 0x8002, &(0x7f0000000280)={[{'qnx4\x00'}, {'qnx4\x00'}], [{@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}, {@euid_gt={'euid>', 0xffffffffffffffff}}, {@fsuuid={'fsuuid', 0x3d, {[0x37, 0x30, 0x56, 0x62, 0x65, 0x34, 0x39, 0x57], 0x2d, [0x66, 0x32, 0x37, 0x64], 0x2d, [0x63, 0x36, 0x24, 0x61], 0x2d, [0x6f, 0x36, 0x62, 0x39], 0x2d, [0xcb, 0x32, 0x62, 0x0, 0x0, 0x38, 0x38, 0x38]}}}]}) 06:18:00 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB='\b\x00', @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:00 executing program 3: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x3, 0x2, &(0x7f0000000240)=[{&(0x7f0000000080)="c3e6caa81d1c1a5f802210f138d5ec988cebe3ccfdae45eec16001028070dffe8e2e8b93e4bb3a7127634040c6718c44ede039574c24073db82299548aa59223aaa002e1475d9364427bb4", 0x4b, 0xfff}, {&(0x7f0000000100)="8491250c23119dc72ea633435f2e4a5382fc88e764e4fa4be430e2aeeb0b612eb540f364c08efaed0d1644707f958a056070467f47738e5429c1ca1e97dde7058f4358347cd2a078194fcf03db362345d3a3388ccff266cf464f3a47d1c8052b81319951850e24d5d673cbfe791a3d8326bdede2d471e8c96bb9ee1a345ba83d2f260c845752daa63d23b7479a8e366bafb14c", 0x93, 0xa5}], 0x8002, &(0x7f0000000280)={[{'qnx4\x00'}, {'qnx4\x00'}], [{@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}, {@euid_gt={'euid>', 0xffffffffffffffff}}, {@fsuuid={'fsuuid', 0x3d, {[0x37, 0x30, 0x56, 0x62, 0x65, 0x34, 0x39, 0x57], 0x2d, [0x66, 0x32, 0x37, 0x64], 0x2d, [0x63, 0x36, 0x24, 0x61], 0x2d, [0x6f, 0x36, 0x62, 0x39], 0x2d, [0xcb, 0x32, 0x62, 0x0, 0x0, 0x38, 0x38, 0x38]}}}]}) 06:18:00 executing program 2: r0 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, &(0x7f0000000000)={0x80000002}) 06:18:00 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB='\b\x00', @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:00 executing program 0: socketpair(0x2b, 0x1, 0x0, 0x0) 06:18:00 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), 0x0, 0x3, 0x2, &(0x7f0000000240)=[{&(0x7f0000000080)="c3e6caa81d1c1a5f802210f138d5ec988cebe3ccfdae45eec16001028070dffe8e2e8b93e4bb3a7127634040c6718c44ede039574c24073db82299548aa59223aaa002e1475d9364427bb4", 0x4b, 0xfff}, {&(0x7f0000000100)="8491250c23119dc72ea633435f2e4a5382fc88e764e4fa4be430e2aeeb0b612eb540f364c08efaed0d1644707f958a056070467f47738e5429c1ca1e97dde7058f4358347cd2a078194fcf03db362345d3a3388ccff266cf464f3a47d1c8052b81319951850e24d5d673cbfe791a3d8326bdede2d471e8c96bb9ee1a345ba83d2f260c845752daa63d23b7479a8e366bafb14c", 0x93, 0xa5}], 0x8002, &(0x7f0000000280)={[{'qnx4\x00'}, {'qnx4\x00'}], [{@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}, {@euid_gt={'euid>', 0xffffffffffffffff}}, {@fsuuid={'fsuuid', 0x3d, {[0x37, 0x30, 0x56, 0x62, 0x65, 0x34, 0x39, 0x57], 0x2d, [0x66, 0x32, 0x37, 0x64], 0x2d, [0x63, 0x36, 0x24, 0x61], 0x2d, [0x6f, 0x36, 0x62, 0x39], 0x2d, [0xcb, 0x32, 0x62, 0x0, 0x0, 0x38, 0x38, 0x38]}}}]}) 06:18:00 executing program 5: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x8002, &(0x7f0000000280)={[{'qnx4\x00'}, {'qnx4\x00'}], [{@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}, {@euid_gt={'euid>', 0xffffffffffffffff}}, {@fsuuid={'fsuuid', 0x3d, {[0x37, 0x30, 0x56, 0x62, 0x65, 0x34, 0x39, 0x57], 0x2d, [0x66, 0x32, 0x37, 0x64], 0x2d, [0x63, 0x36, 0x24, 0x61], 0x2d, [0x6f, 0x36, 0x62, 0x39], 0x2d, [0xcb, 0x32, 0x62, 0x0, 0x0, 0x38, 0x38, 0x38]}}}]}) 06:18:00 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="080001", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:00 executing program 2: r0 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, &(0x7f0000000000)={0x80000002}) 06:18:01 executing program 5: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x8002, &(0x7f0000000280)={[{'qnx4\x00'}, {'qnx4\x00'}], [{@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}, {@euid_gt={'euid>', 0xffffffffffffffff}}, {@fsuuid={'fsuuid', 0x3d, {[0x37, 0x30, 0x56, 0x62, 0x65, 0x34, 0x39, 0x57], 0x2d, [0x66, 0x32, 0x37, 0x64], 0x2d, [0x63, 0x36, 0x24, 0x61], 0x2d, [0x6f, 0x36, 0x62, 0x39], 0x2d, [0xcb, 0x32, 0x62, 0x0, 0x0, 0x38, 0x38, 0x38]}}}]}) 06:18:01 executing program 0: syz_mount_image$qnx4(&(0x7f00000001c0), &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0, 0x2a0040e, &(0x7f0000001940)) sendmsg$L2TP_CMD_TUNNEL_MODIFY(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x78, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {}, [@L2TP_ATTR_VLAN_ID={0x6, 0xe, 0x1ff}, @L2TP_ATTR_IFNAME={0x14, 0x8, 'xfrm0\x00'}, @L2TP_ATTR_ENCAP_TYPE={0x6}, @L2TP_ATTR_ENCAP_TYPE={0x6}, @L2TP_ATTR_SEND_SEQ={0x5, 0x13, 0x1}, @L2TP_ATTR_RECV_SEQ={0x5}, @L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @L2TP_ATTR_RECV_TIMEOUT={0xc, 0x16, 0x9}, @L2TP_ATTR_IP_DADDR={0x8, 0x19, @private=0xa010100}]}, 0x78}, 0x1, 0x0, 0x0, 0x4000000}, 0x40) 06:18:01 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$L2TP_CMD_NOOP(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x40, r1, 0x8, 0x70bd28, 0x25dfdbfc, {}, [@L2TP_ATTR_UDP_ZERO_CSUM6_TX={0x5, 0x21, 0x1}, @L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x2}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x4}, @L2TP_ATTR_IFNAME={0x14, 0x8, 'gre0\x00'}]}, 0x40}, 0x1, 0x0, 0x0, 0x41006}, 0x8880) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x4e22, @private=0xa010101}, {0x6}, 0x4, {0x2, 0x4e23, @local}, 'veth0\x00'}) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000000c0)={'tunl0\x00', 0x0}) 06:18:01 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="080001", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:01 executing program 2: r0 = socket$can_raw(0x1d, 0x3, 0x1) epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, &(0x7f0000000000)={0x80000002}) 06:18:01 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), 0x0, 0x3, 0x2, &(0x7f0000000240)=[{&(0x7f0000000080)="c3e6caa81d1c1a5f802210f138d5ec988cebe3ccfdae45eec16001028070dffe8e2e8b93e4bb3a7127634040c6718c44ede039574c24073db82299548aa59223aaa002e1475d9364427bb4", 0x4b, 0xfff}, {&(0x7f0000000100)="8491250c23119dc72ea633435f2e4a5382fc88e764e4fa4be430e2aeeb0b612eb540f364c08efaed0d1644707f958a056070467f47738e5429c1ca1e97dde7058f4358347cd2a078194fcf03db362345d3a3388ccff266cf464f3a47d1c8052b81319951850e24d5d673cbfe791a3d8326bdede2d471e8c96bb9ee1a345ba83d2f260c845752daa63d23b7479a8e366bafb14c", 0x93, 0xa5}], 0x8002, &(0x7f0000000280)={[{'qnx4\x00'}, {'qnx4\x00'}], [{@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}, {@euid_gt={'euid>', 0xffffffffffffffff}}, {@fsuuid={'fsuuid', 0x3d, {[0x37, 0x30, 0x56, 0x62, 0x65, 0x34, 0x39, 0x57], 0x2d, [0x66, 0x32, 0x37, 0x64], 0x2d, [0x63, 0x36, 0x24, 0x61], 0x2d, [0x6f, 0x36, 0x62, 0x39], 0x2d, [0xcb, 0x32, 0x62, 0x0, 0x0, 0x38, 0x38, 0x38]}}}]}) 06:18:01 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$L2TP_CMD_NOOP(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x40, r1, 0x8, 0x70bd28, 0x25dfdbfc, {}, [@L2TP_ATTR_UDP_ZERO_CSUM6_TX={0x5, 0x21, 0x1}, @L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x2}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x4}, @L2TP_ATTR_IFNAME={0x14, 0x8, 'gre0\x00'}]}, 0x40}, 0x1, 0x0, 0x0, 0x41006}, 0x8880) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x4e22, @private=0xa010101}, {0x6}, 0x4, {0x2, 0x4e23, @local}, 'veth0\x00'}) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000000c0)={'tunl0\x00', 0x0}) 06:18:01 executing program 5: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x8002, &(0x7f0000000280)={[{'qnx4\x00'}, {'qnx4\x00'}], [{@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}, {@euid_gt={'euid>', 0xffffffffffffffff}}, {@fsuuid={'fsuuid', 0x3d, {[0x37, 0x30, 0x56, 0x62, 0x65, 0x34, 0x39, 0x57], 0x2d, [0x66, 0x32, 0x37, 0x64], 0x2d, [0x63, 0x36, 0x24, 0x61], 0x2d, [0x6f, 0x36, 0x62, 0x39], 0x2d, [0xcb, 0x32, 0x62, 0x0, 0x0, 0x38, 0x38, 0x38]}}}]}) 06:18:01 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) socket$inet_udp(0x2, 0x2, 0x0) socketpair(0x9d8c36f1817b86, 0x1, 0xb79, &(0x7f0000000000)={0xffffffffffffffff}) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r2, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r3}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) r4 = syz_genetlink_get_family_id$l2tp(&(0x7f00000000c0), r1) sendmsg$L2TP_CMD_TUNNEL_CREATE(r3, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x5c, r4, 0x200, 0x70bd29, 0x25dfdbfc, {}, [@L2TP_ATTR_IP6_DADDR={0x14, 0x20, @mcast2}, @L2TP_ATTR_SEND_SEQ={0x5, 0x13, 0x80}, @L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x6}, @L2TP_ATTR_L2SPEC_TYPE={0x5}, @L2TP_ATTR_PEER_SESSION_ID={0x8}, @L2TP_ATTR_RECV_TIMEOUT={0xc, 0x16, 0x2}, @L2TP_ATTR_CONN_ID={0x8}]}, 0x5c}, 0x1, 0x0, 0x0, 0x24000884}, 0x4000044) r5 = socket(0x26, 0x0, 0x7) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f00000003c0)={'syztnl0\x00', &(0x7f0000000340)={'syztnl2\x00', 0x0, 0x29, 0x0, 0x3, 0x3, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x7, 0x20, 0x800, 0x6}}) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r8 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r10 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r9, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r10}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) getsockopt$IPT_SO_GET_INFO(r10, 0x0, 0x40, &(0x7f0000000580)={'mangle\x00', 0x0, [0xf0, 0x80000000, 0x8, 0xea, 0x2]}, &(0x7f0000000600)=0x54) sendmsg$NBD_CMD_STATUS(r7, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) r11 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000480), 0x610000, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x4, &(0x7f0000000200)=@raw=[@btf_id={0x18, 0xa, 0x3, 0x0, 0x4}, @alu={0x7, 0x0, 0x8, 0x0, 0x2, 0x0, 0x3b89221e47634860}, @exit], &(0x7f0000000240)='syzkaller\x00', 0x6, 0x96, &(0x7f0000000280)=""/150, 0x41000, 0x5, '\x00', r6, 0x25, r8, 0x8, &(0x7f0000000400)={0x3, 0x1}, 0x8, 0x10, &(0x7f0000000440)={0x0, 0xa, 0x2, 0x7ff}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000004c0)=[r3, r3, r3, r11]}, 0x80) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r5, 0x89f1, &(0x7f0000000040)={'syztnl2\x00', 0x0}) 06:18:01 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="080001", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:01 executing program 2: r0 = socket$can_raw(0x1d, 0x3, 0x1) epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, &(0x7f0000000000)={0x80000002}) 06:18:01 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:01 executing program 5: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x1, &(0x7f0000000240)=[{&(0x7f0000000080)="c3e6caa81d1c1a5f802210f138d5ec988cebe3ccfdae45eec16001028070dffe8e2e8b93e4bb3a7127634040c6718c44ede039574c24073db82299548aa59223aaa002e1475d9364427bb4", 0x4b, 0xfff}], 0x8002, &(0x7f0000000280)={[{'qnx4\x00'}, {'qnx4\x00'}], [{@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}, {@euid_gt={'euid>', 0xffffffffffffffff}}, {@fsuuid={'fsuuid', 0x3d, {[0x37, 0x30, 0x56, 0x62, 0x65, 0x34, 0x39, 0x57], 0x2d, [0x66, 0x32, 0x37, 0x64], 0x2d, [0x63, 0x36, 0x24, 0x61], 0x2d, [0x6f, 0x36, 0x62, 0x39], 0x2d, [0xcb, 0x32, 0x62, 0x0, 0x0, 0x38, 0x38, 0x38]}}}]}) 06:18:01 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$L2TP_CMD_NOOP(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x40, r1, 0x8, 0x70bd28, 0x25dfdbfc, {}, [@L2TP_ATTR_UDP_ZERO_CSUM6_TX={0x5, 0x21, 0x1}, @L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x2}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x4}, @L2TP_ATTR_IFNAME={0x14, 0x8, 'gre0\x00'}]}, 0x40}, 0x1, 0x0, 0x0, 0x41006}, 0x8880) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x4e22, @private=0xa010101}, {0x6}, 0x4, {0x2, 0x4e23, @local}, 'veth0\x00'}) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000000c0)={'tunl0\x00', 0x0}) 06:18:01 executing program 2: r0 = socket$can_raw(0x1d, 0x3, 0x1) epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, &(0x7f0000000000)={0x80000002}) 06:18:01 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$L2TP_CMD_NOOP(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x40, r1, 0x8, 0x70bd28, 0x25dfdbfc, {}, [@L2TP_ATTR_UDP_ZERO_CSUM6_TX={0x5, 0x21, 0x1}, @L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x2}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x4}, @L2TP_ATTR_IFNAME={0x14, 0x8, 'gre0\x00'}]}, 0x40}, 0x1, 0x0, 0x0, 0x41006}, 0x8880) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x4e22, @private=0xa010101}, {0x6}, 0x4, {0x2, 0x4e23, @local}, 'veth0\x00'}) 06:18:01 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000080)="c3e6caa81d1c1a5f802210f138d5ec988cebe3ccfdae45eec16001028070dffe8e2e8b93e4bb3a7127634040c6718c44ede039574c24073db82299548aa59223aaa002e1475d9364427bb4", 0x4b, 0xfff}, {&(0x7f0000000100)="8491250c23119dc72ea633435f2e4a5382fc88e764e4fa4be430e2aeeb0b612eb540f364c08efaed0d1644707f958a056070467f47738e5429c1ca1e97dde7058f4358347cd2a078194fcf03db362345d3a3388ccff266cf464f3a47d1c8052b81319951850e24d5d673cbfe791a3d8326bdede2d471e8c96bb9ee1a345ba83d2f260c845752daa63d23b7479a8e366bafb14c", 0x93, 0xa5}], 0x8002, &(0x7f0000000280)={[{'qnx4\x00'}, {'qnx4\x00'}], [{@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}, {@euid_gt={'euid>', 0xffffffffffffffff}}, {@fsuuid={'fsuuid', 0x3d, {[0x37, 0x30, 0x56, 0x62, 0x65, 0x34, 0x39, 0x57], 0x2d, [0x66, 0x32, 0x37, 0x64], 0x2d, [0x63, 0x36, 0x24, 0x61], 0x2d, [0x6f, 0x36, 0x62, 0x39], 0x2d, [0xcb, 0x32, 0x62, 0x0, 0x0, 0x38, 0x38, 0x38]}}}]}) 06:18:01 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:01 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) socket$inet_udp(0x2, 0x2, 0x0) socketpair(0x9d8c36f1817b86, 0x1, 0xb79, &(0x7f0000000000)={0xffffffffffffffff}) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r2, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r3}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) r4 = syz_genetlink_get_family_id$l2tp(&(0x7f00000000c0), r1) sendmsg$L2TP_CMD_TUNNEL_CREATE(r3, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x5c, r4, 0x200, 0x70bd29, 0x25dfdbfc, {}, [@L2TP_ATTR_IP6_DADDR={0x14, 0x20, @mcast2}, @L2TP_ATTR_SEND_SEQ={0x5, 0x13, 0x80}, @L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x6}, @L2TP_ATTR_L2SPEC_TYPE={0x5}, @L2TP_ATTR_PEER_SESSION_ID={0x8}, @L2TP_ATTR_RECV_TIMEOUT={0xc, 0x16, 0x2}, @L2TP_ATTR_CONN_ID={0x8}]}, 0x5c}, 0x1, 0x0, 0x0, 0x24000884}, 0x4000044) r5 = socket(0x26, 0x0, 0x7) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f00000003c0)={'syztnl0\x00', &(0x7f0000000340)={'syztnl2\x00', 0x0, 0x29, 0x0, 0x3, 0x3, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x7, 0x20, 0x800, 0x6}}) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r8 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r10 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r9, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r10}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) getsockopt$IPT_SO_GET_INFO(r10, 0x0, 0x40, &(0x7f0000000580)={'mangle\x00', 0x0, [0xf0, 0x80000000, 0x8, 0xea, 0x2]}, &(0x7f0000000600)=0x54) sendmsg$NBD_CMD_STATUS(r7, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) r11 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000480), 0x610000, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x4, &(0x7f0000000200)=@raw=[@btf_id={0x18, 0xa, 0x3, 0x0, 0x4}, @alu={0x7, 0x0, 0x8, 0x0, 0x2, 0x0, 0x3b89221e47634860}, @exit], &(0x7f0000000240)='syzkaller\x00', 0x6, 0x96, &(0x7f0000000280)=""/150, 0x41000, 0x5, '\x00', r6, 0x25, r8, 0x8, &(0x7f0000000400)={0x3, 0x1}, 0x8, 0x10, &(0x7f0000000440)={0x0, 0xa, 0x2, 0x7ff}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000004c0)=[r3, r3, r3, r11]}, 0x80) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r5, 0x89f1, &(0x7f0000000040)={'syztnl2\x00', 0x0}) 06:18:01 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) syz_genetlink_get_family_id$l2tp(&(0x7f0000000100), 0xffffffffffffffff) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x4e22, @private=0xa010101}, {0x6}, 0x4, {0x2, 0x4e23, @local}, 'veth0\x00'}) 06:18:01 executing program 5: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)={[{'qnx4\x00'}, {'qnx4\x00'}], [{@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}, {@euid_gt={'euid>', 0xffffffffffffffff}}, {@fsuuid={'fsuuid', 0x3d, {[0x37, 0x30, 0x56, 0x62, 0x65, 0x34, 0x39, 0x57], 0x2d, [0x66, 0x32, 0x37, 0x64], 0x2d, [0x63, 0x36, 0x24, 0x61], 0x2d, [0x6f, 0x36, 0x62, 0x39], 0x2d, [0xcb, 0x32, 0x62, 0x0, 0x0, 0x38, 0x38, 0x38]}}}]}) 06:18:01 executing program 2: socket$can_raw(0x1d, 0x3, 0x1) r0 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, &(0x7f0000000000)={0x80000002}) 06:18:01 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:01 executing program 2: socket$can_raw(0x1d, 0x3, 0x1) r0 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, &(0x7f0000000000)={0x80000002}) 06:18:01 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x4e22, @private=0xa010101}, {0x6}, 0x4, {0x2, 0x4e23, @local}, 'veth0\x00'}) 06:18:01 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x8002, &(0x7f0000000280)={[{'qnx4\x00'}, {'qnx4\x00'}], [{@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}, {@euid_gt={'euid>', 0xffffffffffffffff}}, {@fsuuid={'fsuuid', 0x3d, {[0x37, 0x30, 0x56, 0x62, 0x65, 0x34, 0x39, 0x57], 0x2d, [0x66, 0x32, 0x37, 0x64], 0x2d, [0x63, 0x36, 0x24, 0x61], 0x2d, [0x6f, 0x36, 0x62, 0x39], 0x2d, [0xcb, 0x32, 0x62, 0x0, 0x0, 0x38, 0x38, 0x38]}}}]}) 06:18:01 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) socket$inet_udp(0x2, 0x2, 0x0) socketpair(0x9d8c36f1817b86, 0x1, 0xb79, &(0x7f0000000000)={0xffffffffffffffff}) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r2, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r3}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) r4 = syz_genetlink_get_family_id$l2tp(&(0x7f00000000c0), r1) sendmsg$L2TP_CMD_TUNNEL_CREATE(r3, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x5c, r4, 0x200, 0x70bd29, 0x25dfdbfc, {}, [@L2TP_ATTR_IP6_DADDR={0x14, 0x20, @mcast2}, @L2TP_ATTR_SEND_SEQ={0x5, 0x13, 0x80}, @L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x6}, @L2TP_ATTR_L2SPEC_TYPE={0x5}, @L2TP_ATTR_PEER_SESSION_ID={0x8}, @L2TP_ATTR_RECV_TIMEOUT={0xc, 0x16, 0x2}, @L2TP_ATTR_CONN_ID={0x8}]}, 0x5c}, 0x1, 0x0, 0x0, 0x24000884}, 0x4000044) r5 = socket(0x26, 0x0, 0x7) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f00000003c0)={'syztnl0\x00', &(0x7f0000000340)={'syztnl2\x00', 0x0, 0x29, 0x0, 0x3, 0x3, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x7, 0x20, 0x800, 0x6}}) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r8 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r10 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r9, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r10}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) getsockopt$IPT_SO_GET_INFO(r10, 0x0, 0x40, &(0x7f0000000580)={'mangle\x00', 0x0, [0xf0, 0x80000000, 0x8, 0xea, 0x2]}, &(0x7f0000000600)=0x54) sendmsg$NBD_CMD_STATUS(r7, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) r11 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000480), 0x610000, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x4, &(0x7f0000000200)=@raw=[@btf_id={0x18, 0xa, 0x3, 0x0, 0x4}, @alu={0x7, 0x0, 0x8, 0x0, 0x2, 0x0, 0x3b89221e47634860}, @exit], &(0x7f0000000240)='syzkaller\x00', 0x6, 0x96, &(0x7f0000000280)=""/150, 0x41000, 0x5, '\x00', r6, 0x25, r8, 0x8, &(0x7f0000000400)={0x3, 0x1}, 0x8, 0x10, &(0x7f0000000440)={0x0, 0xa, 0x2, 0x7ff}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000004c0)=[r3, r3, r3, r11]}, 0x80) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r5, 0x89f1, &(0x7f0000000040)={'syztnl2\x00', 0x0}) 06:18:01 executing program 5: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x0, &(0x7f0000000280)={[{'qnx4\x00'}, {'qnx4\x00'}], [{@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}, {@euid_gt={'euid>', 0xffffffffffffffff}}, {@fsuuid={'fsuuid', 0x3d, {[0x37, 0x30, 0x56, 0x62, 0x65, 0x34, 0x39, 0x57], 0x2d, [0x66, 0x32, 0x37, 0x64], 0x2d, [0x63, 0x36, 0x24, 0x61], 0x2d, [0x6f, 0x36, 0x62, 0x39], 0x2d, [0xcb, 0x32, 0x62, 0x0, 0x0, 0x38, 0x38, 0x38]}}}]}) 06:18:01 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:01 executing program 2: socket$can_raw(0x1d, 0x3, 0x1) r0 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, &(0x7f0000000000)={0x80000002}) 06:18:01 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x8002, &(0x7f0000000280)={[{'qnx4\x00'}, {'qnx4\x00'}], [{@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}, {@euid_gt={'euid>', 0xffffffffffffffff}}, {@fsuuid={'fsuuid', 0x3d, {[0x37, 0x30, 0x56, 0x62, 0x65, 0x34, 0x39, 0x57], 0x2d, [0x66, 0x32, 0x37, 0x64], 0x2d, [0x63, 0x36, 0x24, 0x61], 0x2d, [0x6f, 0x36, 0x62, 0x39], 0x2d, [0xcb, 0x32, 0x62, 0x0, 0x0, 0x38, 0x38, 0x38]}}}]}) 06:18:01 executing program 3: ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, &(0x7f0000000000)={{0x2, 0x4e22, @private=0xa010101}, {0x6}, 0x4, {0x2, 0x4e23, @local}, 'veth0\x00'}) 06:18:01 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:01 executing program 2: r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, 0x0) 06:18:01 executing program 3: ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, &(0x7f0000000000)={{0x2, 0x4e22, @private=0xa010101}, {0x6}, 0x4, {0x2, 0x4e23, @local}, 'veth0\x00'}) [ 1398.403992] qnx4: no qnx4 filesystem (no root dir). 06:18:01 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x8002, &(0x7f0000000280)={[{'qnx4\x00'}, {'qnx4\x00'}], [{@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}, {@euid_gt={'euid>', 0xffffffffffffffff}}, {@fsuuid={'fsuuid', 0x3d, {[0x37, 0x30, 0x56, 0x62, 0x65, 0x34, 0x39, 0x57], 0x2d, [0x66, 0x32, 0x37, 0x64], 0x2d, [0x63, 0x36, 0x24, 0x61], 0x2d, [0x6f, 0x36, 0x62, 0x39], 0x2d, [0xcb, 0x32, 0x62, 0x0, 0x0, 0x38, 0x38, 0x38]}}}]}) 06:18:01 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:01 executing program 0: syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x6400) setsockopt$inet6_icmp_ICMP_FILTER(0xffffffffffffffff, 0x1, 0x1, &(0x7f0000000040)={0x4}, 0x4) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r1}, {0x8}, {0x8}, {0x8, 0x1, r1}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) shmdt(0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r2, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000080)=ANY=[@ANYBLOB="0c5f848da108fcb359f262b83806dff3d6c758b222732875a446e60600000048b50c0127f54118c65213169d808f8724ed08a7953c660325f26583f80100000000f8d5ce32e9ab54894c2dce0062410000000000000000000000000000001d9151fc9009e25873ce5f74f6e4f987b7c76832fd8d23c311b25b558c36efac6a6ee9dd251d1931d284b4c1ce4273669618e257758f22b3c3e8da7a4ca3ca23a3dc61dde52b3c5063d321167b2cf5658e46fa27174a8ad999e99a72f5dfe3670503c573df14316d325d00ca0433ad45fa783475e26d881be558efc6f842edca8ad36d046a9ee264dac9b603229a3f2db33a919af9d8bdb6444ca5a4de79469432ecae579624175f9a7948d609466f904631fc0fff10893313d20ef6fb84f3d0fcf5398b6008c57a61c09d65cba142c5659164d4acb559e3a5b9d760df359e73a5e27f", @ANYRES16=0x0, @ANYBLOB="010000004000fbdb9328ca4460df"], 0x14}, 0x1, 0x0, 0x0, 0x84}, 0x20000080) ioctl$NBD_SET_SOCK(r1, 0xab00, r3) 06:18:01 executing program 2: r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, 0x0) 06:18:01 executing program 5: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x0, &(0x7f0000000280)={[{'qnx4\x00'}, {'qnx4\x00'}], [{@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}, {@euid_gt={'euid>', 0xffffffffffffffff}}, {@fsuuid={'fsuuid', 0x3d, {[0x37, 0x30, 0x56, 0x62, 0x65, 0x34, 0x39, 0x57], 0x2d, [0x66, 0x32, 0x37, 0x64], 0x2d, [0x63, 0x36, 0x24, 0x61], 0x2d, [0x6f, 0x36, 0x62, 0x39], 0x2d, [0xcb, 0x32, 0x62, 0x0, 0x0, 0x38, 0x38, 0x38]}}}]}) 06:18:01 executing program 3: ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, &(0x7f0000000000)={{0x2, 0x4e22, @private=0xa010101}, {0x6}, 0x4, {0x2, 0x4e23, @local}, 'veth0\x00'}) 06:18:01 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x1, &(0x7f0000000240)=[{&(0x7f0000000080)="c3e6caa81d1c1a5f802210f138d5ec988cebe3ccfdae45eec16001028070dffe8e2e8b93e4bb3a7127634040c6718c44ede039574c24073db82299548aa59223aaa002e1475d9364427bb4", 0x4b, 0xfff}], 0x8002, &(0x7f0000000280)={[{'qnx4\x00'}, {'qnx4\x00'}], [{@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}, {@euid_gt={'euid>', 0xffffffffffffffff}}, {@fsuuid={'fsuuid', 0x3d, {[0x37, 0x30, 0x56, 0x62, 0x65, 0x34, 0x39, 0x57], 0x2d, [0x66, 0x32, 0x37, 0x64], 0x2d, [0x63, 0x36, 0x24, 0x61], 0x2d, [0x6f, 0x36, 0x62, 0x39], 0x2d, [0xcb, 0x32, 0x62, 0x0, 0x0, 0x38, 0x38, 0x38]}}}]}) 06:18:01 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:01 executing program 0: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x1010c1c, &(0x7f0000001100)=ANY=[]) syz_mount_image$qnx4(&(0x7f0000000100), &(0x7f0000000140)='./file0\x00', 0x6, 0x8, &(0x7f0000000740)=[{&(0x7f0000000240)="5aa78417191f6642a05229f911fa00b7fbdb48b54ae674d79bdb2d3088cbb4d7f717758d9e01a155f7554e7c0f83c42954653db2cc504f5966377fe9fc0096ba960ea263ad5931e1a82b40a337afa865e369e340b9ab3b6f318bdd5ce1445f750c813707387befcc90ea60365e40b7fb79ad45042dd42f9211", 0x79, 0x800}, {&(0x7f0000000180)="7e615a43835db96b7893069e9a61c473c69152c23a406e90c26dfb5c4e2e2324c4900de205a63366135a6700da7a22f1b3372abb5dcbd2e68ee5", 0x3a, 0x47}, {&(0x7f0000000400)="95f01e2500"/20, 0x14, 0x7}, {&(0x7f0000000300)="1bd4201da1febda4075720b87627009545cefcfdb301aa0d461a9140633cc1fd16de26e29f11fb072b05b6bfbc334d55ba5f92f166e7f723a57513eec5ac5c1c8d9f488f3bccaa950e2cd2fcef60ca082598c3979080862a6ffa1348bdc34decc5e391cdbfb2cc21aaf1ae1777372588a4dfaaf063a645142e7bbbc69803924f77158bc7d9f71f7c367ac43a81be417838e1062035dba2e283944f4426d5b7d84ab421d87007be0f52d232dd0be64d2031d310e2e1c6e851ae1236117f1e41c09c550aed19e113a80d8857a81e2ff772e2d778788d849d3280ba740c539db813ac3d7be7ca0b1fe30b", 0xe9, 0xffff}, {&(0x7f0000000400), 0x0, 0xffff}, {&(0x7f0000000440)="bcf7b5d2d584acd108aa106f4fd394074ca0dc3b4ab6f65ff803c10e62974d1b59e7bdb19d2a948aee326ee2a4c370c6f80c972a6571e31cc97c1e1e913b1c27bfe486b53eb698ad79a897b7b9bebbc76ff64dd1a92c379dacde6c3ebcfab37142ddf1990d835a11d65c095c8ae4b58a11a8aaed6aa16b4da43ed843627295b7cffdf3794401fe872f087cc5ac56ce", 0x8f, 0x9}, {&(0x7f0000000680)="00c1700e7100000000", 0x9, 0xfffd}, {&(0x7f0000000540)="502ff87badd4dc44387aea9ec036587c019e195f8b3c580e68b809b2c607e7e4dbc7e2b2468f201933563e77b4b6cde92580beed2dd38d4f183f133505ff7457e8ee59b080c6ff8dff11a5d443b1de6f0e26eac1ebf7e04e751d30806e6a641dc981ed689bad75d860f2e2074ffe546d36491f9899fdd2aa8f4224c9ba9b388979d91a238910a41309cab32fb44fbe8b174c853d255d293f70955654dd0014c81a45f9305e6da9e6ab920b71024318b9e8d2c80b2771b5dd024bb893d82d36ed7d4c553eab9b1046131b6ce76ade86dfdc7f58c4d70716a3e575f6ed4d6aa70348c84eedb639e06f67295473034a4833a394f0ee17", 0xf5, 0xfff}], 0x208244c, &(0x7f0000000700)) syz_mount_image$qnx4(&(0x7f00000001c0), &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0, 0x2820408, &(0x7f0000001940)) r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) setsockopt$ARPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x61, &(0x7f0000000ac0)={'filter\x00', 0x4}, 0x68) socketpair(0x1f, 0x3, 0xfffffe01, &(0x7f00000002c0)={0xffffffffffffffff}) r2 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000940), r0) sendmsg$WG_CMD_SET_DEVICE(r1, &(0x7f0000000a80)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000a40)={&(0x7f0000000a00)={0x40, r2, 0x800, 0x70bd27, 0x25dfdbfd, {}, [@WGDEVICE_A_PRIVATE_KEY={0x24, 0x3, @b}, @WGDEVICE_A_LISTEN_PORT={0x6, 0x6, 0x4e23}]}, 0x40}, 0x1, 0x0, 0x0, 0x80}, 0x4000010) sendmsg$NBD_CMD_STATUS(0xffffffffffffffff, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r0}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) syz_mount_image$qnx4(&(0x7f0000000500), &(0x7f0000000640)='./file0\x00', 0xfffffffffffffff8, 0x0, &(0x7f0000000680), 0x124009, &(0x7f0000000840)={[{'\x00'}, {'/dev/zero\x00'}, {'&'}, {','}, {'^'}, {'qnx4\x00'}, {'f-&/'}, {'qnx4\x00'}], [{@obj_user}, {@euid_eq}, {@hash}]}) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@bloom_filter={0x1e, 0x5, 0x6, 0x2, 0x4, 0xffffffffffffffff, 0x1, '\x00', 0x0, r0, 0x3, 0x2, 0x4, 0x5}, 0x48) 06:18:01 executing program 2: r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, 0x0) 06:18:01 executing program 3: socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, &(0x7f0000000000)={{0x2, 0x4e22, @private=0xa010101}, {0x6}, 0x4, {0x2, 0x4e23, @local}, 'veth0\x00'}) [ 1398.532683] qnx4: no qnx4 filesystem (no root dir). 06:18:01 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:01 executing program 3: socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, &(0x7f0000000000)={{0x2, 0x4e22, @private=0xa010101}, {0x6}, 0x4, {0x2, 0x4e23, @local}, 'veth0\x00'}) 06:18:01 executing program 5: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x0, &(0x7f0000000280)={[{'qnx4\x00'}, {'qnx4\x00'}], [{@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}, {@euid_gt={'euid>', 0xffffffffffffffff}}, {@fsuuid={'fsuuid', 0x3d, {[0x37, 0x30, 0x56, 0x62, 0x65, 0x34, 0x39, 0x57], 0x2d, [0x66, 0x32, 0x37, 0x64], 0x2d, [0x63, 0x36, 0x24, 0x61], 0x2d, [0x6f, 0x36, 0x62, 0x39], 0x2d, [0xcb, 0x32, 0x62, 0x0, 0x0, 0x38, 0x38, 0x38]}}}]}) 06:18:01 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)={[{'qnx4\x00'}, {'qnx4\x00'}], [{@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}, {@euid_gt={'euid>', 0xffffffffffffffff}}, {@fsuuid={'fsuuid', 0x3d, {[0x37, 0x30, 0x56, 0x62, 0x65, 0x34, 0x39, 0x57], 0x2d, [0x66, 0x32, 0x37, 0x64], 0x2d, [0x63, 0x36, 0x24, 0x61], 0x2d, [0x6f, 0x36, 0x62, 0x39], 0x2d, [0xcb, 0x32, 0x62, 0x0, 0x0, 0x38, 0x38, 0x38]}}}]}) 06:18:01 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:01 executing program 3: socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, &(0x7f0000000000)={{0x2, 0x4e22, @private=0xa010101}, {0x6}, 0x4, {0x2, 0x4e23, @local}, 'veth0\x00'}) 06:18:01 executing program 2: r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000000)) 06:18:01 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB='\b\x00', @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:01 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, 0x0) 06:18:01 executing program 0: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)={[{'qnx4\x00'}, {'qnx4\x00'}], [{@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}, {@euid_gt={'euid>', 0xffffffffffffffff}}, {@fsuuid={'fsuuid', 0x3d, {[0x37, 0x30, 0x56, 0x62, 0x65, 0x34, 0x39, 0x57], 0x2d, [0x66, 0x32, 0x37, 0x64], 0x2d, [0x63, 0x36, 0x24, 0x61], 0x2d, [0x6f, 0x36, 0x62, 0x39], 0x2d, [0xcb, 0x32, 0x62, 0x0, 0x0, 0x38, 0x38, 0x38]}}}]}) 06:18:01 executing program 2: syz_open_dev$ndb(&(0x7f0000000080), 0x0, 0x6481) r0 = gettid() r1 = gettid() migrate_pages(r1, 0x9d, 0x0, &(0x7f00000006c0)) r2 = gettid() migrate_pages(r2, 0x9d, 0x0, &(0x7f00000006c0)) ptrace$peekuser(0x3, r2, 0x40) migrate_pages(r0, 0x9d, 0x0, &(0x7f00000006c0)) syz_open_procfs$userns(r0, &(0x7f0000000040)) 06:18:01 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x0, &(0x7f0000000280)={[{'qnx4\x00'}, {'qnx4\x00'}], [{@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}, {@euid_gt={'euid>', 0xffffffffffffffff}}, {@fsuuid={'fsuuid', 0x3d, {[0x37, 0x30, 0x56, 0x62, 0x65, 0x34, 0x39, 0x57], 0x2d, [0x66, 0x32, 0x37, 0x64], 0x2d, [0x63, 0x36, 0x24, 0x61], 0x2d, [0x6f, 0x36, 0x62, 0x39], 0x2d, [0xcb, 0x32, 0x62, 0x0, 0x0, 0x38, 0x38, 0x38]}}}]}) [ 1398.704040] qnx4: no qnx4 filesystem (no root dir). 06:18:01 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB='\b\x00', @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:01 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, 0x0) 06:18:01 executing program 5: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, 0x0) 06:18:01 executing program 2: epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, 0xffffffffffffffff, &(0x7f0000000040)={0x2001}) r0 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, 0x0) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000000), 0x9) 06:18:01 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB='\b\x00', @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:01 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, 0x0) 06:18:01 executing program 2: r0 = syz_open_dev$sndpcmp(&(0x7f0000000040), 0x450, 0x101080) ioctl$SNDRV_PCM_IOCTL_READN_FRAMES(r0, 0x80184153, &(0x7f0000000180)={0x0, &(0x7f0000000140)=[&(0x7f0000000080)="b335eb6535efb64581cbc071d1a31ca67e618c61c6d58a7f89bcf9fe0eef57e6ffcefc675ac1f9c4ac76dca57395e8f4152e32ee01f9f17be7a462573981764e549c0a5b44c8b4a1a828a095a642a0a507e386eda4c6c193984da8239afd528c377499d7ea54922e7cf26842d346329ced5e2adf60cd21466b8af5836b3386655b8df260f26024705523e750775b72ee6d14aa9be22580a110511261b7a9080833dab82ef25cc54cc90cddc8aad81e90b2f21de2437d2b"]}) ioctl$RNDGETENTCNT(0xffffffffffffffff, 0x80045200, &(0x7f0000000240)) r1 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r1, &(0x7f0000000440)=@hat={'permhat ', 0x40000000000, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) syz_mount_image$qnx4(&(0x7f00000001c0), &(0x7f0000000200)='./file0\x00', 0x0, 0xfffffffffffffff3, 0x0, 0x2820408, &(0x7f0000001940)) 06:18:01 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="080001", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) [ 1398.802152] qnx4: no qnx4 filesystem (no root dir). 06:18:01 executing program 0: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)={[{'qnx4\x00'}, {'qnx4\x00'}], [{@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}, {@euid_gt={'euid>', 0xffffffffffffffff}}, {@fsuuid={'fsuuid', 0x3d, {[0x37, 0x30, 0x56, 0x62, 0x65, 0x34, 0x39, 0x57], 0x2d, [0x66, 0x32, 0x37, 0x64], 0x2d, [0x63, 0x36, 0x24, 0x61], 0x2d, [0x6f, 0x36, 0x62, 0x39], 0x2d, [0xcb, 0x32, 0x62, 0x0, 0x0, 0x38, 0x38, 0x38]}}}]}) 06:18:01 executing program 5: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, 0x0) 06:18:01 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x0, &(0x7f0000000280)={[{'qnx4\x00'}, {'qnx4\x00'}], [{@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}, {@euid_gt={'euid>', 0xffffffffffffffff}}, {@fsuuid={'fsuuid', 0x3d, {[0x37, 0x30, 0x56, 0x62, 0x65, 0x34, 0x39, 0x57], 0x2d, [0x66, 0x32, 0x37, 0x64], 0x2d, [0x63, 0x36, 0x24, 0x61], 0x2d, [0x6f, 0x36, 0x62, 0x39], 0x2d, [0xcb, 0x32, 0x62, 0x0, 0x0, 0x38, 0x38, 0x38]}}}]}) 06:18:01 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="080001", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:01 executing program 2: r0 = syz_open_dev$sndpcmp(&(0x7f0000000040), 0x450, 0x101080) ioctl$SNDRV_PCM_IOCTL_READN_FRAMES(r0, 0x80184153, &(0x7f0000000180)={0x0, &(0x7f0000000140)=[&(0x7f0000000080)="b335eb6535efb64581cbc071d1a31ca67e618c61c6d58a7f89bcf9fe0eef57e6ffcefc675ac1f9c4ac76dca57395e8f4152e32ee01f9f17be7a462573981764e549c0a5b44c8b4a1a828a095a642a0a507e386eda4c6c193984da8239afd528c377499d7ea54922e7cf26842d346329ced5e2adf60cd21466b8af5836b3386655b8df260f26024705523e750775b72ee6d14aa9be22580a110511261b7a9080833dab82ef25cc54cc90cddc8aad81e90b2f21de2437d2b"]}) ioctl$RNDGETENTCNT(0xffffffffffffffff, 0x80045200, &(0x7f0000000240)) r1 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r1, &(0x7f0000000440)=@hat={'permhat ', 0x40000000000, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) syz_mount_image$qnx4(&(0x7f00000001c0), &(0x7f0000000200)='./file0\x00', 0x0, 0xfffffffffffffff3, 0x0, 0x2820408, &(0x7f0000001940)) 06:18:01 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private=0xa010101}, {0x6}, 0x4, {0x2, 0x4e23, @local}, 'veth0\x00'}) 06:18:01 executing program 0: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)={[{'qnx4\x00'}, {'qnx4\x00'}], [{@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}, {@euid_gt={'euid>', 0xffffffffffffffff}}, {@fsuuid={'fsuuid', 0x3d, {[0x37, 0x30, 0x56, 0x62, 0x65, 0x34, 0x39, 0x57], 0x2d, [0x66, 0x32, 0x37, 0x64], 0x2d, [0x63, 0x36, 0x24, 0x61], 0x2d, [0x6f, 0x36, 0x62, 0x39], 0x2d, [0xcb, 0x32, 0x62, 0x0, 0x0, 0x38, 0x38, 0x38]}}}]}) 06:18:01 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="080001", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) [ 1398.938151] qnx4: no qnx4 filesystem (no root dir). 06:18:02 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {0x6}, 0x4, {0x2, 0x4e23, @local}, 'veth0\x00'}) 06:18:02 executing program 2: r0 = syz_open_dev$sndpcmp(&(0x7f0000000040), 0x450, 0x101080) ioctl$SNDRV_PCM_IOCTL_READN_FRAMES(r0, 0x80184153, &(0x7f0000000180)={0x0, &(0x7f0000000140)=[&(0x7f0000000080)="b335eb6535efb64581cbc071d1a31ca67e618c61c6d58a7f89bcf9fe0eef57e6ffcefc675ac1f9c4ac76dca57395e8f4152e32ee01f9f17be7a462573981764e549c0a5b44c8b4a1a828a095a642a0a507e386eda4c6c193984da8239afd528c377499d7ea54922e7cf26842d346329ced5e2adf60cd21466b8af5836b3386655b8df260f26024705523e750775b72ee6d14aa9be22580a110511261b7a9080833dab82ef25cc54cc90cddc8aad81e90b2f21de2437d2b"]}) ioctl$RNDGETENTCNT(0xffffffffffffffff, 0x80045200, &(0x7f0000000240)) r1 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r1, &(0x7f0000000440)=@hat={'permhat ', 0x40000000000, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) syz_mount_image$qnx4(&(0x7f00000001c0), &(0x7f0000000200)='./file0\x00', 0x0, 0xfffffffffffffff3, 0x0, 0x2820408, &(0x7f0000001940)) 06:18:02 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:02 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x0, &(0x7f0000000280)={[{'qnx4\x00'}, {'qnx4\x00'}], [{@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}, {@euid_gt={'euid>', 0xffffffffffffffff}}, {@fsuuid={'fsuuid', 0x3d, {[0x37, 0x30, 0x56, 0x62, 0x65, 0x34, 0x39, 0x57], 0x2d, [0x66, 0x32, 0x37, 0x64], 0x2d, [0x63, 0x36, 0x24, 0x61], 0x2d, [0x6f, 0x36, 0x62, 0x39], 0x2d, [0xcb, 0x32, 0x62, 0x0, 0x0, 0x38, 0x38, 0x38]}}}]}) 06:18:02 executing program 5: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, 0x0) 06:18:02 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x4e23, @local}, 'veth0\x00'}) 06:18:02 executing program 2: r0 = syz_open_dev$sndpcmp(&(0x7f0000000040), 0x450, 0x101080) ioctl$SNDRV_PCM_IOCTL_READN_FRAMES(r0, 0x80184153, &(0x7f0000000180)={0x0, &(0x7f0000000140)=[&(0x7f0000000080)="b335eb6535efb64581cbc071d1a31ca67e618c61c6d58a7f89bcf9fe0eef57e6ffcefc675ac1f9c4ac76dca57395e8f4152e32ee01f9f17be7a462573981764e549c0a5b44c8b4a1a828a095a642a0a507e386eda4c6c193984da8239afd528c377499d7ea54922e7cf26842d346329ced5e2adf60cd21466b8af5836b3386655b8df260f26024705523e750775b72ee6d14aa9be22580a110511261b7a9080833dab82ef25cc54cc90cddc8aad81e90b2f21de2437d2b"]}) ioctl$RNDGETENTCNT(0xffffffffffffffff, 0x80045200, &(0x7f0000000240)) r1 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r1, &(0x7f0000000440)=@hat={'permhat ', 0x40000000000, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) 06:18:02 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:02 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)={[{'qnx4\x00'}, {'qnx4\x00'}], [{@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}, {@euid_gt={'euid>', 0xffffffffffffffff}}, {@fsuuid={'fsuuid', 0x3d, {[0x37, 0x30, 0x56, 0x62, 0x65, 0x34, 0x39, 0x57], 0x2d, [0x66, 0x32, 0x37, 0x64], 0x2d, [0x63, 0x36, 0x24, 0x61], 0x2d, [0x6f, 0x36, 0x62, 0x39], 0x2d, [0xcb, 0x32, 0x62, 0x0, 0x0, 0x38, 0x38, 0x38]}}}]}) 06:18:02 executing program 2: r0 = syz_open_dev$sndpcmp(&(0x7f0000000040), 0x450, 0x101080) ioctl$SNDRV_PCM_IOCTL_READN_FRAMES(r0, 0x80184153, &(0x7f0000000180)={0x0, &(0x7f0000000140)=[&(0x7f0000000080)="b335eb6535efb64581cbc071d1a31ca67e618c61c6d58a7f89bcf9fe0eef57e6ffcefc675ac1f9c4ac76dca57395e8f4152e32ee01f9f17be7a462573981764e549c0a5b44c8b4a1a828a095a642a0a507e386eda4c6c193984da8239afd528c377499d7ea54922e7cf26842d346329ced5e2adf60cd21466b8af5836b3386655b8df260f26024705523e750775b72ee6d14aa9be22580a110511261b7a9080833dab82ef25cc54cc90cddc8aad81e90b2f21de2437d2b"]}) ioctl$RNDGETENTCNT(0xffffffffffffffff, 0x80045200, &(0x7f0000000240)) write$apparmor_current(0xffffffffffffffff, &(0x7f0000000440)=@hat={'permhat ', 0x40000000000, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) 06:18:02 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x0, {0x2, 0x4e23, @local}, 'veth0\x00'}) 06:18:02 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:02 executing program 2: r0 = syz_open_dev$sndpcmp(&(0x7f0000000040), 0x450, 0x101080) ioctl$SNDRV_PCM_IOCTL_READN_FRAMES(r0, 0x80184153, &(0x7f0000000180)={0x0, &(0x7f0000000140)=[&(0x7f0000000080)="b335eb6535efb64581cbc071d1a31ca67e618c61c6d58a7f89bcf9fe0eef57e6ffcefc675ac1f9c4ac76dca57395e8f4152e32ee01f9f17be7a462573981764e549c0a5b44c8b4a1a828a095a642a0a507e386eda4c6c193984da8239afd528c377499d7ea54922e7cf26842d346329ced5e2adf60cd21466b8af5836b3386655b8df260f26024705523e750775b72ee6d14aa9be22580a110511261b7a9080833dab82ef25cc54cc90cddc8aad81e90b2f21de2437d2b"]}) ioctl$RNDGETENTCNT(0xffffffffffffffff, 0x80045200, &(0x7f0000000240)) write$apparmor_current(0xffffffffffffffff, &(0x7f0000000440)=@hat={'permhat ', 0x40000000000, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) [ 1399.089747] qnx4: no qnx4 filesystem (no root dir). 06:18:02 executing program 5: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)={[{'qnx4\x00'}], [{@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}, {@euid_gt={'euid>', 0xffffffffffffffff}}, {@fsuuid={'fsuuid', 0x3d, {[0x37, 0x30, 0x56, 0x62, 0x65, 0x34, 0x39, 0x57], 0x2d, [0x66, 0x32, 0x37, 0x64], 0x2d, [0x63, 0x36, 0x24, 0x61], 0x2d, [0x6f, 0x36, 0x62, 0x39], 0x2d, [0xcb, 0x32, 0x62, 0x0, 0x0, 0x38, 0x38, 0x38]}}}]}) 06:18:02 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x0, {0x2, 0x4e23, @local}, 'veth0\x00'}) 06:18:02 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, 0x0) 06:18:02 executing program 2: r0 = syz_open_dev$sndpcmp(&(0x7f0000000040), 0x450, 0x101080) ioctl$SNDRV_PCM_IOCTL_READN_FRAMES(r0, 0x80184153, &(0x7f0000000180)={0x0, &(0x7f0000000140)=[&(0x7f0000000080)="b335eb6535efb64581cbc071d1a31ca67e618c61c6d58a7f89bcf9fe0eef57e6ffcefc675ac1f9c4ac76dca57395e8f4152e32ee01f9f17be7a462573981764e549c0a5b44c8b4a1a828a095a642a0a507e386eda4c6c193984da8239afd528c377499d7ea54922e7cf26842d346329ced5e2adf60cd21466b8af5836b3386655b8df260f26024705523e750775b72ee6d14aa9be22580a110511261b7a9080833dab82ef25cc54cc90cddc8aad81e90b2f21de2437d2b"]}) ioctl$RNDGETENTCNT(0xffffffffffffffff, 0x80045200, &(0x7f0000000240)) write$apparmor_current(0xffffffffffffffff, &(0x7f0000000440)=@hat={'permhat ', 0x40000000000, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) 06:18:02 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:02 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)={[{'qnx4\x00'}, {'qnx4\x00'}], [{@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}, {@euid_gt={'euid>', 0xffffffffffffffff}}, {@fsuuid={'fsuuid', 0x3d, {[0x37, 0x30, 0x56, 0x62, 0x65, 0x34, 0x39, 0x57], 0x2d, [0x66, 0x32, 0x37, 0x64], 0x2d, [0x63, 0x36, 0x24, 0x61], 0x2d, [0x6f, 0x36, 0x62, 0x39], 0x2d, [0xcb, 0x32, 0x62, 0x0, 0x0, 0x38, 0x38, 0x38]}}}]}) 06:18:02 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x0, {0x2, 0x4e23, @local}, 'veth0\x00'}) 06:18:02 executing program 2: r0 = syz_open_dev$sndpcmp(&(0x7f0000000040), 0x450, 0x101080) ioctl$SNDRV_PCM_IOCTL_READN_FRAMES(r0, 0x80184153, &(0x7f0000000180)={0x0, &(0x7f0000000140)=[&(0x7f0000000080)="b335eb6535efb64581cbc071d1a31ca67e618c61c6d58a7f89bcf9fe0eef57e6ffcefc675ac1f9c4ac76dca57395e8f4152e32ee01f9f17be7a462573981764e549c0a5b44c8b4a1a828a095a642a0a507e386eda4c6c193984da8239afd528c377499d7ea54922e7cf26842d346329ced5e2adf60cd21466b8af5836b3386655b8df260f26024705523e750775b72ee6d14aa9be22580a110511261b7a9080833dab82ef25cc54cc90cddc8aad81e90b2f21de2437d2b"]}) r1 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r1, &(0x7f0000000440)=@hat={'permhat ', 0x40000000000, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) 06:18:02 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:02 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) 06:18:02 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:02 executing program 2: syz_open_dev$sndpcmp(&(0x7f0000000040), 0x450, 0x101080) r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x40000000000, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) 06:18:02 executing program 5: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)={[], [{@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}, {@euid_gt={'euid>', 0xffffffffffffffff}}, {@fsuuid={'fsuuid', 0x3d, {[0x37, 0x30, 0x56, 0x62, 0x65, 0x34, 0x39, 0x57], 0x2d, [0x66, 0x32, 0x37, 0x64], 0x2d, [0x63, 0x36, 0x24, 0x61], 0x2d, [0x6f, 0x36, 0x62, 0x39], 0x2d, [0xcb, 0x32, 0x62, 0x0, 0x0, 0x38, 0x38, 0x38]}}}]}) 06:18:02 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)={[{'qnx4\x00'}, {'qnx4\x00'}], [{@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}, {@euid_gt={'euid>', 0xffffffffffffffff}}, {@fsuuid={'fsuuid', 0x3d, {[0x37, 0x30, 0x56, 0x62, 0x65, 0x34, 0x39, 0x57], 0x2d, [0x66, 0x32, 0x37, 0x64], 0x2d, [0x63, 0x36, 0x24, 0x61], 0x2d, [0x6f, 0x36, 0x62, 0x39], 0x2d, [0xcb, 0x32, 0x62, 0x0, 0x0, 0x38, 0x38, 0x38]}}}]}) 06:18:02 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, 0x0) 06:18:02 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) 06:18:02 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x40000000000, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) 06:18:02 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) 06:18:02 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:02 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x40000000000, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) 06:18:02 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) 06:18:02 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:02 executing program 0: syz_mount_image$qnx4(&(0x7f0000000000), 0x0, 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)={[{'qnx4\x00'}, {'qnx4\x00'}], [{@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}, {@euid_gt={'euid>', 0xffffffffffffffff}}, {@fsuuid={'fsuuid', 0x3d, {[0x37, 0x30, 0x56, 0x62, 0x65, 0x34, 0x39, 0x57], 0x2d, [0x66, 0x32, 0x37, 0x64], 0x2d, [0x63, 0x36, 0x24, 0x61], 0x2d, [0x6f, 0x36, 0x62, 0x39], 0x2d, [0xcb, 0x32, 0x62, 0x0, 0x0, 0x38, 0x38, 0x38]}}}]}) 06:18:02 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, 0x0) 06:18:02 executing program 5: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)={[], [{@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}, {@euid_gt={'euid>', 0xffffffffffffffff}}]}) 06:18:02 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x40000000000, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) 06:18:02 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:02 executing program 3: ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) 06:18:02 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x40000000000, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) 06:18:02 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB='\b\x00', @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:02 executing program 3: ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) 06:18:02 executing program 0: syz_mount_image$qnx4(&(0x7f0000000000), 0x0, 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)={[{'qnx4\x00'}, {'qnx4\x00'}], [{@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}, {@euid_gt={'euid>', 0xffffffffffffffff}}, {@fsuuid={'fsuuid', 0x3d, {[0x37, 0x30, 0x56, 0x62, 0x65, 0x34, 0x39, 0x57], 0x2d, [0x66, 0x32, 0x37, 0x64], 0x2d, [0x63, 0x36, 0x24, 0x61], 0x2d, [0x6f, 0x36, 0x62, 0x39], 0x2d, [0xcb, 0x32, 0x62, 0x0, 0x0, 0x38, 0x38, 0x38]}}}]}) 06:18:02 executing program 5: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)={[], [{@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}]}) 06:18:02 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)={[{'qnx4\x00'}], [{@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}, {@euid_gt={'euid>', 0xffffffffffffffff}}, {@fsuuid={'fsuuid', 0x3d, {[0x37, 0x30, 0x56, 0x62, 0x65, 0x34, 0x39, 0x57], 0x2d, [0x66, 0x32, 0x37, 0x64], 0x2d, [0x63, 0x36, 0x24, 0x61], 0x2d, [0x6f, 0x36, 0x62, 0x39], 0x2d, [0xcb, 0x32, 0x62, 0x0, 0x0, 0x38, 0x38, 0x38]}}}]}) 06:18:02 executing program 2: openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(0xffffffffffffffff, &(0x7f0000000440)=@hat={'permhat ', 0x40000000000, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) 06:18:02 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)={[], [{@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}, {@euid_gt={'euid>', 0xffffffffffffffff}}, {@fsuuid={'fsuuid', 0x3d, {[0x37, 0x30, 0x56, 0x62, 0x65, 0x34, 0x39, 0x57], 0x2d, [0x66, 0x32, 0x37, 0x64], 0x2d, [0x63, 0x36, 0x24, 0x61], 0x2d, [0x6f, 0x36, 0x62, 0x39], 0x2d, [0xcb, 0x32, 0x62, 0x0, 0x0, 0x38, 0x38, 0x38]}}}]}) 06:18:02 executing program 2: openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(0xffffffffffffffff, &(0x7f0000000440)=@hat={'permhat ', 0x40000000000, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) 06:18:02 executing program 3: ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) 06:18:03 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB='\b\x00', @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:03 executing program 2: openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(0xffffffffffffffff, &(0x7f0000000440)=@hat={'permhat ', 0x40000000000, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) 06:18:03 executing program 0: syz_mount_image$qnx4(&(0x7f0000000000), 0x0, 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)={[{'qnx4\x00'}, {'qnx4\x00'}], [{@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}, {@euid_gt={'euid>', 0xffffffffffffffff}}, {@fsuuid={'fsuuid', 0x3d, {[0x37, 0x30, 0x56, 0x62, 0x65, 0x34, 0x39, 0x57], 0x2d, [0x66, 0x32, 0x37, 0x64], 0x2d, [0x63, 0x36, 0x24, 0x61], 0x2d, [0x6f, 0x36, 0x62, 0x39], 0x2d, [0xcb, 0x32, 0x62, 0x0, 0x0, 0x38, 0x38, 0x38]}}}]}) 06:18:03 executing program 5: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) 06:18:03 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, 0x0, 0x0) 06:18:03 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB='\b\x00', @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:03 executing program 3: socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) 06:18:03 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, 0x0, 0x0) 06:18:03 executing program 0: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x8002, &(0x7f0000000280)={[{'qnx4\x00'}, {'qnx4\x00'}], [{@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}, {@euid_gt={'euid>', 0xffffffffffffffff}}, {@fsuuid={'fsuuid', 0x3d, {[0x37, 0x30, 0x56, 0x62, 0x65, 0x34, 0x39, 0x57], 0x2d, [0x66, 0x32, 0x37, 0x64], 0x2d, [0x63, 0x36, 0x24, 0x61], 0x2d, [0x6f, 0x36, 0x62, 0x39], 0x2d, [0xcb, 0x32, 0x62, 0x0, 0x0, 0x38, 0x38, 0x38]}}}]}) 06:18:03 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)={[], [{@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}, {@euid_gt={'euid>', 0xffffffffffffffff}}]}) 06:18:03 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, 0x0, 0x0) 06:18:03 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="080001", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:03 executing program 3: socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) 06:18:03 executing program 0: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x8002, &(0x7f0000000280)={[{'qnx4\x00'}, {'qnx4\x00'}], [{@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}, {@euid_gt={'euid>', 0xffffffffffffffff}}, {@fsuuid={'fsuuid', 0x3d, {[0x37, 0x30, 0x56, 0x62, 0x65, 0x34, 0x39, 0x57], 0x2d, [0x66, 0x32, 0x37, 0x64], 0x2d, [0x63, 0x36, 0x24, 0x61], 0x2d, [0x6f, 0x36, 0x62, 0x39], 0x2d, [0xcb, 0x32, 0x62, 0x0, 0x0, 0x38, 0x38, 0x38]}}}]}) 06:18:03 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) 06:18:03 executing program 0: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x8002, &(0x7f0000000280)={[{'qnx4\x00'}, {'qnx4\x00'}], [{@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}, {@euid_gt={'euid>', 0xffffffffffffffff}}, {@fsuuid={'fsuuid', 0x3d, {[0x37, 0x30, 0x56, 0x62, 0x65, 0x34, 0x39, 0x57], 0x2d, [0x66, 0x32, 0x37, 0x64], 0x2d, [0x63, 0x36, 0x24, 0x61], 0x2d, [0x6f, 0x36, 0x62, 0x39], 0x2d, [0xcb, 0x32, 0x62, 0x0, 0x0, 0x38, 0x38, 0x38]}}}]}) 06:18:03 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00']}, 0x1e9) 06:18:03 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="080001", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:03 executing program 5: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="080001", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:03 executing program 3: socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) 06:18:03 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)={[], [{@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}]}) 06:18:03 executing program 0: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x0, &(0x7f0000000280)={[{'qnx4\x00'}, {'qnx4\x00'}], [{@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}, {@euid_gt={'euid>', 0xffffffffffffffff}}, {@fsuuid={'fsuuid', 0x3d, {[0x37, 0x30, 0x56, 0x62, 0x65, 0x34, 0x39, 0x57], 0x2d, [0x66, 0x32, 0x37, 0x64], 0x2d, [0x63, 0x36, 0x24, 0x61], 0x2d, [0x6f, 0x36, 0x62, 0x39], 0x2d, [0xcb, 0x32, 0x62, 0x0, 0x0, 0x38, 0x38, 0x38]}}}]}) 06:18:03 executing program 5: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, 0x0, 0x0) 06:18:03 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="080001", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:03 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00']}, 0x1e9) 06:18:03 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, 0x0) [ 1400.372923] audit: type=1400 audit(1660285083.383:38): apparmor="DENIED" operation="change_hat" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=29573 comm="syz-executor.2" 06:18:03 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) 06:18:03 executing program 5: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00']}, 0x1e9) 06:18:03 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:03 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00']}, 0x1e9) [ 1400.419644] qnx4: no qnx4 filesystem (no root dir). 06:18:03 executing program 5: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="080001", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:03 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, 0x0) 06:18:03 executing program 0: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x0, &(0x7f0000000280)={[{'qnx4\x00'}, {'qnx4\x00'}], [{@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}, {@euid_gt={'euid>', 0xffffffffffffffff}}, {@fsuuid={'fsuuid', 0x3d, {[0x37, 0x30, 0x56, 0x62, 0x65, 0x34, 0x39, 0x57], 0x2d, [0x66, 0x32, 0x37, 0x64], 0x2d, [0x63, 0x36, 0x24, 0x61], 0x2d, [0x6f, 0x36, 0x62, 0x39], 0x2d, [0xcb, 0x32, 0x62, 0x0, 0x0, 0x38, 0x38, 0x38]}}}]}) [ 1400.465856] audit: type=1400 audit(1660285083.453:39): apparmor="DENIED" operation="change_hat" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=29594 comm="syz-executor.2" 06:18:03 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:03 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0x1f2) 06:18:03 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, 0x0) 06:18:03 executing program 5: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, 0x0, 0x0) 06:18:03 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:03 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x0, {0x2, 0x0, @local}, 'veth0\x00'}) [ 1400.553031] audit: type=1400 audit(1660285083.483:40): apparmor="DENIED" operation="change_hat" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=29601 comm="syz-executor.5" [ 1400.575615] qnx4: no qnx4 filesystem (no root dir). 06:18:03 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0x1f2) 06:18:03 executing program 5: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, 0x0) [ 1400.626919] audit: type=1400 audit(1660285083.553:41): apparmor="DENIED" operation="change_hat" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=29604 comm="syz-executor.2" 06:18:03 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, 0x0) 06:18:03 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:03 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0x1f2) 06:18:03 executing program 0: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x0, &(0x7f0000000280)={[{'qnx4\x00'}, {'qnx4\x00'}], [{@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}, {@euid_gt={'euid>', 0xffffffffffffffff}}, {@fsuuid={'fsuuid', 0x3d, {[0x37, 0x30, 0x56, 0x62, 0x65, 0x34, 0x39, 0x57], 0x2d, [0x66, 0x32, 0x37, 0x64], 0x2d, [0x63, 0x36, 0x24, 0x61], 0x2d, [0x6f, 0x36, 0x62, 0x39], 0x2d, [0xcb, 0x32, 0x62, 0x0, 0x0, 0x38, 0x38, 0x38]}}}]}) 06:18:03 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x0, {0x2, 0x0, @local}, 'veth0\x00'}) 06:18:03 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0x145) [ 1400.726460] audit: type=1400 audit(1660285083.593:42): apparmor="DENIED" operation="change_hat" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=29620 comm="syz-executor.2" 06:18:03 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:03 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x0, {0x2, 0x0, @local}, 'veth0\x00'}) 06:18:03 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x0, {0x2, 0x0, @local}, 'veth0\x00'}) 06:18:03 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0x145) [ 1400.777173] audit: type=1400 audit(1660285083.703:43): apparmor="DENIED" operation="change_hat" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=29636 comm="syz-executor.2" [ 1400.808757] audit: type=1400 audit(1660285083.783:44): apparmor="DENIED" operation="change_hat" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=29645 comm="syz-executor.2" 06:18:03 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x0, &(0x7f0000000280)={[{'qnx4\x00'}, {'qnx4\x00'}], [{@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}, {@euid_gt={'euid>', 0xffffffffffffffff}}, {@fsuuid={'fsuuid', 0x3d, {[0x37, 0x30, 0x56, 0x62, 0x65, 0x34, 0x39, 0x57], 0x2d, [0x66, 0x32, 0x37, 0x64], 0x2d, [0x63, 0x36, 0x24, 0x61], 0x2d, [0x6f, 0x36, 0x62, 0x39], 0x2d, [0xcb, 0x32, 0x62, 0x0, 0x0, 0x38, 0x38, 0x38]}}}]}) [ 1400.826691] audit: type=1400 audit(1660285083.823:45): apparmor="DENIED" operation="change_hat" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=29659 comm="syz-executor.2" [ 1400.867446] qnx4: no qnx4 filesystem (no root dir). 06:18:03 executing program 0: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, 0x0) 06:18:03 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:03 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0x145) 06:18:03 executing program 5: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:03 executing program 3: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:03 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:04 executing program 0: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, 0x0) [ 1400.928243] audit: type=1400 audit(1660285083.943:46): apparmor="DENIED" operation="change_hat" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=29663 comm="syz-executor.2" [ 1400.986935] qnx4: no qnx4 filesystem (no root dir). 06:18:04 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x0, &(0x7f0000000280)={[{'qnx4\x00'}, {'qnx4\x00'}], [{@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}, {@euid_gt={'euid>', 0xffffffffffffffff}}, {@fsuuid={'fsuuid', 0x3d, {[0x37, 0x30, 0x56, 0x62, 0x65, 0x34, 0x39, 0x57], 0x2d, [0x66, 0x32, 0x37, 0x64], 0x2d, [0x63, 0x36, 0x24, 0x61], 0x2d, [0x6f, 0x36, 0x62, 0x39], 0x2d, [0xcb, 0x32, 0x62, 0x0, 0x0, 0x38, 0x38, 0x38]}}}]}) 06:18:04 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0x108) 06:18:04 executing program 5: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:04 executing program 3: r0 = syz_open_dev$sndpcmp(&(0x7f0000000040), 0x450, 0x101080) ioctl$SNDRV_PCM_IOCTL_READN_FRAMES(r0, 0x80184153, &(0x7f0000000180)={0x0, &(0x7f0000000140)=[&(0x7f0000000080)="b335eb6535efb64581cbc071d1a31ca67e618c61c6d58a7f89bcf9fe0eef57e6ffcefc675ac1f9c4ac76dca57395e8f4152e32ee01f9f17be7a462573981764e549c0a5b44c8b4a1a828a095a642a0a507e386eda4c6c193984da8239afd528c377499d7ea54922e7cf26842d346329ced5e2adf60cd21466b8af5836b3386655b8df260f26024705523e750775b72ee6d14aa9be22580a110511261b7a9080833dab82ef25cc54cc90cddc8aad81e90b2f21de2437d2b"]}) ioctl$RNDGETENTCNT(0xffffffffffffffff, 0x80045200, &(0x7f0000000240)) write$apparmor_current(0xffffffffffffffff, &(0x7f0000000440)=@hat={'permhat ', 0x40000000000, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) [ 1401.029199] audit: type=1400 audit(1660285084.043:47): apparmor="DENIED" operation="change_hat" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=29687 comm="syz-executor.2" 06:18:04 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:04 executing program 0: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, 0x0) 06:18:04 executing program 5: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:04 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:04 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0x108) 06:18:04 executing program 3: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, 0x0) [ 1401.163860] qnx4: no qnx4 filesystem (no root dir). 06:18:04 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x4e23, @local}, 'veth0\x00'}) 06:18:04 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0x108) 06:18:04 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) (fail_nth: 1) 06:18:04 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB='\b\x00', @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:04 executing program 3: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 1) [ 1401.190848] nla_parse: 60 callbacks suppressed [ 1401.190854] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1401.222437] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. 06:18:04 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0x1ed) 06:18:04 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x4e23, @local}, 'veth0\x00'}) [ 1401.284619] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1401.308881] FAULT_INJECTION: forcing a failure. [ 1401.308881] name failslab, interval 1, probability 0, space 0, times 0 06:18:04 executing program 0: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)={[{'qnx4\x00'}], [{@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}, {@euid_gt={'euid>', 0xffffffffffffffff}}, {@fsuuid={'fsuuid', 0x3d, {[0x37, 0x30, 0x56, 0x62, 0x65, 0x34, 0x39, 0x57], 0x2d, [0x66, 0x32, 0x37, 0x64], 0x2d, [0x63, 0x36, 0x24, 0x61], 0x2d, [0x6f, 0x36, 0x62, 0x39], 0x2d, [0xcb, 0x32, 0x62, 0x0, 0x0, 0x38, 0x38, 0x38]}}}]}) 06:18:04 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB='\b\x00', @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) [ 1401.331000] CPU: 1 PID: 29742 Comm: syz-executor.5 Not tainted 4.14.290-syzkaller #0 [ 1401.338923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1401.348262] Call Trace: [ 1401.350839] dump_stack+0x1b2/0x281 [ 1401.354460] should_fail.cold+0x10a/0x149 [ 1401.358600] should_failslab+0xd6/0x130 [ 1401.362553] kmem_cache_alloc_node+0x54/0x410 [ 1401.367035] __alloc_skb+0x5c/0x510 [ 1401.370645] __neigh_notify+0x84/0x150 [ 1401.374776] ? __neigh_event_send+0xdb0/0xdb0 [ 1401.379287] neigh_update+0xb4a/0x16d0 [ 1401.383196] ? trace_hardirqs_on_caller+0x2c4/0x580 [ 1401.388225] ? neigh_lookup+0x360/0x560 [ 1401.392213] arp_req_set+0x233/0x5a0 [ 1401.395925] ? arp_req_delete+0x3e0/0x3e0 [ 1401.400073] ? lock_downgrade+0x740/0x740 [ 1401.404229] ? full_name_hash+0x91/0xd0 [ 1401.408219] arp_ioctl+0x343/0x610 [ 1401.411756] ? arp_constructor+0xa30/0xa30 [ 1401.415973] ? get_pid_task+0xb8/0x130 [ 1401.419850] inet_ioctl+0x10d/0x190 [ 1401.423470] sock_ioctl+0x2cc/0x4c0 [ 1401.427086] ? sock_release+0x1e0/0x1e0 [ 1401.431044] do_vfs_ioctl+0x75a/0xff0 [ 1401.434836] ? lock_acquire+0x170/0x3f0 [ 1401.438808] ? ioctl_preallocate+0x1a0/0x1a0 [ 1401.443199] ? __fget+0x265/0x3e0 [ 1401.446633] ? do_vfs_ioctl+0xff0/0xff0 [ 1401.450591] ? security_file_ioctl+0x83/0xb0 [ 1401.454996] SyS_ioctl+0x7f/0xb0 [ 1401.458348] ? do_vfs_ioctl+0xff0/0xff0 [ 1401.462566] do_syscall_64+0x1d5/0x640 [ 1401.466439] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1401.471608] RIP: 0033:0x7fbb0e944279 [ 1401.475302] RSP: 002b:00007fbb0d2b9168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 06:18:04 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) (fail_nth: 2) [ 1401.482998] RAX: ffffffffffffffda RBX: 00007fbb0ea56f80 RCX: 00007fbb0e944279 [ 1401.490252] RDX: 0000000020000000 RSI: 0000000000008955 RDI: 0000000000000003 [ 1401.497521] RBP: 00007fbb0d2b91d0 R08: 0000000000000000 R09: 0000000000000000 [ 1401.504775] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1401.512034] R13: 00007ffe982db31f R14: 00007fbb0d2b9300 R15: 0000000000022000 [ 1401.556519] FAULT_INJECTION: forcing a failure. [ 1401.556519] name failslab, interval 1, probability 0, space 0, times 0 [ 1401.582661] CPU: 1 PID: 29746 Comm: syz-executor.3 Not tainted 4.14.290-syzkaller #0 [ 1401.590562] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1401.599917] Call Trace: [ 1401.602277] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1401.602498] dump_stack+0x1b2/0x281 [ 1401.602514] should_fail.cold+0x10a/0x149 [ 1401.602526] should_failslab+0xd6/0x130 [ 1401.622900] __kmalloc+0x2c1/0x400 [ 1401.626439] ? SyS_memfd_create+0xbc/0x3c0 [ 1401.630676] SyS_memfd_create+0xbc/0x3c0 [ 1401.634747] ? shmem_fcntl+0x120/0x120 [ 1401.638633] ? __do_page_fault+0x159/0xad0 [ 1401.642863] ? do_syscall_64+0x4c/0x640 [ 1401.646843] ? shmem_fcntl+0x120/0x120 [ 1401.650731] do_syscall_64+0x1d5/0x640 06:18:04 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB='\b\x00', @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) [ 1401.654631] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1401.659814] RIP: 0033:0x7f5ff741b279 [ 1401.663514] RSP: 002b:00007f5ff5d8ff28 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 1401.671218] RAX: ffffffffffffffda RBX: 0000000020000240 RCX: 00007f5ff741b279 [ 1401.678483] RDX: 00007f5ff5d8ffe0 RSI: 0000000000000000 RDI: 00007f5ff74742c4 [ 1401.685748] RBP: 0000000000000000 R08: 00007f5ff5d8ffd8 R09: 00007f5ff5d901d0 [ 1401.693135] R10: 00007f5ff5d8ffdc R11: 0000000000000246 R12: 0000000020000000 06:18:04 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x4e23, @local}, 'veth0\x00'}) 06:18:04 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) ioctl$sock_inet_SIOCRTMSG(r0, 0x890d, &(0x7f00000000c0)={0x0, {0x2, 0x4e23, @multicast2}, {0x2, 0x4e23, @multicast1}, {0x2, 0x4e22, @rand_addr=0x64010100}, 0x28, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000080)='erspan0\x00', 0x6, 0x80000001, 0x6ffb}) 06:18:04 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0x1ed) [ 1401.700399] R13: 0000000020000040 R14: 0000000000000000 R15: 0000000020000280 [ 1401.717499] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. 06:18:04 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) ioctl$sock_inet_SIOCRTMSG(r0, 0x890d, &(0x7f00000000c0)={0x0, {0x2, 0x4e23, @multicast2}, {0x2, 0x4e23, @multicast1}, {0x2, 0x4e22, @rand_addr=0x64010100}, 0x28, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000080)='erspan0\x00', 0x6, 0x80000001, 0x6ffb}) socket$inet_udp(0x2, 0x2, 0x0) (async) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) (async) ioctl$sock_inet_SIOCRTMSG(r0, 0x890d, &(0x7f00000000c0)={0x0, {0x2, 0x4e23, @multicast2}, {0x2, 0x4e23, @multicast1}, {0x2, 0x4e22, @rand_addr=0x64010100}, 0x28, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000080)='erspan0\x00', 0x6, 0x80000001, 0x6ffb}) (async) 06:18:04 executing program 1: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0x108) 06:18:04 executing program 3: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 2) 06:18:04 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="080001", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:04 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0x1ed) 06:18:04 executing program 0: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)={[], [{@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}, {@euid_gt={'euid>', 0xffffffffffffffff}}, {@fsuuid={'fsuuid', 0x3d, {[0x37, 0x30, 0x56, 0x62, 0x65, 0x34, 0x39, 0x57], 0x2d, [0x66, 0x32, 0x37, 0x64], 0x2d, [0x63, 0x36, 0x24, 0x61], 0x2d, [0x6f, 0x36, 0x62, 0x39], 0x2d, [0xcb, 0x32, 0x62, 0x0, 0x0, 0x38, 0x38, 0x38]}}}]}) 06:18:04 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 1) 06:18:04 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) (async) ioctl$sock_inet_SIOCRTMSG(r0, 0x890d, &(0x7f00000000c0)={0x0, {0x2, 0x4e23, @multicast2}, {0x2, 0x4e23, @multicast1}, {0x2, 0x4e22, @rand_addr=0x64010100}, 0x28, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000080)='erspan0\x00', 0x6, 0x80000001, 0x6ffb}) 06:18:04 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0x1de) [ 1401.891407] FAULT_INJECTION: forcing a failure. [ 1401.891407] name failslab, interval 1, probability 0, space 0, times 0 [ 1401.896079] FAULT_INJECTION: forcing a failure. [ 1401.896079] name failslab, interval 1, probability 0, space 0, times 0 [ 1401.908616] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1401.948113] CPU: 1 PID: 29789 Comm: syz-executor.3 Not tainted 4.14.290-syzkaller #0 [ 1401.956017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1401.965368] Call Trace: [ 1401.967959] dump_stack+0x1b2/0x281 [ 1401.971590] should_fail.cold+0x10a/0x149 [ 1401.975772] should_failslab+0xd6/0x130 [ 1401.979736] kmem_cache_alloc+0x28e/0x3c0 [ 1401.983874] __d_alloc+0x2a/0xa20 [ 1401.987326] ? lock_downgrade+0x740/0x740 [ 1401.991479] __shmem_file_setup.part.0+0xcb/0x3c0 [ 1401.996326] ? shmem_create+0x30/0x30 [ 1402.000220] ? __alloc_fd+0x1be/0x490 [ 1402.004030] SyS_memfd_create+0x1fc/0x3c0 [ 1402.008172] ? shmem_fcntl+0x120/0x120 [ 1402.012053] ? __do_page_fault+0x159/0xad0 [ 1402.016292] ? do_syscall_64+0x4c/0x640 [ 1402.020258] ? shmem_fcntl+0x120/0x120 [ 1402.024141] do_syscall_64+0x1d5/0x640 [ 1402.028027] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1402.033212] RIP: 0033:0x7f5ff741b279 [ 1402.036915] RSP: 002b:00007f5ff5d8ff28 EFLAGS: 00000246 ORIG_RAX: 000000000000013f 06:18:05 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="080001", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:05 executing program 0: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)={[], [{@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}, {@euid_gt={'euid>', 0xffffffffffffffff}}]}) [ 1402.044621] RAX: ffffffffffffffda RBX: 0000000020000240 RCX: 00007f5ff741b279 [ 1402.051883] RDX: 00007f5ff5d8ffe0 RSI: 0000000000000000 RDI: 00007f5ff74742c4 [ 1402.059318] RBP: 0000000000000000 R08: 00007f5ff5d8ffd8 R09: 00007f5ff5d901d0 [ 1402.066585] R10: 00007f5ff5d8ffdc R11: 0000000000000246 R12: 0000000020000000 [ 1402.073846] R13: 0000000020000040 R14: 0000000000000000 R15: 0000000020000280 [ 1402.097701] CPU: 0 PID: 29794 Comm: syz-executor.1 Not tainted 4.14.290-syzkaller #0 [ 1402.105587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1402.114934] Call Trace: [ 1402.117515] dump_stack+0x1b2/0x281 [ 1402.121143] should_fail.cold+0x10a/0x149 [ 1402.125291] should_failslab+0xd6/0x130 [ 1402.129263] __kmalloc+0x2c1/0x400 [ 1402.132799] ? SyS_memfd_create+0xbc/0x3c0 [ 1402.137030] SyS_memfd_create+0xbc/0x3c0 [ 1402.141086] ? shmem_fcntl+0x120/0x120 [ 1402.144970] ? __do_page_fault+0x159/0xad0 [ 1402.149201] ? do_syscall_64+0x4c/0x640 [ 1402.150419] FAULT_INJECTION: forcing a failure. [ 1402.150419] name failslab, interval 1, probability 0, space 0, times 0 [ 1402.153166] ? shmem_fcntl+0x120/0x120 [ 1402.153180] do_syscall_64+0x1d5/0x640 [ 1402.153202] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1402.153215] RIP: 0033:0x7f5650cf9279 [ 1402.180990] RSP: 002b:00007f564f66df28 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 1402.188692] RAX: ffffffffffffffda RBX: 0000000020000240 RCX: 00007f5650cf9279 06:18:05 executing program 3: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 3) 06:18:05 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000000000)={'wg1\x00', 0x0}) r2 = socket$inet(0x2, 0x3, 0x1f) getsockopt$IPT_SO_GET_INFO(r2, 0x0, 0x40, &(0x7f0000000140)={'filter\x00', 0x0, [0x1000, 0x2, 0x400, 0x10001, 0x20]}, &(0x7f00000001c0)=0x54) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000100)={'syztnl1\x00', &(0x7f0000000040)={'syztnl2\x00', r1, 0x8, 0x1, 0x9, 0x2, {{0x5, 0x4, 0x1, 0xa, 0x14, 0x68, 0x0, 0x4, 0x29, 0x0, @empty, @empty}}}}) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000080)={{0x2, 0x0, @private=0x3}, {0x0, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x34}}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) 06:18:05 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000000000)={'wg1\x00', 0x0}) r2 = socket$inet(0x2, 0x3, 0x1f) getsockopt$IPT_SO_GET_INFO(r2, 0x0, 0x40, &(0x7f0000000140)={'filter\x00', 0x0, [0x1000, 0x2, 0x400, 0x10001, 0x20]}, &(0x7f00000001c0)=0x54) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000100)={'syztnl1\x00', &(0x7f0000000040)={'syztnl2\x00', r1, 0x8, 0x1, 0x9, 0x2, {{0x5, 0x4, 0x1, 0xa, 0x14, 0x68, 0x0, 0x4, 0x29, 0x0, @empty, @empty}}}}) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000080)={{0x2, 0x0, @private=0x3}, {0x0, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x34}}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) socket$inet_udp(0x2, 0x2, 0x0) (async) ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000000000)={'wg1\x00'}) (async) socket$inet(0x2, 0x3, 0x1f) (async) getsockopt$IPT_SO_GET_INFO(r2, 0x0, 0x40, &(0x7f0000000140)={'filter\x00', 0x0, [0x1000, 0x2, 0x400, 0x10001, 0x20]}, &(0x7f00000001c0)=0x54) (async) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000100)={'syztnl1\x00', &(0x7f0000000040)={'syztnl2\x00', r1, 0x8, 0x1, 0x9, 0x2, {{0x5, 0x4, 0x1, 0xa, 0x14, 0x68, 0x0, 0x4, 0x29, 0x0, @empty, @empty}}}}) (async) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000080)={{0x2, 0x0, @private=0x3}, {0x0, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x34}}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) (async) [ 1402.195949] RDX: 00007f564f66dfe0 RSI: 0000000000000000 RDI: 00007f5650d522c4 [ 1402.203387] RBP: 0000000000000000 R08: 00007f564f66dfd8 R09: 00007f564f66e1d0 [ 1402.210646] R10: 00007f564f66dfdc R11: 0000000000000246 R12: 0000000020000000 [ 1402.217903] R13: 0000000020000040 R14: 0000000000000000 R15: 0000000020000280 [ 1402.225280] CPU: 1 PID: 29812 Comm: syz-executor.3 Not tainted 4.14.290-syzkaller #0 [ 1402.233162] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1402.242506] Call Trace: [ 1402.245087] dump_stack+0x1b2/0x281 [ 1402.248723] should_fail.cold+0x10a/0x149 [ 1402.252877] should_failslab+0xd6/0x130 [ 1402.256849] kmem_cache_alloc+0x28e/0x3c0 [ 1402.260992] ? shmem_destroy_callback+0xa0/0xa0 [ 1402.265652] shmem_alloc_inode+0x18/0x40 [ 1402.269712] ? shmem_destroy_callback+0xa0/0xa0 [ 1402.274374] alloc_inode+0x5d/0x170 [ 1402.277995] new_inode+0x1d/0xf0 [ 1402.281359] shmem_get_inode+0x8b/0x890 [ 1402.285335] __shmem_file_setup.part.0+0x104/0x3c0 [ 1402.290257] ? shmem_create+0x30/0x30 [ 1402.294049] ? __alloc_fd+0x1be/0x490 [ 1402.297849] SyS_memfd_create+0x1fc/0x3c0 [ 1402.301994] ? shmem_fcntl+0x120/0x120 [ 1402.305878] ? __do_page_fault+0x159/0xad0 [ 1402.310110] ? do_syscall_64+0x4c/0x640 [ 1402.314082] ? shmem_fcntl+0x120/0x120 [ 1402.317974] do_syscall_64+0x1d5/0x640 [ 1402.321859] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1402.327043] RIP: 0033:0x7f5ff741b279 [ 1402.330747] RSP: 002b:00007f5ff5d8ff28 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 1402.338448] RAX: ffffffffffffffda RBX: 0000000020000240 RCX: 00007f5ff741b279 06:18:05 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0x1de) 06:18:05 executing program 0: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)={[], [{@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}]}) [ 1402.345711] RDX: 00007f5ff5d8ffe0 RSI: 0000000000000000 RDI: 00007f5ff74742c4 [ 1402.353061] RBP: 0000000000000000 R08: 00007f5ff5d8ffd8 R09: 00007f5ff5d901d0 [ 1402.360328] R10: 00007f5ff5d8ffdc R11: 0000000000000246 R12: 0000000020000000 [ 1402.367593] R13: 0000000020000040 R14: 0000000000000000 R15: 0000000020000280 06:18:05 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="080001", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:05 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0x1de) [ 1402.468289] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. 06:18:05 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 2) 06:18:05 executing program 0: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) 06:18:05 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0x1f2) 06:18:05 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:05 executing program 3: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 4) 06:18:05 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000000000)={'wg1\x00', 0x0}) (async) r2 = socket$inet(0x2, 0x3, 0x1f) getsockopt$IPT_SO_GET_INFO(r2, 0x0, 0x40, &(0x7f0000000140)={'filter\x00', 0x0, [0x1000, 0x2, 0x400, 0x10001, 0x20]}, &(0x7f00000001c0)=0x54) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000100)={'syztnl1\x00', &(0x7f0000000040)={'syztnl2\x00', r1, 0x8, 0x1, 0x9, 0x2, {{0x5, 0x4, 0x1, 0xa, 0x14, 0x68, 0x0, 0x4, 0x29, 0x0, @empty, @empty}}}}) (async) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000080)={{0x2, 0x0, @private=0x3}, {0x0, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x34}}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) [ 1402.639221] FAULT_INJECTION: forcing a failure. [ 1402.639221] name failslab, interval 1, probability 0, space 0, times 0 [ 1402.643083] FAULT_INJECTION: forcing a failure. [ 1402.643083] name failslab, interval 1, probability 0, space 0, times 0 [ 1402.662807] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1402.664770] CPU: 1 PID: 29863 Comm: syz-executor.1 Not tainted 4.14.290-syzkaller #0 [ 1402.679286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1402.688635] Call Trace: [ 1402.691223] dump_stack+0x1b2/0x281 [ 1402.694941] should_fail.cold+0x10a/0x149 [ 1402.699084] should_failslab+0xd6/0x130 [ 1402.703054] kmem_cache_alloc+0x28e/0x3c0 [ 1402.707197] __d_alloc+0x2a/0xa20 [ 1402.710643] ? lock_downgrade+0x740/0x740 [ 1402.714779] __shmem_file_setup.part.0+0xcb/0x3c0 [ 1402.719602] ? shmem_create+0x30/0x30 [ 1402.723396] ? __alloc_fd+0x1be/0x490 [ 1402.727183] SyS_memfd_create+0x1fc/0x3c0 [ 1402.731313] ? shmem_fcntl+0x120/0x120 [ 1402.735184] ? __do_page_fault+0x159/0xad0 06:18:05 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:05 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0x1f2) [ 1402.739398] ? do_syscall_64+0x4c/0x640 [ 1402.743446] ? shmem_fcntl+0x120/0x120 [ 1402.747314] do_syscall_64+0x1d5/0x640 [ 1402.751283] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1402.756470] RIP: 0033:0x7f5650cf9279 [ 1402.760160] RSP: 002b:00007f564f66df28 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 1402.767870] RAX: ffffffffffffffda RBX: 0000000020000240 RCX: 00007f5650cf9279 [ 1402.775130] RDX: 00007f564f66dfe0 RSI: 0000000000000000 RDI: 00007f5650d522c4 [ 1402.782398] RBP: 0000000000000000 R08: 00007f564f66dfd8 R09: 00007f564f66e1d0 [ 1402.789657] R10: 00007f564f66dfdc R11: 0000000000000246 R12: 0000000020000000 [ 1402.796918] R13: 0000000020000040 R14: 0000000000000000 R15: 0000000020000280 [ 1402.811533] CPU: 0 PID: 29871 Comm: syz-executor.3 Not tainted 4.14.290-syzkaller #0 [ 1402.819427] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1402.828771] Call Trace: [ 1402.831359] dump_stack+0x1b2/0x281 [ 1402.834987] should_fail.cold+0x10a/0x149 [ 1402.839138] should_failslab+0xd6/0x130 [ 1402.843110] kmem_cache_alloc+0x28e/0x3c0 [ 1402.847260] get_empty_filp+0x86/0x3f0 [ 1402.851142] alloc_file+0x23/0x440 [ 1402.854696] __shmem_file_setup.part.0+0x198/0x3c0 [ 1402.859627] ? shmem_create+0x30/0x30 [ 1402.863418] ? __alloc_fd+0x1be/0x490 [ 1402.867222] SyS_memfd_create+0x1fc/0x3c0 [ 1402.871379] ? shmem_fcntl+0x120/0x120 [ 1402.875268] ? __do_page_fault+0x159/0xad0 [ 1402.879506] ? do_syscall_64+0x4c/0x640 [ 1402.883477] ? shmem_fcntl+0x120/0x120 [ 1402.887364] do_syscall_64+0x1d5/0x640 [ 1402.891254] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1402.896443] RIP: 0033:0x7f5ff741b279 [ 1402.900151] RSP: 002b:00007f5ff5d8ff28 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 1402.907859] RAX: ffffffffffffffda RBX: 0000000020000240 RCX: 00007f5ff741b279 [ 1402.915210] RDX: 00007f5ff5d8ffe0 RSI: 0000000000000000 RDI: 00007f5ff74742c4 [ 1402.922474] RBP: 0000000000000000 R08: 00007f5ff5d8ffd8 R09: 00007f5ff5d901d0 [ 1402.929738] R10: 00007f5ff5d8ffdc R11: 0000000000000246 R12: 0000000020000000 06:18:05 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) [ 1402.937009] R13: 0000000020000040 R14: 0000000000000000 R15: 0000000020000280 06:18:06 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 3) 06:18:06 executing program 5: socket$inet_udp(0x2, 0x2, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r1}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) sendmsg$L2TP_CMD_TUNNEL_MODIFY(r1, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x34, 0x0, 0x1, 0x70bd26, 0x25dfdbff, {}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x3}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x2}, @L2TP_ATTR_SEND_SEQ={0x5, 0x13, 0x7f}, @L2TP_ATTR_DEBUG={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x2993cded7edb131c}, 0x4) prctl$PR_CAPBSET_DROP(0x18, 0x14) [ 1403.027390] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1403.027687] FAULT_INJECTION: forcing a failure. [ 1403.027687] name failslab, interval 1, probability 0, space 0, times 0 [ 1403.048157] CPU: 0 PID: 29883 Comm: syz-executor.1 Not tainted 4.14.290-syzkaller #0 [ 1403.056045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1403.065393] Call Trace: [ 1403.067976] dump_stack+0x1b2/0x281 [ 1403.071604] should_fail.cold+0x10a/0x149 [ 1403.075758] should_failslab+0xd6/0x130 [ 1403.079732] kmem_cache_alloc+0x28e/0x3c0 [ 1403.083878] ? shmem_destroy_callback+0xa0/0xa0 [ 1403.085493] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1403.088541] shmem_alloc_inode+0x18/0x40 [ 1403.088551] ? shmem_destroy_callback+0xa0/0xa0 [ 1403.088561] alloc_inode+0x5d/0x170 [ 1403.088570] new_inode+0x1d/0xf0 [ 1403.088580] shmem_get_inode+0x8b/0x890 [ 1403.116873] __shmem_file_setup.part.0+0x104/0x3c0 [ 1403.121831] ? shmem_create+0x30/0x30 [ 1403.125631] ? __alloc_fd+0x1be/0x490 [ 1403.129433] SyS_memfd_create+0x1fc/0x3c0 [ 1403.133576] ? shmem_fcntl+0x120/0x120 [ 1403.137464] ? __do_page_fault+0x159/0xad0 [ 1403.141698] ? do_syscall_64+0x4c/0x640 [ 1403.145668] ? shmem_fcntl+0x120/0x120 [ 1403.149553] do_syscall_64+0x1d5/0x640 [ 1403.153445] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1403.158632] RIP: 0033:0x7f5650cf9279 [ 1403.162334] RSP: 002b:00007f564f66df28 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 1403.170087] RAX: ffffffffffffffda RBX: 0000000020000240 RCX: 00007f5650cf9279 06:18:06 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:06 executing program 5: socket$inet_udp(0x2, 0x2, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r1}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) sendmsg$L2TP_CMD_TUNNEL_MODIFY(r1, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x34, 0x0, 0x1, 0x70bd26, 0x25dfdbff, {}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x3}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x2}, @L2TP_ATTR_SEND_SEQ={0x5, 0x13, 0x7f}, @L2TP_ATTR_DEBUG={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x2993cded7edb131c}, 0x4) prctl$PR_CAPBSET_DROP(0x18, 0x14) socket$inet_udp(0x2, 0x2, 0x0) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) (async) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r1}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) (async) sendmsg$L2TP_CMD_TUNNEL_MODIFY(r1, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x34, 0x0, 0x1, 0x70bd26, 0x25dfdbff, {}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x3}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x2}, @L2TP_ATTR_SEND_SEQ={0x5, 0x13, 0x7f}, @L2TP_ATTR_DEBUG={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x2993cded7edb131c}, 0x4) (async) prctl$PR_CAPBSET_DROP(0x18, 0x14) (async) 06:18:06 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:06 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0x1f2) [ 1403.177386] RDX: 00007f564f66dfe0 RSI: 0000000000000000 RDI: 00007f5650d522c4 [ 1403.186736] RBP: 0000000000000000 R08: 00007f564f66dfd8 R09: 00007f564f66e1d0 [ 1403.194003] R10: 00007f564f66dfdc R11: 0000000000000246 R12: 0000000020000000 [ 1403.201268] R13: 0000000020000040 R14: 0000000000000000 R15: 0000000020000280 06:18:06 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:06 executing program 3: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 5) 06:18:06 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 4) 06:18:06 executing program 5: socket$inet_udp(0x2, 0x2, 0x0) (async, rerun: 64) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r1}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) (async) sendmsg$L2TP_CMD_TUNNEL_MODIFY(r1, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x34, 0x0, 0x1, 0x70bd26, 0x25dfdbff, {}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x3}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x2}, @L2TP_ATTR_SEND_SEQ={0x5, 0x13, 0x7f}, @L2TP_ATTR_DEBUG={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x2993cded7edb131c}, 0x4) (async) prctl$PR_CAPBSET_DROP(0x18, 0x14) 06:18:06 executing program 0: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0x1de) 06:18:06 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0x1f2) [ 1403.357791] FAULT_INJECTION: forcing a failure. [ 1403.357791] name failslab, interval 1, probability 0, space 0, times 0 [ 1403.359664] FAULT_INJECTION: forcing a failure. [ 1403.359664] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1403.380810] CPU: 1 PID: 29916 Comm: syz-executor.1 Not tainted 4.14.290-syzkaller #0 [ 1403.388690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1403.398046] Call Trace: [ 1403.400633] dump_stack+0x1b2/0x281 06:18:06 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:06 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) [ 1403.404301] should_fail.cold+0x10a/0x149 [ 1403.408449] ? is_bpf_text_address+0xb8/0x150 [ 1403.412941] __alloc_pages_nodemask+0x22c/0x2720 [ 1403.417706] ? unwind_get_return_address+0x51/0x90 [ 1403.422723] ? __save_stack_trace+0xa0/0x160 [ 1403.427136] ? __lock_acquire+0x5fc/0x3f20 [ 1403.431394] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1403.436220] ? __shmem_file_setup.part.0+0xcb/0x3c0 [ 1403.441246] ? SyS_memfd_create+0x1fc/0x3c0 [ 1403.445559] ? do_syscall_64+0x1d5/0x640 [ 1403.449614] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb 06:18:06 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) [ 1403.454968] ? depot_save_stack+0x10d/0x3f0 [ 1403.459283] ? trace_hardirqs_on+0x10/0x10 [ 1403.463515] ? __lock_acquire+0x5fc/0x3f20 [ 1403.467755] cache_grow_begin+0x91/0x700 [ 1403.471813] ? fs_reclaim_release+0xd0/0x110 [ 1403.476215] ? check_preemption_disabled+0x35/0x240 [ 1403.481226] cache_alloc_refill+0x273/0x350 [ 1403.485551] kmem_cache_alloc+0x333/0x3c0 [ 1403.489690] ? shmem_destroy_callback+0xa0/0xa0 [ 1403.494352] shmem_alloc_inode+0x18/0x40 [ 1403.498409] ? shmem_destroy_callback+0xa0/0xa0 [ 1403.503073] alloc_inode+0x5d/0x170 06:18:06 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private=0xa010101}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) 06:18:06 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) [ 1403.506707] new_inode+0x1d/0xf0 [ 1403.510244] shmem_get_inode+0x8b/0x890 [ 1403.514223] __shmem_file_setup.part.0+0x104/0x3c0 [ 1403.519150] ? shmem_create+0x30/0x30 [ 1403.522946] ? __alloc_fd+0x1be/0x490 [ 1403.526842] SyS_memfd_create+0x1fc/0x3c0 [ 1403.530992] ? shmem_fcntl+0x120/0x120 [ 1403.534876] ? __do_page_fault+0x159/0xad0 [ 1403.539100] ? do_syscall_64+0x4c/0x640 [ 1403.543078] ? shmem_fcntl+0x120/0x120 [ 1403.546968] do_syscall_64+0x1d5/0x640 [ 1403.550856] entry_SYSCALL_64_after_hwframe+0x46/0xbb 06:18:06 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:06 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private=0xa010101}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) [ 1403.556035] RIP: 0033:0x7f5650cf9279 [ 1403.559740] RSP: 002b:00007f564f66df28 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 1403.567445] RAX: ffffffffffffffda RBX: 0000000020000240 RCX: 00007f5650cf9279 [ 1403.574714] RDX: 00007f564f66dfe0 RSI: 0000000000000000 RDI: 00007f5650d522c4 [ 1403.581978] RBP: 0000000000000000 R08: 00007f564f66dfd8 R09: 00007f564f66e1d0 [ 1403.589268] R10: 00007f564f66dfdc R11: 0000000000000246 R12: 0000000020000000 [ 1403.596528] R13: 0000000020000040 R14: 0000000000000000 R15: 0000000020000280 [ 1403.629153] CPU: 0 PID: 29915 Comm: syz-executor.3 Not tainted 4.14.290-syzkaller #0 [ 1403.637056] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1403.646507] Call Trace: [ 1403.649096] dump_stack+0x1b2/0x281 [ 1403.652739] should_fail.cold+0x10a/0x149 [ 1403.656893] should_failslab+0xd6/0x130 [ 1403.660876] kmem_cache_alloc_trace+0x29a/0x3d0 [ 1403.665548] apparmor_file_alloc_security+0x129/0x800 [ 1403.670742] security_file_alloc+0x66/0xa0 [ 1403.674973] ? selinux_is_enabled+0x5/0x50 [ 1403.679211] get_empty_filp+0x16b/0x3f0 [ 1403.683180] alloc_file+0x23/0x440 [ 1403.686727] __shmem_file_setup.part.0+0x198/0x3c0 [ 1403.691659] ? shmem_create+0x30/0x30 [ 1403.695457] ? __alloc_fd+0x1be/0x490 [ 1403.699261] SyS_memfd_create+0x1fc/0x3c0 [ 1403.703404] ? shmem_fcntl+0x120/0x120 [ 1403.707287] ? __do_page_fault+0x159/0xad0 [ 1403.711529] ? do_syscall_64+0x4c/0x640 [ 1403.715498] ? shmem_fcntl+0x120/0x120 [ 1403.719391] do_syscall_64+0x1d5/0x640 [ 1403.723284] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1403.728470] RIP: 0033:0x7f5ff741b279 [ 1403.732176] RSP: 002b:00007f5ff5d8ff28 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 1403.739881] RAX: ffffffffffffffda RBX: 0000000020000240 RCX: 00007f5ff741b279 [ 1403.747231] RDX: 00007f5ff5d8ffe0 RSI: 0000000000000000 RDI: 00007f5ff74742c4 [ 1403.754497] RBP: 0000000000000000 R08: 00007f5ff5d8ffd8 R09: 00007f5ff5d901d0 [ 1403.761764] R10: 00007f5ff5d8ffdc R11: 0000000000000246 R12: 0000000020000000 [ 1403.769026] R13: 0000000020000040 R14: 0000000000000000 R15: 0000000020000280 06:18:06 executing program 3: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 6) 06:18:06 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 5) 06:18:06 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private=0xa010101}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) 06:18:06 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private=0xa010101}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) socket$inet_udp(0x2, 0x2, 0x0) (async) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private=0xa010101}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) (async) 06:18:06 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:06 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) [ 1403.868578] FAULT_INJECTION: forcing a failure. [ 1403.868578] name failslab, interval 1, probability 0, space 0, times 0 [ 1403.881740] CPU: 1 PID: 29945 Comm: syz-executor.3 Not tainted 4.14.290-syzkaller #0 [ 1403.891549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1403.900903] Call Trace: [ 1403.903492] dump_stack+0x1b2/0x281 [ 1403.907132] should_fail.cold+0x10a/0x149 [ 1403.911286] should_failslab+0xd6/0x130 06:18:06 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private=0xa010101}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) 06:18:06 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB='\b\x00', @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:06 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="080001", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) [ 1403.915264] kmem_cache_alloc+0x28e/0x3c0 [ 1403.919416] getname_flags+0xc8/0x550 [ 1403.923226] do_sys_open+0x1ce/0x410 [ 1403.926941] ? filp_open+0x60/0x60 [ 1403.930479] ? do_syscall_64+0x4c/0x640 [ 1403.934481] ? SyS_open+0x30/0x30 [ 1403.937934] do_syscall_64+0x1d5/0x640 [ 1403.941823] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1403.947006] RIP: 0033:0x7f5ff73ce194 [ 1403.950709] RSP: 002b:00007f5ff5d8feb0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 1403.958514] RAX: ffffffffffffffda RBX: 00007f5ff7464a20 RCX: 00007f5ff73ce194 06:18:06 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) socket(0x23, 0x2, 0x1) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) 06:18:07 executing program 3: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 7) [ 1403.965791] RDX: 0000000000000002 RSI: 00007f5ff5d8ffe0 RDI: 00000000ffffff9c [ 1403.973055] RBP: 00007f5ff5d8ffe0 R08: 0000000000000000 R09: 00007f5ff5d901d0 [ 1403.980314] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 1403.987653] R13: 0000000000000004 R14: 0000000020000240 R15: 0000000000000000 06:18:07 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) socket(0x23, 0x2, 0x1) (async) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) 06:18:07 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) socket(0x23, 0x2, 0x1) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) [ 1404.075136] FAULT_INJECTION: forcing a failure. [ 1404.075136] name failslab, interval 1, probability 0, space 0, times 0 [ 1404.108003] FAULT_INJECTION: forcing a failure. [ 1404.108003] name failslab, interval 1, probability 0, space 0, times 0 [ 1404.130590] CPU: 0 PID: 29965 Comm: syz-executor.1 Not tainted 4.14.290-syzkaller #0 [ 1404.138493] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1404.147860] Call Trace: [ 1404.150447] dump_stack+0x1b2/0x281 [ 1404.154076] should_fail.cold+0x10a/0x149 [ 1404.158224] should_failslab+0xd6/0x130 [ 1404.162648] kmem_cache_alloc_trace+0x29a/0x3d0 [ 1404.167308] apparmor_file_alloc_security+0x129/0x800 [ 1404.172497] security_file_alloc+0x66/0xa0 [ 1404.176728] ? selinux_is_enabled+0x5/0x50 [ 1404.180958] get_empty_filp+0x16b/0x3f0 [ 1404.184927] alloc_file+0x23/0x440 [ 1404.188459] __shmem_file_setup.part.0+0x198/0x3c0 [ 1404.193381] ? shmem_create+0x30/0x30 [ 1404.197174] ? __alloc_fd+0x1be/0x490 [ 1404.200978] SyS_memfd_create+0x1fc/0x3c0 [ 1404.205127] ? shmem_fcntl+0x120/0x120 [ 1404.209032] ? __do_page_fault+0x159/0xad0 [ 1404.213264] ? do_syscall_64+0x4c/0x640 [ 1404.217236] ? shmem_fcntl+0x120/0x120 [ 1404.221119] do_syscall_64+0x1d5/0x640 [ 1404.225009] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1404.230203] RIP: 0033:0x7f5650cf9279 [ 1404.233909] RSP: 002b:00007f564f66df28 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 1404.241611] RAX: ffffffffffffffda RBX: 0000000020000240 RCX: 00007f5650cf9279 [ 1404.248872] RDX: 00007f564f66dfe0 RSI: 0000000000000000 RDI: 00007f5650d522c4 [ 1404.256134] RBP: 0000000000000000 R08: 00007f564f66dfd8 R09: 00007f564f66e1d0 [ 1404.263884] R10: 00007f564f66dfdc R11: 0000000000000246 R12: 0000000020000000 [ 1404.271147] R13: 0000000020000040 R14: 0000000000000000 R15: 0000000020000280 [ 1404.293481] CPU: 1 PID: 29970 Comm: syz-executor.3 Not tainted 4.14.290-syzkaller #0 [ 1404.301381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1404.310738] Call Trace: [ 1404.313329] dump_stack+0x1b2/0x281 [ 1404.316960] should_fail.cold+0x10a/0x149 [ 1404.321113] should_failslab+0xd6/0x130 [ 1404.325089] kmem_cache_alloc+0x28e/0x3c0 [ 1404.329242] get_empty_filp+0x86/0x3f0 [ 1404.333129] path_openat+0x84/0x2970 [ 1404.336859] ? path_lookupat+0x780/0x780 [ 1404.340919] ? trace_hardirqs_on+0x10/0x10 [ 1404.345152] ? fsnotify+0x974/0x11b0 [ 1404.348867] ? shmem_setattr+0x241/0xbf0 [ 1404.352933] do_filp_open+0x179/0x3c0 [ 1404.356731] ? may_open_dev+0xe0/0xe0 [ 1404.360534] ? __alloc_fd+0x1be/0x490 [ 1404.364342] ? lock_downgrade+0x740/0x740 [ 1404.368510] ? do_raw_spin_unlock+0x164/0x220 [ 1404.372985] ? _raw_spin_unlock+0x29/0x40 [ 1404.377114] ? __alloc_fd+0x1be/0x490 [ 1404.380898] do_sys_open+0x296/0x410 [ 1404.384599] ? filp_open+0x60/0x60 [ 1404.388120] ? do_syscall_64+0x4c/0x640 [ 1404.392071] ? SyS_open+0x30/0x30 [ 1404.395520] do_syscall_64+0x1d5/0x640 [ 1404.399395] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1404.404561] RIP: 0033:0x7f5ff73ce194 [ 1404.408248] RSP: 002b:00007f5ff5d8feb0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 1404.415934] RAX: ffffffffffffffda RBX: 00007f5ff7464a20 RCX: 00007f5ff73ce194 [ 1404.423181] RDX: 0000000000000002 RSI: 00007f5ff5d8ffe0 RDI: 00000000ffffff9c [ 1404.430429] RBP: 00007f5ff5d8ffe0 R08: 0000000000000000 R09: 00007f5ff5d901d0 06:18:07 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 6) 06:18:07 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) (fail_nth: 1) 06:18:07 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB='\b\x00', @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:07 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) socket(0x23, 0x2, 0x1) (async, rerun: 32) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) (rerun: 32) 06:18:07 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) socket(0x23, 0x2, 0x1) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) 06:18:07 executing program 3: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 8) [ 1404.437682] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 1404.444936] R13: 0000000000000004 R14: 0000000020000240 R15: 0000000000000000 06:18:07 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000080)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r2}, {0xfffffffffffffede}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_BLOCK_SIZE_BYTES={0x0, 0x3, 0x20788b10}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r3, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r4}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r4, 0x84, 0x21, &(0x7f0000000100), 0x4) write$apparmor_current(r2, &(0x7f0000000040)=@profile={'stack ', 'permhat '}, 0xe) [ 1404.496775] FAULT_INJECTION: forcing a failure. [ 1404.496775] name failslab, interval 1, probability 0, space 0, times 0 [ 1404.533252] CPU: 1 PID: 29983 Comm: syz-executor.1 Not tainted 4.14.290-syzkaller #0 [ 1404.541239] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1404.547796] FAULT_INJECTION: forcing a failure. [ 1404.547796] name failslab, interval 1, probability 0, space 0, times 0 [ 1404.550590] Call Trace: [ 1404.550606] dump_stack+0x1b2/0x281 [ 1404.550621] should_fail.cold+0x10a/0x149 [ 1404.550635] should_failslab+0xd6/0x130 [ 1404.550651] kmem_cache_alloc+0x28e/0x3c0 [ 1404.580219] getname_flags+0xc8/0x550 [ 1404.584028] do_sys_open+0x1ce/0x410 [ 1404.587744] ? filp_open+0x60/0x60 [ 1404.591285] ? do_syscall_64+0x4c/0x640 [ 1404.595256] ? SyS_open+0x30/0x30 [ 1404.598713] do_syscall_64+0x1d5/0x640 [ 1404.602603] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1404.607790] RIP: 0033:0x7f5650cac194 [ 1404.611495] RSP: 002b:00007f564f66deb0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 1404.619212] RAX: ffffffffffffffda RBX: 00007f5650d42a20 RCX: 00007f5650cac194 [ 1404.626470] RDX: 0000000000000002 RSI: 00007f564f66dfe0 RDI: 00000000ffffff9c [ 1404.633736] RBP: 00007f564f66dfe0 R08: 0000000000000000 R09: 00007f564f66e1d0 06:18:07 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) socket(0x23, 0x2, 0x1) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) 06:18:07 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r2}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000100)={'gretap0\x00', &(0x7f0000000080)={'syztnl1\x00', 0x0, 0x700, 0x7, 0x5, 0x2, {{0x18, 0x4, 0x0, 0x5, 0x60, 0x66, 0x0, 0x80, 0x17, 0x0, @loopback, @empty, {[@ra={0x94, 0x4, 0x1}, @cipso={0x86, 0x3b, 0x3, [{0x6, 0x3, '2'}, {0x5, 0x12, "10115e2adfb729123841b18c06563c78"}, {0x0, 0xb, "951e442adf467100b0"}, {0x7, 0x5, "b90cf6"}, {0x2, 0x10, "b97591c71f97657fb8b9a49155cc"}]}, @noop, @ssrr={0x89, 0x7, 0x8, [@dev={0xac, 0x14, 0x14, 0x11}]}, @ra={0x94, 0x4, 0x1}]}}}}}) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) [ 1404.641031] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 1404.648292] R13: 0000000000000004 R14: 0000000020000240 R15: 0000000000000000 [ 1404.683932] CPU: 0 PID: 29990 Comm: syz-executor.3 Not tainted 4.14.290-syzkaller #0 [ 1404.691845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1404.701194] Call Trace: [ 1404.703783] dump_stack+0x1b2/0x281 [ 1404.707417] should_fail.cold+0x10a/0x149 [ 1404.711565] should_failslab+0xd6/0x130 [ 1404.715548] kmem_cache_alloc+0x28e/0x3c0 [ 1404.719694] get_empty_filp+0x86/0x3f0 [ 1404.723578] path_openat+0x84/0x2970 [ 1404.727292] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1404.731056] FAULT_INJECTION: forcing a failure. [ 1404.731056] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1404.732131] ? path_lookupat+0x780/0x780 [ 1404.747958] ? trace_hardirqs_on+0x10/0x10 [ 1404.752268] ? fsnotify+0x974/0x11b0 [ 1404.755971] ? shmem_setattr+0x241/0xbf0 [ 1404.760126] do_filp_open+0x179/0x3c0 [ 1404.763911] ? may_open_dev+0xe0/0xe0 [ 1404.767694] ? __alloc_fd+0x1be/0x490 [ 1404.771480] ? lock_downgrade+0x740/0x740 [ 1404.775615] ? do_raw_spin_unlock+0x164/0x220 [ 1404.780092] ? _raw_spin_unlock+0x29/0x40 [ 1404.784222] ? __alloc_fd+0x1be/0x490 [ 1404.788025] do_sys_open+0x296/0x410 [ 1404.791736] ? filp_open+0x60/0x60 [ 1404.795266] ? do_syscall_64+0x4c/0x640 [ 1404.799221] ? SyS_open+0x30/0x30 [ 1404.802661] do_syscall_64+0x1d5/0x640 [ 1404.806542] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1404.811729] RIP: 0033:0x7f5ff73ce194 [ 1404.815426] RSP: 002b:00007f5ff5d8feb0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 1404.823119] RAX: ffffffffffffffda RBX: 00007f5ff7464a20 RCX: 00007f5ff73ce194 [ 1404.830376] RDX: 0000000000000002 RSI: 00007f5ff5d8ffe0 RDI: 00000000ffffff9c [ 1404.837631] RBP: 00007f5ff5d8ffe0 R08: 0000000000000000 R09: 00007f5ff5d901d0 06:18:07 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 7) [ 1404.844886] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 1404.852141] R13: 0000000000000004 R14: 0000000020000240 R15: 0000000000000000 [ 1404.859408] CPU: 1 PID: 30007 Comm: syz-executor.1 Not tainted 4.14.290-syzkaller #0 [ 1404.867290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1404.876636] Call Trace: [ 1404.879221] dump_stack+0x1b2/0x281 [ 1404.882852] should_fail.cold+0x10a/0x149 [ 1404.887004] __alloc_pages_nodemask+0x22c/0x2720 [ 1404.892197] ? static_obj+0x50/0x50 [ 1404.895817] ? trace_hardirqs_on+0x10/0x10 [ 1404.900051] ? __lock_acquire+0x5fc/0x3f20 [ 1404.904287] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1404.909124] ? __lock_acquire+0x5fc/0x3f20 [ 1404.913356] ? simple_xattr_get+0xe5/0x160 [ 1404.917593] ? fsnotify+0x974/0x11b0 [ 1404.921300] ? shmem_setattr+0x241/0xbf0 [ 1404.925362] ? __fsnotify_inode_delete+0x20/0x20 [ 1404.930118] cache_grow_begin+0x91/0x700 [ 1404.934173] ? fs_reclaim_release+0xd0/0x110 [ 1404.938580] ? check_preemption_disabled+0x35/0x240 [ 1404.943593] cache_alloc_refill+0x273/0x350 06:18:07 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB='\b\x00', @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:07 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) (async) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000080)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r2}, {0xfffffffffffffede}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_BLOCK_SIZE_BYTES={0x0, 0x3, 0x20788b10}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) (async) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r3, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r4}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) (async) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r4, 0x84, 0x21, &(0x7f0000000100), 0x4) write$apparmor_current(r2, &(0x7f0000000040)=@profile={'stack ', 'permhat '}, 0xe) 06:18:07 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r2}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000100)={'gretap0\x00', &(0x7f0000000080)={'syztnl1\x00', 0x0, 0x700, 0x7, 0x5, 0x2, {{0x18, 0x4, 0x0, 0x5, 0x60, 0x66, 0x0, 0x80, 0x17, 0x0, @loopback, @empty, {[@ra={0x94, 0x4, 0x1}, @cipso={0x86, 0x3b, 0x3, [{0x6, 0x3, '2'}, {0x5, 0x12, "10115e2adfb729123841b18c06563c78"}, {0x0, 0xb, "951e442adf467100b0"}, {0x7, 0x5, "b90cf6"}, {0x2, 0x10, "b97591c71f97657fb8b9a49155cc"}]}, @noop, @ssrr={0x89, 0x7, 0x8, [@dev={0xac, 0x14, 0x14, 0x11}]}, @ra={0x94, 0x4, 0x1}]}}}}}) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) socket$inet_udp(0x2, 0x2, 0x0) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) (async) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r2}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) (async) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000100)={'gretap0\x00', &(0x7f0000000080)={'syztnl1\x00', 0x0, 0x700, 0x7, 0x5, 0x2, {{0x18, 0x4, 0x0, 0x5, 0x60, 0x66, 0x0, 0x80, 0x17, 0x0, @loopback, @empty, {[@ra={0x94, 0x4, 0x1}, @cipso={0x86, 0x3b, 0x3, [{0x6, 0x3, '2'}, {0x5, 0x12, "10115e2adfb729123841b18c06563c78"}, {0x0, 0xb, "951e442adf467100b0"}, {0x7, 0x5, "b90cf6"}, {0x2, 0x10, "b97591c71f97657fb8b9a49155cc"}]}, @noop, @ssrr={0x89, 0x7, 0x8, [@dev={0xac, 0x14, 0x14, 0x11}]}, @ra={0x94, 0x4, 0x1}]}}}}}) (async) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) (async) [ 1404.947915] kmem_cache_alloc+0x333/0x3c0 [ 1404.952069] getname_flags+0xc8/0x550 [ 1404.955868] do_sys_open+0x1ce/0x410 [ 1404.959582] ? filp_open+0x60/0x60 [ 1404.963127] ? do_syscall_64+0x4c/0x640 [ 1404.967095] ? SyS_open+0x30/0x30 [ 1404.970545] do_syscall_64+0x1d5/0x640 [ 1404.974432] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1404.979728] RIP: 0033:0x7f5650cac194 [ 1404.983523] RSP: 002b:00007f564f66deb0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 1404.991226] RAX: ffffffffffffffda RBX: 00007f5650d42a20 RCX: 00007f5650cac194 06:18:08 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) (async) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r2}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000100)={'gretap0\x00', &(0x7f0000000080)={'syztnl1\x00', 0x0, 0x700, 0x7, 0x5, 0x2, {{0x18, 0x4, 0x0, 0x5, 0x60, 0x66, 0x0, 0x80, 0x17, 0x0, @loopback, @empty, {[@ra={0x94, 0x4, 0x1}, @cipso={0x86, 0x3b, 0x3, [{0x6, 0x3, '2'}, {0x5, 0x12, "10115e2adfb729123841b18c06563c78"}, {0x0, 0xb, "951e442adf467100b0"}, {0x7, 0x5, "b90cf6"}, {0x2, 0x10, "b97591c71f97657fb8b9a49155cc"}]}, @noop, @ssrr={0x89, 0x7, 0x8, [@dev={0xac, 0x14, 0x14, 0x11}]}, @ra={0x94, 0x4, 0x1}]}}}}}) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) 06:18:08 executing program 3: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 9) 06:18:08 executing program 0: socket$inet_udp(0x2, 0x2, 0x0) socket(0x23, 0x2, 0x1) [ 1404.998526] RDX: 0000000000000002 RSI: 00007f564f66dfe0 RDI: 00000000ffffff9c [ 1405.005795] RBP: 00007f564f66dfe0 R08: 0000000000000000 R09: 00007f564f66e1d0 [ 1405.013062] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 1405.020330] R13: 0000000000000004 R14: 0000000020000240 R15: 0000000000000000 06:18:08 executing program 0: socket(0x23, 0x2, 0x1) 06:18:08 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="080001", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:08 executing program 5: ioctl$SG_SET_RESERVED_SIZE(0xffffffffffffffff, 0x2275, &(0x7f0000000080)=0x1000) r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) 06:18:08 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000080)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r2}, {0xfffffffffffffede}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_BLOCK_SIZE_BYTES={0x0, 0x3, 0x20788b10}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r3, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r4}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r4, 0x84, 0x21, &(0x7f0000000100), 0x4) write$apparmor_current(r2, &(0x7f0000000040)=@profile={'stack ', 'permhat '}, 0xe) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) (async) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000080)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r2}, {0xfffffffffffffede}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_BLOCK_SIZE_BYTES={0x0, 0x3, 0x20788b10}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) (async) sendmsg$NBD_CMD_STATUS(r3, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r4}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) (async) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r4, 0x84, 0x21, &(0x7f0000000100), 0x4) (async) write$apparmor_current(r2, &(0x7f0000000040)=@profile={'stack ', 'permhat '}, 0xe) (async) [ 1405.110720] FAULT_INJECTION: forcing a failure. [ 1405.110720] name failslab, interval 1, probability 0, space 0, times 0 [ 1405.138523] CPU: 1 PID: 30033 Comm: syz-executor.3 Not tainted 4.14.290-syzkaller #0 [ 1405.146421] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1405.155773] Call Trace: [ 1405.158362] dump_stack+0x1b2/0x281 [ 1405.161992] should_fail.cold+0x10a/0x149 [ 1405.166148] should_failslab+0xd6/0x130 [ 1405.170133] kmem_cache_alloc_trace+0x29a/0x3d0 [ 1405.174806] apparmor_file_alloc_security+0x129/0x800 [ 1405.180047] security_file_alloc+0x66/0xa0 [ 1405.184279] ? selinux_is_enabled+0x5/0x50 [ 1405.188526] get_empty_filp+0x16b/0x3f0 [ 1405.192586] path_openat+0x84/0x2970 [ 1405.196304] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1405.201151] ? path_lookupat+0x780/0x780 [ 1405.205213] ? trace_hardirqs_on+0x10/0x10 06:18:08 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="080001", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) [ 1405.209445] ? fsnotify+0x974/0x11b0 [ 1405.213163] ? shmem_setattr+0x241/0xbf0 [ 1405.217227] do_filp_open+0x179/0x3c0 [ 1405.221027] ? may_open_dev+0xe0/0xe0 [ 1405.224827] ? __alloc_fd+0x1be/0x490 [ 1405.228626] ? lock_downgrade+0x740/0x740 [ 1405.232775] ? do_raw_spin_unlock+0x164/0x220 [ 1405.237273] ? _raw_spin_unlock+0x29/0x40 [ 1405.241418] ? __alloc_fd+0x1be/0x490 [ 1405.245220] do_sys_open+0x296/0x410 [ 1405.248930] ? filp_open+0x60/0x60 [ 1405.252480] ? do_syscall_64+0x4c/0x640 [ 1405.256451] ? SyS_open+0x30/0x30 [ 1405.260029] do_syscall_64+0x1d5/0x640 [ 1405.263920] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1405.269101] RIP: 0033:0x7f5ff73ce194 [ 1405.272802] RSP: 002b:00007f5ff5d8feb0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 1405.280512] RAX: ffffffffffffffda RBX: 00007f5ff7464a20 RCX: 00007f5ff73ce194 [ 1405.287782] RDX: 0000000000000002 RSI: 00007f5ff5d8ffe0 RDI: 00000000ffffff9c [ 1405.295046] RBP: 00007f5ff5d8ffe0 R08: 0000000000000000 R09: 00007f5ff5d901d0 [ 1405.302309] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 1405.309571] R13: 0000000000000004 R14: 0000000020000240 R15: 0000000000000000 06:18:08 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 8) 06:18:08 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32, @ANYBLOB="080001", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:08 executing program 0: socket(0x0, 0x2, 0x1) 06:18:08 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) socketpair(0x26, 0x4, 0x800, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000600)={0xffffffffffffffff, 0xe0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, &(0x7f0000000380)=[0x0], &(0x7f00000003c0)=[0x0, 0x0], 0x0, 0x8, &(0x7f0000000400)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0x10, &(0x7f0000000440), &(0x7f0000000480), 0x8, 0x10, 0x8, 0x8, &(0x7f00000004c0)}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x10, 0x9, &(0x7f0000000240)=@raw=[@map_fd={0x18, 0x7, 0x1, 0x0, 0x1}, @ldst={0x1, 0x2, 0x2, 0x8, 0xb, 0xffffffffffffffc0, 0xffffffffffffffff}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0xe, 0x0, 0x0, 0x0, 0x4}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @map_idx={0x18, 0x7, 0x5, 0x0, 0xd}], &(0x7f00000002c0)='GPL\x00', 0x1, 0x38, &(0x7f0000000300)=""/56, 0x40f00, 0x1, '\x00', r3, 0x28, 0xffffffffffffffff, 0x8, &(0x7f0000000640)={0x8, 0x4}, 0x8, 0x10, &(0x7f0000000680)={0x1, 0xa, 0x7e, 0x4}, 0x10, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[0xffffffffffffffff, 0x1, 0xffffffffffffffff]}, 0x80) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000540)={'gretap0\x00', &(0x7f00000003c0)={'tunl0\x00', r3, 0x8, 0x40, 0x6, 0x1, {{0xb, 0x4, 0x3, 0x38, 0x2c, 0x65, 0x0, 0x4, 0x2f, 0x0, @rand_addr=0x64010101, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@generic={0x82, 0x2}, @timestamp={0x44, 0x14, 0xb0, 0x0, 0x4, [0x401, 0x9, 0x5, 0x5]}]}}}}}) r4 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000380), 0xffffffffffffffff) sendmsg$L2TP_CMD_NOOP(r2, &(0x7f0000000480)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000440)={&(0x7f00000004c0)=ANY=[@ANYBLOB="7307990b041600"/22, @ANYRES16=r4, @ANYBLOB="000126bd7000ffdbdf25000000001400200000000000000000000000ffffac1414aa0500070002000000050004000600000014002000ff0200000000000000000000000000010500220000000000"], 0x54}, 0x1, 0x0, 0x0, 0x20040006}, 0x20000800) write$apparmor_current(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="7065726d686174203097303030303030303030303030303030305e716e783400716e05340079f11a017dc13814dc9cab696aa2e76efadf6ce9242d2e2ceb278a3a2500c4c9b25a47765256b06a47e4183380ec41a6e5376aa073e85af66c3eb5702e5ead797f244a3775ecc41b5db3d0a5c02b30caa57a63c861bc3bb97abc58c50a3a9accdbf35646c5cd307a7a03d18a91801f46ecf7b852545d55833962bf6c159a07aeb2f8d39659693343bec9ba023a079ade2e2624024e6b0e89b810362e1b02bdb7f1f5df6fc00b55d55f400600000000000000e7007fa32758fa88e4be5c0577e5aa9e764fae205dac1f2342d2f9352e163532aca21d5d62d687f8b3435c7171e5b3af99ce24b8921ef8ab63c3d796af66d4fbe1909396c9dcf80dae334d6acacf53178f639bfa81825bfb13ba506547963d00d75a699855c44e798e91f460a06655098beb0ac0dc487b6767d0c053360e40ff38a2ff834c31926a635b456d1b8f67bd162bac81de0656dd856d8fdc5c394dea7edc2c538e26c7b2efd7a96f86d9b71774c0dcc03b0e002757eb77aea34011a0c04924b89535a86e64a0bbd1e059df1d8cf8aa28688d2f76a9350c6d807c891dac888dc6e62dadcc0b43cf3170f1cacdc0b7afc717ee6c91b2c35d046c77db809d597b086861fbd3db6eab74faa8d21b16159c06d9716e7834003a18123adc93dc8988018000088322b41bd7e91eae214b2609523bdc50dc1b068b80b6bf4a6eb77ce7a55550d5f4b0fae55bfa2548a2c8761cfbdcdcc9f480503bed8488fba6a91ca30c8ce4512a76c3ec92f348e346829baedb80ee6324cdff9e857f1f10c23af986bf68aae33233a8c73903e66df29f51a5d1478763cd8fd1bd2b9dea4edec0df989c9be9e341534f8c71edc25d523cc7e0456ae935f606a1f71e691f9faa615eb8ba1f30c07f7917db383607e60ff4dc84ae80bcbfd487d145f650"], 0xfffffffffffffd95) 06:18:08 executing program 5: ioctl$SG_SET_RESERVED_SIZE(0xffffffffffffffff, 0x2275, &(0x7f0000000080)=0x1000) (async) r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) 06:18:08 executing program 3: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 10) 06:18:08 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:08 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async) socketpair(0x26, 0x4, 0x800, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000600)={0xffffffffffffffff, 0xe0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, &(0x7f0000000380)=[0x0], &(0x7f00000003c0)=[0x0, 0x0], 0x0, 0x8, &(0x7f0000000400)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0x10, &(0x7f0000000440), &(0x7f0000000480), 0x8, 0x10, 0x8, 0x8, &(0x7f00000004c0)}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x10, 0x9, &(0x7f0000000240)=@raw=[@map_fd={0x18, 0x7, 0x1, 0x0, 0x1}, @ldst={0x1, 0x2, 0x2, 0x8, 0xb, 0xffffffffffffffc0, 0xffffffffffffffff}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0xe, 0x0, 0x0, 0x0, 0x4}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @map_idx={0x18, 0x7, 0x5, 0x0, 0xd}], &(0x7f00000002c0)='GPL\x00', 0x1, 0x38, &(0x7f0000000300)=""/56, 0x40f00, 0x1, '\x00', r3, 0x28, 0xffffffffffffffff, 0x8, &(0x7f0000000640)={0x8, 0x4}, 0x8, 0x10, &(0x7f0000000680)={0x1, 0xa, 0x7e, 0x4}, 0x10, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[0xffffffffffffffff, 0x1, 0xffffffffffffffff]}, 0x80) (async, rerun: 64) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000540)={'gretap0\x00', &(0x7f00000003c0)={'tunl0\x00', r3, 0x8, 0x40, 0x6, 0x1, {{0xb, 0x4, 0x3, 0x38, 0x2c, 0x65, 0x0, 0x4, 0x2f, 0x0, @rand_addr=0x64010101, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@generic={0x82, 0x2}, @timestamp={0x44, 0x14, 0xb0, 0x0, 0x4, [0x401, 0x9, 0x5, 0x5]}]}}}}}) (async, rerun: 64) r4 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000380), 0xffffffffffffffff) sendmsg$L2TP_CMD_NOOP(r2, &(0x7f0000000480)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000440)={&(0x7f00000004c0)=ANY=[@ANYBLOB="7307990b041600"/22, @ANYRES16=r4, @ANYBLOB="000126bd7000ffdbdf25000000001400200000000000000000000000ffffac1414aa0500070002000000050004000600000014002000ff0200000000000000000000000000010500220000000000"], 0x54}, 0x1, 0x0, 0x0, 0x20040006}, 0x20000800) (async) write$apparmor_current(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="7065726d686174203097303030303030303030303030303030305e716e783400716e05340079f11a017dc13814dc9cab696aa2e76efadf6ce9242d2e2ceb278a3a2500c4c9b25a47765256b06a47e4183380ec41a6e5376aa073e85af66c3eb5702e5ead797f244a3775ecc41b5db3d0a5c02b30caa57a63c861bc3bb97abc58c50a3a9accdbf35646c5cd307a7a03d18a91801f46ecf7b852545d55833962bf6c159a07aeb2f8d39659693343bec9ba023a079ade2e2624024e6b0e89b810362e1b02bdb7f1f5df6fc00b55d55f400600000000000000e7007fa32758fa88e4be5c0577e5aa9e764fae205dac1f2342d2f9352e163532aca21d5d62d687f8b3435c7171e5b3af99ce24b8921ef8ab63c3d796af66d4fbe1909396c9dcf80dae334d6acacf53178f639bfa81825bfb13ba506547963d00d75a699855c44e798e91f460a06655098beb0ac0dc487b6767d0c053360e40ff38a2ff834c31926a635b456d1b8f67bd162bac81de0656dd856d8fdc5c394dea7edc2c538e26c7b2efd7a96f86d9b71774c0dcc03b0e002757eb77aea34011a0c04924b89535a86e64a0bbd1e059df1d8cf8aa28688d2f76a9350c6d807c891dac888dc6e62dadcc0b43cf3170f1cacdc0b7afc717ee6c91b2c35d046c77db809d597b086861fbd3db6eab74faa8d21b16159c06d9716e7834003a18123adc93dc8988018000088322b41bd7e91eae214b2609523bdc50dc1b068b80b6bf4a6eb77ce7a55550d5f4b0fae55bfa2548a2c8761cfbdcdcc9f480503bed8488fba6a91ca30c8ce4512a76c3ec92f348e346829baedb80ee6324cdff9e857f1f10c23af986bf68aae33233a8c73903e66df29f51a5d1478763cd8fd1bd2b9dea4edec0df989c9be9e341534f8c71edc25d523cc7e0456ae935f606a1f71e691f9faa615eb8ba1f30c07f7917db383607e60ff4dc84ae80bcbfd487d145f650"], 0xfffffffffffffd95) [ 1405.468548] FAULT_INJECTION: forcing a failure. [ 1405.468548] name failslab, interval 1, probability 0, space 0, times 0 [ 1405.484782] FAULT_INJECTION: forcing a failure. [ 1405.484782] name failslab, interval 1, probability 0, space 0, times 0 06:18:08 executing program 0: socket(0x0, 0x2, 0x1) 06:18:08 executing program 5: ioctl$SG_SET_RESERVED_SIZE(0xffffffffffffffff, 0x2275, &(0x7f0000000080)=0x1000) r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) 06:18:08 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) r1 = socket$l2tp(0x2, 0x2, 0x73) pipe(&(0x7f0000000140)={0xffffffffffffffff}) sendmsg$L2TP_CMD_TUNNEL_DELETE(r2, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x800040}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB="f9000000", @ANYRES16=0x0, @ANYBLOB="00082dbd7000fcdbdf2502000000050007000300000008000b0001000000"], 0x24}, 0x1, 0x0, 0x0, 0x4048000}, 0x14) ioctl$sock_inet_SIOCRTMSG(r1, 0x890d, &(0x7f00000000c0)={0x0, {0x2, 0x4e24, @multicast2}, {0x2, 0x4e22, @rand_addr=0x64010101}, {0x2, 0x4e20, @broadcast}, 0x106, 0x0, 0x0, 0x0, 0x81, &(0x7f0000000080)='vxcan1\x00', 0x5, 0x5, 0x1}) [ 1405.520577] CPU: 1 PID: 30085 Comm: syz-executor.1 Not tainted 4.14.290-syzkaller #0 [ 1405.528497] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1405.537854] Call Trace: [ 1405.540441] dump_stack+0x1b2/0x281 [ 1405.544082] should_fail.cold+0x10a/0x149 [ 1405.548231] should_failslab+0xd6/0x130 [ 1405.552233] kmem_cache_alloc+0x28e/0x3c0 [ 1405.556386] get_empty_filp+0x86/0x3f0 [ 1405.560274] path_openat+0x84/0x2970 [ 1405.563989] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1405.568834] ? path_lookupat+0x780/0x780 [ 1405.572895] ? trace_hardirqs_on+0x10/0x10 [ 1405.577225] ? fsnotify+0x974/0x11b0 [ 1405.580934] ? shmem_setattr+0x241/0xbf0 [ 1405.585001] do_filp_open+0x179/0x3c0 [ 1405.588802] ? may_open_dev+0xe0/0xe0 [ 1405.592687] ? __alloc_fd+0x1be/0x490 [ 1405.596515] ? lock_downgrade+0x740/0x740 [ 1405.600667] ? do_raw_spin_unlock+0x164/0x220 [ 1405.605160] ? _raw_spin_unlock+0x29/0x40 [ 1405.609305] ? __alloc_fd+0x1be/0x490 [ 1405.613546] do_sys_open+0x296/0x410 [ 1405.617260] ? filp_open+0x60/0x60 06:18:08 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) r1 = socket$l2tp(0x2, 0x2, 0x73) pipe(&(0x7f0000000140)={0xffffffffffffffff}) sendmsg$L2TP_CMD_TUNNEL_DELETE(r2, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x800040}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB="f9000000", @ANYRES16=0x0, @ANYBLOB="00082dbd7000fcdbdf2502000000050007000300000008000b0001000000"], 0x24}, 0x1, 0x0, 0x0, 0x4048000}, 0x14) ioctl$sock_inet_SIOCRTMSG(r1, 0x890d, &(0x7f00000000c0)={0x0, {0x2, 0x4e24, @multicast2}, {0x2, 0x4e22, @rand_addr=0x64010101}, {0x2, 0x4e20, @broadcast}, 0x106, 0x0, 0x0, 0x0, 0x81, &(0x7f0000000080)='vxcan1\x00', 0x5, 0x5, 0x1}) socket$inet_udp(0x2, 0x2, 0x0) (async) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) (async) socket$l2tp(0x2, 0x2, 0x73) (async) pipe(&(0x7f0000000140)) (async) sendmsg$L2TP_CMD_TUNNEL_DELETE(r2, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x800040}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB="f9000000", @ANYRES16=0x0, @ANYBLOB="00082dbd7000fcdbdf2502000000050007000300000008000b0001000000"], 0x24}, 0x1, 0x0, 0x0, 0x4048000}, 0x14) (async) ioctl$sock_inet_SIOCRTMSG(r1, 0x890d, &(0x7f00000000c0)={0x0, {0x2, 0x4e24, @multicast2}, {0x2, 0x4e22, @rand_addr=0x64010101}, {0x2, 0x4e20, @broadcast}, 0x106, 0x0, 0x0, 0x0, 0x81, &(0x7f0000000080)='vxcan1\x00', 0x5, 0x5, 0x1}) (async) [ 1405.620801] ? do_syscall_64+0x4c/0x640 [ 1405.624773] ? SyS_open+0x30/0x30 [ 1405.628223] do_syscall_64+0x1d5/0x640 [ 1405.632115] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1405.637295] RIP: 0033:0x7f5650cac194 [ 1405.640994] RSP: 002b:00007f564f66deb0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 1405.648694] RAX: ffffffffffffffda RBX: 00007f5650d42a20 RCX: 00007f5650cac194 [ 1405.655959] RDX: 0000000000000002 RSI: 00007f564f66dfe0 RDI: 00000000ffffff9c [ 1405.663219] RBP: 00007f564f66dfe0 R08: 0000000000000000 R09: 00007f564f66e1d0 [ 1405.670486] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 1405.677751] R13: 0000000000000004 R14: 0000000020000240 R15: 0000000000000000 [ 1405.704647] CPU: 1 PID: 30090 Comm: syz-executor.3 Not tainted 4.14.290-syzkaller #0 [ 1405.712543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1405.721890] Call Trace: [ 1405.724482] dump_stack+0x1b2/0x281 [ 1405.728118] should_fail.cold+0x10a/0x149 [ 1405.732266] should_failslab+0xd6/0x130 [ 1405.736244] kmem_cache_alloc_trace+0x29a/0x3d0 [ 1405.740925] ? loop_get_status64+0x100/0x100 [ 1405.745330] __kthread_create_on_node+0xbe/0x3a0 [ 1405.750084] ? kthread_park+0x130/0x130 [ 1405.754069] ? loop_get_status64+0x100/0x100 [ 1405.758470] kthread_create_on_node+0xa8/0xd0 [ 1405.762963] ? __kthread_create_on_node+0x3a0/0x3a0 [ 1405.767987] ? __lockdep_init_map+0x100/0x560 [ 1405.772486] ? __lockdep_init_map+0x100/0x560 [ 1405.776979] lo_ioctl+0xcd9/0x1cd0 [ 1405.780522] ? loop_set_status64+0xe0/0xe0 [ 1405.784753] blkdev_ioctl+0x540/0x1830 [ 1405.788636] ? blkpg_ioctl+0x8d0/0x8d0 [ 1405.792519] ? trace_hardirqs_on+0x10/0x10 [ 1405.796753] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1405.801852] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1405.806872] block_ioctl+0xd9/0x120 [ 1405.810531] ? blkdev_fallocate+0x3a0/0x3a0 [ 1405.814859] do_vfs_ioctl+0x75a/0xff0 [ 1405.818656] ? lock_acquire+0x170/0x3f0 [ 1405.822723] ? ioctl_preallocate+0x1a0/0x1a0 [ 1405.827113] ? __fget+0x265/0x3e0 [ 1405.830550] ? do_vfs_ioctl+0xff0/0xff0 [ 1405.834510] ? security_file_ioctl+0x83/0xb0 [ 1405.838905] SyS_ioctl+0x7f/0xb0 [ 1405.842251] ? do_vfs_ioctl+0xff0/0xff0 [ 1405.846205] do_syscall_64+0x1d5/0x640 [ 1405.850092] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1405.855274] RIP: 0033:0x7f5ff741b037 [ 1405.858976] RSP: 002b:00007f5ff5d8ff28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 06:18:08 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 9) 06:18:08 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) socketpair(0x26, 0x4, 0x800, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000600)={0xffffffffffffffff, 0xe0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, &(0x7f0000000380)=[0x0], &(0x7f00000003c0)=[0x0, 0x0], 0x0, 0x8, &(0x7f0000000400)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0x10, &(0x7f0000000440), &(0x7f0000000480), 0x8, 0x10, 0x8, 0x8, &(0x7f00000004c0)}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x10, 0x9, &(0x7f0000000240)=@raw=[@map_fd={0x18, 0x7, 0x1, 0x0, 0x1}, @ldst={0x1, 0x2, 0x2, 0x8, 0xb, 0xffffffffffffffc0, 0xffffffffffffffff}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0xe, 0x0, 0x0, 0x0, 0x4}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @map_idx={0x18, 0x7, 0x5, 0x0, 0xd}], &(0x7f00000002c0)='GPL\x00', 0x1, 0x38, &(0x7f0000000300)=""/56, 0x40f00, 0x1, '\x00', r3, 0x28, 0xffffffffffffffff, 0x8, &(0x7f0000000640)={0x8, 0x4}, 0x8, 0x10, &(0x7f0000000680)={0x1, 0xa, 0x7e, 0x4}, 0x10, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[0xffffffffffffffff, 0x1, 0xffffffffffffffff]}, 0x80) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000540)={'gretap0\x00', &(0x7f00000003c0)={'tunl0\x00', r3, 0x8, 0x40, 0x6, 0x1, {{0xb, 0x4, 0x3, 0x38, 0x2c, 0x65, 0x0, 0x4, 0x2f, 0x0, @rand_addr=0x64010101, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@generic={0x82, 0x2}, @timestamp={0x44, 0x14, 0xb0, 0x0, 0x4, [0x401, 0x9, 0x5, 0x5]}]}}}}}) r4 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000380), 0xffffffffffffffff) sendmsg$L2TP_CMD_NOOP(r2, &(0x7f0000000480)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000440)={&(0x7f00000004c0)=ANY=[@ANYBLOB="7307990b041600"/22, @ANYRES16=r4, @ANYBLOB="000126bd7000ffdbdf25000000001400200000000000000000000000ffffac1414aa0500070002000000050004000600000014002000ff0200000000000000000000000000010500220000000000"], 0x54}, 0x1, 0x0, 0x0, 0x20040006}, 0x20000800) write$apparmor_current(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="7065726d686174203097303030303030303030303030303030305e716e783400716e05340079f11a017dc13814dc9cab696aa2e76efadf6ce9242d2e2ceb278a3a2500c4c9b25a47765256b06a47e4183380ec41a6e5376aa073e85af66c3eb5702e5ead797f244a3775ecc41b5db3d0a5c02b30caa57a63c861bc3bb97abc58c50a3a9accdbf35646c5cd307a7a03d18a91801f46ecf7b852545d55833962bf6c159a07aeb2f8d39659693343bec9ba023a079ade2e2624024e6b0e89b810362e1b02bdb7f1f5df6fc00b55d55f400600000000000000e7007fa32758fa88e4be5c0577e5aa9e764fae205dac1f2342d2f9352e163532aca21d5d62d687f8b3435c7171e5b3af99ce24b8921ef8ab63c3d796af66d4fbe1909396c9dcf80dae334d6acacf53178f639bfa81825bfb13ba506547963d00d75a699855c44e798e91f460a06655098beb0ac0dc487b6767d0c053360e40ff38a2ff834c31926a635b456d1b8f67bd162bac81de0656dd856d8fdc5c394dea7edc2c538e26c7b2efd7a96f86d9b71774c0dcc03b0e002757eb77aea34011a0c04924b89535a86e64a0bbd1e059df1d8cf8aa28688d2f76a9350c6d807c891dac888dc6e62dadcc0b43cf3170f1cacdc0b7afc717ee6c91b2c35d046c77db809d597b086861fbd3db6eab74faa8d21b16159c06d9716e7834003a18123adc93dc8988018000088322b41bd7e91eae214b2609523bdc50dc1b068b80b6bf4a6eb77ce7a55550d5f4b0fae55bfa2548a2c8761cfbdcdcc9f480503bed8488fba6a91ca30c8ce4512a76c3ec92f348e346829baedb80ee6324cdff9e857f1f10c23af986bf68aae33233a8c73903e66df29f51a5d1478763cd8fd1bd2b9dea4edec0df989c9be9e341534f8c71edc25d523cc7e0456ae935f606a1f71e691f9faa615eb8ba1f30c07f7917db383607e60ff4dc84ae80bcbfd487d145f650"], 0xfffffffffffffd95) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async) socketpair(0x26, 0x4, 0x800, &(0x7f0000000300)) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000600)={0xffffffffffffffff, 0xe0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, &(0x7f0000000380)=[0x0], &(0x7f00000003c0)=[0x0, 0x0], 0x0, 0x8, &(0x7f0000000400)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0x10, &(0x7f0000000440), &(0x7f0000000480), 0x8, 0x10, 0x8, 0x8, &(0x7f00000004c0)}}, 0x10) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x10, 0x9, &(0x7f0000000240)=@raw=[@map_fd={0x18, 0x7, 0x1, 0x0, 0x1}, @ldst={0x1, 0x2, 0x2, 0x8, 0xb, 0xffffffffffffffc0, 0xffffffffffffffff}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0xe, 0x0, 0x0, 0x0, 0x4}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @map_idx={0x18, 0x7, 0x5, 0x0, 0xd}], &(0x7f00000002c0)='GPL\x00', 0x1, 0x38, &(0x7f0000000300)=""/56, 0x40f00, 0x1, '\x00', r3, 0x28, 0xffffffffffffffff, 0x8, &(0x7f0000000640)={0x8, 0x4}, 0x8, 0x10, &(0x7f0000000680)={0x1, 0xa, 0x7e, 0x4}, 0x10, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[0xffffffffffffffff, 0x1, 0xffffffffffffffff]}, 0x80) (async) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000540)={'gretap0\x00', &(0x7f00000003c0)={'tunl0\x00', r3, 0x8, 0x40, 0x6, 0x1, {{0xb, 0x4, 0x3, 0x38, 0x2c, 0x65, 0x0, 0x4, 0x2f, 0x0, @rand_addr=0x64010101, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@generic={0x82, 0x2}, @timestamp={0x44, 0x14, 0xb0, 0x0, 0x4, [0x401, 0x9, 0x5, 0x5]}]}}}}}) (async) syz_genetlink_get_family_id$l2tp(&(0x7f0000000380), 0xffffffffffffffff) (async) sendmsg$L2TP_CMD_NOOP(r2, &(0x7f0000000480)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000440)={&(0x7f00000004c0)=ANY=[@ANYBLOB="7307990b041600"/22, @ANYRES16=r4, @ANYBLOB="000126bd7000ffdbdf25000000001400200000000000000000000000ffffac1414aa0500070002000000050004000600000014002000ff0200000000000000000000000000010500220000000000"], 0x54}, 0x1, 0x0, 0x0, 0x20040006}, 0x20000800) (async) write$apparmor_current(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="7065726d686174203097303030303030303030303030303030305e716e783400716e05340079f11a017dc13814dc9cab696aa2e76efadf6ce9242d2e2ceb278a3a2500c4c9b25a47765256b06a47e4183380ec41a6e5376aa073e85af66c3eb5702e5ead797f244a3775ecc41b5db3d0a5c02b30caa57a63c861bc3bb97abc58c50a3a9accdbf35646c5cd307a7a03d18a91801f46ecf7b852545d55833962bf6c159a07aeb2f8d39659693343bec9ba023a079ade2e2624024e6b0e89b810362e1b02bdb7f1f5df6fc00b55d55f400600000000000000e7007fa32758fa88e4be5c0577e5aa9e764fae205dac1f2342d2f9352e163532aca21d5d62d687f8b3435c7171e5b3af99ce24b8921ef8ab63c3d796af66d4fbe1909396c9dcf80dae334d6acacf53178f639bfa81825bfb13ba506547963d00d75a699855c44e798e91f460a06655098beb0ac0dc487b6767d0c053360e40ff38a2ff834c31926a635b456d1b8f67bd162bac81de0656dd856d8fdc5c394dea7edc2c538e26c7b2efd7a96f86d9b71774c0dcc03b0e002757eb77aea34011a0c04924b89535a86e64a0bbd1e059df1d8cf8aa28688d2f76a9350c6d807c891dac888dc6e62dadcc0b43cf3170f1cacdc0b7afc717ee6c91b2c35d046c77db809d597b086861fbd3db6eab74faa8d21b16159c06d9716e7834003a18123adc93dc8988018000088322b41bd7e91eae214b2609523bdc50dc1b068b80b6bf4a6eb77ce7a55550d5f4b0fae55bfa2548a2c8761cfbdcdcc9f480503bed8488fba6a91ca30c8ce4512a76c3ec92f348e346829baedb80ee6324cdff9e857f1f10c23af986bf68aae33233a8c73903e66df29f51a5d1478763cd8fd1bd2b9dea4edec0df989c9be9e341534f8c71edc25d523cc7e0456ae935f606a1f71e691f9faa615eb8ba1f30c07f7917db383607e60ff4dc84ae80bcbfd487d145f650"], 0xfffffffffffffd95) (async) 06:18:08 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) r1 = socket$l2tp(0x2, 0x2, 0x73) pipe(&(0x7f0000000140)={0xffffffffffffffff}) sendmsg$L2TP_CMD_TUNNEL_DELETE(r2, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x800040}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB="f9000000", @ANYRES16=0x0, @ANYBLOB="00082dbd7000fcdbdf2502000000050007000300000008000b0001000000"], 0x24}, 0x1, 0x0, 0x0, 0x4048000}, 0x14) ioctl$sock_inet_SIOCRTMSG(r1, 0x890d, &(0x7f00000000c0)={0x0, {0x2, 0x4e24, @multicast2}, {0x2, 0x4e22, @rand_addr=0x64010101}, {0x2, 0x4e20, @broadcast}, 0x106, 0x0, 0x0, 0x0, 0x81, &(0x7f0000000080)='vxcan1\x00', 0x5, 0x5, 0x1}) socket$inet_udp(0x2, 0x2, 0x0) (async) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) (async) socket$l2tp(0x2, 0x2, 0x73) (async) pipe(&(0x7f0000000140)) (async) sendmsg$L2TP_CMD_TUNNEL_DELETE(r2, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x800040}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB="f9000000", @ANYRES16=0x0, @ANYBLOB="00082dbd7000fcdbdf2502000000050007000300000008000b0001000000"], 0x24}, 0x1, 0x0, 0x0, 0x4048000}, 0x14) (async) ioctl$sock_inet_SIOCRTMSG(r1, 0x890d, &(0x7f00000000c0)={0x0, {0x2, 0x4e24, @multicast2}, {0x2, 0x4e22, @rand_addr=0x64010101}, {0x2, 0x4e20, @broadcast}, 0x106, 0x0, 0x0, 0x0, 0x81, &(0x7f0000000080)='vxcan1\x00', 0x5, 0x5, 0x1}) (async) 06:18:08 executing program 0: socket(0x0, 0x2, 0x1) 06:18:08 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) [ 1405.866666] RAX: ffffffffffffffda RBX: 00007f5ff7464a20 RCX: 00007f5ff741b037 [ 1405.873920] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1405.881165] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f5ff5d901d0 [ 1405.888434] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1405.895685] R13: 0000000000000004 R14: 0000000020000240 R15: 0000000000000000 06:18:08 executing program 3: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 11) [ 1405.935013] FAULT_INJECTION: forcing a failure. [ 1405.935013] name failslab, interval 1, probability 0, space 0, times 0 [ 1405.974539] CPU: 1 PID: 30128 Comm: syz-executor.1 Not tainted 4.14.290-syzkaller #0 06:18:09 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) [ 1405.982443] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1405.991790] Call Trace: [ 1405.994378] dump_stack+0x1b2/0x281 [ 1405.998006] should_fail.cold+0x10a/0x149 [ 1406.002158] should_failslab+0xd6/0x130 [ 1406.006134] kmem_cache_alloc_trace+0x29a/0x3d0 [ 1406.010805] ? loop_get_status64+0x100/0x100 [ 1406.015209] __kthread_create_on_node+0xbe/0x3a0 [ 1406.019958] ? kthread_park+0x130/0x130 [ 1406.023937] ? loop_get_status64+0x100/0x100 [ 1406.028344] kthread_create_on_node+0xa8/0xd0 [ 1406.032838] ? __kthread_create_on_node+0x3a0/0x3a0 [ 1406.037859] ? __lockdep_init_map+0x100/0x560 [ 1406.042349] ? __lockdep_init_map+0x100/0x560 [ 1406.046841] lo_ioctl+0xcd9/0x1cd0 [ 1406.050379] ? loop_set_status64+0xe0/0xe0 [ 1406.054619] blkdev_ioctl+0x540/0x1830 [ 1406.058526] ? blkpg_ioctl+0x8d0/0x8d0 [ 1406.062415] ? trace_hardirqs_on+0x10/0x10 [ 1406.066653] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1406.071759] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1406.073297] FAULT_INJECTION: forcing a failure. [ 1406.073297] name failslab, interval 1, probability 0, space 0, times 0 [ 1406.076804] block_ioctl+0xd9/0x120 [ 1406.076823] ? blkdev_fallocate+0x3a0/0x3a0 [ 1406.076833] do_vfs_ioctl+0x75a/0xff0 [ 1406.076843] ? lock_acquire+0x170/0x3f0 [ 1406.076852] ? ioctl_preallocate+0x1a0/0x1a0 [ 1406.076864] ? __fget+0x265/0x3e0 [ 1406.076874] ? do_vfs_ioctl+0xff0/0xff0 [ 1406.076885] ? security_file_ioctl+0x83/0xb0 [ 1406.076895] SyS_ioctl+0x7f/0xb0 [ 1406.076902] ? do_vfs_ioctl+0xff0/0xff0 [ 1406.076912] do_syscall_64+0x1d5/0x640 [ 1406.076926] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1406.076934] RIP: 0033:0x7f5650cf9037 [ 1406.076938] RSP: 002b:00007f564f66df28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1406.076946] RAX: ffffffffffffffda RBX: 00007f5650d42a20 RCX: 00007f5650cf9037 [ 1406.076950] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1406.076954] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f564f66e1d0 [ 1406.076958] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1406.076962] R13: 0000000000000004 R14: 0000000020000240 R15: 0000000000000000 [ 1406.184965] CPU: 0 PID: 30140 Comm: syz-executor.3 Not tainted 4.14.290-syzkaller #0 [ 1406.192837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1406.202189] Call Trace: [ 1406.204804] dump_stack+0x1b2/0x281 [ 1406.208443] should_fail.cold+0x10a/0x149 [ 1406.212683] should_failslab+0xd6/0x130 [ 1406.216661] kmem_cache_alloc+0x40/0x3c0 [ 1406.220727] radix_tree_node_alloc.constprop.0+0x1b0/0x2f0 [ 1406.226351] idr_get_free_cmn+0x595/0x8d0 [ 1406.230521] ? trace_hardirqs_on+0x10/0x10 [ 1406.234761] idr_alloc_cmn+0xe8/0x1e0 [ 1406.238560] ? __fprop_inc_percpu_max+0x1d0/0x1d0 [ 1406.243402] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 1406.248418] ? __schedule+0x1450/0x1de0 [ 1406.252388] ? cpuacct_charge+0x1cf/0x350 [ 1406.256530] ? fs_reclaim_release+0xd0/0x110 [ 1406.260943] idr_alloc_cyclic+0xc2/0x1d0 [ 1406.265002] ? idr_alloc_cmn+0x1e0/0x1e0 [ 1406.269058] ? __radix_tree_preload+0x1c3/0x250 [ 1406.273732] __kernfs_new_node+0xaf/0x470 [ 1406.277886] kernfs_create_dir_ns+0x8c/0x200 [ 1406.282291] internal_create_group+0xe9/0x710 [ 1406.286789] lo_ioctl+0x1137/0x1cd0 [ 1406.290417] ? loop_set_status64+0xe0/0xe0 [ 1406.294650] blkdev_ioctl+0x540/0x1830 [ 1406.298544] ? blkpg_ioctl+0x8d0/0x8d0 [ 1406.302428] ? trace_hardirqs_on+0x10/0x10 [ 1406.306660] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1406.311766] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1406.316788] block_ioctl+0xd9/0x120 [ 1406.320429] ? blkdev_fallocate+0x3a0/0x3a0 [ 1406.324750] do_vfs_ioctl+0x75a/0xff0 [ 1406.328551] ? lock_acquire+0x170/0x3f0 [ 1406.332532] ? ioctl_preallocate+0x1a0/0x1a0 [ 1406.336943] ? __fget+0x265/0x3e0 [ 1406.340422] ? do_vfs_ioctl+0xff0/0xff0 [ 1406.344391] ? security_file_ioctl+0x83/0xb0 [ 1406.348798] SyS_ioctl+0x7f/0xb0 [ 1406.352166] ? do_vfs_ioctl+0xff0/0xff0 [ 1406.356136] do_syscall_64+0x1d5/0x640 [ 1406.360062] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1406.365246] RIP: 0033:0x7f5ff741b037 [ 1406.368950] RSP: 002b:00007f5ff5d8ff28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1406.376653] RAX: ffffffffffffffda RBX: 00007f5ff7464a20 RCX: 00007f5ff741b037 06:18:09 executing program 2: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) migrate_pages(0x0, 0x8000000000000000, &(0x7f0000000300)=0x81, &(0x7f0000000340)=0x189c) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000400)=ANY=[@ANYBLOB="7065726d686174203078303030303030303030303030303030305e6e05340079f11a017dc13814dc9cab696aa2e76efadf6ce900002e2ceb278a3a2500c4c9b25a47765256b06a47e4183380ec41a6e5376aa073e85af66c3eb5702e5ead797f244a3775ecc41b5db3d0a5c02b30caa57a63c861bc3bb97abc58c50a3a9accdbf35646c5cd307a7a03d18a91801f46ecf7b852545d55833962bf6c159a07aeb2f8d39672693343ba023a07b810362e1b02bdb7f1f5df6fc00b5573494e33bbfeb9dcae81dce7007fa32758fa88e4be5c0577e5aa9e764fae205dacb1b342d2f9352e163532ac8f1d5d62d687f8b3435c7171e5b3af99ce24b8921ef8ab63c3d796af66d4fbe1909396c9dcf80dae334d6acacf53178f47963d00d75a699855c44e798e91f460a06655098beb0ac0dc487b6767d0c053362b40ff38a2ff834c31926a635b456d1b8f67bd1638ac81de0656dd866d8fdc5c394dea7edc2c538e26c7b2efd7a90797865db97a17dbc03b0e002757eb77aea34011a0c04924b89535a86e64a0bbd1e059df8cf8aa28688d2f76a9350c6d807c891dac888dc6e62dadcc0b43cf3170f1cacdc0b7afc717ee6c91b2c35d046c77db809d597b086861fbd3db6eab74faa8d2ed6477cfdaf1e9add9716e7834003a18123adc93dca988018000080018d966749a00800400000000002d6ac438963bd4193cc4fce4bab26e8804579811fb40d379ed53efb3c4fed18876682ef944fa1a808d82fe1aadf647347dc1a49a6ac0e26fa0bb75b606afecf8b7aa43f9f1a5940999ebab03513ea6c63abd9333fedc17c4222de254e8d9ae7f84bc72152722b000b599a51572109a2e6896411916cb8862c86f6386017d94caacc71e078069c150e180c6e89469e651d3b2be838de714a5c8d9038eebdeef121ef89b45be2cd3bf18081cb51f2090c188b7442c170000000000000096b9b4bbfa4c0c6d118b5c6266993dbd2873b3c893cd6cdee12ea6654240963c4f0f036afa53af71dbdf27708deea2b4f1ac9df43c8b0b98bdcd6b5b9f1fa8701a9269e056ca6f2c5841777d3c897e729fe78458ce62d6400708376d9a1693d8017f848680186e141b1b0cf2b8d4b84b850000000000001d5ecc9fb20f3acb4b26280db85dfb8f973b9dfa5aca7e14fc9cb9f7f0e7831ab89cf2e140c86d6d8021894936aaaf20747f76f6875ae5ae4f087c0b41f1"], 0xfffffffffffffd95) prctl$PR_SET_PTRACER(0x59616d61, 0x0) sched_setparam(0xffffffffffffffff, &(0x7f0000000380)=0x7) 06:18:09 executing program 5: getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(0xffffffffffffffff, 0x84, 0x74, &(0x7f0000000080)=""/200, &(0x7f0000000180)=0xc8) r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x4e24, @private}, {}, 0x24, {0x2, 0x0, @multicast2}, 'veth0\x00'}) 06:18:09 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:09 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 10) 06:18:09 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:09 executing program 5: getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(0xffffffffffffffff, 0x84, 0x74, &(0x7f0000000080)=""/200, &(0x7f0000000180)=0xc8) r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x4e24, @private}, {}, 0x24, {0x2, 0x0, @multicast2}, 'veth0\x00'}) 06:18:09 executing program 2: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async) r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) migrate_pages(0x0, 0x8000000000000000, &(0x7f0000000300)=0x81, &(0x7f0000000340)=0x189c) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0) (async) write$apparmor_current(r0, &(0x7f0000000400)=ANY=[@ANYBLOB="7065726d686174203078303030303030303030303030303030305e6e05340079f11a017dc13814dc9cab696aa2e76efadf6ce900002e2ceb278a3a2500c4c9b25a47765256b06a47e4183380ec41a6e5376aa073e85af66c3eb5702e5ead797f244a3775ecc41b5db3d0a5c02b30caa57a63c861bc3bb97abc58c50a3a9accdbf35646c5cd307a7a03d18a91801f46ecf7b852545d55833962bf6c159a07aeb2f8d39672693343ba023a07b810362e1b02bdb7f1f5df6fc00b5573494e33bbfeb9dcae81dce7007fa32758fa88e4be5c0577e5aa9e764fae205dacb1b342d2f9352e163532ac8f1d5d62d687f8b3435c7171e5b3af99ce24b8921ef8ab63c3d796af66d4fbe1909396c9dcf80dae334d6acacf53178f47963d00d75a699855c44e798e91f460a06655098beb0ac0dc487b6767d0c053362b40ff38a2ff834c31926a635b456d1b8f67bd1638ac81de0656dd866d8fdc5c394dea7edc2c538e26c7b2efd7a90797865db97a17dbc03b0e002757eb77aea34011a0c04924b89535a86e64a0bbd1e059df8cf8aa28688d2f76a9350c6d807c891dac888dc6e62dadcc0b43cf3170f1cacdc0b7afc717ee6c91b2c35d046c77db809d597b086861fbd3db6eab74faa8d2ed6477cfdaf1e9add9716e7834003a18123adc93dca988018000080018d966749a00800400000000002d6ac438963bd4193cc4fce4bab26e8804579811fb40d379ed53efb3c4fed18876682ef944fa1a808d82fe1aadf647347dc1a49a6ac0e26fa0bb75b606afecf8b7aa43f9f1a5940999ebab03513ea6c63abd9333fedc17c4222de254e8d9ae7f84bc72152722b000b599a51572109a2e6896411916cb8862c86f6386017d94caacc71e078069c150e180c6e89469e651d3b2be838de714a5c8d9038eebdeef121ef89b45be2cd3bf18081cb51f2090c188b7442c170000000000000096b9b4bbfa4c0c6d118b5c6266993dbd2873b3c893cd6cdee12ea6654240963c4f0f036afa53af71dbdf27708deea2b4f1ac9df43c8b0b98bdcd6b5b9f1fa8701a9269e056ca6f2c5841777d3c897e729fe78458ce62d6400708376d9a1693d8017f848680186e141b1b0cf2b8d4b84b850000000000001d5ecc9fb20f3acb4b26280db85dfb8f973b9dfa5aca7e14fc9cb9f7f0e7831ab89cf2e140c86d6d8021894936aaaf20747f76f6875ae5ae4f087c0b41f1"], 0xfffffffffffffd95) (async) prctl$PR_SET_PTRACER(0x59616d61, 0x0) (async) sched_setparam(0xffffffffffffffff, &(0x7f0000000380)=0x7) 06:18:09 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:09 executing program 0: socket(0x23, 0x0, 0x1) 06:18:09 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) [ 1406.383924] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1406.391188] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f5ff5d901d0 [ 1406.398455] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1406.406064] R13: 0000000000000004 R14: 0000000020000240 R15: 0000000000000000 [ 1406.472659] FAULT_INJECTION: forcing a failure. [ 1406.472659] name failslab, interval 1, probability 0, space 0, times 0 [ 1406.487099] CPU: 0 PID: 30192 Comm: syz-executor.1 Not tainted 4.14.290-syzkaller #0 [ 1406.494994] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1406.504358] Call Trace: [ 1406.506949] dump_stack+0x1b2/0x281 [ 1406.510587] should_fail.cold+0x10a/0x149 [ 1406.514741] should_failslab+0xd6/0x130 [ 1406.518845] kmem_cache_alloc+0x28e/0x3c0 [ 1406.523001] __kernfs_new_node+0x6f/0x470 [ 1406.527156] kernfs_create_dir_ns+0x8c/0x200 [ 1406.531566] internal_create_group+0xe9/0x710 [ 1406.536135] lo_ioctl+0x1137/0x1cd0 [ 1406.539767] ? loop_set_status64+0xe0/0xe0 [ 1406.544010] blkdev_ioctl+0x540/0x1830 [ 1406.547895] ? blkpg_ioctl+0x8d0/0x8d0 [ 1406.551792] ? trace_hardirqs_on+0x10/0x10 [ 1406.556029] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1406.561131] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1406.566131] block_ioctl+0xd9/0x120 [ 1406.569741] ? blkdev_fallocate+0x3a0/0x3a0 [ 1406.574048] do_vfs_ioctl+0x75a/0xff0 [ 1406.577834] ? lock_acquire+0x170/0x3f0 [ 1406.581800] ? ioctl_preallocate+0x1a0/0x1a0 [ 1406.586208] ? __fget+0x265/0x3e0 [ 1406.589667] ? do_vfs_ioctl+0xff0/0xff0 [ 1406.593628] ? security_file_ioctl+0x83/0xb0 [ 1406.598033] SyS_ioctl+0x7f/0xb0 [ 1406.601379] ? do_vfs_ioctl+0xff0/0xff0 [ 1406.605340] do_syscall_64+0x1d5/0x640 [ 1406.609216] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1406.614391] RIP: 0033:0x7f5650cf9037 [ 1406.618095] RSP: 002b:00007f564f66df28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1406.625793] RAX: ffffffffffffffda RBX: 00007f5650d42a20 RCX: 00007f5650cf9037 [ 1406.633049] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1406.640300] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f564f66e1d0 [ 1406.647550] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1406.654800] R13: 0000000000000004 R14: 0000000020000240 R15: 0000000000000000 06:18:09 executing program 3: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 12) 06:18:09 executing program 2: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) migrate_pages(0x0, 0x8000000000000000, &(0x7f0000000300)=0x81, &(0x7f0000000340)=0x189c) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000400)=ANY=[@ANYBLOB="7065726d686174203078303030303030303030303030303030305e6e05340079f11a017dc13814dc9cab696aa2e76efadf6ce900002e2ceb278a3a2500c4c9b25a47765256b06a47e4183380ec41a6e5376aa073e85af66c3eb5702e5ead797f244a3775ecc41b5db3d0a5c02b30caa57a63c861bc3bb97abc58c50a3a9accdbf35646c5cd307a7a03d18a91801f46ecf7b852545d55833962bf6c159a07aeb2f8d39672693343ba023a07b810362e1b02bdb7f1f5df6fc00b5573494e33bbfeb9dcae81dce7007fa32758fa88e4be5c0577e5aa9e764fae205dacb1b342d2f9352e163532ac8f1d5d62d687f8b3435c7171e5b3af99ce24b8921ef8ab63c3d796af66d4fbe1909396c9dcf80dae334d6acacf53178f47963d00d75a699855c44e798e91f460a06655098beb0ac0dc487b6767d0c053362b40ff38a2ff834c31926a635b456d1b8f67bd1638ac81de0656dd866d8fdc5c394dea7edc2c538e26c7b2efd7a90797865db97a17dbc03b0e002757eb77aea34011a0c04924b89535a86e64a0bbd1e059df8cf8aa28688d2f76a9350c6d807c891dac888dc6e62dadcc0b43cf3170f1cacdc0b7afc717ee6c91b2c35d046c77db809d597b086861fbd3db6eab74faa8d2ed6477cfdaf1e9add9716e7834003a18123adc93dca988018000080018d966749a00800400000000002d6ac438963bd4193cc4fce4bab26e8804579811fb40d379ed53efb3c4fed18876682ef944fa1a808d82fe1aadf647347dc1a49a6ac0e26fa0bb75b606afecf8b7aa43f9f1a5940999ebab03513ea6c63abd9333fedc17c4222de254e8d9ae7f84bc72152722b000b599a51572109a2e6896411916cb8862c86f6386017d94caacc71e078069c150e180c6e89469e651d3b2be838de714a5c8d9038eebdeef121ef89b45be2cd3bf18081cb51f2090c188b7442c170000000000000096b9b4bbfa4c0c6d118b5c6266993dbd2873b3c893cd6cdee12ea6654240963c4f0f036afa53af71dbdf27708deea2b4f1ac9df43c8b0b98bdcd6b5b9f1fa8701a9269e056ca6f2c5841777d3c897e729fe78458ce62d6400708376d9a1693d8017f848680186e141b1b0cf2b8d4b84b850000000000001d5ecc9fb20f3acb4b26280db85dfb8f973b9dfa5aca7e14fc9cb9f7f0e7831ab89cf2e140c86d6d8021894936aaaf20747f76f6875ae5ae4f087c0b41f1"], 0xfffffffffffffd95) prctl$PR_SET_PTRACER(0x59616d61, 0x0) sched_setparam(0xffffffffffffffff, &(0x7f0000000380)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async) migrate_pages(0x0, 0x8000000000000000, &(0x7f0000000300)=0x81, &(0x7f0000000340)=0x189c) (async) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0) (async) write$apparmor_current(r0, &(0x7f0000000400)=ANY=[@ANYBLOB="7065726d686174203078303030303030303030303030303030305e6e05340079f11a017dc13814dc9cab696aa2e76efadf6ce900002e2ceb278a3a2500c4c9b25a47765256b06a47e4183380ec41a6e5376aa073e85af66c3eb5702e5ead797f244a3775ecc41b5db3d0a5c02b30caa57a63c861bc3bb97abc58c50a3a9accdbf35646c5cd307a7a03d18a91801f46ecf7b852545d55833962bf6c159a07aeb2f8d39672693343ba023a07b810362e1b02bdb7f1f5df6fc00b5573494e33bbfeb9dcae81dce7007fa32758fa88e4be5c0577e5aa9e764fae205dacb1b342d2f9352e163532ac8f1d5d62d687f8b3435c7171e5b3af99ce24b8921ef8ab63c3d796af66d4fbe1909396c9dcf80dae334d6acacf53178f47963d00d75a699855c44e798e91f460a06655098beb0ac0dc487b6767d0c053362b40ff38a2ff834c31926a635b456d1b8f67bd1638ac81de0656dd866d8fdc5c394dea7edc2c538e26c7b2efd7a90797865db97a17dbc03b0e002757eb77aea34011a0c04924b89535a86e64a0bbd1e059df8cf8aa28688d2f76a9350c6d807c891dac888dc6e62dadcc0b43cf3170f1cacdc0b7afc717ee6c91b2c35d046c77db809d597b086861fbd3db6eab74faa8d2ed6477cfdaf1e9add9716e7834003a18123adc93dca988018000080018d966749a00800400000000002d6ac438963bd4193cc4fce4bab26e8804579811fb40d379ed53efb3c4fed18876682ef944fa1a808d82fe1aadf647347dc1a49a6ac0e26fa0bb75b606afecf8b7aa43f9f1a5940999ebab03513ea6c63abd9333fedc17c4222de254e8d9ae7f84bc72152722b000b599a51572109a2e6896411916cb8862c86f6386017d94caacc71e078069c150e180c6e89469e651d3b2be838de714a5c8d9038eebdeef121ef89b45be2cd3bf18081cb51f2090c188b7442c170000000000000096b9b4bbfa4c0c6d118b5c6266993dbd2873b3c893cd6cdee12ea6654240963c4f0f036afa53af71dbdf27708deea2b4f1ac9df43c8b0b98bdcd6b5b9f1fa8701a9269e056ca6f2c5841777d3c897e729fe78458ce62d6400708376d9a1693d8017f848680186e141b1b0cf2b8d4b84b850000000000001d5ecc9fb20f3acb4b26280db85dfb8f973b9dfa5aca7e14fc9cb9f7f0e7831ab89cf2e140c86d6d8021894936aaaf20747f76f6875ae5ae4f087c0b41f1"], 0xfffffffffffffd95) (async) prctl$PR_SET_PTRACER(0x59616d61, 0x0) (async) sched_setparam(0xffffffffffffffff, &(0x7f0000000380)=0x7) (async) 06:18:09 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:09 executing program 0: socket(0x23, 0x0, 0x1) 06:18:09 executing program 5: getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(0xffffffffffffffff, 0x84, 0x74, &(0x7f0000000080)=""/200, &(0x7f0000000180)=0xc8) (async, rerun: 64) r0 = socket$inet_udp(0x2, 0x2, 0x0) (rerun: 64) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x4e24, @private}, {}, 0x24, {0x2, 0x0, @multicast2}, 'veth0\x00'}) 06:18:09 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 11) [ 1406.783236] FAULT_INJECTION: forcing a failure. [ 1406.783236] name failslab, interval 1, probability 0, space 0, times 0 [ 1406.794685] CPU: 1 PID: 30217 Comm: syz-executor.3 Not tainted 4.14.290-syzkaller #0 [ 1406.802555] FAULT_INJECTION: forcing a failure. [ 1406.802555] name failslab, interval 1, probability 0, space 0, times 0 [ 1406.802566] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1406.802570] Call Trace: [ 1406.802590] dump_stack+0x1b2/0x281 [ 1406.829301] should_fail.cold+0x10a/0x149 06:18:09 executing program 0: socket(0x23, 0x0, 0x1) 06:18:09 executing program 0: socket(0x23, 0x2, 0x0) [ 1406.833454] should_failslab+0xd6/0x130 [ 1406.837436] kmem_cache_alloc+0x40/0x3c0 [ 1406.841504] radix_tree_node_alloc.constprop.0+0x1b0/0x2f0 [ 1406.847227] idr_get_free_cmn+0x595/0x8d0 [ 1406.851384] ? trace_hardirqs_on+0x10/0x10 [ 1406.855626] idr_alloc_cmn+0xe8/0x1e0 [ 1406.859427] ? __fprop_inc_percpu_max+0x1d0/0x1d0 [ 1406.864268] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 1406.869288] ? __schedule+0x1450/0x1de0 [ 1406.873257] ? cpuacct_charge+0x1cf/0x350 [ 1406.877396] ? fs_reclaim_release+0xd0/0x110 06:18:09 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:09 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r2}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) epoll_pwait(r2, &(0x7f0000000040)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x8, 0x6, &(0x7f00000000c0)={[0x9aca]}, 0x8) [ 1406.881831] idr_alloc_cyclic+0xc2/0x1d0 [ 1406.885888] ? idr_alloc_cmn+0x1e0/0x1e0 [ 1406.889946] ? __radix_tree_preload+0x1c3/0x250 [ 1406.894622] __kernfs_new_node+0xaf/0x470 [ 1406.898862] kernfs_create_dir_ns+0x8c/0x200 [ 1406.903266] internal_create_group+0xe9/0x710 [ 1406.907757] lo_ioctl+0x1137/0x1cd0 [ 1406.911384] ? loop_set_status64+0xe0/0xe0 [ 1406.915614] blkdev_ioctl+0x540/0x1830 [ 1406.919511] ? blkpg_ioctl+0x8d0/0x8d0 [ 1406.923400] ? trace_hardirqs_on+0x10/0x10 [ 1406.927637] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1406.932741] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1406.937758] block_ioctl+0xd9/0x120 [ 1406.941380] ? blkdev_fallocate+0x3a0/0x3a0 [ 1406.945698] do_vfs_ioctl+0x75a/0xff0 [ 1406.949498] ? lock_acquire+0x170/0x3f0 [ 1406.953468] ? ioctl_preallocate+0x1a0/0x1a0 [ 1406.957874] ? __fget+0x265/0x3e0 [ 1406.961321] ? do_vfs_ioctl+0xff0/0xff0 [ 1406.965296] ? security_file_ioctl+0x83/0xb0 [ 1406.969704] SyS_ioctl+0x7f/0xb0 [ 1406.973068] ? do_vfs_ioctl+0xff0/0xff0 [ 1406.977056] do_syscall_64+0x1d5/0x640 06:18:10 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:10 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) (async) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r2}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) epoll_pwait(r2, &(0x7f0000000040)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x8, 0x6, &(0x7f00000000c0)={[0x9aca]}, 0x8) 06:18:10 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000080)={'filter\x00', 0x0, [0x8, 0x9ed, 0x8001, 0x4, 0x9]}, &(0x7f0000000100)=0x54) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r2}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) getsockopt$IPT_SO_GET_REVISION_TARGET(r2, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e) [ 1406.980947] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1406.986129] RIP: 0033:0x7f5ff741b037 [ 1406.989831] RSP: 002b:00007f5ff5d8ff28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1406.997540] RAX: ffffffffffffffda RBX: 00007f5ff7464a20 RCX: 00007f5ff741b037 [ 1407.004809] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1407.012162] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f5ff5d901d0 [ 1407.019423] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1407.026697] R13: 0000000000000004 R14: 0000000020000240 R15: 0000000000000000 [ 1407.060184] CPU: 0 PID: 30223 Comm: syz-executor.1 Not tainted 4.14.290-syzkaller #0 [ 1407.068078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1407.077511] Call Trace: [ 1407.080098] dump_stack+0x1b2/0x281 [ 1407.083726] should_fail.cold+0x10a/0x149 [ 1407.087877] should_failslab+0xd6/0x130 [ 1407.091852] kmem_cache_alloc+0x28e/0x3c0 [ 1407.096001] __kernfs_new_node+0x6f/0x470 [ 1407.100150] kernfs_create_dir_ns+0x8c/0x200 [ 1407.102479] nla_parse: 18 callbacks suppressed [ 1407.102485] netlink: 84 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1407.104554] internal_create_group+0xe9/0x710 [ 1407.104571] lo_ioctl+0x1137/0x1cd0 [ 1407.104585] ? loop_set_status64+0xe0/0xe0 [ 1407.104597] blkdev_ioctl+0x540/0x1830 [ 1407.104606] ? blkpg_ioctl+0x8d0/0x8d0 [ 1407.104618] ? trace_hardirqs_on+0x10/0x10 [ 1407.142015] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1407.147097] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1407.152095] block_ioctl+0xd9/0x120 [ 1407.155706] ? blkdev_fallocate+0x3a0/0x3a0 [ 1407.160016] do_vfs_ioctl+0x75a/0xff0 [ 1407.163802] ? lock_acquire+0x170/0x3f0 [ 1407.167757] ? ioctl_preallocate+0x1a0/0x1a0 [ 1407.172150] ? __fget+0x265/0x3e0 [ 1407.175580] ? do_vfs_ioctl+0xff0/0xff0 [ 1407.179534] ? security_file_ioctl+0x83/0xb0 [ 1407.183921] SyS_ioctl+0x7f/0xb0 [ 1407.187316] ? do_vfs_ioctl+0xff0/0xff0 [ 1407.191269] do_syscall_64+0x1d5/0x640 [ 1407.195139] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1407.200309] RIP: 0033:0x7f5650cf9037 06:18:10 executing program 3: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 13) 06:18:10 executing program 0: socket(0x23, 0x2, 0x0) 06:18:10 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) (async) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r2}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) (async) epoll_pwait(r2, &(0x7f0000000040)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x8, 0x6, &(0x7f00000000c0)={[0x9aca]}, 0x8) 06:18:10 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) [ 1407.204038] RSP: 002b:00007f564f66df28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1407.211848] RAX: ffffffffffffffda RBX: 00007f5650d42a20 RCX: 00007f5650cf9037 [ 1407.219114] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1407.226361] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f564f66e1d0 [ 1407.233609] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1407.240858] R13: 0000000000000004 R14: 0000000020000240 R15: 0000000000000000 [ 1407.320087] FAULT_INJECTION: forcing a failure. [ 1407.320087] name failslab, interval 1, probability 0, space 0, times 0 [ 1407.331373] CPU: 0 PID: 30265 Comm: syz-executor.3 Not tainted 4.14.290-syzkaller #0 [ 1407.339251] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1407.348694] Call Trace: [ 1407.351280] dump_stack+0x1b2/0x281 [ 1407.354906] should_fail.cold+0x10a/0x149 [ 1407.359056] should_failslab+0xd6/0x130 [ 1407.363031] kmem_cache_alloc+0x40/0x3c0 [ 1407.367096] radix_tree_node_alloc.constprop.0+0x1b0/0x2f0 [ 1407.372720] idr_get_free_cmn+0x595/0x8d0 [ 1407.376874] ? trace_hardirqs_on+0x10/0x10 [ 1407.381114] idr_alloc_cmn+0xe8/0x1e0 [ 1407.384914] ? __fprop_inc_percpu_max+0x1d0/0x1d0 [ 1407.389753] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 1407.394767] ? __schedule+0x1450/0x1de0 [ 1407.398743] ? cpuacct_charge+0x1cf/0x350 [ 1407.402889] ? fs_reclaim_release+0xd0/0x110 [ 1407.407306] idr_alloc_cyclic+0xc2/0x1d0 [ 1407.411371] ? idr_alloc_cmn+0x1e0/0x1e0 [ 1407.415433] ? __radix_tree_preload+0x1c3/0x250 [ 1407.420105] __kernfs_new_node+0xaf/0x470 [ 1407.424254] kernfs_create_dir_ns+0x8c/0x200 [ 1407.428661] internal_create_group+0xe9/0x710 [ 1407.433154] lo_ioctl+0x1137/0x1cd0 [ 1407.436780] ? loop_set_status64+0xe0/0xe0 [ 1407.441010] blkdev_ioctl+0x540/0x1830 [ 1407.444895] ? blkpg_ioctl+0x8d0/0x8d0 [ 1407.448771] ? trace_hardirqs_on+0x10/0x10 [ 1407.452984] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1407.458065] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1407.463060] block_ioctl+0xd9/0x120 [ 1407.466666] ? blkdev_fallocate+0x3a0/0x3a0 [ 1407.470966] do_vfs_ioctl+0x75a/0xff0 [ 1407.474748] ? lock_acquire+0x170/0x3f0 [ 1407.478698] ? ioctl_preallocate+0x1a0/0x1a0 [ 1407.483084] ? __fget+0x265/0x3e0 [ 1407.486513] ? do_vfs_ioctl+0xff0/0xff0 [ 1407.490557] ? security_file_ioctl+0x83/0xb0 [ 1407.494943] SyS_ioctl+0x7f/0xb0 [ 1407.498302] ? do_vfs_ioctl+0xff0/0xff0 [ 1407.502262] do_syscall_64+0x1d5/0x640 [ 1407.506141] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1407.511308] RIP: 0033:0x7f5ff741b037 [ 1407.514994] RSP: 002b:00007f5ff5d8ff28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1407.522679] RAX: ffffffffffffffda RBX: 00007f5ff7464a20 RCX: 00007f5ff741b037 [ 1407.529925] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1407.537277] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f5ff5d901d0 [ 1407.544522] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1407.551767] R13: 0000000000000004 R14: 0000000020000240 R15: 0000000000000000 06:18:10 executing program 0: socket(0x23, 0x2, 0x0) 06:18:10 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7065726d6861742030783024283e5e1a32c8cc074d1c3030303030303030303030303030305e716e783400716e05340079f11a017dc13814dc9cab696aa2e76efadf6ce9242d2e2ceb278a3a2500ccc9b25a47765256b06a47e4183380ec41a6e5376aa073e85af66c3eb5702e5ead797f244a3775ecc41b5db3d0a5c02b30caa57a63c861bc3bb97abc58c50a3a9accdbf35646c5cd307a7a03d18a91801f46ecf7b852545d55833962bf6c159a07aeb2f8d39672693343bec9ba023a07b810362e1b02bdb7f1f5df6fc00b55d55f4038bbfeb9dcae81dce7007fa32758fa88e4be5c0577e5aa9e764fae205dacb1b342d2f9352e163532ac8f1d5d62d687f8b3435c7171e5b3af99ce24b8921ef8ab63c3d796af66d4fbe1909396c9dcf80dae334d6acacf53178f639bfa81825bfb13ba506547963d007bfcdf0d1ab7d75a699855c44e798e91f460a06655098beb0ac0dc487b6767d0c053360e40ff38a2ff834c31926a635b456d1b8f67bd1638ac81de0656dd866d8fdc5c394dea7edc2c538e26c7b2efd7a90797865db97a17dbc03b0e002757eb77aea34011a0c04924b89535a86e64a0bbd1e059df8cf8aa28688d2f76a9350c6d807c891dac888dc6e62dadcc0b43cf3170f1cacdc0b7afc717ee6c91b2c35d046c77db809d597b086861fbd3db6eab74faa8d21bf7ce6316159c06d9716e"], 0xfffffffffffffd95) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r2}, {0x8}, {0x8}, {0x8}, {0x8, 0x1, r2}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) write$apparmor_current(r2, &(0x7f0000000100)=@hat={'permhat ', 0x1, 0x5e, ['/proc/thread-self/attr/current\x00']}, 0x3a) socketpair(0x23, 0x2, 0xa262, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_genetlink_get_family_id$wireguard(&(0x7f00000000c0), r3) syz_genetlink_get_family_id$wireguard(&(0x7f0000000140), 0xffffffffffffffff) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000080)={0x80000008}) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) 06:18:10 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) (async) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000080)={'filter\x00', 0x0, [0x8, 0x9ed, 0x8001, 0x4, 0x9]}, &(0x7f0000000100)=0x54) (async) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r2}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) getsockopt$IPT_SO_GET_REVISION_TARGET(r2, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e) 06:18:10 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 12) 06:18:10 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:10 executing program 3: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 14) 06:18:10 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) (async) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000080)={'filter\x00', 0x0, [0x8, 0x9ed, 0x8001, 0x4, 0x9]}, &(0x7f0000000100)=0x54) (async, rerun: 64) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (rerun: 64) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r2}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) (async, rerun: 64) getsockopt$IPT_SO_GET_REVISION_TARGET(r2, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e) (rerun: 64) [ 1407.661135] FAULT_INJECTION: forcing a failure. [ 1407.661135] name failslab, interval 1, probability 0, space 0, times 0 [ 1407.681277] FAULT_INJECTION: forcing a failure. [ 1407.681277] name failslab, interval 1, probability 0, space 0, times 0 [ 1407.698072] CPU: 0 PID: 30302 Comm: syz-executor.3 Not tainted 4.14.290-syzkaller #0 [ 1407.705963] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1407.715310] Call Trace: [ 1407.717897] dump_stack+0x1b2/0x281 [ 1407.721526] should_fail.cold+0x10a/0x149 [ 1407.725762] should_failslab+0xd6/0x130 [ 1407.729730] kmem_cache_alloc+0x28e/0x3c0 [ 1407.733866] __kernfs_new_node+0x6f/0x470 [ 1407.738009] kernfs_new_node+0x7b/0xe0 [ 1407.741913] __kernfs_create_file+0x3d/0x320 [ 1407.746312] sysfs_add_file_mode_ns+0x1e1/0x450 [ 1407.750974] ? kernfs_create_dir_ns+0x171/0x200 [ 1407.755632] internal_create_group+0x22b/0x710 [ 1407.760206] lo_ioctl+0x1137/0x1cd0 [ 1407.764003] ? loop_set_status64+0xe0/0xe0 [ 1407.768234] blkdev_ioctl+0x540/0x1830 [ 1407.772123] ? blkpg_ioctl+0x8d0/0x8d0 [ 1407.776011] ? trace_hardirqs_on+0x10/0x10 [ 1407.780245] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1407.785342] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1407.790357] block_ioctl+0xd9/0x120 [ 1407.794034] ? blkdev_fallocate+0x3a0/0x3a0 [ 1407.798353] do_vfs_ioctl+0x75a/0xff0 [ 1407.802152] ? lock_acquire+0x170/0x3f0 [ 1407.806122] ? ioctl_preallocate+0x1a0/0x1a0 [ 1407.810524] ? __fget+0x265/0x3e0 [ 1407.813995] ? do_vfs_ioctl+0xff0/0xff0 [ 1407.817960] ? security_file_ioctl+0x83/0xb0 [ 1407.822382] SyS_ioctl+0x7f/0xb0 [ 1407.825740] ? do_vfs_ioctl+0xff0/0xff0 [ 1407.829708] do_syscall_64+0x1d5/0x640 [ 1407.833581] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1407.838748] RIP: 0033:0x7f5ff741b037 [ 1407.842440] RSP: 002b:00007f5ff5d8ff28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1407.850132] RAX: ffffffffffffffda RBX: 00007f5ff7464a20 RCX: 00007f5ff741b037 [ 1407.857390] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1407.864646] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f5ff5d901d0 [ 1407.871899] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1407.879160] R13: 0000000000000004 R14: 0000000020000240 R15: 0000000000000000 [ 1407.886435] CPU: 1 PID: 30292 Comm: syz-executor.1 Not tainted 4.14.290-syzkaller #0 [ 1407.894315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1407.903663] Call Trace: [ 1407.906246] dump_stack+0x1b2/0x281 06:18:10 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:10 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000080)={'filter\x00', 0x0, [0x8, 0x9ed, 0x8001, 0x4, 0x9]}, &(0x7f0000000100)=0x54) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r2}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) getsockopt$IPT_SO_GET_REVISION_TARGET(r2, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e) [ 1407.909874] should_fail.cold+0x10a/0x149 [ 1407.914026] should_failslab+0xd6/0x130 [ 1407.917998] kmem_cache_alloc+0x28e/0x3c0 [ 1407.922175] __kernfs_new_node+0x6f/0x470 [ 1407.926331] kernfs_new_node+0x7b/0xe0 [ 1407.930212] __kernfs_create_file+0x3d/0x320 [ 1407.934642] sysfs_add_file_mode_ns+0x1e1/0x450 [ 1407.939309] ? kernfs_create_dir_ns+0x171/0x200 [ 1407.943977] internal_create_group+0x22b/0x710 [ 1407.948558] lo_ioctl+0x1137/0x1cd0 [ 1407.952182] ? loop_set_status64+0xe0/0xe0 [ 1407.956415] blkdev_ioctl+0x540/0x1830 06:18:11 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) [ 1407.960306] ? blkpg_ioctl+0x8d0/0x8d0 [ 1407.964189] ? trace_hardirqs_on+0x10/0x10 [ 1407.968421] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1407.973604] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1407.978622] block_ioctl+0xd9/0x120 [ 1407.982242] ? blkdev_fallocate+0x3a0/0x3a0 [ 1407.986572] do_vfs_ioctl+0x75a/0xff0 [ 1407.990374] ? lock_acquire+0x170/0x3f0 [ 1407.994349] ? ioctl_preallocate+0x1a0/0x1a0 [ 1407.998763] ? __fget+0x265/0x3e0 [ 1408.002217] ? do_vfs_ioctl+0xff0/0xff0 [ 1408.006188] ? security_file_ioctl+0x83/0xb0 [ 1408.010595] SyS_ioctl+0x7f/0xb0 [ 1408.013955] ? do_vfs_ioctl+0xff0/0xff0 [ 1408.017936] do_syscall_64+0x1d5/0x640 [ 1408.021830] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1408.027009] RIP: 0033:0x7f5650cf9037 [ 1408.030707] RSP: 002b:00007f564f66df28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1408.038408] RAX: ffffffffffffffda RBX: 00007f5650d42a20 RCX: 00007f5650cf9037 [ 1408.045668] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1408.052932] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f564f66e1d0 06:18:11 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7065726d6861742030783024283e5e1a32c8cc074d1c3030303030303030303030303030305e716e783400716e05340079f11a017dc13814dc9cab696aa2e76efadf6ce9242d2e2ceb278a3a2500ccc9b25a47765256b06a47e4183380ec41a6e5376aa073e85af66c3eb5702e5ead797f244a3775ecc41b5db3d0a5c02b30caa57a63c861bc3bb97abc58c50a3a9accdbf35646c5cd307a7a03d18a91801f46ecf7b852545d55833962bf6c159a07aeb2f8d39672693343bec9ba023a07b810362e1b02bdb7f1f5df6fc00b55d55f4038bbfeb9dcae81dce7007fa32758fa88e4be5c0577e5aa9e764fae205dacb1b342d2f9352e163532ac8f1d5d62d687f8b3435c7171e5b3af99ce24b8921ef8ab63c3d796af66d4fbe1909396c9dcf80dae334d6acacf53178f639bfa81825bfb13ba506547963d007bfcdf0d1ab7d75a699855c44e798e91f460a06655098beb0ac0dc487b6767d0c053360e40ff38a2ff834c31926a635b456d1b8f67bd1638ac81de0656dd866d8fdc5c394dea7edc2c538e26c7b2efd7a90797865db97a17dbc03b0e002757eb77aea34011a0c04924b89535a86e64a0bbd1e059df8cf8aa28688d2f76a9350c6d807c891dac888dc6e62dadcc0b43cf3170f1cacdc0b7afc717ee6c91b2c35d046c77db809d597b086861fbd3db6eab74faa8d21bf7ce6316159c06d9716e"], 0xfffffffffffffd95) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r2}, {0x8}, {0x8}, {0x8}, {0x8, 0x1, r2}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) (async) write$apparmor_current(r2, &(0x7f0000000100)=@hat={'permhat ', 0x1, 0x5e, ['/proc/thread-self/attr/current\x00']}, 0x3a) socketpair(0x23, 0x2, 0xa262, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_genetlink_get_family_id$wireguard(&(0x7f00000000c0), r3) syz_genetlink_get_family_id$wireguard(&(0x7f0000000140), 0xffffffffffffffff) (async) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000080)={0x80000008}) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) 06:18:11 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) getsockopt$inet_buf(r0, 0x0, 0x28, &(0x7f0000000080)=""/221, &(0x7f0000000180)=0xdd) [ 1408.053910] netlink: 84 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1408.060193] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1408.060198] R13: 0000000000000004 R14: 0000000020000240 R15: 0000000000000000 06:18:11 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 13) 06:18:11 executing program 3: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 15) 06:18:11 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) (async) getsockopt$inet_buf(r0, 0x0, 0x28, &(0x7f0000000080)=""/221, &(0x7f0000000180)=0xdd) 06:18:11 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf2505", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:11 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) [ 1408.202797] FAULT_INJECTION: forcing a failure. [ 1408.202797] name failslab, interval 1, probability 0, space 0, times 0 [ 1408.230402] FAULT_INJECTION: forcing a failure. [ 1408.230402] name failslab, interval 1, probability 0, space 0, times 0 [ 1408.244822] CPU: 0 PID: 30349 Comm: syz-executor.3 Not tainted 4.14.290-syzkaller #0 [ 1408.252710] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1408.262056] Call Trace: [ 1408.264636] dump_stack+0x1b2/0x281 [ 1408.268260] should_fail.cold+0x10a/0x149 [ 1408.272407] should_failslab+0xd6/0x130 [ 1408.276371] kmem_cache_alloc+0x28e/0x3c0 [ 1408.280511] __kernfs_new_node+0x6f/0x470 [ 1408.284651] kernfs_new_node+0x7b/0xe0 [ 1408.288529] __kernfs_create_file+0x3d/0x320 [ 1408.292924] sysfs_add_file_mode_ns+0x1e1/0x450 [ 1408.297587] ? kernfs_create_dir_ns+0x171/0x200 [ 1408.302250] internal_create_group+0x22b/0x710 [ 1408.306828] lo_ioctl+0x1137/0x1cd0 [ 1408.310455] ? loop_set_status64+0xe0/0xe0 [ 1408.314682] blkdev_ioctl+0x540/0x1830 [ 1408.318558] ? blkpg_ioctl+0x8d0/0x8d0 [ 1408.322438] ? trace_hardirqs_on+0x10/0x10 [ 1408.326675] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1408.331776] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1408.336799] block_ioctl+0xd9/0x120 [ 1408.340418] ? blkdev_fallocate+0x3a0/0x3a0 [ 1408.344730] do_vfs_ioctl+0x75a/0xff0 [ 1408.348537] ? lock_acquire+0x170/0x3f0 [ 1408.352500] ? ioctl_preallocate+0x1a0/0x1a0 [ 1408.356899] ? __fget+0x265/0x3e0 [ 1408.360343] ? do_vfs_ioctl+0xff0/0xff0 [ 1408.364304] ? security_file_ioctl+0x83/0xb0 [ 1408.368708] SyS_ioctl+0x7f/0xb0 [ 1408.372067] ? do_vfs_ioctl+0xff0/0xff0 [ 1408.376040] do_syscall_64+0x1d5/0x640 [ 1408.379923] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1408.385099] RIP: 0033:0x7f5ff741b037 [ 1408.388787] RSP: 002b:00007f5ff5d8ff28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1408.396483] RAX: ffffffffffffffda RBX: 00007f5ff7464a20 RCX: 00007f5ff741b037 06:18:11 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) (async) getsockopt$inet_buf(r0, 0x0, 0x28, &(0x7f0000000080)=""/221, &(0x7f0000000180)=0xdd) [ 1408.403736] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1408.410995] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f5ff5d901d0 [ 1408.418251] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1408.425500] R13: 0000000000000004 R14: 0000000020000240 R15: 0000000000000000 [ 1408.432772] CPU: 1 PID: 30351 Comm: syz-executor.1 Not tainted 4.14.290-syzkaller #0 [ 1408.440653] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1408.449999] Call Trace: [ 1408.452581] dump_stack+0x1b2/0x281 [ 1408.456207] should_fail.cold+0x10a/0x149 [ 1408.460359] should_failslab+0xd6/0x130 [ 1408.464331] kmem_cache_alloc+0x28e/0x3c0 [ 1408.468476] __kernfs_new_node+0x6f/0x470 [ 1408.472624] kernfs_new_node+0x7b/0xe0 [ 1408.476511] __kernfs_create_file+0x3d/0x320 [ 1408.477086] netlink: 84 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1408.480913] sysfs_add_file_mode_ns+0x1e1/0x450 [ 1408.480925] ? kernfs_create_dir_ns+0x171/0x200 [ 1408.480936] internal_create_group+0x22b/0x710 06:18:11 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf2505", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) [ 1408.480950] lo_ioctl+0x1137/0x1cd0 [ 1408.506983] ? loop_set_status64+0xe0/0xe0 [ 1408.511216] blkdev_ioctl+0x540/0x1830 [ 1408.515101] ? blkpg_ioctl+0x8d0/0x8d0 [ 1408.518983] ? trace_hardirqs_on+0x10/0x10 [ 1408.523217] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1408.528326] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1408.533345] block_ioctl+0xd9/0x120 [ 1408.536968] ? blkdev_fallocate+0x3a0/0x3a0 [ 1408.541286] do_vfs_ioctl+0x75a/0xff0 [ 1408.545080] ? lock_acquire+0x170/0x3f0 [ 1408.549048] ? ioctl_preallocate+0x1a0/0x1a0 06:18:11 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) [ 1408.552020] netlink: 92 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1408.553452] ? __fget+0x265/0x3e0 [ 1408.553465] ? do_vfs_ioctl+0xff0/0xff0 [ 1408.553481] ? security_file_ioctl+0x83/0xb0 [ 1408.573821] SyS_ioctl+0x7f/0xb0 [ 1408.577181] ? do_vfs_ioctl+0xff0/0xff0 [ 1408.581149] do_syscall_64+0x1d5/0x640 [ 1408.585033] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1408.590213] RIP: 0033:0x7f5650cf9037 [ 1408.593918] RSP: 002b:00007f564f66df28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 06:18:11 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:11 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:11 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7065726d6861742030783024283e5e1a32c8cc074d1c3030303030303030303030303030305e716e783400716e05340079f11a017dc13814dc9cab696aa2e76efadf6ce9242d2e2ceb278a3a2500ccc9b25a47765256b06a47e4183380ec41a6e5376aa073e85af66c3eb5702e5ead797f244a3775ecc41b5db3d0a5c02b30caa57a63c861bc3bb97abc58c50a3a9accdbf35646c5cd307a7a03d18a91801f46ecf7b852545d55833962bf6c159a07aeb2f8d39672693343bec9ba023a07b810362e1b02bdb7f1f5df6fc00b55d55f4038bbfeb9dcae81dce7007fa32758fa88e4be5c0577e5aa9e764fae205dacb1b342d2f9352e163532ac8f1d5d62d687f8b3435c7171e5b3af99ce24b8921ef8ab63c3d796af66d4fbe1909396c9dcf80dae334d6acacf53178f639bfa81825bfb13ba506547963d007bfcdf0d1ab7d75a699855c44e798e91f460a06655098beb0ac0dc487b6767d0c053360e40ff38a2ff834c31926a635b456d1b8f67bd1638ac81de0656dd866d8fdc5c394dea7edc2c538e26c7b2efd7a90797865db97a17dbc03b0e002757eb77aea34011a0c04924b89535a86e64a0bbd1e059df8cf8aa28688d2f76a9350c6d807c891dac888dc6e62dadcc0b43cf3170f1cacdc0b7afc717ee6c91b2c35d046c77db809d597b086861fbd3db6eab74faa8d21bf7ce6316159c06d9716e"], 0xfffffffffffffd95) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r2}, {0x8}, {0x8}, {0x8}, {0x8, 0x1, r2}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) (async) write$apparmor_current(r2, &(0x7f0000000100)=@hat={'permhat ', 0x1, 0x5e, ['/proc/thread-self/attr/current\x00']}, 0x3a) (async, rerun: 64) socketpair(0x23, 0x2, 0xa262, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) (rerun: 64) syz_genetlink_get_family_id$wireguard(&(0x7f00000000c0), r3) (async, rerun: 32) syz_genetlink_get_family_id$wireguard(&(0x7f0000000140), 0xffffffffffffffff) (async, rerun: 32) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000080)={0x80000008}) (async) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) 06:18:11 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x44, {0x2, 0x2, @empty}, 'veth0\x00'}) ioctl$sock_inet_SIOCGARP(r0, 0x8954, &(0x7f0000000080)={{0x2, 0x4e24, @multicast2}, {0x1, @local}, 0x80, {0x2, 0x4e22, @broadcast}, 'veth0\x00'}) getsockopt$ARPT_SO_GET_ENTRIES(r0, 0x0, 0x61, &(0x7f0000000100)={'filter\x00', 0x98, "edf687e304b9960d6390f8a735e0cbb10d6db77f400f57ec814350c00838144b7793c9f160e619a8dc456377311676432046ffe1d72e82c36c0f97be9907578721f7085af731b74cda234487709eb1805436e7af0f6b9cdd919743322bbc0d59ee6f0d6d4a988ac1010a8ec81de2d1d0c1e8824b29d6d8e5287963453b969872040f2e0e55e0232a81d3cc557c6119a492b2080d97af93e7"}, &(0x7f00000001c0)=0xbc) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r2}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r3, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r4}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r5, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r6}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) socketpair(0x25, 0x80000, 0x7, &(0x7f00000002c0)={0xffffffffffffffff}) sendmsg$NBD_CMD_RECONFIGURE(r1, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000300)={0x98, 0x0, 0x400, 0x70bd29, 0x25dfdbfd, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BACKEND_IDENTIFIER={0xb, 0xa, 'filter\x00'}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0xffffffff}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x20}, @NBD_ATTR_SOCKETS={0x4c, 0x7, 0x0, 0x1, [{0x8, 0x1, r4}, {0x8, 0x1, r2}, {0x8, 0x1, r2}, {0x8, 0x1, r2}, {0x8, 0x1, r2}, {0x8, 0x1, r6}, {0x8, 0x1, r2}, {0x8, 0x1, r2}, {0x8, 0x1, r7}]}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x100000000}]}, 0x98}, 0x1, 0x0, 0x0, 0x800}, 0x40000010) getsockname$inet(r2, &(0x7f0000000200), &(0x7f0000000240)=0x10) [ 1408.601616] RAX: ffffffffffffffda RBX: 00007f5650d42a20 RCX: 00007f5650cf9037 [ 1408.608872] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1408.616137] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f564f66e1d0 [ 1408.623398] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1408.630659] R13: 0000000000000004 R14: 0000000020000240 R15: 0000000000000000 [ 1408.716681] netlink: 84 bytes leftover after parsing attributes in process `syz-executor.0'. 06:18:11 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 14) 06:18:11 executing program 3: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 16) 06:18:11 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:11 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x44, {0x2, 0x2, @empty}, 'veth0\x00'}) (async) ioctl$sock_inet_SIOCGARP(r0, 0x8954, &(0x7f0000000080)={{0x2, 0x4e24, @multicast2}, {0x1, @local}, 0x80, {0x2, 0x4e22, @broadcast}, 'veth0\x00'}) getsockopt$ARPT_SO_GET_ENTRIES(r0, 0x0, 0x61, &(0x7f0000000100)={'filter\x00', 0x98, "edf687e304b9960d6390f8a735e0cbb10d6db77f400f57ec814350c00838144b7793c9f160e619a8dc456377311676432046ffe1d72e82c36c0f97be9907578721f7085af731b74cda234487709eb1805436e7af0f6b9cdd919743322bbc0d59ee6f0d6d4a988ac1010a8ec81de2d1d0c1e8824b29d6d8e5287963453b969872040f2e0e55e0232a81d3cc557c6119a492b2080d97af93e7"}, &(0x7f00000001c0)=0xbc) (async, rerun: 32) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r2}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r3, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r4}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) (async) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r5, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r6}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) socketpair(0x25, 0x80000, 0x7, &(0x7f00000002c0)={0xffffffffffffffff}) sendmsg$NBD_CMD_RECONFIGURE(r1, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000300)={0x98, 0x0, 0x400, 0x70bd29, 0x25dfdbfd, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BACKEND_IDENTIFIER={0xb, 0xa, 'filter\x00'}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0xffffffff}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x20}, @NBD_ATTR_SOCKETS={0x4c, 0x7, 0x0, 0x1, [{0x8, 0x1, r4}, {0x8, 0x1, r2}, {0x8, 0x1, r2}, {0x8, 0x1, r2}, {0x8, 0x1, r2}, {0x8, 0x1, r6}, {0x8, 0x1, r2}, {0x8, 0x1, r2}, {0x8, 0x1, r7}]}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x100000000}]}, 0x98}, 0x1, 0x0, 0x0, 0x800}, 0x40000010) (async) getsockname$inet(r2, &(0x7f0000000200), &(0x7f0000000240)=0x10) 06:18:11 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000000ffdbdf250500000008000100000000", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:11 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) [ 1408.864799] FAULT_INJECTION: forcing a failure. [ 1408.864799] name failslab, interval 1, probability 0, space 0, times 0 [ 1408.878331] FAULT_INJECTION: forcing a failure. [ 1408.878331] name failslab, interval 1, probability 0, space 0, times 0 [ 1408.898983] CPU: 1 PID: 30431 Comm: syz-executor.1 Not tainted 4.14.290-syzkaller #0 [ 1408.906876] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1408.916225] Call Trace: [ 1408.918806] dump_stack+0x1b2/0x281 [ 1408.922436] should_fail.cold+0x10a/0x149 [ 1408.926585] should_failslab+0xd6/0x130 [ 1408.930557] kmem_cache_alloc+0x28e/0x3c0 [ 1408.934703] __kernfs_new_node+0x6f/0x470 [ 1408.938852] kernfs_new_node+0x7b/0xe0 [ 1408.942737] __kernfs_create_file+0x3d/0x320 [ 1408.947146] sysfs_add_file_mode_ns+0x1e1/0x450 [ 1408.951810] ? kernfs_create_dir_ns+0x171/0x200 [ 1408.956475] internal_create_group+0x22b/0x710 [ 1408.961060] lo_ioctl+0x1137/0x1cd0 [ 1408.964687] ? loop_set_status64+0xe0/0xe0 [ 1408.969005] blkdev_ioctl+0x540/0x1830 [ 1408.972888] ? blkpg_ioctl+0x8d0/0x8d0 [ 1408.976772] ? trace_hardirqs_on+0x10/0x10 [ 1408.981000] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1408.986094] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1408.991196] block_ioctl+0xd9/0x120 [ 1408.994821] ? blkdev_fallocate+0x3a0/0x3a0 [ 1408.999135] do_vfs_ioctl+0x75a/0xff0 [ 1409.002929] ? lock_acquire+0x170/0x3f0 [ 1409.006899] ? ioctl_preallocate+0x1a0/0x1a0 [ 1409.011310] ? __fget+0x265/0x3e0 [ 1409.014766] ? do_vfs_ioctl+0xff0/0xff0 [ 1409.018823] ? security_file_ioctl+0x83/0xb0 [ 1409.023227] SyS_ioctl+0x7f/0xb0 [ 1409.026594] ? do_vfs_ioctl+0xff0/0xff0 [ 1409.030572] do_syscall_64+0x1d5/0x640 [ 1409.034463] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1409.039644] RIP: 0033:0x7f5650cf9037 [ 1409.043345] RSP: 002b:00007f564f66df28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1409.051044] RAX: ffffffffffffffda RBX: 00007f5650d42a20 RCX: 00007f5650cf9037 [ 1409.058312] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 06:18:12 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:12 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000000ffdbdf250500000008000100000000", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:12 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) (async, rerun: 32) ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x44, {0x2, 0x2, @empty}, 'veth0\x00'}) (rerun: 32) ioctl$sock_inet_SIOCGARP(r0, 0x8954, &(0x7f0000000080)={{0x2, 0x4e24, @multicast2}, {0x1, @local}, 0x80, {0x2, 0x4e22, @broadcast}, 'veth0\x00'}) (async) getsockopt$ARPT_SO_GET_ENTRIES(r0, 0x0, 0x61, &(0x7f0000000100)={'filter\x00', 0x98, "edf687e304b9960d6390f8a735e0cbb10d6db77f400f57ec814350c00838144b7793c9f160e619a8dc456377311676432046ffe1d72e82c36c0f97be9907578721f7085af731b74cda234487709eb1805436e7af0f6b9cdd919743322bbc0d59ee6f0d6d4a988ac1010a8ec81de2d1d0c1e8824b29d6d8e5287963453b969872040f2e0e55e0232a81d3cc557c6119a492b2080d97af93e7"}, &(0x7f00000001c0)=0xbc) (async) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r2}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) (rerun: 32) sendmsg$NBD_CMD_STATUS(r3, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r4}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) (async) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r6 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r5, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r6}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) (async) socketpair(0x25, 0x80000, 0x7, &(0x7f00000002c0)={0xffffffffffffffff}) sendmsg$NBD_CMD_RECONFIGURE(r1, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000300)={0x98, 0x0, 0x400, 0x70bd29, 0x25dfdbfd, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BACKEND_IDENTIFIER={0xb, 0xa, 'filter\x00'}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0xffffffff}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x20}, @NBD_ATTR_SOCKETS={0x4c, 0x7, 0x0, 0x1, [{0x8, 0x1, r4}, {0x8, 0x1, r2}, {0x8, 0x1, r2}, {0x8, 0x1, r2}, {0x8, 0x1, r2}, {0x8, 0x1, r6}, {0x8, 0x1, r2}, {0x8, 0x1, r2}, {0x8, 0x1, r7}]}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x100000000}]}, 0x98}, 0x1, 0x0, 0x0, 0x800}, 0x40000010) getsockname$inet(r2, &(0x7f0000000200), &(0x7f0000000240)=0x10) [ 1409.065582] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f564f66e1d0 [ 1409.072848] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1409.080109] R13: 0000000000000004 R14: 0000000020000240 R15: 0000000000000000 [ 1409.119360] CPU: 0 PID: 30428 Comm: syz-executor.3 Not tainted 4.14.290-syzkaller #0 [ 1409.127268] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1409.136622] Call Trace: [ 1409.139210] dump_stack+0x1b2/0x281 [ 1409.142838] should_fail.cold+0x10a/0x149 [ 1409.147072] should_failslab+0xd6/0x130 [ 1409.151052] kmem_cache_alloc+0x28e/0x3c0 [ 1409.155211] __kernfs_new_node+0x6f/0x470 [ 1409.159359] kernfs_new_node+0x7b/0xe0 [ 1409.163244] __kernfs_create_file+0x3d/0x320 [ 1409.167651] sysfs_add_file_mode_ns+0x1e1/0x450 [ 1409.172314] ? kernfs_create_dir_ns+0x171/0x200 [ 1409.176977] internal_create_group+0x22b/0x710 [ 1409.181557] lo_ioctl+0x1137/0x1cd0 [ 1409.185529] ? loop_set_status64+0xe0/0xe0 [ 1409.189761] blkdev_ioctl+0x540/0x1830 [ 1409.193646] ? blkpg_ioctl+0x8d0/0x8d0 [ 1409.197530] ? trace_hardirqs_on+0x10/0x10 [ 1409.201762] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1409.206862] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1409.211879] block_ioctl+0xd9/0x120 [ 1409.215505] ? blkdev_fallocate+0x3a0/0x3a0 [ 1409.219827] do_vfs_ioctl+0x75a/0xff0 [ 1409.223626] ? lock_acquire+0x170/0x3f0 [ 1409.227603] ? ioctl_preallocate+0x1a0/0x1a0 [ 1409.232010] ? __fget+0x265/0x3e0 [ 1409.235463] ? do_vfs_ioctl+0xff0/0xff0 [ 1409.239443] ? security_file_ioctl+0x83/0xb0 [ 1409.243849] SyS_ioctl+0x7f/0xb0 [ 1409.247213] ? do_vfs_ioctl+0xff0/0xff0 [ 1409.251214] do_syscall_64+0x1d5/0x640 [ 1409.255106] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1409.260286] RIP: 0033:0x7f5ff741b037 06:18:12 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) [ 1409.264162] RSP: 002b:00007f5ff5d8ff28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1409.271861] RAX: ffffffffffffffda RBX: 00007f5ff7464a20 RCX: 00007f5ff741b037 [ 1409.279302] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1409.286562] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f5ff5d901d0 [ 1409.293851] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1409.301116] R13: 0000000000000004 R14: 0000000020000240 R15: 0000000000000000 06:18:12 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r2}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r3, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r4}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000640)={r4, 0xe0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0x1, &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0], &(0x7f00000001c0)=[0x0], 0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}, {}, {}, {}, {}, {}, {}, {}], 0x50, 0x10, &(0x7f0000000280), &(0x7f00000002c0), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000300)}}, 0x10) sendmsg$L2TP_CMD_SESSION_MODIFY(r2, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x0, 0x400, 0x70bd2c, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x4004001}, 0x10) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) 06:18:12 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000000ffdbdf250500000008000100000000", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:12 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0xffff, @local}, 'veth0\x00'}) 06:18:12 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 15) 06:18:12 executing program 3: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 17) 06:18:12 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:12 executing program 0: r0 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$NBD_CMD_STATUS(0xffffffffffffffff, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010000000000ffdbdf250500000008000100000000", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:12 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r2}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r3, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r4}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000640)={r4, 0xe0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0x1, &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0], &(0x7f00000001c0)=[0x0], 0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}, {}, {}, {}, {}, {}, {}, {}], 0x50, 0x10, &(0x7f0000000280), &(0x7f00000002c0), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000300)}}, 0x10) sendmsg$L2TP_CMD_SESSION_MODIFY(r2, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x0, 0x400, 0x70bd2c, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x4004001}, 0x10) (async) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) 06:18:12 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0xffff, @local}, 'veth0\x00'}) socket$inet_udp(0x2, 0x2, 0x0) (async) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0xffff, @local}, 'veth0\x00'}) (async) 06:18:12 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) [ 1409.603653] FAULT_INJECTION: forcing a failure. [ 1409.603653] name failslab, interval 1, probability 0, space 0, times 0 [ 1409.626797] FAULT_INJECTION: forcing a failure. [ 1409.626797] name failslab, interval 1, probability 0, space 0, times 0 06:18:12 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0xffff, @local}, 'veth0\x00'}) socket$inet_udp(0x2, 0x2, 0x0) (async) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0xffff, @local}, 'veth0\x00'}) (async) [ 1409.649062] CPU: 0 PID: 30556 Comm: syz-executor.3 Not tainted 4.14.290-syzkaller #0 [ 1409.656959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1409.666310] Call Trace: [ 1409.668896] dump_stack+0x1b2/0x281 [ 1409.672528] should_fail.cold+0x10a/0x149 [ 1409.676682] should_failslab+0xd6/0x130 [ 1409.680662] kmem_cache_alloc+0x28e/0x3c0 [ 1409.684813] __kernfs_new_node+0x6f/0x470 [ 1409.688964] kernfs_new_node+0x7b/0xe0 [ 1409.692852] __kernfs_create_file+0x3d/0x320 [ 1409.697258] sysfs_add_file_mode_ns+0x1e1/0x450 06:18:12 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x0) [ 1409.701926] ? kernfs_create_dir_ns+0x171/0x200 [ 1409.706604] internal_create_group+0x22b/0x710 [ 1409.711192] lo_ioctl+0x1137/0x1cd0 [ 1409.714823] ? loop_set_status64+0xe0/0xe0 [ 1409.719055] blkdev_ioctl+0x540/0x1830 [ 1409.722950] ? blkpg_ioctl+0x8d0/0x8d0 [ 1409.726834] ? trace_hardirqs_on+0x10/0x10 [ 1409.731068] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1409.736178] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1409.741279] block_ioctl+0xd9/0x120 [ 1409.744903] ? blkdev_fallocate+0x3a0/0x3a0 [ 1409.749222] do_vfs_ioctl+0x75a/0xff0 06:18:12 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x0) [ 1409.753023] ? lock_acquire+0x170/0x3f0 [ 1409.756995] ? ioctl_preallocate+0x1a0/0x1a0 [ 1409.761401] ? __fget+0x265/0x3e0 [ 1409.764936] ? do_vfs_ioctl+0xff0/0xff0 [ 1409.768904] ? security_file_ioctl+0x83/0xb0 [ 1409.773323] SyS_ioctl+0x7f/0xb0 [ 1409.776683] ? do_vfs_ioctl+0xff0/0xff0 [ 1409.780665] do_syscall_64+0x1d5/0x640 [ 1409.784560] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1409.789741] RIP: 0033:0x7f5ff741b037 [ 1409.793444] RSP: 002b:00007f5ff5d8ff28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 06:18:12 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) (async, rerun: 32) prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x0) (rerun: 32) 06:18:12 executing program 0: r0 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$NBD_CMD_STATUS(0xffffffffffffffff, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010000000000ffdbdf250500000008000100000000", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) [ 1409.801146] RAX: ffffffffffffffda RBX: 00007f5ff7464a20 RCX: 00007f5ff741b037 [ 1409.808413] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1409.815679] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f5ff5d901d0 [ 1409.822941] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1409.830206] R13: 0000000000000004 R14: 0000000020000240 R15: 0000000000000000 [ 1409.847878] CPU: 0 PID: 30559 Comm: syz-executor.1 Not tainted 4.14.290-syzkaller #0 [ 1409.855766] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1409.865109] Call Trace: [ 1409.867706] dump_stack+0x1b2/0x281 [ 1409.871336] should_fail.cold+0x10a/0x149 [ 1409.875485] should_failslab+0xd6/0x130 [ 1409.879458] kmem_cache_alloc+0x28e/0x3c0 [ 1409.883608] __kernfs_new_node+0x6f/0x470 [ 1409.887752] kernfs_new_node+0x7b/0xe0 [ 1409.891634] __kernfs_create_file+0x3d/0x320 [ 1409.896040] sysfs_add_file_mode_ns+0x1e1/0x450 [ 1409.900816] ? kernfs_create_dir_ns+0x171/0x200 [ 1409.905486] internal_create_group+0x22b/0x710 [ 1409.910075] lo_ioctl+0x1137/0x1cd0 [ 1409.913703] ? loop_set_status64+0xe0/0xe0 [ 1409.917934] blkdev_ioctl+0x540/0x1830 [ 1409.921820] ? blkpg_ioctl+0x8d0/0x8d0 [ 1409.925701] ? trace_hardirqs_on+0x10/0x10 [ 1409.929935] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1409.935037] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1409.940145] block_ioctl+0xd9/0x120 [ 1409.943772] ? blkdev_fallocate+0x3a0/0x3a0 [ 1409.948091] do_vfs_ioctl+0x75a/0xff0 [ 1409.951890] ? lock_acquire+0x170/0x3f0 [ 1409.955858] ? ioctl_preallocate+0x1a0/0x1a0 [ 1409.960266] ? __fget+0x265/0x3e0 [ 1409.963720] ? do_vfs_ioctl+0xff0/0xff0 [ 1409.967692] ? security_file_ioctl+0x83/0xb0 [ 1409.972109] SyS_ioctl+0x7f/0xb0 [ 1409.975471] ? do_vfs_ioctl+0xff0/0xff0 [ 1409.979448] do_syscall_64+0x1d5/0x640 [ 1409.983336] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1409.988523] RIP: 0033:0x7f5650cf9037 [ 1409.992231] RSP: 002b:00007f564f66df28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 06:18:13 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 16) [ 1409.999935] RAX: ffffffffffffffda RBX: 00007f5650d42a20 RCX: 00007f5650cf9037 [ 1410.007199] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1410.014462] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f564f66e1d0 [ 1410.021729] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1410.028997] R13: 0000000000000004 R14: 0000000020000240 R15: 0000000000000000 06:18:13 executing program 3: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 18) 06:18:13 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r2}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r3, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r4}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000640)={r4, 0xe0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0x1, &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0], &(0x7f00000001c0)=[0x0], 0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}, {}, {}, {}, {}, {}, {}, {}], 0x50, 0x10, &(0x7f0000000280), &(0x7f00000002c0), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000300)}}, 0x10) sendmsg$L2TP_CMD_SESSION_MODIFY(r2, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x0, 0x400, 0x70bd2c, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x4004001}, 0x10) (async) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) 06:18:13 executing program 0: r0 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$NBD_CMD_STATUS(0xffffffffffffffff, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010000000000ffdbdf250500000008000100000000", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:13 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x880000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x48, 0x0, 0x800, 0x70bd29, 0x25dfdbfd, {}, [@L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x3}, @L2TP_ATTR_PEER_COOKIE={0xc, 0x10, 0x68c}, @L2TP_ATTR_UDP_CSUM={0x5}, @L2TP_ATTR_MRU={0x6, 0x1d, 0x6}, @L2TP_ATTR_L2SPEC_TYPE={0x5, 0x5, 0x1}, @L2TP_ATTR_LNS_MODE={0x5, 0x14, 0x2}]}, 0x48}, 0x1, 0x0, 0x0, 0x24000055}, 0x20040000) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000200), 0x101000, 0x0) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x1}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r2}, {0x8}, {0x8}, {0x3a}, {0x8}, {0x8, 0x1, r3}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000054) bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e24, @empty}, 0x10) r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000240), 0x48100, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$l2tp(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_CREATE(r5, &(0x7f0000000280)={&(0x7f0000000080), 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x24, r6, 0x1, 0x0, 0x0, {}, [@L2TP_ATTR_MRU={0x6}, @L2TP_ATTR_UDP_ZERO_CSUM6_TX={0x5}]}, 0x24}}, 0x0) sendmsg$L2TP_CMD_TUNNEL_DELETE(r4, &(0x7f0000000340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x14, r6, 0x400, 0x70bd29, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x240080c1) 06:18:13 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:13 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf25", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:13 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(0x0, r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:13 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) (async) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x880000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x48, 0x0, 0x800, 0x70bd29, 0x25dfdbfd, {}, [@L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x3}, @L2TP_ATTR_PEER_COOKIE={0xc, 0x10, 0x68c}, @L2TP_ATTR_UDP_CSUM={0x5}, @L2TP_ATTR_MRU={0x6, 0x1d, 0x6}, @L2TP_ATTR_L2SPEC_TYPE={0x5, 0x5, 0x1}, @L2TP_ATTR_LNS_MODE={0x5, 0x14, 0x2}]}, 0x48}, 0x1, 0x0, 0x0, 0x24000055}, 0x20040000) (async) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) (async) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000200), 0x101000, 0x0) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x1}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r2}, {0x8}, {0x8}, {0x3a}, {0x8}, {0x8, 0x1, r3}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000054) bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e24, @empty}, 0x10) (async) r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000240), 0x48100, 0x0) (async) r5 = socket$nl_generic(0x10, 0x3, 0x10) (async) r6 = syz_genetlink_get_family_id$l2tp(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_CREATE(r5, &(0x7f0000000280)={&(0x7f0000000080), 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x24, r6, 0x1, 0x0, 0x0, {}, [@L2TP_ATTR_MRU={0x6}, @L2TP_ATTR_UDP_ZERO_CSUM6_TX={0x5}]}, 0x24}}, 0x0) (async) sendmsg$L2TP_CMD_TUNNEL_DELETE(r4, &(0x7f0000000340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x14, r6, 0x400, 0x70bd29, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x240080c1) 06:18:13 executing program 2: ioctl$SW_SYNC_IOC_INC(0xffffffffffffffff, 0x40045701, &(0x7f0000000040)=0x3f) r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000380)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00I\x11\xf0-\x8c\x8fi\xeb\xa7!&>A\xad\x04\xd2<\xbaZe\x8a\xb62\xea\xc8\x8f\xda=\xb2V\x87\x9d\x9b\x9ft\xe9\x9f\b\x86\xd7}\xd7}\xf1\b\x98}\xea\xa3\xbf\xb9\x91\xdb\x93\x87\x0fNy\x89\x16\xce\xcb=\xe3\x03\x01I\f \xf3\xa4:tS_8\xd3\x13\x05\x9e\xd7\x13\x92k\x8d\xd68T\xf5\x9c\xcbj\x84\xe1\xf3\x06\xef\xd4\x95\xc4\'\xd0\x81th5IMk\xb9\x13x\xb1~\x9cd\x04\xd0\xdd\xa0r\x91jqd\x836\x1d\xb8\xe8\xaf\x1a\xef^\xd3\xf7\x97\xc9\x1d\xc7\xb7\x95\xd6p\x02qL\x164\xd7\xeas+\xaa\xc4\xa2o\"}\xc6l\t\xdbEk\xe3\x00\xfb\b\xf0\x86\xff\xaf\x82\xc2\xd5\xeb\xf7S\xeda\xb5\xb4\x8cEKT\xfe\xc8\xb8\xbb\xb9`D\x9d@\x02wI\xe1\x98\xc4\x85\xb2\xca/\x9c\xfb\x04\xdb\\\x14\x83/\x0e\avM\xac\xf3.R\xa7\x83\xd0\x94\xd9y\x9c\x13\xdf\x0e\x1f\xc4\xdd\xb1\xf9 \aw\xe0O\xe1\xbb1\xa1\xc2\xb8Dd\xe1\xd2\x15\x90\xf1\xce\xe0\xf1\xbfv\xab\xd3\x90\x82u\x9d\x9f2\xce\xb6@Bbr7!\x89\x12\x89WTE\xb9Q%o\xda\x9d\x19>\xfd\xb7\xe9\x8b\xd4\xad\xfaE(b\xd7\x0f\x7f\xfc \xc5,}&A\x91\xb3%p9\xd5u\xca\xc5\x18\x97\xc9\x92\x9d\xa9\xef+\xc7\xc7\x1f\xe0\xe9?#h\b\x04\'x\xcf\xad.\xb0\xdd(m\x85\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00I\x11\xf0-\x8c\x8fi\xeb\xa7!&>A\xad\x04\xd2<\xbaZe\x8a\xb62\xea\xc8\x8f\xda=\xb2V\x87\x9d\x9b\x9ft\xe9\x9f\b\x86\xd7}\xd7}\xf1\b\x98}\xea\xa3\xbf\xb9\x91\xdb\x93\x87\x0fNy\x89\x16\xce\xcb=\xe3\x03\x01I\f \xf3\xa4:tS_8\xd3\x13\x05\x9e\xd7\x13\x92k\x8d\xd68T\xf5\x9c\xcbj\x84\xe1\xf3\x06\xef\xd4\x95\xc4\'\xd0\x81th5IMk\xb9\x13x\xb1~\x9cd\x04\xd0\xdd\xa0r\x91jqd\x836\x1d\xb8\xe8\xaf\x1a\xef^\xd3\xf7\x97\xc9\x1d\xc7\xb7\x95\xd6p\x02qL\x164\xd7\xeas+\xaa\xc4\xa2o\"}\xc6l\t\xdbEk\xe3\x00\xfb\b\xf0\x86\xff\xaf\x82\xc2\xd5\xeb\xf7S\xeda\xb5\xb4\x8cEKT\xfe\xc8\xb8\xbb\xb9`D\x9d@\x02wI\xe1\x98\xc4\x85\xb2\xca/\x9c\xfb\x04\xdb\\\x14\x83/\x0e\avM\xac\xf3.R\xa7\x83\xd0\x94\xd9y\x9c\x13\xdf\x0e\x1f\xc4\xdd\xb1\xf9 \aw\xe0O\xe1\xbb1\xa1\xc2\xb8Dd\xe1\xd2\x15\x90\xf1\xce\xe0\xf1\xbfv\xab\xd3\x90\x82u\x9d\x9f2\xce\xb6@Bbr7!\x89\x12\x89WTE\xb9Q%o\xda\x9d\x19>\xfd\xb7\xe9\x8b\xd4\xad\xfaE(b\xd7\x0f\x7f\xfc \xc5,}&A\x91\xb3%p9\xd5u\xca\xc5\x18\x97\xc9\x92\x9d\xa9\xef+\xc7\xc7\x1f\xe0\xe9?#h\b\x04\'x\xcf\xad.\xb0\xdd(m\x85\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00I\x11\xf0-\x8c\x8fi\xeb\xa7!&>A\xad\x04\xd2<\xbaZe\x8a\xb62\xea\xc8\x8f\xda=\xb2V\x87\x9d\x9b\x9ft\xe9\x9f\b\x86\xd7}\xd7}\xf1\b\x98}\xea\xa3\xbf\xb9\x91\xdb\x93\x87\x0fNy\x89\x16\xce\xcb=\xe3\x03\x01I\f \xf3\xa4:tS_8\xd3\x13\x05\x9e\xd7\x13\x92k\x8d\xd68T\xf5\x9c\xcbj\x84\xe1\xf3\x06\xef\xd4\x95\xc4\'\xd0\x81th5IMk\xb9\x13x\xb1~\x9cd\x04\xd0\xdd\xa0r\x91jqd\x836\x1d\xb8\xe8\xaf\x1a\xef^\xd3\xf7\x97\xc9\x1d\xc7\xb7\x95\xd6p\x02qL\x164\xd7\xeas+\xaa\xc4\xa2o\"}\xc6l\t\xdbEk\xe3\x00\xfb\b\xf0\x86\xff\xaf\x82\xc2\xd5\xeb\xf7S\xeda\xb5\xb4\x8cEKT\xfe\xc8\xb8\xbb\xb9`D\x9d@\x02wI\xe1\x98\xc4\x85\xb2\xca/\x9c\xfb\x04\xdb\\\x14\x83/\x0e\avM\xac\xf3.R\xa7\x83\xd0\x94\xd9y\x9c\x13\xdf\x0e\x1f\xc4\xdd\xb1\xf9 \aw\xe0O\xe1\xbb1\xa1\xc2\xb8Dd\xe1\xd2\x15\x90\xf1\xce\xe0\xf1\xbfv\xab\xd3\x90\x82u\x9d\x9f2\xce\xb6@Bbr7!\x89\x12\x89WTE\xb9Q%o\xda\x9d\x19>\xfd\xb7\xe9\x8b\xd4\xad\xfaE(b\xd7\x0f\x7f\xfc \xc5,}&A\x91\xb3%p9\xd5u\xca\xc5\x18\x97\xc9\x92\x9d\xa9\xef+\xc7\xc7\x1f\xe0\xe9?#h\b\x04\'x\xcf\xad.\xb0\xdd(m\x85\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) [ 1410.945004] __alloc_pages_nodemask+0x22c/0x2720 [ 1410.945688] audit: type=1400 audit(1660285093.964:64): apparmor="DENIED" operation="change_hat" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=30667 comm="syz-executor.2" [ 1410.949754] ? delete_node+0x1eb/0x610 [ 1410.949771] ? __lock_acquire+0x5fc/0x3f20 [ 1410.949785] ? kernfs_activate+0x2a/0x180 [ 1410.949796] ? __mutex_lock+0x360/0x1310 [ 1410.949804] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1410.949813] ? kernfs_add_one+0x4c/0x3a0 [ 1410.992346] ? kernfs_add_one+0x2e5/0x3a0 06:18:14 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf25", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:14 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x10, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0xfffffd12, 0x1, r2}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8, 0x1, r2}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4008840) sendmsg$L2TP_CMD_TUNNEL_MODIFY(r2, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x0, 0x1, 0x70bd2d, 0x25dfdbfb, {}, [@L2TP_ATTR_SEND_SEQ={0x5, 0x13, 0x5}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_UDP_DPORT={0x6, 0x1b, 0x4e22}, @L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x7}, @L2TP_ATTR_LNS_MODE={0x5, 0x14, 0x8}, @L2TP_ATTR_VLAN_ID={0x6, 0xe, 0x3ff}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}]}, 0x4c}, 0x1, 0x0, 0x0, 0x240000d0}, 0x20004040) [ 1410.996498] ? lock_downgrade+0x740/0x740 [ 1411.000652] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1411.006111] ? __mutex_unlock_slowpath+0x75/0x770 [ 1411.010959] cache_grow_begin+0x91/0x700 [ 1411.015014] ? fs_reclaim_release+0xd0/0x110 [ 1411.019420] ? check_preemption_disabled+0x35/0x240 [ 1411.024438] cache_alloc_refill+0x273/0x350 [ 1411.028763] kmem_cache_alloc_trace+0x340/0x3d0 [ 1411.033433] ? dev_uevent_filter+0xd0/0xd0 [ 1411.037667] kobject_uevent_env+0x20c/0xf30 [ 1411.041990] ? internal_create_group+0x48f/0x710 06:18:14 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:14 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x10, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0xfffffd12, 0x1, r2}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8, 0x1, r2}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4008840) sendmsg$L2TP_CMD_TUNNEL_MODIFY(r2, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x0, 0x1, 0x70bd2d, 0x25dfdbfb, {}, [@L2TP_ATTR_SEND_SEQ={0x5, 0x13, 0x5}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_UDP_DPORT={0x6, 0x1b, 0x4e22}, @L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x7}, @L2TP_ATTR_LNS_MODE={0x5, 0x14, 0x8}, @L2TP_ATTR_VLAN_ID={0x6, 0xe, 0x3ff}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}]}, 0x4c}, 0x1, 0x0, 0x0, 0x240000d0}, 0x20004040) socket$inet_udp(0x2, 0x2, 0x0) (async) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) (async) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x10, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0xfffffd12, 0x1, r2}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8, 0x1, r2}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4008840) (async) sendmsg$L2TP_CMD_TUNNEL_MODIFY(r2, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x0, 0x1, 0x70bd2d, 0x25dfdbfb, {}, [@L2TP_ATTR_SEND_SEQ={0x5, 0x13, 0x5}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_UDP_DPORT={0x6, 0x1b, 0x4e22}, @L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x7}, @L2TP_ATTR_LNS_MODE={0x5, 0x14, 0x8}, @L2TP_ATTR_VLAN_ID={0x6, 0xe, 0x3ff}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}]}, 0x4c}, 0x1, 0x0, 0x0, 0x240000d0}, 0x20004040) (async) [ 1411.046750] lo_ioctl+0x11a6/0x1cd0 [ 1411.050381] ? loop_set_status64+0xe0/0xe0 [ 1411.054621] blkdev_ioctl+0x540/0x1830 [ 1411.058871] ? blkpg_ioctl+0x8d0/0x8d0 [ 1411.062755] ? trace_hardirqs_on+0x10/0x10 [ 1411.066988] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1411.072115] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1411.077147] block_ioctl+0xd9/0x120 [ 1411.080775] ? blkdev_fallocate+0x3a0/0x3a0 [ 1411.085093] do_vfs_ioctl+0x75a/0xff0 [ 1411.088893] ? lock_acquire+0x170/0x3f0 [ 1411.092901] ? ioctl_preallocate+0x1a0/0x1a0 [ 1411.097308] ? __fget+0x265/0x3e0 [ 1411.100760] ? do_vfs_ioctl+0xff0/0xff0 [ 1411.104729] ? security_file_ioctl+0x83/0xb0 [ 1411.109145] SyS_ioctl+0x7f/0xb0 [ 1411.112503] ? do_vfs_ioctl+0xff0/0xff0 [ 1411.116491] do_syscall_64+0x1d5/0x640 [ 1411.120385] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1411.125567] RIP: 0033:0x7f5ff741b037 [ 1411.129272] RSP: 002b:00007f5ff5d8ff28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1411.136978] RAX: ffffffffffffffda RBX: 00007f5ff7464a20 RCX: 00007f5ff741b037 [ 1411.144241] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1411.151504] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f5ff5d901d0 [ 1411.158767] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1411.166039] R13: 0000000000000004 R14: 0000000020000240 R15: 0000000000000000 06:18:14 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 18) 06:18:14 executing program 3: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 20) 06:18:14 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYBLOB="010000000000ffdbdf2505", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:14 executing program 2: sendmsg$L2TP_CMD_SESSION_MODIFY(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x34, 0x0, 0x100, 0x70bd28, 0x25dfdbfc, {}, [@L2TP_ATTR_UDP_ZERO_CSUM6_TX={0x5, 0x21, 0x1}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x1}, @L2TP_ATTR_MRU={0x6, 0x1d, 0x2}, @L2TP_ATTR_PEER_CONN_ID={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x4}, 0x20000005) (async, rerun: 32) r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (rerun: 32) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) 06:18:14 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) (async, rerun: 32) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x10, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0xfffffd12, 0x1, r2}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8, 0x1, r2}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4008840) (async) sendmsg$L2TP_CMD_TUNNEL_MODIFY(r2, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x0, 0x1, 0x70bd2d, 0x25dfdbfb, {}, [@L2TP_ATTR_SEND_SEQ={0x5, 0x13, 0x5}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_UDP_DPORT={0x6, 0x1b, 0x4e22}, @L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x7}, @L2TP_ATTR_LNS_MODE={0x5, 0x14, 0x8}, @L2TP_ATTR_VLAN_ID={0x6, 0xe, 0x3ff}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}]}, 0x4c}, 0x1, 0x0, 0x0, 0x240000d0}, 0x20004040) 06:18:14 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) [ 1411.242499] FAULT_INJECTION: forcing a failure. [ 1411.242499] name failslab, interval 1, probability 0, space 0, times 0 [ 1411.284480] CPU: 1 PID: 30710 Comm: syz-executor.1 Not tainted 4.14.290-syzkaller #0 [ 1411.286844] FAULT_INJECTION: forcing a failure. [ 1411.286844] name failslab, interval 1, probability 0, space 0, times 0 [ 1411.292372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1411.292377] Call Trace: [ 1411.292393] dump_stack+0x1b2/0x281 [ 1411.292408] should_fail.cold+0x10a/0x149 [ 1411.292422] should_failslab+0xd6/0x130 [ 1411.292434] kmem_cache_alloc+0x28e/0x3c0 [ 1411.292447] __kernfs_new_node+0x6f/0x470 [ 1411.292461] kernfs_new_node+0x7b/0xe0 [ 1411.292479] __kernfs_create_file+0x3d/0x320 [ 1411.292492] sysfs_add_file_mode_ns+0x1e1/0x450 [ 1411.292501] ? kernfs_create_dir_ns+0x171/0x200 [ 1411.353740] internal_create_group+0x22b/0x710 [ 1411.358309] lo_ioctl+0x1137/0x1cd0 [ 1411.361920] ? loop_set_status64+0xe0/0xe0 [ 1411.366144] blkdev_ioctl+0x540/0x1830 [ 1411.370016] ? blkpg_ioctl+0x8d0/0x8d0 [ 1411.373898] ? trace_hardirqs_on+0x10/0x10 [ 1411.378152] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1411.383245] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1411.388251] block_ioctl+0xd9/0x120 [ 1411.391858] ? blkdev_fallocate+0x3a0/0x3a0 [ 1411.396171] do_vfs_ioctl+0x75a/0xff0 [ 1411.399951] ? lock_acquire+0x170/0x3f0 [ 1411.403922] ? ioctl_preallocate+0x1a0/0x1a0 [ 1411.408318] ? __fget+0x265/0x3e0 [ 1411.411753] ? do_vfs_ioctl+0xff0/0xff0 [ 1411.415714] ? security_file_ioctl+0x83/0xb0 [ 1411.420121] SyS_ioctl+0x7f/0xb0 [ 1411.423480] ? do_vfs_ioctl+0xff0/0xff0 [ 1411.427545] do_syscall_64+0x1d5/0x640 06:18:14 executing program 2: sendmsg$L2TP_CMD_SESSION_MODIFY(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x34, 0x0, 0x100, 0x70bd28, 0x25dfdbfc, {}, [@L2TP_ATTR_UDP_ZERO_CSUM6_TX={0x5, 0x21, 0x1}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x1}, @L2TP_ATTR_MRU={0x6, 0x1d, 0x2}, @L2TP_ATTR_PEER_CONN_ID={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x4}, 0x20000005) r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) 06:18:14 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(0xffffffffffffffff, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:14 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYBLOB="010000000000ffdbdf2505", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) [ 1411.431428] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1411.436616] RIP: 0033:0x7f5650cf9037 [ 1411.440305] RSP: 002b:00007f564f66df28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1411.447992] RAX: ffffffffffffffda RBX: 00007f5650d42a20 RCX: 00007f5650cf9037 [ 1411.455257] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1411.462517] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f564f66e1d0 [ 1411.469779] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1411.477387] R13: 0000000000000004 R14: 0000000020000240 R15: 0000000000000000 [ 1411.501844] CPU: 0 PID: 30718 Comm: syz-executor.3 Not tainted 4.14.290-syzkaller #0 [ 1411.509747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1411.519096] Call Trace: [ 1411.521683] dump_stack+0x1b2/0x281 [ 1411.525318] should_fail.cold+0x10a/0x149 [ 1411.529566] should_failslab+0xd6/0x130 [ 1411.533546] kmem_cache_alloc_node+0x263/0x410 [ 1411.538136] __alloc_skb+0x5c/0x510 [ 1411.541769] kobject_uevent_env+0x882/0xf30 [ 1411.546098] lo_ioctl+0x11a6/0x1cd0 06:18:14 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(0xffffffffffffffff, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:14 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(0xffffffffffffffff, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:14 executing program 5: ioctl$SG_GET_REQUEST_TABLE(0xffffffffffffffff, 0x2286, &(0x7f0000000080)) r0 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$sg(&(0x7f0000000380), 0x1, 0x180) syz_open_dev$sg(&(0x7f0000000200), 0x4319e422, 0x200302) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r2}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r3, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r4}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) ioctl$SG_GET_LOW_DMA(r4, 0x227a, &(0x7f0000000400)) r5 = socket(0x16, 0x1, 0x80) sendmsg$L2TP_CMD_TUNNEL_DELETE(r5, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x50, 0x0, 0x1, 0x70bd2c, 0x25dfdbff, {}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x1}, @L2TP_ATTR_L2SPEC_LEN={0x5, 0x6, 0x5}, @L2TP_ATTR_MTU={0x6}, @L2TP_ATTR_L2SPEC_TYPE={0x5}, @L2TP_ATTR_RECV_TIMEOUT={0xc, 0x16, 0x1}, @L2TP_ATTR_L2SPEC_LEN={0x5, 0x6, 0x3a}, @L2TP_ATTR_L2SPEC_TYPE={0x5}]}, 0x50}, 0x1, 0x0, 0x0, 0x810}, 0x8000) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @broadcast}, {0x0, @multicast}, 0x58, {0x2, 0x0, @local}, 'ipvlan1\x00'}) [ 1411.549726] ? loop_set_status64+0xe0/0xe0 [ 1411.553959] blkdev_ioctl+0x540/0x1830 [ 1411.557844] ? blkpg_ioctl+0x8d0/0x8d0 [ 1411.561906] ? trace_hardirqs_on+0x10/0x10 [ 1411.566143] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1411.571245] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1411.576266] block_ioctl+0xd9/0x120 [ 1411.579891] ? blkdev_fallocate+0x3a0/0x3a0 [ 1411.584212] do_vfs_ioctl+0x75a/0xff0 [ 1411.588011] ? lock_acquire+0x170/0x3f0 [ 1411.591986] ? ioctl_preallocate+0x1a0/0x1a0 [ 1411.596569] ? __fget+0x265/0x3e0 [ 1411.600025] ? do_vfs_ioctl+0xff0/0xff0 [ 1411.604001] ? security_file_ioctl+0x83/0xb0 [ 1411.608407] SyS_ioctl+0x7f/0xb0 [ 1411.611774] ? do_vfs_ioctl+0xff0/0xff0 [ 1411.615751] do_syscall_64+0x1d5/0x640 [ 1411.619652] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1411.624836] RIP: 0033:0x7f5ff741b037 [ 1411.628541] RSP: 002b:00007f5ff5d8ff28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1411.636242] RAX: ffffffffffffffda RBX: 00007f5ff7464a20 RCX: 00007f5ff741b037 [ 1411.643502] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1411.650765] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f5ff5d901d0 [ 1411.658034] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1411.665297] R13: 0000000000000004 R14: 0000000020000240 R15: 0000000000000000 06:18:14 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 19) 06:18:14 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, 0x0, 0x4000000) 06:18:14 executing program 5: ioctl$SG_GET_REQUEST_TABLE(0xffffffffffffffff, 0x2286, &(0x7f0000000080)) r0 = socket$inet_udp(0x2, 0x2, 0x0) (async, rerun: 32) syz_open_dev$sg(&(0x7f0000000380), 0x1, 0x180) (async, rerun: 32) syz_open_dev$sg(&(0x7f0000000200), 0x4319e422, 0x200302) (async) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) (rerun: 32) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r2}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r3, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r4}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) ioctl$SG_GET_LOW_DMA(r4, 0x227a, &(0x7f0000000400)) r5 = socket(0x16, 0x1, 0x80) sendmsg$L2TP_CMD_TUNNEL_DELETE(r5, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x50, 0x0, 0x1, 0x70bd2c, 0x25dfdbff, {}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x1}, @L2TP_ATTR_L2SPEC_LEN={0x5, 0x6, 0x5}, @L2TP_ATTR_MTU={0x6}, @L2TP_ATTR_L2SPEC_TYPE={0x5}, @L2TP_ATTR_RECV_TIMEOUT={0xc, 0x16, 0x1}, @L2TP_ATTR_L2SPEC_LEN={0x5, 0x6, 0x3a}, @L2TP_ATTR_L2SPEC_TYPE={0x5}]}, 0x50}, 0x1, 0x0, 0x0, 0x810}, 0x8000) (async) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @broadcast}, {0x0, @multicast}, 0x58, {0x2, 0x0, @local}, 'ipvlan1\x00'}) 06:18:14 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYBLOB="010000000000ffdbdf2505", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:14 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7065726d686174203078303030303030303030303030303030305e716e783400716e05340079f11a017dc13814dc9cab696aa2e76efadf6ce9242d2e2ceb278a3a2500c4c9b25a47765256b06a47e4183380ec41a6e5376aa073e85af66c3eb5702e5ead797f244a3775ecc41b5db3d0a5c02b30caa57a63c861bc3bb97abc58c50a3a9accf35646c5cd307a7a03d18a91801f46ecf7b852545d55833962bf6c159a07aeb2f8d39672693343bec9ba023a07b810362e1b02bdb7f1f5df6fc00b55d55f4038bbfeb9dcae81dce7007fa32758fa88e4be5c0577e5aa9e764fae205dacb1b342d2f9352e163532ac8f1d5d62d687f8b3435c7171e5b3af99ce24b8921ef8ab63c3d796af66d4fbe1909396c9dcf80dae334d6acacf53178f639bfa81825bfb13ba506547963d00d75a699855c44e798e91f460a06655098beb0ac0dc487b6767d0c053360e40ff38a2ff834c31926a635b456d1b8f67bd1638ac81de0656dd866d8fdc5c394dea7edc2c538e26c7b2efd7a90797865db97a17dbc03b0e002757eb77aea34011a0c04924b89535a86e64a0bbd1e059df8cf8aa28688d2f76a9350c6d807c891dac888dc6e62dadcc0b43cf3170f1cacdc0b7afc717ee6c91b2c35d046c77db809d597b086861fbd3db6eab74faa8d21bf7ce6316159c06d9716e7834003a18123adc93dca988018000080000"], 0xfffffffffffffd95) 06:18:14 executing program 3: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 21) 06:18:14 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, 0x0, 0x4000000) 06:18:14 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7065726d686174203078303030303030303030303030303030305e716e783400716e05340079f11a017dc13814dc9cab696aa2e76efadf6ce9242d2e2ceb278a3a2500c4c9b25a47765256b06a47e4183380ec41a6e5376aa073e85af66c3eb5702e5ead797f244a3775ecc41b5db3d0a5c02b30caa57a63c861bc3bb97abc58c50a3a9accf35646c5cd307a7a03d18a91801f46ecf7b852545d55833962bf6c159a07aeb2f8d39672693343bec9ba023a07b810362e1b02bdb7f1f5df6fc00b55d55f4038bbfeb9dcae81dce7007fa32758fa88e4be5c0577e5aa9e764fae205dacb1b342d2f9352e163532ac8f1d5d62d687f8b3435c7171e5b3af99ce24b8921ef8ab63c3d796af66d4fbe1909396c9dcf80dae334d6acacf53178f639bfa81825bfb13ba506547963d00d75a699855c44e798e91f460a06655098beb0ac0dc487b6767d0c053360e40ff38a2ff834c31926a635b456d1b8f67bd1638ac81de0656dd866d8fdc5c394dea7edc2c538e26c7b2efd7a90797865db97a17dbc03b0e002757eb77aea34011a0c04924b89535a86e64a0bbd1e059df8cf8aa28688d2f76a9350c6d807c891dac888dc6e62dadcc0b43cf3170f1cacdc0b7afc717ee6c91b2c35d046c77db809d597b086861fbd3db6eab74faa8d21bf7ce6316159c06d9716e7834003a18123adc93dca988018000080000"], 0xfffffffffffffd95) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async) write$apparmor_current(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7065726d686174203078303030303030303030303030303030305e716e783400716e05340079f11a017dc13814dc9cab696aa2e76efadf6ce9242d2e2ceb278a3a2500c4c9b25a47765256b06a47e4183380ec41a6e5376aa073e85af66c3eb5702e5ead797f244a3775ecc41b5db3d0a5c02b30caa57a63c861bc3bb97abc58c50a3a9accf35646c5cd307a7a03d18a91801f46ecf7b852545d55833962bf6c159a07aeb2f8d39672693343bec9ba023a07b810362e1b02bdb7f1f5df6fc00b55d55f4038bbfeb9dcae81dce7007fa32758fa88e4be5c0577e5aa9e764fae205dacb1b342d2f9352e163532ac8f1d5d62d687f8b3435c7171e5b3af99ce24b8921ef8ab63c3d796af66d4fbe1909396c9dcf80dae334d6acacf53178f639bfa81825bfb13ba506547963d00d75a699855c44e798e91f460a06655098beb0ac0dc487b6767d0c053360e40ff38a2ff834c31926a635b456d1b8f67bd1638ac81de0656dd866d8fdc5c394dea7edc2c538e26c7b2efd7a90797865db97a17dbc03b0e002757eb77aea34011a0c04924b89535a86e64a0bbd1e059df8cf8aa28688d2f76a9350c6d807c891dac888dc6e62dadcc0b43cf3170f1cacdc0b7afc717ee6c91b2c35d046c77db809d597b086861fbd3db6eab74faa8d21bf7ce6316159c06d9716e7834003a18123adc93dca988018000080000"], 0xfffffffffffffd95) (async) 06:18:14 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000000ffdbdf2505", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) [ 1411.808474] FAULT_INJECTION: forcing a failure. [ 1411.808474] name failslab, interval 1, probability 0, space 0, times 0 [ 1411.824369] FAULT_INJECTION: forcing a failure. [ 1411.824369] name failslab, interval 1, probability 0, space 0, times 0 [ 1411.850015] CPU: 0 PID: 30766 Comm: syz-executor.3 Not tainted 4.14.290-syzkaller #0 06:18:14 executing program 5: ioctl$SG_GET_REQUEST_TABLE(0xffffffffffffffff, 0x2286, &(0x7f0000000080)) r0 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$sg(&(0x7f0000000380), 0x1, 0x180) (async) syz_open_dev$sg(&(0x7f0000000200), 0x4319e422, 0x200302) (async, rerun: 32) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r2}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) (async) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r3, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r4}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) (async) ioctl$SG_GET_LOW_DMA(r4, 0x227a, &(0x7f0000000400)) (async, rerun: 64) r5 = socket(0x16, 0x1, 0x80) (rerun: 64) sendmsg$L2TP_CMD_TUNNEL_DELETE(r5, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x50, 0x0, 0x1, 0x70bd2c, 0x25dfdbff, {}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x1}, @L2TP_ATTR_L2SPEC_LEN={0x5, 0x6, 0x5}, @L2TP_ATTR_MTU={0x6}, @L2TP_ATTR_L2SPEC_TYPE={0x5}, @L2TP_ATTR_RECV_TIMEOUT={0xc, 0x16, 0x1}, @L2TP_ATTR_L2SPEC_LEN={0x5, 0x6, 0x3a}, @L2TP_ATTR_L2SPEC_TYPE={0x5}]}, 0x50}, 0x1, 0x0, 0x0, 0x810}, 0x8000) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @broadcast}, {0x0, @multicast}, 0x58, {0x2, 0x0, @local}, 'ipvlan1\x00'}) 06:18:14 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000000ffdbdf2505", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) [ 1411.857909] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1411.867254] Call Trace: [ 1411.869856] dump_stack+0x1b2/0x281 [ 1411.873484] should_fail.cold+0x10a/0x149 [ 1411.877631] should_failslab+0xd6/0x130 [ 1411.881625] kmem_cache_alloc_node_trace+0x25a/0x400 [ 1411.886752] __kmalloc_node_track_caller+0x38/0x70 [ 1411.891685] __alloc_skb+0x96/0x510 [ 1411.895311] kobject_uevent_env+0x882/0xf30 [ 1411.899633] lo_ioctl+0x11a6/0x1cd0 [ 1411.903261] ? loop_set_status64+0xe0/0xe0 06:18:14 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000000ffdbdf2505", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) [ 1411.907502] blkdev_ioctl+0x540/0x1830 [ 1411.911386] ? blkpg_ioctl+0x8d0/0x8d0 [ 1411.915269] ? trace_hardirqs_on+0x10/0x10 [ 1411.919504] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1411.924618] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1411.929641] block_ioctl+0xd9/0x120 [ 1411.933269] ? blkdev_fallocate+0x3a0/0x3a0 [ 1411.937590] do_vfs_ioctl+0x75a/0xff0 [ 1411.941386] ? lock_acquire+0x170/0x3f0 [ 1411.945358] ? ioctl_preallocate+0x1a0/0x1a0 [ 1411.949764] ? __fget+0x265/0x3e0 [ 1411.953216] ? do_vfs_ioctl+0xff0/0xff0 [ 1411.957191] ? security_file_ioctl+0x83/0xb0 [ 1411.961602] SyS_ioctl+0x7f/0xb0 [ 1411.964964] ? do_vfs_ioctl+0xff0/0xff0 [ 1411.968939] do_syscall_64+0x1d5/0x640 [ 1411.972828] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1411.978014] RIP: 0033:0x7f5ff741b037 [ 1411.981718] RSP: 002b:00007f5ff5d8ff28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1411.989503] RAX: ffffffffffffffda RBX: 00007f5ff7464a20 RCX: 00007f5ff741b037 [ 1411.996759] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1412.004023] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f5ff5d901d0 [ 1412.011280] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1412.018536] R13: 0000000000000004 R14: 0000000020000240 R15: 0000000000000000 [ 1412.025825] CPU: 1 PID: 30768 Comm: syz-executor.1 Not tainted 4.14.290-syzkaller #0 [ 1412.033707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1412.043054] Call Trace: [ 1412.045642] dump_stack+0x1b2/0x281 [ 1412.049284] should_fail.cold+0x10a/0x149 [ 1412.054043] should_failslab+0xd6/0x130 [ 1412.058021] __kmalloc+0x2c1/0x400 [ 1412.061557] ? kobject_get_path+0xb5/0x230 [ 1412.065786] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1412.071233] kobject_get_path+0xb5/0x230 [ 1412.075292] kobject_uevent_env+0x230/0xf30 [ 1412.079614] ? internal_create_group+0x48f/0x710 [ 1412.084370] lo_ioctl+0x11a6/0x1cd0 [ 1412.087996] ? loop_set_status64+0xe0/0xe0 [ 1412.092227] blkdev_ioctl+0x540/0x1830 [ 1412.096114] ? blkpg_ioctl+0x8d0/0x8d0 [ 1412.100007] ? trace_hardirqs_on+0x10/0x10 [ 1412.104241] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1412.109339] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1412.114360] block_ioctl+0xd9/0x120 [ 1412.118007] ? blkdev_fallocate+0x3a0/0x3a0 [ 1412.122324] do_vfs_ioctl+0x75a/0xff0 [ 1412.126221] ? lock_acquire+0x170/0x3f0 [ 1412.130193] ? ioctl_preallocate+0x1a0/0x1a0 [ 1412.134600] ? __fget+0x265/0x3e0 [ 1412.138053] ? do_vfs_ioctl+0xff0/0xff0 [ 1412.142027] ? security_file_ioctl+0x83/0xb0 [ 1412.146434] SyS_ioctl+0x7f/0xb0 [ 1412.149796] ? do_vfs_ioctl+0xff0/0xff0 [ 1412.153765] do_syscall_64+0x1d5/0x640 [ 1412.157667] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1412.162849] RIP: 0033:0x7f5650cf9037 [ 1412.166551] RSP: 002b:00007f564f66df28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1412.174257] RAX: ffffffffffffffda RBX: 00007f5650d42a20 RCX: 00007f5650cf9037 [ 1412.181525] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1412.188787] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f564f66e1d0 [ 1412.196048] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1412.203310] R13: 0000000000000004 R14: 0000000020000240 R15: 0000000000000000 06:18:15 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 20) 06:18:15 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYRES16=r1, @ANYBLOB="010000000000ffdbdf2505", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:15 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7065726d686174203078303030303030303030303030303030305e716e783400716e05340079f11a017dc13814dc9cab696aa2e76efadf6ce9242d2e2ceb278a3a2500c4c9b25a47765256b06a47e4183380ec41a6e5376aa073e85af66c3eb5702e5ead797f244a3775ecc41b5db3d0a5c02b30caa57a63c861bc3bb97abc58c50a3a9accf35646c5cd307a7a03d18a91801f46ecf7b852545d55833962bf6c159a07aeb2f8d39672693343bec9ba023a07b810362e1b02bdb7f1f5df6fc00b55d55f4038bbfeb9dcae81dce7007fa32758fa88e4be5c0577e5aa9e764fae205dacb1b342d2f9352e163532ac8f1d5d62d687f8b3435c7171e5b3af99ce24b8921ef8ab63c3d796af66d4fbe1909396c9dcf80dae334d6acacf53178f639bfa81825bfb13ba506547963d00d75a699855c44e798e91f460a06655098beb0ac0dc487b6767d0c053360e40ff38a2ff834c31926a635b456d1b8f67bd1638ac81de0656dd866d8fdc5c394dea7edc2c538e26c7b2efd7a90797865db97a17dbc03b0e002757eb77aea34011a0c04924b89535a86e64a0bbd1e059df8cf8aa28688d2f76a9350c6d807c891dac888dc6e62dadcc0b43cf3170f1cacdc0b7afc717ee6c91b2c35d046c77db809d597b086861fbd3db6eab74faa8d21bf7ce6316159c06d9716e7834003a18123adc93dca988018000080000"], 0xfffffffffffffd95) 06:18:15 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, 0x0, 0x4000000) 06:18:15 executing program 3: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 22) 06:18:15 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYRES16=r1, @ANYBLOB="010000000000ffdbdf2505", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) [ 1412.311940] FAULT_INJECTION: forcing a failure. [ 1412.311940] name failslab, interval 1, probability 0, space 0, times 0 [ 1412.339175] CPU: 1 PID: 30831 Comm: syz-executor.1 Not tainted 4.14.290-syzkaller #0 [ 1412.347083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1412.356429] Call Trace: [ 1412.359017] dump_stack+0x1b2/0x281 [ 1412.362647] should_fail.cold+0x10a/0x149 [ 1412.366798] should_failslab+0xd6/0x130 [ 1412.370779] kmem_cache_alloc_node+0x263/0x410 [ 1412.375479] __alloc_skb+0x5c/0x510 [ 1412.379110] kobject_uevent_env+0x882/0xf30 [ 1412.383446] lo_ioctl+0x11a6/0x1cd0 [ 1412.387078] ? loop_set_status64+0xe0/0xe0 [ 1412.391319] blkdev_ioctl+0x540/0x1830 [ 1412.395206] ? blkpg_ioctl+0x8d0/0x8d0 [ 1412.399092] ? trace_hardirqs_on+0x10/0x10 [ 1412.403335] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1412.408448] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1412.413471] block_ioctl+0xd9/0x120 [ 1412.417095] ? blkdev_fallocate+0x3a0/0x3a0 [ 1412.421422] do_vfs_ioctl+0x75a/0xff0 [ 1412.425221] ? lock_acquire+0x170/0x3f0 [ 1412.429193] ? ioctl_preallocate+0x1a0/0x1a0 [ 1412.433602] ? __fget+0x265/0x3e0 [ 1412.437051] ? do_vfs_ioctl+0xff0/0xff0 [ 1412.441023] ? security_file_ioctl+0x83/0xb0 [ 1412.445435] SyS_ioctl+0x7f/0xb0 [ 1412.448797] ? do_vfs_ioctl+0xff0/0xff0 [ 1412.452772] do_syscall_64+0x1d5/0x640 [ 1412.456660] entry_SYSCALL_64_after_hwframe+0x46/0xbb 06:18:15 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYRES16=r1, @ANYBLOB="010000000000ffdbdf2505", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:15 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:15 executing program 2: bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000600)={0xffffffffffffffff, 0xe0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, &(0x7f0000000380)=[0x0], &(0x7f00000003c0)=[0x0, 0x0], 0x0, 0x8, &(0x7f0000000400)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0x10, &(0x7f0000000440), &(0x7f0000000480), 0x8, 0x10, 0x8, 0x8, &(0x7f00000004c0)}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x10, 0x9, &(0x7f0000000240)=@raw=[@map_fd={0x18, 0x7, 0x1, 0x0, 0x1}, @ldst={0x1, 0x2, 0x2, 0x8, 0xb, 0xffffffffffffffc0, 0xffffffffffffffff}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0xe, 0x0, 0x0, 0x0, 0x4}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @map_idx={0x18, 0x7, 0x5, 0x0, 0xd}], &(0x7f00000002c0)='GPL\x00', 0x1, 0x38, &(0x7f0000000300)=""/56, 0x40f00, 0x1, '\x00', r0, 0x28, 0xffffffffffffffff, 0x8, &(0x7f0000000640)={0x8, 0x4}, 0x8, 0x10, &(0x7f0000000680)={0x1, 0xa, 0x7e, 0x4}, 0x10, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[0xffffffffffffffff, 0x1, 0xffffffffffffffff]}, 0x80) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000040)={0xffffffffffffffff, r0, 0x25, 0xa}, 0x10) r1 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r1, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) [ 1412.461841] RIP: 0033:0x7f5650cf9037 [ 1412.465542] RSP: 002b:00007f564f66df28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1412.473242] RAX: ffffffffffffffda RBX: 00007f5650d42a20 RCX: 00007f5650cf9037 [ 1412.480502] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1412.487765] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f564f66e1d0 [ 1412.495287] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1412.502553] R13: 0000000000000004 R14: 0000000020000240 R15: 0000000000000000 [ 1412.535496] FAULT_INJECTION: forcing a failure. [ 1412.535496] name failslab, interval 1, probability 0, space 0, times 0 [ 1412.562355] CPU: 1 PID: 30833 Comm: syz-executor.3 Not tainted 4.14.290-syzkaller #0 [ 1412.570248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1412.579601] Call Trace: [ 1412.582186] dump_stack+0x1b2/0x281 [ 1412.585814] should_fail.cold+0x10a/0x149 [ 1412.589968] should_failslab+0xd6/0x130 [ 1412.593947] kmem_cache_alloc_node+0x263/0x410 [ 1412.598532] __alloc_skb+0x5c/0x510 [ 1412.602164] kobject_uevent_env+0x882/0xf30 [ 1412.606576] lo_ioctl+0x11a6/0x1cd0 [ 1412.610206] ? loop_set_status64+0xe0/0xe0 [ 1412.614445] blkdev_ioctl+0x540/0x1830 [ 1412.618425] ? blkpg_ioctl+0x8d0/0x8d0 [ 1412.622313] ? trace_hardirqs_on+0x10/0x10 [ 1412.626552] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1412.631664] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1412.636689] block_ioctl+0xd9/0x120 [ 1412.640312] ? blkdev_fallocate+0x3a0/0x3a0 [ 1412.644629] do_vfs_ioctl+0x75a/0xff0 [ 1412.648432] ? lock_acquire+0x170/0x3f0 [ 1412.652406] ? ioctl_preallocate+0x1a0/0x1a0 [ 1412.656805] ? __fget+0x265/0x3e0 [ 1412.660299] ? do_vfs_ioctl+0xff0/0xff0 [ 1412.664262] ? security_file_ioctl+0x83/0xb0 [ 1412.668655] SyS_ioctl+0x7f/0xb0 [ 1412.672001] ? do_vfs_ioctl+0xff0/0xff0 [ 1412.675957] do_syscall_64+0x1d5/0x640 [ 1412.679824] entry_SYSCALL_64_after_hwframe+0x46/0xbb 06:18:15 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000600)={0xffffffffffffffff, 0xe0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, &(0x7f0000000380)=[0x0], &(0x7f00000003c0)=[0x0, 0x0], 0x0, 0x8, &(0x7f0000000400)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0x10, &(0x7f0000000440), &(0x7f0000000480), 0x8, 0x10, 0x8, 0x8, &(0x7f00000004c0)}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x10, 0x9, &(0x7f0000000240)=@raw=[@map_fd={0x18, 0x7, 0x1, 0x0, 0x1}, @ldst={0x1, 0x2, 0x2, 0x8, 0xb, 0xffffffffffffffc0, 0xffffffffffffffff}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0xe, 0x0, 0x0, 0x0, 0x4}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @map_idx={0x18, 0x7, 0x5, 0x0, 0xd}], &(0x7f00000002c0)='GPL\x00', 0x1, 0x38, &(0x7f0000000300)=""/56, 0x40f00, 0x1, '\x00', r2, 0x28, 0xffffffffffffffff, 0x8, &(0x7f0000000640)={0x8, 0x4}, 0x8, 0x10, &(0x7f0000000680)={0x1, 0xa, 0x7e, 0x4}, 0x10, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[0xffffffffffffffff, 0x1, 0xffffffffffffffff]}, 0x80) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000140)={'syztnl1\x00', &(0x7f0000000080)={'erspan0\x00', r2, 0x40, 0x80, 0x3, 0x3, {{0x1a, 0x4, 0x0, 0x39, 0x68, 0x68, 0x0, 0xfc, 0x4, 0x0, @multicast2, @broadcast, {[@generic={0x88, 0xf, "ba6fa1cd24706d924183f1a2e0"}, @end, @ra={0x94, 0x4, 0x1}, @lsrr={0x83, 0xb, 0xe, [@rand_addr=0x64010101, @initdev={0xac, 0x1e, 0x1, 0x0}]}, @timestamp_addr={0x44, 0x34, 0x4e, 0x1, 0xf, [{@remote, 0x5}, {@multicast2, 0x80}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x3f}, {@remote, 0xde3}, {@private=0xa010100, 0x3}, {@remote, 0x55c}]}, @end]}}}}}) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) 06:18:15 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB, @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf2505", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:15 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x84}, 0x4000000) [ 1412.684995] RIP: 0033:0x7f5ff741b037 [ 1412.688690] RSP: 002b:00007f5ff5d8ff28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1412.696377] RAX: ffffffffffffffda RBX: 00007f5ff7464a20 RCX: 00007f5ff741b037 [ 1412.703627] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1412.710881] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f5ff5d901d0 [ 1412.718129] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1412.725382] R13: 0000000000000004 R14: 0000000020000240 R15: 0000000000000000 06:18:15 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 21) 06:18:15 executing program 2: bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000600)={0xffffffffffffffff, 0xe0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, &(0x7f0000000380)=[0x0], &(0x7f00000003c0)=[0x0, 0x0], 0x0, 0x8, &(0x7f0000000400)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0x10, &(0x7f0000000440), &(0x7f0000000480), 0x8, 0x10, 0x8, 0x8, &(0x7f00000004c0)}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x10, 0x9, &(0x7f0000000240)=@raw=[@map_fd={0x18, 0x7, 0x1, 0x0, 0x1}, @ldst={0x1, 0x2, 0x2, 0x8, 0xb, 0xffffffffffffffc0, 0xffffffffffffffff}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0xe, 0x0, 0x0, 0x0, 0x4}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @map_idx={0x18, 0x7, 0x5, 0x0, 0xd}], &(0x7f00000002c0)='GPL\x00', 0x1, 0x38, &(0x7f0000000300)=""/56, 0x40f00, 0x1, '\x00', r0, 0x28, 0xffffffffffffffff, 0x8, &(0x7f0000000640)={0x8, 0x4}, 0x8, 0x10, &(0x7f0000000680)={0x1, 0xa, 0x7e, 0x4}, 0x10, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[0xffffffffffffffff, 0x1, 0xffffffffffffffff]}, 0x80) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000040)={0xffffffffffffffff, r0, 0x25, 0xa}, 0x10) r1 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r1, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000600)={0xffffffffffffffff, 0xe0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, &(0x7f0000000380)=[0x0], &(0x7f00000003c0)=[0x0, 0x0], 0x0, 0x8, &(0x7f0000000400)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0x10, &(0x7f0000000440), &(0x7f0000000480), 0x8, 0x10, 0x8, 0x8, &(0x7f00000004c0)}}, 0x10) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x10, 0x9, &(0x7f0000000240)=@raw=[@map_fd={0x18, 0x7, 0x1, 0x0, 0x1}, @ldst={0x1, 0x2, 0x2, 0x8, 0xb, 0xffffffffffffffc0, 0xffffffffffffffff}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0xe, 0x0, 0x0, 0x0, 0x4}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @map_idx={0x18, 0x7, 0x5, 0x0, 0xd}], &(0x7f00000002c0)='GPL\x00', 0x1, 0x38, &(0x7f0000000300)=""/56, 0x40f00, 0x1, '\x00', r0, 0x28, 0xffffffffffffffff, 0x8, &(0x7f0000000640)={0x8, 0x4}, 0x8, 0x10, &(0x7f0000000680)={0x1, 0xa, 0x7e, 0x4}, 0x10, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[0xffffffffffffffff, 0x1, 0xffffffffffffffff]}, 0x80) (async) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000040)={0xffffffffffffffff, r0, 0x25, 0xa}, 0x10) (async) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async) write$apparmor_current(r1, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) (async) 06:18:15 executing program 3: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 23) 06:18:15 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB, @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf2505", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:15 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:15 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB, @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf2505", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:15 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) (async) r1 = socket$inet_udp(0x2, 0x2, 0x0) (async, rerun: 64) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000600)={0xffffffffffffffff, 0xe0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, &(0x7f0000000380)=[0x0], &(0x7f00000003c0)=[0x0, 0x0], 0x0, 0x8, &(0x7f0000000400)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0x10, &(0x7f0000000440), &(0x7f0000000480), 0x8, 0x10, 0x8, 0x8, &(0x7f00000004c0)}}, 0x10) (rerun: 64) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x10, 0x9, &(0x7f0000000240)=@raw=[@map_fd={0x18, 0x7, 0x1, 0x0, 0x1}, @ldst={0x1, 0x2, 0x2, 0x8, 0xb, 0xffffffffffffffc0, 0xffffffffffffffff}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0xe, 0x0, 0x0, 0x0, 0x4}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @map_idx={0x18, 0x7, 0x5, 0x0, 0xd}], &(0x7f00000002c0)='GPL\x00', 0x1, 0x38, &(0x7f0000000300)=""/56, 0x40f00, 0x1, '\x00', r2, 0x28, 0xffffffffffffffff, 0x8, &(0x7f0000000640)={0x8, 0x4}, 0x8, 0x10, &(0x7f0000000680)={0x1, 0xa, 0x7e, 0x4}, 0x10, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[0xffffffffffffffff, 0x1, 0xffffffffffffffff]}, 0x80) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000140)={'syztnl1\x00', &(0x7f0000000080)={'erspan0\x00', r2, 0x40, 0x80, 0x3, 0x3, {{0x1a, 0x4, 0x0, 0x39, 0x68, 0x68, 0x0, 0xfc, 0x4, 0x0, @multicast2, @broadcast, {[@generic={0x88, 0xf, "ba6fa1cd24706d924183f1a2e0"}, @end, @ra={0x94, 0x4, 0x1}, @lsrr={0x83, 0xb, 0xe, [@rand_addr=0x64010101, @initdev={0xac, 0x1e, 0x1, 0x0}]}, @timestamp_addr={0x44, 0x34, 0x4e, 0x1, 0xf, [{@remote, 0x5}, {@multicast2, 0x80}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x3f}, {@remote, 0xde3}, {@private=0xa010100, 0x3}, {@remote, 0x55c}]}, @end]}}}}}) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) [ 1412.838983] FAULT_INJECTION: forcing a failure. [ 1412.838983] name failslab, interval 1, probability 0, space 0, times 0 [ 1412.865187] CPU: 1 PID: 30907 Comm: syz-executor.1 Not tainted 4.14.290-syzkaller #0 [ 1412.873177] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1412.882526] Call Trace: [ 1412.885117] dump_stack+0x1b2/0x281 06:18:15 executing program 2: bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000600)={0xffffffffffffffff, 0xe0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, &(0x7f0000000380)=[0x0], &(0x7f00000003c0)=[0x0, 0x0], 0x0, 0x8, &(0x7f0000000400)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0x10, &(0x7f0000000440), &(0x7f0000000480), 0x8, 0x10, 0x8, 0x8, &(0x7f00000004c0)}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x10, 0x9, &(0x7f0000000240)=@raw=[@map_fd={0x18, 0x7, 0x1, 0x0, 0x1}, @ldst={0x1, 0x2, 0x2, 0x8, 0xb, 0xffffffffffffffc0, 0xffffffffffffffff}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0xe, 0x0, 0x0, 0x0, 0x4}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @map_idx={0x18, 0x7, 0x5, 0x0, 0xd}], &(0x7f00000002c0)='GPL\x00', 0x1, 0x38, &(0x7f0000000300)=""/56, 0x40f00, 0x1, '\x00', r0, 0x28, 0xffffffffffffffff, 0x8, &(0x7f0000000640)={0x8, 0x4}, 0x8, 0x10, &(0x7f0000000680)={0x1, 0xa, 0x7e, 0x4}, 0x10, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[0xffffffffffffffff, 0x1, 0xffffffffffffffff]}, 0x80) (async) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000040)={0xffffffffffffffff, r0, 0x25, 0xa}, 0x10) (async) r1 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r1, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) 06:18:15 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={0x0, 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) [ 1412.888746] should_fail.cold+0x10a/0x149 [ 1412.892898] should_failslab+0xd6/0x130 [ 1412.896876] kmem_cache_alloc_node_trace+0x25a/0x400 [ 1412.901981] __kmalloc_node_track_caller+0x38/0x70 [ 1412.906919] __alloc_skb+0x96/0x510 [ 1412.910545] kobject_uevent_env+0x882/0xf30 [ 1412.914878] lo_ioctl+0x11a6/0x1cd0 [ 1412.918511] ? loop_set_status64+0xe0/0xe0 [ 1412.922753] blkdev_ioctl+0x540/0x1830 [ 1412.926674] ? blkpg_ioctl+0x8d0/0x8d0 [ 1412.930555] ? trace_hardirqs_on+0x10/0x10 06:18:15 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) getsockname$inet(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000080)=0x10) 06:18:16 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf2505", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) [ 1412.934801] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1412.939907] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1412.944929] block_ioctl+0xd9/0x120 [ 1412.948552] ? blkdev_fallocate+0x3a0/0x3a0 [ 1412.952874] do_vfs_ioctl+0x75a/0xff0 [ 1412.956674] ? lock_acquire+0x170/0x3f0 [ 1412.960642] ? ioctl_preallocate+0x1a0/0x1a0 [ 1412.965048] ? __fget+0x265/0x3e0 [ 1412.968498] ? do_vfs_ioctl+0xff0/0xff0 [ 1412.972468] ? security_file_ioctl+0x83/0xb0 [ 1412.976872] SyS_ioctl+0x7f/0xb0 [ 1412.980331] ? do_vfs_ioctl+0xff0/0xff0 [ 1412.984312] do_syscall_64+0x1d5/0x640 06:18:16 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) (async) getsockname$inet(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000080)=0x10) [ 1412.988212] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1412.993395] RIP: 0033:0x7f5650cf9037 [ 1412.997108] RSP: 002b:00007f564f66df28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1413.004812] RAX: ffffffffffffffda RBX: 00007f5650d42a20 RCX: 00007f5650cf9037 [ 1413.012164] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1413.019435] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f564f66e1d0 [ 1413.026708] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1413.034069] R13: 0000000000000004 R14: 0000000020000240 R15: 0000000000000000 [ 1413.063350] FAULT_INJECTION: forcing a failure. [ 1413.063350] name failslab, interval 1, probability 0, space 0, times 0 [ 1413.085771] CPU: 0 PID: 30917 Comm: syz-executor.3 Not tainted 4.14.290-syzkaller #0 [ 1413.093764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1413.103237] Call Trace: [ 1413.105828] dump_stack+0x1b2/0x281 [ 1413.109465] should_fail.cold+0x10a/0x149 [ 1413.113622] should_failslab+0xd6/0x130 [ 1413.117600] kmem_cache_alloc_node_trace+0x25a/0x400 [ 1413.125387] __kmalloc_node_track_caller+0x38/0x70 [ 1413.130299] __alloc_skb+0x96/0x510 [ 1413.133907] kobject_uevent_env+0x882/0xf30 [ 1413.138212] lo_ioctl+0x11a6/0x1cd0 [ 1413.141820] ? loop_set_status64+0xe0/0xe0 [ 1413.146053] blkdev_ioctl+0x540/0x1830 [ 1413.149927] ? blkpg_ioctl+0x8d0/0x8d0 [ 1413.153813] ? trace_hardirqs_on+0x10/0x10 [ 1413.158026] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1413.163111] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1413.168111] block_ioctl+0xd9/0x120 [ 1413.171719] ? blkdev_fallocate+0x3a0/0x3a0 [ 1413.176026] do_vfs_ioctl+0x75a/0xff0 [ 1413.179808] ? lock_acquire+0x170/0x3f0 [ 1413.183788] ? ioctl_preallocate+0x1a0/0x1a0 [ 1413.188283] ? __fget+0x265/0x3e0 [ 1413.191717] ? do_vfs_ioctl+0xff0/0xff0 [ 1413.195671] ? security_file_ioctl+0x83/0xb0 [ 1413.200059] SyS_ioctl+0x7f/0xb0 [ 1413.203410] ? do_vfs_ioctl+0xff0/0xff0 [ 1413.207368] do_syscall_64+0x1d5/0x640 06:18:16 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 22) 06:18:16 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf2505", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) [ 1413.211240] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1413.216408] RIP: 0033:0x7f5ff741b037 [ 1413.220100] RSP: 002b:00007f5ff5d8ff28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1413.227785] RAX: ffffffffffffffda RBX: 00007f5ff7464a20 RCX: 00007f5ff741b037 [ 1413.235061] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1413.242310] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f5ff5d901d0 [ 1413.249555] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1413.256822] R13: 0000000000000004 R14: 0000000020000240 R15: 0000000000000000 06:18:16 executing program 3: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 24) 06:18:16 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000600)={0xffffffffffffffff, 0xe0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, &(0x7f0000000380)=[0x0], &(0x7f00000003c0)=[0x0, 0x0], 0x0, 0x8, &(0x7f0000000400)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0x10, &(0x7f0000000440), &(0x7f0000000480), 0x8, 0x10, 0x8, 0x8, &(0x7f00000004c0)}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x10, 0x9, &(0x7f0000000240)=@raw=[@map_fd={0x18, 0x7, 0x1, 0x0, 0x1}, @ldst={0x1, 0x2, 0x2, 0x8, 0xb, 0xffffffffffffffc0, 0xffffffffffffffff}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0xe, 0x0, 0x0, 0x0, 0x4}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @map_idx={0x18, 0x7, 0x5, 0x0, 0xd}], &(0x7f00000002c0)='GPL\x00', 0x1, 0x38, &(0x7f0000000300)=""/56, 0x40f00, 0x1, '\x00', r2, 0x28, 0xffffffffffffffff, 0x8, &(0x7f0000000640)={0x8, 0x4}, 0x8, 0x10, &(0x7f0000000680)={0x1, 0xa, 0x7e, 0x4}, 0x10, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[0xffffffffffffffff, 0x1, 0xffffffffffffffff]}, 0x80) (async) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000140)={'syztnl1\x00', &(0x7f0000000080)={'erspan0\x00', r2, 0x40, 0x80, 0x3, 0x3, {{0x1a, 0x4, 0x0, 0x39, 0x68, 0x68, 0x0, 0xfc, 0x4, 0x0, @multicast2, @broadcast, {[@generic={0x88, 0xf, "ba6fa1cd24706d924183f1a2e0"}, @end, @ra={0x94, 0x4, 0x1}, @lsrr={0x83, 0xb, 0xe, [@rand_addr=0x64010101, @initdev={0xac, 0x1e, 0x1, 0x0}]}, @timestamp_addr={0x44, 0x34, 0x4e, 0x1, 0xf, [{@remote, 0x5}, {@multicast2, 0x80}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x3f}, {@remote, 0xde3}, {@private=0xa010100, 0x3}, {@remote, 0x55c}]}, @end]}}}}}) (async, rerun: 64) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) (rerun: 64) 06:18:16 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={0x0, 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:16 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) (async, rerun: 64) getsockname$inet(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000080)=0x10) (rerun: 64) 06:18:16 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf2505", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:16 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={0x0, 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) [ 1413.361040] FAULT_INJECTION: forcing a failure. [ 1413.361040] name failslab, interval 1, probability 0, space 0, times 0 [ 1413.380090] CPU: 1 PID: 30959 Comm: syz-executor.1 Not tainted 4.14.290-syzkaller #0 [ 1413.387985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1413.397332] Call Trace: [ 1413.399927] dump_stack+0x1b2/0x281 [ 1413.403557] should_fail.cold+0x10a/0x149 06:18:16 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf2505", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:16 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf2505", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) [ 1413.407715] should_failslab+0xd6/0x130 [ 1413.411696] kmem_cache_alloc_node_trace+0x25a/0x400 [ 1413.416805] __kmalloc_node_track_caller+0x38/0x70 [ 1413.421737] __alloc_skb+0x96/0x510 [ 1413.425372] kobject_uevent_env+0x882/0xf30 [ 1413.429708] lo_ioctl+0x11a6/0x1cd0 [ 1413.433341] ? loop_set_status64+0xe0/0xe0 [ 1413.437580] blkdev_ioctl+0x540/0x1830 [ 1413.441470] ? blkpg_ioctl+0x8d0/0x8d0 [ 1413.445361] ? trace_hardirqs_on+0x10/0x10 [ 1413.449599] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1413.454702] ? debug_check_no_obj_freed+0x2c0/0x680 06:18:16 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf2505", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:16 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf2505", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}}, 0x4000000) [ 1413.459719] block_ioctl+0xd9/0x120 [ 1413.463343] ? blkdev_fallocate+0x3a0/0x3a0 [ 1413.467659] do_vfs_ioctl+0x75a/0xff0 [ 1413.471457] ? lock_acquire+0x170/0x3f0 [ 1413.475430] ? ioctl_preallocate+0x1a0/0x1a0 [ 1413.479842] ? __fget+0x265/0x3e0 [ 1413.483293] ? do_vfs_ioctl+0xff0/0xff0 [ 1413.487268] ? security_file_ioctl+0x83/0xb0 [ 1413.491673] SyS_ioctl+0x7f/0xb0 [ 1413.495041] ? do_vfs_ioctl+0xff0/0xff0 [ 1413.499013] do_syscall_64+0x1d5/0x640 [ 1413.502912] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1413.508095] RIP: 0033:0x7f5650cf9037 [ 1413.511796] RSP: 002b:00007f564f66df28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1413.519584] RAX: ffffffffffffffda RBX: 00007f5650d42a20 RCX: 00007f5650cf9037 [ 1413.521317] netlink: 92 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1413.526845] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1413.526852] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f564f66e1d0 [ 1413.526857] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1413.526863] R13: 0000000000000004 R14: 0000000020000240 R15: 0000000000000000 [ 1413.585833] FAULT_INJECTION: forcing a failure. [ 1413.585833] name failslab, interval 1, probability 0, space 0, times 0 [ 1413.610699] CPU: 1 PID: 30968 Comm: syz-executor.3 Not tainted 4.14.290-syzkaller #0 [ 1413.618600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1413.627951] Call Trace: [ 1413.630542] dump_stack+0x1b2/0x281 [ 1413.634171] should_fail.cold+0x10a/0x149 [ 1413.638325] should_failslab+0xd6/0x130 [ 1413.642307] kmem_cache_alloc_node+0x263/0x410 [ 1413.646899] __alloc_skb+0x5c/0x510 [ 1413.650532] kobject_uevent_env+0x882/0xf30 [ 1413.654863] lo_ioctl+0x11a6/0x1cd0 [ 1413.658497] ? loop_set_status64+0xe0/0xe0 [ 1413.662735] blkdev_ioctl+0x540/0x1830 [ 1413.666621] ? blkpg_ioctl+0x8d0/0x8d0 [ 1413.670511] ? trace_hardirqs_on+0x10/0x10 [ 1413.674745] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1413.679845] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1413.684873] block_ioctl+0xd9/0x120 [ 1413.688500] ? blkdev_fallocate+0x3a0/0x3a0 [ 1413.692822] do_vfs_ioctl+0x75a/0xff0 [ 1413.696622] ? lock_acquire+0x170/0x3f0 [ 1413.700596] ? ioctl_preallocate+0x1a0/0x1a0 [ 1413.705045] ? __fget+0x265/0x3e0 [ 1413.708519] ? do_vfs_ioctl+0xff0/0xff0 [ 1413.712498] ? security_file_ioctl+0x83/0xb0 [ 1413.716907] SyS_ioctl+0x7f/0xb0 [ 1413.720269] ? do_vfs_ioctl+0xff0/0xff0 [ 1413.724240] do_syscall_64+0x1d5/0x640 [ 1413.728225] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1413.733407] RIP: 0033:0x7f5ff741b037 [ 1413.737110] RSP: 002b:00007f5ff5d8ff28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1413.744812] RAX: ffffffffffffffda RBX: 00007f5ff7464a20 RCX: 00007f5ff741b037 [ 1413.752161] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1413.759422] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f5ff5d901d0 [ 1413.766682] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1413.773947] R13: 0000000000000004 R14: 0000000020000240 R15: 0000000000000000 06:18:16 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 23) 06:18:16 executing program 2: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x2, 0x181001) ioctl$SG_GET_REQUEST_TABLE(r0, 0x2286, &(0x7f0000000080)) r1 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r1, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) 06:18:16 executing program 3: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 25) [ 1413.871883] FAULT_INJECTION: forcing a failure. [ 1413.871883] name failslab, interval 1, probability 0, space 0, times 0 [ 1413.897318] CPU: 1 PID: 31048 Comm: syz-executor.1 Not tainted 4.14.290-syzkaller #0 [ 1413.905221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1413.914569] Call Trace: [ 1413.917153] dump_stack+0x1b2/0x281 [ 1413.920784] should_fail.cold+0x10a/0x149 [ 1413.924935] should_failslab+0xd6/0x130 [ 1413.928909] kmem_cache_alloc_node+0x263/0x410 [ 1413.933492] __alloc_skb+0x5c/0x510 [ 1413.937121] kobject_uevent_env+0x882/0xf30 [ 1413.941449] lo_ioctl+0x11a6/0x1cd0 [ 1413.945081] ? loop_set_status64+0xe0/0xe0 [ 1413.949320] blkdev_ioctl+0x540/0x1830 [ 1413.953205] ? blkpg_ioctl+0x8d0/0x8d0 [ 1413.957090] ? trace_hardirqs_on+0x10/0x10 [ 1413.961330] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1413.966431] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1413.971456] block_ioctl+0xd9/0x120 [ 1413.975080] ? blkdev_fallocate+0x3a0/0x3a0 [ 1413.979398] do_vfs_ioctl+0x75a/0xff0 [ 1413.983198] ? lock_acquire+0x170/0x3f0 [ 1413.987167] ? ioctl_preallocate+0x1a0/0x1a0 [ 1413.991573] ? __fget+0x265/0x3e0 [ 1413.995023] ? do_vfs_ioctl+0xff0/0xff0 [ 1413.998994] ? security_file_ioctl+0x83/0xb0 [ 1414.003399] SyS_ioctl+0x7f/0xb0 [ 1414.006761] ? do_vfs_ioctl+0xff0/0xff0 [ 1414.010735] do_syscall_64+0x1d5/0x640 [ 1414.014623] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1414.019809] RIP: 0033:0x7f5650cf9037 [ 1414.023516] RSP: 002b:00007f564f66df28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1414.031220] RAX: ffffffffffffffda RBX: 00007f5650d42a20 RCX: 00007f5650cf9037 [ 1414.038488] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1414.045756] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f564f66e1d0 [ 1414.053020] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1414.060294] R13: 0000000000000004 R14: 0000000020000240 R15: 0000000000000000 [ 1414.079640] FAULT_INJECTION: forcing a failure. [ 1414.079640] name failslab, interval 1, probability 0, space 0, times 0 [ 1414.095127] CPU: 1 PID: 31057 Comm: syz-executor.3 Not tainted 4.14.290-syzkaller #0 [ 1414.103016] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1414.112368] Call Trace: [ 1414.114952] dump_stack+0x1b2/0x281 [ 1414.118583] should_fail.cold+0x10a/0x149 [ 1414.124022] should_failslab+0xd6/0x130 [ 1414.127996] kmem_cache_alloc_node+0x263/0x410 [ 1414.132581] __alloc_skb+0x5c/0x510 [ 1414.136208] kobject_uevent_env+0x882/0xf30 [ 1414.140536] lo_ioctl+0x11a6/0x1cd0 [ 1414.144164] ? loop_set_status64+0xe0/0xe0 [ 1414.148399] blkdev_ioctl+0x540/0x1830 [ 1414.152287] ? blkpg_ioctl+0x8d0/0x8d0 [ 1414.156170] ? trace_hardirqs_on+0x10/0x10 [ 1414.160405] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1414.165503] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1414.170521] block_ioctl+0xd9/0x120 [ 1414.174141] ? blkdev_fallocate+0x3a0/0x3a0 [ 1414.178459] do_vfs_ioctl+0x75a/0xff0 [ 1414.182256] ? lock_acquire+0x170/0x3f0 [ 1414.186229] ? ioctl_preallocate+0x1a0/0x1a0 [ 1414.190634] ? __fget+0x265/0x3e0 [ 1414.194086] ? do_vfs_ioctl+0xff0/0xff0 [ 1414.198064] ? security_file_ioctl+0x83/0xb0 [ 1414.202468] SyS_ioctl+0x7f/0xb0 [ 1414.205825] ? do_vfs_ioctl+0xff0/0xff0 [ 1414.209800] do_syscall_64+0x1d5/0x640 [ 1414.213690] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1414.218873] RIP: 0033:0x7f5ff741b037 [ 1414.222582] RSP: 002b:00007f5ff5d8ff28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 06:18:17 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x4e21, @private}, {0x1}, 0x4, {0x2, 0x4e22, @local}, 'veth0\x00'}) 06:18:17 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:17 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf2505", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}}, 0x0) 06:18:17 executing program 2: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x2, 0x181001) ioctl$SG_GET_REQUEST_TABLE(r0, 0x2286, &(0x7f0000000080)) (async) r1 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r1, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) [ 1414.230282] RAX: ffffffffffffffda RBX: 00007f5ff7464a20 RCX: 00007f5ff741b037 [ 1414.237544] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1414.244805] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f5ff5d901d0 [ 1414.252066] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1414.259325] R13: 0000000000000004 R14: 0000000020000240 R15: 0000000000000000 06:18:17 executing program 2: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x2, 0x181001) ioctl$SG_GET_REQUEST_TABLE(r0, 0x2286, &(0x7f0000000080)) r1 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r1, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) 06:18:17 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:17 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 24) [ 1414.291305] netlink: 84 bytes leftover after parsing attributes in process `syz-executor.0'. 06:18:17 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) socket$inet_udp(0x2, 0x2, 0x0) (async, rerun: 64) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x4e21, @private}, {0x1}, 0x4, {0x2, 0x4e22, @local}, 'veth0\x00'}) (rerun: 64) 06:18:17 executing program 3: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 26) [ 1414.363046] netlink: 92 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1414.400175] netlink: 84 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1414.405552] FAULT_INJECTION: forcing a failure. 06:18:17 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7065726d686174203078303030303030303030303030303030305e716e783400716e05340079f11a017dc13814dc9cab696aa2e76efadf6ce9242d2e2ceb278a3a2500c4c9b25a47765256b06a47e4183380ec41a6e5376aa073e85af66c3eb5702e5ead797f244a3775ecc41b5da6d0a5c02b30caa57a63c861bc3bb97abc58c50a3a9accdbf35646c5cd307a7a03d18a91801f46ecf7b852545d55833962bf6c159a07aeb2f8d39672693343bec9ba023a07b810362e2ad01b02bdb7f1f5df6fc00b55d55f4038bbfeb9dcae81dce7007fa32758fa88e4be5c0577e5aa9e764fae205dacb1b342d2f9352e163532ac8f1d5d62d687f8b3435c7171e5b3af99ce24b8921ef8ab63c3d796af66d4fbe1909396c9dcf80dae334d6acacf53178f639bfa81825bfb13ba506547963d00d75a699855c44e798e91f460a06655098beb0ac0dc487b6767d0c053360e40ff38a2ff834c31926a635b456d1b8f67bd1638ac81de0656dd866d8fdc040000007edc2c538e26c7b2efd7a90797865db97a17dbc03b0e002757eb77aea34011a0c04924b89535a86e64a0bbd1e059df8cf8aa28688d2f76a9350c4d807c891dac888dc6e62dadcc0b43cf3170f1cacdc0b7afc717ee6c91b2c35d046c77db809d597b086861fbd3db6eab74faa8d21bf7ce6316159c06d9716e7834003a18123adc93dca988018000"], 0xfffffffffffffd95) 06:18:17 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf2505", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}}, 0x4000000) 06:18:17 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:17 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) socket$inet_udp(0x2, 0x2, 0x0) (async) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x4e21, @private}, {0x1}, 0x4, {0x2, 0x4e22, @local}, 'veth0\x00'}) [ 1414.405552] name failslab, interval 1, probability 0, space 0, times 0 [ 1414.474881] CPU: 1 PID: 31150 Comm: syz-executor.1 Not tainted 4.14.290-syzkaller #0 [ 1414.482777] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1414.489790] netlink: 84 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1414.492119] Call Trace: [ 1414.492136] dump_stack+0x1b2/0x281 [ 1414.492150] should_fail.cold+0x10a/0x149 [ 1414.492162] should_failslab+0xd6/0x130 [ 1414.514991] kmem_cache_alloc_node+0x263/0x410 [ 1414.519574] __alloc_skb+0x5c/0x510 [ 1414.523201] kobject_uevent_env+0x882/0xf30 [ 1414.527528] lo_ioctl+0x11a6/0x1cd0 [ 1414.531156] ? loop_set_status64+0xe0/0xe0 [ 1414.535388] blkdev_ioctl+0x540/0x1830 [ 1414.539269] ? blkpg_ioctl+0x8d0/0x8d0 [ 1414.539453] netlink: 92 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1414.543151] ? trace_hardirqs_on+0x10/0x10 [ 1414.543168] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1414.543178] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1414.543192] block_ioctl+0xd9/0x120 [ 1414.543201] ? blkdev_fallocate+0x3a0/0x3a0 06:18:17 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) [ 1414.543211] do_vfs_ioctl+0x75a/0xff0 [ 1414.543221] ? lock_acquire+0x170/0x3f0 [ 1414.543230] ? ioctl_preallocate+0x1a0/0x1a0 [ 1414.543241] ? __fget+0x265/0x3e0 [ 1414.543252] ? do_vfs_ioctl+0xff0/0xff0 [ 1414.592043] netlink: 84 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1414.593558] ? security_file_ioctl+0x83/0xb0 [ 1414.593572] SyS_ioctl+0x7f/0xb0 [ 1414.593579] ? do_vfs_ioctl+0xff0/0xff0 [ 1414.593590] do_syscall_64+0x1d5/0x640 [ 1414.593605] entry_SYSCALL_64_after_hwframe+0x46/0xbb 06:18:17 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r2}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000440)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000100)={0x40, 0x0, 0x20, 0x70bd26, 0x25dfdbfd, {}, [@NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_BACKEND_IDENTIFIER={0xe, 0xa, '/dev/zero\x00'}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x1}, @NBD_ATTR_BACKEND_IDENTIFIER={0x4}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000}, 0x24000084) r3 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_DELETE(r2, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x2c, r3, 0x800, 0x70bd2b, 0x25dfdbfd, {}, [@L2TP_ATTR_UDP_SPORT={0x6, 0x1a, 0x4e22}, @L2TP_ATTR_OFFSET={0x6, 0x3, 0x1}, @L2TP_ATTR_MRU={0x6, 0x1d, 0x35}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40010}, 0x4) sendmsg$L2TP_CMD_SESSION_DELETE(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080), 0xc, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000129bd7000fedbdf250600000008000a00020000000c0010004a0000000000000006001d00ecb600000600010008000000050007000300000005001300770000007afeff3110ac78cfe01de95fbdbae7d118d244bc301a31ea3ae8f6caca91325e673bacffac92d1508674ec07f76561812258cfe0669953aa9e386203d20ef429aa651e464079da5abe5fb03a89e78935e258c955e81f6407b6414518444f6c4dfe1a1df0f2d23ea8d7698c31263c4945457225fda205acee34cf54171e54d2ef237280fed651fe759b8edc853a5cae96a2bbbc7da046ae"], 0x48}, 0x1, 0x0, 0x0, 0x80}, 0x81) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) socket$inet_sctp(0x2, 0x1, 0x84) 06:18:17 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf2505", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100d761b47d5f"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:17 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7065726d686174203078303030303030303030303030303030305e716e783400716e05340079f11a017dc13814dc9cab696aa2e76efadf6ce9242d2e2ceb278a3a2500c4c9b25a47765256b06a47e4183380ec41a6e5376aa073e85af66c3eb5702e5ead797f244a3775ecc41b5da6d0a5c02b30caa57a63c861bc3bb97abc58c50a3a9accdbf35646c5cd307a7a03d18a91801f46ecf7b852545d55833962bf6c159a07aeb2f8d39672693343bec9ba023a07b810362e2ad01b02bdb7f1f5df6fc00b55d55f4038bbfeb9dcae81dce7007fa32758fa88e4be5c0577e5aa9e764fae205dacb1b342d2f9352e163532ac8f1d5d62d687f8b3435c7171e5b3af99ce24b8921ef8ab63c3d796af66d4fbe1909396c9dcf80dae334d6acacf53178f639bfa81825bfb13ba506547963d00d75a699855c44e798e91f460a06655098beb0ac0dc487b6767d0c053360e40ff38a2ff834c31926a635b456d1b8f67bd1638ac81de0656dd866d8fdc040000007edc2c538e26c7b2efd7a90797865db97a17dbc03b0e002757eb77aea34011a0c04924b89535a86e64a0bbd1e059df8cf8aa28688d2f76a9350c4d807c891dac888dc6e62dadcc0b43cf3170f1cacdc0b7afc717ee6c91b2c35d046c77db809d597b086861fbd3db6eab74faa8d21bf7ce6316159c06d9716e7834003a18123adc93dca988018000"], 0xfffffffffffffd95) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async) write$apparmor_current(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7065726d686174203078303030303030303030303030303030305e716e783400716e05340079f11a017dc13814dc9cab696aa2e76efadf6ce9242d2e2ceb278a3a2500c4c9b25a47765256b06a47e4183380ec41a6e5376aa073e85af66c3eb5702e5ead797f244a3775ecc41b5da6d0a5c02b30caa57a63c861bc3bb97abc58c50a3a9accdbf35646c5cd307a7a03d18a91801f46ecf7b852545d55833962bf6c159a07aeb2f8d39672693343bec9ba023a07b810362e2ad01b02bdb7f1f5df6fc00b55d55f4038bbfeb9dcae81dce7007fa32758fa88e4be5c0577e5aa9e764fae205dacb1b342d2f9352e163532ac8f1d5d62d687f8b3435c7171e5b3af99ce24b8921ef8ab63c3d796af66d4fbe1909396c9dcf80dae334d6acacf53178f639bfa81825bfb13ba506547963d00d75a699855c44e798e91f460a06655098beb0ac0dc487b6767d0c053360e40ff38a2ff834c31926a635b456d1b8f67bd1638ac81de0656dd866d8fdc040000007edc2c538e26c7b2efd7a90797865db97a17dbc03b0e002757eb77aea34011a0c04924b89535a86e64a0bbd1e059df8cf8aa28688d2f76a9350c4d807c891dac888dc6e62dadcc0b43cf3170f1cacdc0b7afc717ee6c91b2c35d046c77db809d597b086861fbd3db6eab74faa8d21bf7ce6316159c06d9716e7834003a18123adc93dca988018000"], 0xfffffffffffffd95) (async) 06:18:17 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) [ 1414.593613] RIP: 0033:0x7f5650cf9037 [ 1414.593617] RSP: 002b:00007f564f66df28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1414.593628] RAX: ffffffffffffffda RBX: 00007f5650d42a20 RCX: 00007f5650cf9037 [ 1414.593633] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1414.593639] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f564f66e1d0 [ 1414.593644] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1414.593649] R13: 0000000000000004 R14: 0000000020000240 R15: 0000000000000000 [ 1414.604393] FAULT_INJECTION: forcing a failure. [ 1414.604393] name failslab, interval 1, probability 0, space 0, times 0 [ 1414.683015] netlink: 84 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1414.707958] CPU: 0 PID: 31156 Comm: syz-executor.3 Not tainted 4.14.290-syzkaller #0 [ 1414.715851] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1414.725199] Call Trace: [ 1414.727773] dump_stack+0x1b2/0x281 [ 1414.731379] should_fail.cold+0x10a/0x149 [ 1414.735604] should_failslab+0xd6/0x130 [ 1414.739642] kmem_cache_alloc_node+0x263/0x410 [ 1414.744207] __alloc_skb+0x5c/0x510 [ 1414.747820] kobject_uevent_env+0x882/0xf30 [ 1414.752123] lo_ioctl+0x11a6/0x1cd0 [ 1414.755832] ? loop_set_status64+0xe0/0xe0 [ 1414.760044] blkdev_ioctl+0x540/0x1830 [ 1414.763909] ? blkpg_ioctl+0x8d0/0x8d0 [ 1414.767771] ? trace_hardirqs_on+0x10/0x10 [ 1414.771988] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1414.777069] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1414.782062] block_ioctl+0xd9/0x120 [ 1414.785665] ? blkdev_fallocate+0x3a0/0x3a0 [ 1414.789968] do_vfs_ioctl+0x75a/0xff0 [ 1414.793754] ? lock_acquire+0x170/0x3f0 [ 1414.797704] ? ioctl_preallocate+0x1a0/0x1a0 [ 1414.802090] ? __fget+0x265/0x3e0 [ 1414.805517] ? do_vfs_ioctl+0xff0/0xff0 [ 1414.809468] ? security_file_ioctl+0x83/0xb0 [ 1414.813854] SyS_ioctl+0x7f/0xb0 [ 1414.817204] ? do_vfs_ioctl+0xff0/0xff0 [ 1414.821163] do_syscall_64+0x1d5/0x640 [ 1414.825030] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1414.830195] RIP: 0033:0x7f5ff741b037 [ 1414.833891] RSP: 002b:00007f5ff5d8ff28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1414.841573] RAX: ffffffffffffffda RBX: 00007f5ff7464a20 RCX: 00007f5ff741b037 [ 1414.848843] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1414.856100] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f5ff5d901d0 [ 1414.863434] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 06:18:17 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 25) 06:18:17 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7065726d686174203078303030303030303030303030303030305e716e783400716e05340079f11a017dc13814dc9cab696aa2e76efadf6ce9242d2e2ceb278a3a2500c4c9b25a47765256b06a47e4183380ec41a6e5376aa073e85af66c3eb5702e5ead797f244a3775ecc41b5da6d0a5c02b30caa57a63c861bc3bb97abc58c50a3a9accdbf35646c5cd307a7a03d18a91801f46ecf7b852545d55833962bf6c159a07aeb2f8d39672693343bec9ba023a07b810362e2ad01b02bdb7f1f5df6fc00b55d55f4038bbfeb9dcae81dce7007fa32758fa88e4be5c0577e5aa9e764fae205dacb1b342d2f9352e163532ac8f1d5d62d687f8b3435c7171e5b3af99ce24b8921ef8ab63c3d796af66d4fbe1909396c9dcf80dae334d6acacf53178f639bfa81825bfb13ba506547963d00d75a699855c44e798e91f460a06655098beb0ac0dc487b6767d0c053360e40ff38a2ff834c31926a635b456d1b8f67bd1638ac81de0656dd866d8fdc040000007edc2c538e26c7b2efd7a90797865db97a17dbc03b0e002757eb77aea34011a0c04924b89535a86e64a0bbd1e059df8cf8aa28688d2f76a9350c4d807c891dac888dc6e62dadcc0b43cf3170f1cacdc0b7afc717ee6c91b2c35d046c77db809d597b086861fbd3db6eab74faa8d21bf7ce6316159c06d9716e7834003a18123adc93dca988018000"], 0xfffffffffffffd95) [ 1414.870678] R13: 0000000000000004 R14: 0000000020000240 R15: 0000000000000000 06:18:17 executing program 3: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 27) 06:18:17 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r2}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) (async) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000440)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000100)={0x40, 0x0, 0x20, 0x70bd26, 0x25dfdbfd, {}, [@NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_BACKEND_IDENTIFIER={0xe, 0xa, '/dev/zero\x00'}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x1}, @NBD_ATTR_BACKEND_IDENTIFIER={0x4}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000}, 0x24000084) (async) r3 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_DELETE(r2, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x2c, r3, 0x800, 0x70bd2b, 0x25dfdbfd, {}, [@L2TP_ATTR_UDP_SPORT={0x6, 0x1a, 0x4e22}, @L2TP_ATTR_OFFSET={0x6, 0x3, 0x1}, @L2TP_ATTR_MRU={0x6, 0x1d, 0x35}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40010}, 0x4) sendmsg$L2TP_CMD_SESSION_DELETE(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080), 0xc, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000129bd7000fedbdf250600000008000a00020000000c0010004a0000000000000006001d00ecb600000600010008000000050007000300000005001300770000007afeff3110ac78cfe01de95fbdbae7d118d244bc301a31ea3ae8f6caca91325e673bacffac92d1508674ec07f76561812258cfe0669953aa9e386203d20ef429aa651e464079da5abe5fb03a89e78935e258c955e81f6407b6414518444f6c4dfe1a1df0f2d23ea8d7698c31263c4945457225fda205acee34cf54171e54d2ef237280fed651fe759b8edc853a5cae96a2bbbc7da046ae"], 0x48}, 0x1, 0x0, 0x0, 0x80}, 0x81) (async) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) (async) socket$inet_sctp(0x2, 0x1, 0x84) 06:18:17 executing program 4: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) getsockname$inet(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000080)=0x10) 06:18:17 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) [ 1414.943087] FAULT_INJECTION: forcing a failure. [ 1414.943087] name failslab, interval 1, probability 0, space 0, times 0 06:18:18 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', '\x00\x00\x00\x00\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0x1f7) r1 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000040), 0x10) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r1, &(0x7f0000000080)={0x30000000}) 06:18:18 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r2}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000440)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000100)={0x40, 0x0, 0x20, 0x70bd26, 0x25dfdbfd, {}, [@NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_BACKEND_IDENTIFIER={0xe, 0xa, '/dev/zero\x00'}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x1}, @NBD_ATTR_BACKEND_IDENTIFIER={0x4}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000}, 0x24000084) r3 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_DELETE(r2, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x2c, r3, 0x800, 0x70bd2b, 0x25dfdbfd, {}, [@L2TP_ATTR_UDP_SPORT={0x6, 0x1a, 0x4e22}, @L2TP_ATTR_OFFSET={0x6, 0x3, 0x1}, @L2TP_ATTR_MRU={0x6, 0x1d, 0x35}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40010}, 0x4) sendmsg$L2TP_CMD_SESSION_DELETE(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080), 0xc, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000129bd7000fedbdf250600000008000a00020000000c0010004a0000000000000006001d00ecb600000600010008000000050007000300000005001300770000007afeff3110ac78cfe01de95fbdbae7d118d244bc301a31ea3ae8f6caca91325e673bacffac92d1508674ec07f76561812258cfe0669953aa9e386203d20ef429aa651e464079da5abe5fb03a89e78935e258c955e81f6407b6414518444f6c4dfe1a1df0f2d23ea8d7698c31263c4945457225fda205acee34cf54171e54d2ef237280fed651fe759b8edc853a5cae96a2bbbc7da046ae"], 0x48}, 0x1, 0x0, 0x0, 0x80}, 0x81) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) socket$inet_sctp(0x2, 0x1, 0x84) socket$inet_udp(0x2, 0x2, 0x0) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) (async) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r2}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) (async) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000440)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000100)={0x40, 0x0, 0x20, 0x70bd26, 0x25dfdbfd, {}, [@NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_BACKEND_IDENTIFIER={0xe, 0xa, '/dev/zero\x00'}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x1}, @NBD_ATTR_BACKEND_IDENTIFIER={0x4}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000}, 0x24000084) (async) syz_genetlink_get_family_id$l2tp(&(0x7f0000000200), 0xffffffffffffffff) (async) sendmsg$L2TP_CMD_TUNNEL_DELETE(r2, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x2c, r3, 0x800, 0x70bd2b, 0x25dfdbfd, {}, [@L2TP_ATTR_UDP_SPORT={0x6, 0x1a, 0x4e22}, @L2TP_ATTR_OFFSET={0x6, 0x3, 0x1}, @L2TP_ATTR_MRU={0x6, 0x1d, 0x35}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40010}, 0x4) (async) sendmsg$L2TP_CMD_SESSION_DELETE(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080), 0xc, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000129bd7000fedbdf250600000008000a00020000000c0010004a0000000000000006001d00ecb600000600010008000000050007000300000005001300770000007afeff3110ac78cfe01de95fbdbae7d118d244bc301a31ea3ae8f6caca91325e673bacffac92d1508674ec07f76561812258cfe0669953aa9e386203d20ef429aa651e464079da5abe5fb03a89e78935e258c955e81f6407b6414518444f6c4dfe1a1df0f2d23ea8d7698c31263c4945457225fda205acee34cf54171e54d2ef237280fed651fe759b8edc853a5cae96a2bbbc7da046ae"], 0x48}, 0x1, 0x0, 0x0, 0x80}, 0x81) (async) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) (async) socket$inet_sctp(0x2, 0x1, 0x84) (async) [ 1415.024676] CPU: 1 PID: 31185 Comm: syz-executor.1 Not tainted 4.14.290-syzkaller #0 [ 1415.032578] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1415.039095] netlink: 84 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1415.041925] Call Trace: [ 1415.041942] dump_stack+0x1b2/0x281 [ 1415.041956] should_fail.cold+0x10a/0x149 [ 1415.041969] should_failslab+0xd6/0x130 [ 1415.064803] kmem_cache_alloc_node+0x263/0x410 [ 1415.069387] __alloc_skb+0x5c/0x510 06:18:18 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) [ 1415.073013] kobject_uevent_env+0x882/0xf30 [ 1415.077335] lo_ioctl+0x11a6/0x1cd0 [ 1415.080969] ? loop_set_status64+0xe0/0xe0 [ 1415.082043] audit: type=1400 audit(1660285098.094:65): apparmor="DENIED" operation="change_hat" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=31193 comm="syz-executor.2" [ 1415.085198] blkdev_ioctl+0x540/0x1830 [ 1415.085210] ? blkpg_ioctl+0x8d0/0x8d0 [ 1415.085220] ? trace_hardirqs_on+0x10/0x10 [ 1415.085233] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1415.085243] ? debug_check_no_obj_freed+0x2c0/0x680 06:18:18 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', '\x00\x00\x00\x00\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0x1f7) r1 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000040), 0x10) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r1, &(0x7f0000000080)={0x30000000}) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', '\x00\x00\x00\x00\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0x1f7) (async) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000040), 0x10) (async) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) (async) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r1, &(0x7f0000000080)={0x30000000}) (async) [ 1415.085255] block_ioctl+0xd9/0x120 [ 1415.085266] ? blkdev_fallocate+0x3a0/0x3a0 [ 1415.132622] do_vfs_ioctl+0x75a/0xff0 [ 1415.136421] ? lock_acquire+0x170/0x3f0 [ 1415.140390] ? ioctl_preallocate+0x1a0/0x1a0 [ 1415.144797] ? __fget+0x265/0x3e0 [ 1415.148245] ? do_vfs_ioctl+0xff0/0xff0 [ 1415.152215] ? security_file_ioctl+0x83/0xb0 [ 1415.156652] SyS_ioctl+0x7f/0xb0 [ 1415.160012] ? do_vfs_ioctl+0xff0/0xff0 [ 1415.163984] do_syscall_64+0x1d5/0x640 [ 1415.167873] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1415.171498] netlink: 84 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1415.173056] RIP: 0033:0x7f5650cf9037 [ 1415.173062] RSP: 002b:00007f564f66df28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1415.173074] RAX: ffffffffffffffda RBX: 00007f5650d42a20 RCX: 00007f5650cf9037 [ 1415.173080] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1415.173085] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f564f66e1d0 [ 1415.173091] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 06:18:18 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, 0x0, 0x4000000) 06:18:18 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 26) [ 1415.173096] R13: 0000000000000004 R14: 0000000020000240 R15: 0000000000000000 06:18:18 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$IP_VS_SO_SET_STOPDAEMON(r1, 0x0, 0x48c, &(0x7f0000000040)={0x2, 'netdevsim0\x00'}, 0x18) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @empty}, {}, 0x4, {0x2, 0x0, @empty}, 'veth0\x00'}) 06:18:18 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', '\x00\x00\x00\x00\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0x1f7) r1 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000040), 0x10) (async) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r1, &(0x7f0000000080)={0x30000000}) [ 1415.258806] audit: type=1400 audit(1660285098.274:66): apparmor="DENIED" operation="change_hat" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=31203 comm="syz-executor.2" [ 1415.266391] FAULT_INJECTION: forcing a failure. [ 1415.266391] name failslab, interval 1, probability 0, space 0, times 0 [ 1415.327779] IPVS: stopping backup sync thread 4982 ... [ 1415.330291] CPU: 1 PID: 31192 Comm: syz-executor.3 Not tainted 4.14.290-syzkaller #0 [ 1415.340951] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1415.350295] Call Trace: [ 1415.352879] dump_stack+0x1b2/0x281 [ 1415.356505] should_fail.cold+0x10a/0x149 [ 1415.360653] should_failslab+0xd6/0x130 [ 1415.364431] audit: type=1400 audit(1660285098.384:67): apparmor="DENIED" operation="change_hat" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=31230 comm="syz-executor.2" [ 1415.364622] kmem_cache_alloc_node_trace+0x25a/0x400 [ 1415.387125] __kmalloc_node_track_caller+0x38/0x70 [ 1415.392078] __alloc_skb+0x96/0x510 [ 1415.395827] kobject_uevent_env+0x882/0xf30 [ 1415.400149] lo_ioctl+0x11a6/0x1cd0 [ 1415.403783] ? loop_set_status64+0xe0/0xe0 [ 1415.407998] blkdev_ioctl+0x540/0x1830 [ 1415.411888] ? blkpg_ioctl+0x8d0/0x8d0 [ 1415.415758] ? trace_hardirqs_on+0x10/0x10 [ 1415.419977] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1415.425069] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1415.430070] block_ioctl+0xd9/0x120 [ 1415.433673] ? blkdev_fallocate+0x3a0/0x3a0 [ 1415.437993] do_vfs_ioctl+0x75a/0xff0 [ 1415.441797] ? lock_acquire+0x170/0x3f0 [ 1415.445754] ? ioctl_preallocate+0x1a0/0x1a0 [ 1415.450147] ? __fget+0x265/0x3e0 [ 1415.453582] ? do_vfs_ioctl+0xff0/0xff0 [ 1415.457541] ? security_file_ioctl+0x83/0xb0 [ 1415.461925] SyS_ioctl+0x7f/0xb0 [ 1415.465268] ? do_vfs_ioctl+0xff0/0xff0 [ 1415.469227] do_syscall_64+0x1d5/0x640 [ 1415.473109] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1415.478279] RIP: 0033:0x7f5ff741b037 [ 1415.481965] RSP: 002b:00007f5ff5d8ff28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1415.489737] RAX: ffffffffffffffda RBX: 00007f5ff7464a20 RCX: 00007f5ff741b037 [ 1415.496998] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1415.504342] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f5ff5d901d0 [ 1415.511588] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1415.518835] R13: 0000000000000004 R14: 0000000020000240 R15: 0000000000000000 [ 1415.531433] FAULT_INJECTION: forcing a failure. [ 1415.531433] name failslab, interval 1, probability 0, space 0, times 0 [ 1415.550707] CPU: 1 PID: 31232 Comm: syz-executor.1 Not tainted 4.14.290-syzkaller #0 [ 1415.558608] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1415.567953] Call Trace: [ 1415.570545] dump_stack+0x1b2/0x281 [ 1415.574163] should_fail.cold+0x10a/0x149 [ 1415.578297] should_failslab+0xd6/0x130 [ 1415.582246] kmem_cache_alloc_node+0x263/0x410 [ 1415.586808] __alloc_skb+0x5c/0x510 [ 1415.590422] kobject_uevent_env+0x882/0xf30 [ 1415.594733] lo_ioctl+0x11a6/0x1cd0 [ 1415.598345] ? loop_set_status64+0xe0/0xe0 [ 1415.602557] blkdev_ioctl+0x540/0x1830 [ 1415.606419] ? blkpg_ioctl+0x8d0/0x8d0 [ 1415.610282] ? trace_hardirqs_on+0x10/0x10 [ 1415.614518] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1415.619603] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1415.624599] block_ioctl+0xd9/0x120 [ 1415.628200] ? blkdev_fallocate+0x3a0/0x3a0 [ 1415.632677] do_vfs_ioctl+0x75a/0xff0 [ 1415.636469] ? lock_acquire+0x170/0x3f0 [ 1415.640429] ? ioctl_preallocate+0x1a0/0x1a0 [ 1415.644837] ? __fget+0x265/0x3e0 [ 1415.648264] ? do_vfs_ioctl+0xff0/0xff0 [ 1415.652299] ? security_file_ioctl+0x83/0xb0 [ 1415.656685] SyS_ioctl+0x7f/0xb0 [ 1415.660062] ? do_vfs_ioctl+0xff0/0xff0 [ 1415.664015] do_syscall_64+0x1d5/0x640 [ 1415.667885] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1415.673047] RIP: 0033:0x7f5650cf9037 [ 1415.676743] RSP: 002b:00007f564f66df28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1415.684449] RAX: ffffffffffffffda RBX: 00007f5650d42a20 RCX: 00007f5650cf9037 [ 1415.691693] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1415.698942] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f564f66e1d0 [ 1415.706187] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1415.713436] R13: 0000000000000004 R14: 0000000020000240 R15: 0000000000000000 06:18:18 executing program 3: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 28) 06:18:18 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:18 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$IP_VS_SO_SET_STOPDAEMON(r1, 0x0, 0x48c, &(0x7f0000000040)={0x2, 'netdevsim0\x00'}, 0x18) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @empty}, {}, 0x4, {0x2, 0x0, @empty}, 'veth0\x00'}) socket$inet_udp(0x2, 0x2, 0x0) (async) socket$inet_sctp(0x2, 0x5, 0x84) (async) setsockopt$IP_VS_SO_SET_STOPDAEMON(r1, 0x0, 0x48c, &(0x7f0000000040)={0x2, 'netdevsim0\x00'}, 0x18) (async) socket$inet_sctp(0x2, 0x1, 0x84) (async) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @empty}, {}, 0x4, {0x2, 0x0, @empty}, 'veth0\x00'}) (async) 06:18:18 executing program 2: openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nbd(&(0x7f0000000300), r2) sendmsg$NBD_CMD_STATUS(r4, &(0x7f0000000440)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000400)={&(0x7f0000000340)={0x84, r5, 0x10, 0x70bd28, 0x25dfdbfc, {}, [@NBD_ATTR_SERVER_FLAGS={0xc}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x7}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SOCKETS={0x1c, 0x7, 0x0, 0x1, [{0x8, 0x1, r3}, {0x8, 0x1, r3}, {0x8, 0x1, r1}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x20}, @NBD_ATTR_CLIENT_FLAGS={0xc}]}, 0x84}, 0x1, 0x0, 0x0, 0x4048000}, 0x22000000) sendmsg$NBD_CMD_STATUS(r2, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r3}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) write$apparmor_current(r3, &(0x7f0000000280)=@profile={'stack ', ']+\x00'}, 0x9) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r1}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) write$apparmor_current(r1, &(0x7f0000000040)=@hat={'permhat ', 0x0, 0x5e, [':\xc6;P\x1a\xf5\xf7\x1a\x8a\x0f\xc9Nn@v<|\xfa,?\xdd\xa5\xaf\xc3\x13\x10', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$H7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x9eri3C\xbe\xc9\xba\x02:\a\xb886.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xdc\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xba8eG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0x20c) 06:18:18 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$IP_VS_SO_SET_STOPDAEMON(r1, 0x0, 0x48c, &(0x7f0000000040)={0x2, 'netdevsim0\x00'}, 0x18) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @empty}, {}, 0x4, {0x2, 0x0, @empty}, 'veth0\x00'}) 06:18:18 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 27) 06:18:18 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000", @ANYRES32, @ANYBLOB="08000100", @ANYRES32], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) [ 1415.828840] FAULT_INJECTION: forcing a failure. [ 1415.828840] name failslab, interval 1, probability 0, space 0, times 0 [ 1415.839060] IPVS: stopping backup sync thread 1492 ... [ 1415.840190] CPU: 1 PID: 31256 Comm: syz-executor.1 Not tainted 4.14.290-syzkaller #0 [ 1415.853181] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1415.862534] Call Trace: [ 1415.865121] dump_stack+0x1b2/0x281 [ 1415.868756] should_fail.cold+0x10a/0x149 [ 1415.872901] should_failslab+0xd6/0x130 06:18:18 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$IP_VS_SO_SET_STOPDAEMON(r1, 0x0, 0x48c, &(0x7f0000000040)={0x2, 'netdevsim0\x00'}, 0x18) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @empty}, {}, 0x4, {0x2, 0x0, @empty}, 'veth0\x00'}) 06:18:18 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000", @ANYRES32, @ANYBLOB="08000100"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) [ 1415.876870] kmem_cache_alloc_node_trace+0x25a/0x400 [ 1415.882059] __kmalloc_node_track_caller+0x38/0x70 [ 1415.886986] __alloc_skb+0x96/0x510 [ 1415.890613] kobject_uevent_env+0x882/0xf30 [ 1415.894940] lo_ioctl+0x11a6/0x1cd0 [ 1415.898567] ? loop_set_status64+0xe0/0xe0 [ 1415.902800] blkdev_ioctl+0x540/0x1830 [ 1415.906680] ? blkpg_ioctl+0x8d0/0x8d0 [ 1415.910566] ? trace_hardirqs_on+0x10/0x10 [ 1415.914808] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1415.919908] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1415.924927] block_ioctl+0xd9/0x120 06:18:18 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$IP_VS_SO_SET_STOPDAEMON(r1, 0x0, 0x48c, &(0x7f0000000040)={0x2, 'netdevsim0\x00'}, 0x18) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @empty}, {}, 0x4, {0x2, 0x0, @empty}, 'veth0\x00'}) [ 1415.928554] ? blkdev_fallocate+0x3a0/0x3a0 [ 1415.932869] do_vfs_ioctl+0x75a/0xff0 [ 1415.936706] ? lock_acquire+0x170/0x3f0 [ 1415.940676] ? ioctl_preallocate+0x1a0/0x1a0 [ 1415.945080] ? __fget+0x265/0x3e0 [ 1415.948531] ? do_vfs_ioctl+0xff0/0xff0 [ 1415.952504] ? security_file_ioctl+0x83/0xb0 [ 1415.956910] SyS_ioctl+0x7f/0xb0 [ 1415.960266] ? do_vfs_ioctl+0xff0/0xff0 [ 1415.964244] do_syscall_64+0x1d5/0x640 [ 1415.968137] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1415.973322] RIP: 0033:0x7f5650cf9037 06:18:19 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000", @ANYRES32], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:19 executing program 4: socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000040)={0x2, 'netdevsim0\x00'}, 0x18) socket$inet_sctp(0x2, 0x1, 0x84) [ 1415.977023] RSP: 002b:00007f564f66df28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1415.984723] RAX: ffffffffffffffda RBX: 00007f5650d42a20 RCX: 00007f5650cf9037 [ 1415.991988] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1415.999249] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f564f66e1d0 [ 1416.006509] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1416.013774] R13: 0000000000000004 R14: 0000000020000240 R15: 0000000000000000 [ 1416.043739] FAULT_INJECTION: forcing a failure. [ 1416.043739] name failslab, interval 1, probability 0, space 0, times 0 [ 1416.059327] CPU: 1 PID: 31264 Comm: syz-executor.3 Not tainted 4.14.290-syzkaller #0 [ 1416.067220] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1416.076570] Call Trace: [ 1416.079160] dump_stack+0x1b2/0x281 [ 1416.082780] should_fail.cold+0x10a/0x149 [ 1416.086907] should_failslab+0xd6/0x130 [ 1416.090904] kmem_cache_alloc_node_trace+0x25a/0x400 [ 1416.095995] __kmalloc_node_track_caller+0x38/0x70 [ 1416.101023] __alloc_skb+0x96/0x510 [ 1416.104645] kobject_uevent_env+0x882/0xf30 [ 1416.108951] lo_ioctl+0x11a6/0x1cd0 [ 1416.112558] ? loop_set_status64+0xe0/0xe0 [ 1416.116897] blkdev_ioctl+0x540/0x1830 [ 1416.120776] ? blkpg_ioctl+0x8d0/0x8d0 [ 1416.124727] ? trace_hardirqs_on+0x10/0x10 [ 1416.128943] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1416.134031] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1416.139058] block_ioctl+0xd9/0x120 [ 1416.142672] ? blkdev_fallocate+0x3a0/0x3a0 [ 1416.146980] do_vfs_ioctl+0x75a/0xff0 [ 1416.150767] ? lock_acquire+0x170/0x3f0 [ 1416.154730] ? ioctl_preallocate+0x1a0/0x1a0 [ 1416.159126] ? __fget+0x265/0x3e0 [ 1416.162557] ? do_vfs_ioctl+0xff0/0xff0 [ 1416.166508] ? security_file_ioctl+0x83/0xb0 [ 1416.170896] SyS_ioctl+0x7f/0xb0 [ 1416.174248] ? do_vfs_ioctl+0xff0/0xff0 [ 1416.178211] do_syscall_64+0x1d5/0x640 [ 1416.182080] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1416.187246] RIP: 0033:0x7f5ff741b037 [ 1416.190932] RSP: 002b:00007f5ff5d8ff28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1416.198619] RAX: ffffffffffffffda RBX: 00007f5ff7464a20 RCX: 00007f5ff741b037 [ 1416.205863] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1416.213110] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f5ff5d901d0 [ 1416.220363] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1416.227611] R13: 0000000000000004 R14: 0000000020000240 R15: 0000000000000000 06:18:19 executing program 3: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 29) 06:18:19 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$IP_VS_SO_SET_STOPDAEMON(r1, 0x0, 0x48c, &(0x7f0000000040)={0x2, 'netdevsim0\x00'}, 0x18) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @empty}, {}, 0x4, {0x2, 0x0, @empty}, 'veth0\x00'}) socket$inet_udp(0x2, 0x2, 0x0) (async) socket$inet_sctp(0x2, 0x5, 0x84) (async) setsockopt$IP_VS_SO_SET_STOPDAEMON(r1, 0x0, 0x48c, &(0x7f0000000040)={0x2, 'netdevsim0\x00'}, 0x18) (async) socket$inet_sctp(0x2, 0x1, 0x84) (async) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @empty}, {}, 0x4, {0x2, 0x0, @empty}, 'veth0\x00'}) (async) 06:18:19 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:19 executing program 2: openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nbd(&(0x7f0000000300), r2) sendmsg$NBD_CMD_STATUS(r4, &(0x7f0000000440)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000400)={&(0x7f0000000340)={0x84, r5, 0x10, 0x70bd28, 0x25dfdbfc, {}, [@NBD_ATTR_SERVER_FLAGS={0xc}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x7}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SOCKETS={0x1c, 0x7, 0x0, 0x1, [{0x8, 0x1, r3}, {0x8, 0x1, r3}, {0x8, 0x1, r1}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x20}, @NBD_ATTR_CLIENT_FLAGS={0xc}]}, 0x84}, 0x1, 0x0, 0x0, 0x4048000}, 0x22000000) sendmsg$NBD_CMD_STATUS(r2, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r3}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) write$apparmor_current(r3, &(0x7f0000000280)=@profile={'stack ', ']+\x00'}, 0x9) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r1}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) write$apparmor_current(r1, &(0x7f0000000040)=@hat={'permhat ', 0x0, 0x5e, [':\xc6;P\x1a\xf5\xf7\x1a\x8a\x0f\xc9Nn@v<|\xfa,?\xdd\xa5\xaf\xc3\x13\x10', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$H7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x9eri3C\xbe\xc9\xba\x02:\a\xb886.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xdc\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xba8eG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0x20c) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$nbd(&(0x7f0000000300), r2) (async) sendmsg$NBD_CMD_STATUS(r4, &(0x7f0000000440)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000400)={&(0x7f0000000340)={0x84, r5, 0x10, 0x70bd28, 0x25dfdbfc, {}, [@NBD_ATTR_SERVER_FLAGS={0xc}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x7}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SOCKETS={0x1c, 0x7, 0x0, 0x1, [{0x8, 0x1, r3}, {0x8, 0x1, r3}, {0x8, 0x1, r1}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x20}, @NBD_ATTR_CLIENT_FLAGS={0xc}]}, 0x84}, 0x1, 0x0, 0x0, 0x4048000}, 0x22000000) (async) sendmsg$NBD_CMD_STATUS(r2, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r3}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) (async) write$apparmor_current(r3, &(0x7f0000000280)=@profile={'stack ', ']+\x00'}, 0x9) (async) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r1}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) (async) write$apparmor_current(r1, &(0x7f0000000040)=@hat={'permhat ', 0x0, 0x5e, [':\xc6;P\x1a\xf5\xf7\x1a\x8a\x0f\xc9Nn@v<|\xfa,?\xdd\xa5\xaf\xc3\x13\x10', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$H7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x9eri3C\xbe\xc9\xba\x02:\a\xb886.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xdc\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xba8eG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0x20c) (async) 06:18:19 executing program 4: socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000040)={0x2, 'netdevsim0\x00'}, 0x18) socket$inet_sctp(0x2, 0x1, 0x84) 06:18:19 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 28) 06:18:19 executing program 4: socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000040)={0x2, 'netdevsim0\x00'}, 0x18) socket$inet_sctp(0x2, 0x1, 0x84) 06:18:19 executing program 2: openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nbd(&(0x7f0000000300), r2) sendmsg$NBD_CMD_STATUS(r4, &(0x7f0000000440)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000400)={&(0x7f0000000340)={0x84, r5, 0x10, 0x70bd28, 0x25dfdbfc, {}, [@NBD_ATTR_SERVER_FLAGS={0xc}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x7}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SOCKETS={0x1c, 0x7, 0x0, 0x1, [{0x8, 0x1, r3}, {0x8, 0x1, r3}, {0x8, 0x1, r1}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x20}, @NBD_ATTR_CLIENT_FLAGS={0xc}]}, 0x84}, 0x1, 0x0, 0x0, 0x4048000}, 0x22000000) sendmsg$NBD_CMD_STATUS(r2, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r3}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) write$apparmor_current(r3, &(0x7f0000000280)=@profile={'stack ', ']+\x00'}, 0x9) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r1}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) write$apparmor_current(r1, &(0x7f0000000040)=@hat={'permhat ', 0x0, 0x5e, [':\xc6;P\x1a\xf5\xf7\x1a\x8a\x0f\xc9Nn@v<|\xfa,?\xdd\xa5\xaf\xc3\x13\x10', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$H7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x9eri3C\xbe\xc9\xba\x02:\a\xb886.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xdc\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xba8eG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0x20c) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$nbd(&(0x7f0000000300), r2) (async) sendmsg$NBD_CMD_STATUS(r4, &(0x7f0000000440)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000400)={&(0x7f0000000340)={0x84, r5, 0x10, 0x70bd28, 0x25dfdbfc, {}, [@NBD_ATTR_SERVER_FLAGS={0xc}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x7}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SOCKETS={0x1c, 0x7, 0x0, 0x1, [{0x8, 0x1, r3}, {0x8, 0x1, r3}, {0x8, 0x1, r1}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x20}, @NBD_ATTR_CLIENT_FLAGS={0xc}]}, 0x84}, 0x1, 0x0, 0x0, 0x4048000}, 0x22000000) (async) sendmsg$NBD_CMD_STATUS(r2, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r3}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) (async) write$apparmor_current(r3, &(0x7f0000000280)=@profile={'stack ', ']+\x00'}, 0x9) (async) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r1}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) (async) write$apparmor_current(r1, &(0x7f0000000040)=@hat={'permhat ', 0x0, 0x5e, [':\xc6;P\x1a\xf5\xf7\x1a\x8a\x0f\xc9Nn@v<|\xfa,?\xdd\xa5\xaf\xc3\x13\x10', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$H7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x9eri3C\xbe\xc9\xba\x02:\a\xb886.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xdc\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xba8eG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0x20c) (async) 06:18:19 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:19 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCDARP(r1, 0x8953, &(0x7f0000000080)={{0x2, 0x4e22, @multicast2}, {0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x37}}, 0x36, {0x2, 0x4e20, @broadcast}, 'wg1\x00'}) [ 1416.365381] FAULT_INJECTION: forcing a failure. [ 1416.365381] name failslab, interval 1, probability 0, space 0, times 0 06:18:19 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCDARP(r1, 0x8953, &(0x7f0000000080)={{0x2, 0x4e22, @multicast2}, {0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x37}}, 0x36, {0x2, 0x4e20, @broadcast}, 'wg1\x00'}) [ 1416.409285] CPU: 1 PID: 31304 Comm: syz-executor.1 Not tainted 4.14.290-syzkaller #0 [ 1416.417188] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1416.426537] Call Trace: [ 1416.429129] dump_stack+0x1b2/0x281 [ 1416.432758] should_fail.cold+0x10a/0x149 [ 1416.436914] should_failslab+0xd6/0x130 [ 1416.440893] kmem_cache_alloc_node_trace+0x25a/0x400 [ 1416.446000] __kmalloc_node_track_caller+0x38/0x70 [ 1416.450931] __alloc_skb+0x96/0x510 [ 1416.454573] kobject_uevent_env+0x882/0xf30 06:18:19 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) (async) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCDARP(r1, 0x8953, &(0x7f0000000080)={{0x2, 0x4e22, @multicast2}, {0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x37}}, 0x36, {0x2, 0x4e20, @broadcast}, 'wg1\x00'}) [ 1416.458905] lo_ioctl+0x11a6/0x1cd0 [ 1416.462531] ? loop_set_status64+0xe0/0xe0 [ 1416.466783] blkdev_ioctl+0x540/0x1830 [ 1416.470667] ? blkpg_ioctl+0x8d0/0x8d0 [ 1416.474637] ? trace_hardirqs_on+0x10/0x10 [ 1416.478873] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1416.483974] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1416.489089] block_ioctl+0xd9/0x120 [ 1416.492731] ? blkdev_fallocate+0x3a0/0x3a0 [ 1416.497060] do_vfs_ioctl+0x75a/0xff0 [ 1416.501135] ? lock_acquire+0x170/0x3f0 [ 1416.505103] ? ioctl_preallocate+0x1a0/0x1a0 [ 1416.509506] ? __fget+0x265/0x3e0 [ 1416.512950] ? do_vfs_ioctl+0xff0/0xff0 [ 1416.516903] ? security_file_ioctl+0x83/0xb0 [ 1416.521291] SyS_ioctl+0x7f/0xb0 [ 1416.524630] ? do_vfs_ioctl+0xff0/0xff0 [ 1416.528595] do_syscall_64+0x1d5/0x640 [ 1416.532481] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1416.537648] RIP: 0033:0x7f5650cf9037 [ 1416.541345] RSP: 002b:00007f564f66df28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1416.549030] RAX: ffffffffffffffda RBX: 00007f5650d42a20 RCX: 00007f5650cf9037 [ 1416.556284] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1416.563531] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f564f66e1d0 [ 1416.570785] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1416.578044] R13: 0000000000000004 R14: 0000000020000240 R15: 0000000000000000 [ 1416.596369] FAULT_INJECTION: forcing a failure. [ 1416.596369] name failslab, interval 1, probability 0, space 0, times 0 [ 1416.607794] CPU: 1 PID: 31299 Comm: syz-executor.3 Not tainted 4.14.290-syzkaller #0 [ 1416.615659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1416.624989] Call Trace: [ 1416.627560] dump_stack+0x1b2/0x281 [ 1416.631191] should_fail.cold+0x10a/0x149 [ 1416.635327] should_failslab+0xd6/0x130 [ 1416.639293] kmem_cache_alloc_node_trace+0x25a/0x400 [ 1416.644381] __kmalloc_node_track_caller+0x38/0x70 [ 1416.649287] __alloc_skb+0x96/0x510 [ 1416.652892] kobject_uevent_env+0x882/0xf30 [ 1416.657195] lo_ioctl+0x11a6/0x1cd0 [ 1416.660827] ? loop_set_status64+0xe0/0xe0 [ 1416.665050] blkdev_ioctl+0x540/0x1830 [ 1416.668912] ? blkpg_ioctl+0x8d0/0x8d0 [ 1416.672786] ? trace_hardirqs_on+0x10/0x10 [ 1416.677011] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1416.682099] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1416.687097] block_ioctl+0xd9/0x120 [ 1416.690704] ? blkdev_fallocate+0x3a0/0x3a0 [ 1416.695009] do_vfs_ioctl+0x75a/0xff0 [ 1416.698801] ? lock_acquire+0x170/0x3f0 [ 1416.702755] ? ioctl_preallocate+0x1a0/0x1a0 [ 1416.707140] ? __fget+0x265/0x3e0 [ 1416.710570] ? do_vfs_ioctl+0xff0/0xff0 [ 1416.714531] ? security_file_ioctl+0x83/0xb0 [ 1416.718923] SyS_ioctl+0x7f/0xb0 [ 1416.722267] ? do_vfs_ioctl+0xff0/0xff0 [ 1416.726222] do_syscall_64+0x1d5/0x640 [ 1416.730091] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1416.735265] RIP: 0033:0x7f5ff741b037 [ 1416.738962] RSP: 002b:00007f5ff5d8ff28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1416.746654] RAX: ffffffffffffffda RBX: 00007f5ff7464a20 RCX: 00007f5ff741b037 [ 1416.753907] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1416.761247] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f5ff5d901d0 [ 1416.768499] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1416.775746] R13: 0000000000000004 R14: 0000000020000240 R15: 0000000000000000 06:18:19 executing program 3: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 30) 06:18:19 executing program 5: r0 = socket$inet(0x2, 0x5, 0x9) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000080)={'filter\x00', 0x0, [0x8001, 0xf9, 0x9, 0x90000, 0x7]}, &(0x7f0000000100)=0x54) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r1, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) 06:18:19 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$IP_VS_SO_SET_STOPDAEMON(r1, 0x0, 0x48c, &(0x7f0000000040)={0x2, 'netdevsim0\x00'}, 0x18) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @empty}, {}, 0x4, {0x2, 0x0, @empty}, 'veth0\x00'}) 06:18:19 executing program 2: openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x14}, 0x14}}, 0x0) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000bc0), r0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) write$apparmor_current(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYRESHEX=r1], 0xfffffffffffffd95) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r2, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r3}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r5}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000800)={0xffffffffffffffff, 0xe0, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000540)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8, &(0x7f0000000580)=[0x0], &(0x7f00000005c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000000600)=[{}, {}], 0x10, 0x10, &(0x7f0000000640), &(0x7f0000000680), 0x8, 0x10, 0x8, 0x8, &(0x7f00000006c0)}}, 0x10) r7 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000840), 0x4) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000940)={0x800}, 0x8) r9 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r8, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r9}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x8034873723730d5a, 0x12, &(0x7f0000000300)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4}, [@call={0x85, 0x0, 0x0, 0xb}, @func={0x85, 0x0, 0x1, 0x0, 0x5}, @map_val={0x18, 0x5, 0x2, 0x0, r3, 0x0, 0x0, 0x0, 0x8000}, @map_val={0x18, 0x9, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0xd5a000}, @jmp={0x5, 0x0, 0x5, 0x6, 0x9, 0xffffffffffffffff, 0x4}, @initr0={0x18, 0x0, 0x0, 0x0, 0xffffff01, 0x0, 0x0, 0x0, 0xfffffffd}, @cb_func={0x18, 0x3, 0x4, 0x0, 0xfffffffffffffffe}, @map_idx={0x18, 0xb, 0x5, 0x0, 0xe}, @cb_func={0x18, 0xb}]}, &(0x7f00000003c0)='syzkaller\x00', 0x7, 0x96, &(0x7f0000000400)=""/150, 0x0, 0x18, '\x00', 0x0, 0x2, r5, 0x8, &(0x7f00000004c0)={0xa, 0x2}, 0x8, 0x10, &(0x7f0000000500)={0x0, 0xb, 0x1, 0xffffffff}, 0x10, r6, r7, 0x0, &(0x7f0000000880)=[0xffffffffffffffff, r9, 0x1]}, 0x80) 06:18:19 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf250500000008000100000000"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:19 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 29) 06:18:19 executing program 2: openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x14}, 0x14}}, 0x0) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000bc0), r0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) write$apparmor_current(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYRESHEX=r1], 0xfffffffffffffd95) (async) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r2, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r3}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r5}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000800)={0xffffffffffffffff, 0xe0, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000540)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8, &(0x7f0000000580)=[0x0], &(0x7f00000005c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000000600)=[{}, {}], 0x10, 0x10, &(0x7f0000000640), &(0x7f0000000680), 0x8, 0x10, 0x8, 0x8, &(0x7f00000006c0)}}, 0x10) (async) r7 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000840), 0x4) (async) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000940)={0x800}, 0x8) (async) r9 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r8, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r9}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) (async) bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x8034873723730d5a, 0x12, &(0x7f0000000300)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4}, [@call={0x85, 0x0, 0x0, 0xb}, @func={0x85, 0x0, 0x1, 0x0, 0x5}, @map_val={0x18, 0x5, 0x2, 0x0, r3, 0x0, 0x0, 0x0, 0x8000}, @map_val={0x18, 0x9, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0xd5a000}, @jmp={0x5, 0x0, 0x5, 0x6, 0x9, 0xffffffffffffffff, 0x4}, @initr0={0x18, 0x0, 0x0, 0x0, 0xffffff01, 0x0, 0x0, 0x0, 0xfffffffd}, @cb_func={0x18, 0x3, 0x4, 0x0, 0xfffffffffffffffe}, @map_idx={0x18, 0xb, 0x5, 0x0, 0xe}, @cb_func={0x18, 0xb}]}, &(0x7f00000003c0)='syzkaller\x00', 0x7, 0x96, &(0x7f0000000400)=""/150, 0x0, 0x18, '\x00', 0x0, 0x2, r5, 0x8, &(0x7f00000004c0)={0xa, 0x2}, 0x8, 0x10, &(0x7f0000000500)={0x0, 0xb, 0x1, 0xffffffff}, 0x10, r6, r7, 0x0, &(0x7f0000000880)=[0xffffffffffffffff, r9, 0x1]}, 0x80) [ 1416.887062] FAULT_INJECTION: forcing a failure. [ 1416.887062] name failslab, interval 1, probability 0, space 0, times 0 [ 1416.908552] CPU: 1 PID: 31359 Comm: syz-executor.3 Not tainted 4.14.290-syzkaller #0 [ 1416.916446] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1416.925792] Call Trace: [ 1416.928378] dump_stack+0x1b2/0x281 [ 1416.932008] should_fail.cold+0x10a/0x149 06:18:19 executing program 5: r0 = socket$inet(0x2, 0x5, 0x9) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000080)={'filter\x00', 0x0, [0x8001, 0xf9, 0x9, 0x90000, 0x7]}, &(0x7f0000000100)=0x54) (async) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r1, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) 06:18:19 executing program 5: r0 = socket$inet(0x2, 0x5, 0x9) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000080)={'filter\x00', 0x0, [0x8001, 0xf9, 0x9, 0x90000, 0x7]}, &(0x7f0000000100)=0x54) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r1, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) socket$inet(0x2, 0x5, 0x9) (async) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000080)={'filter\x00', 0x0, [0x8001, 0xf9, 0x9, 0x90000, 0x7]}, &(0x7f0000000100)=0x54) (async) socket$inet_udp(0x2, 0x2, 0x0) (async) ioctl$sock_inet_SIOCSARP(r1, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) (async) [ 1416.936155] should_failslab+0xd6/0x130 [ 1416.940129] kmem_cache_alloc_node_trace+0x25a/0x400 [ 1416.945234] __kmalloc_node_track_caller+0x38/0x70 [ 1416.950166] __alloc_skb+0x96/0x510 [ 1416.953795] kobject_uevent_env+0x882/0xf30 [ 1416.958120] lo_ioctl+0x11a6/0x1cd0 [ 1416.961751] ? loop_set_status64+0xe0/0xe0 [ 1416.965983] blkdev_ioctl+0x540/0x1830 [ 1416.969871] ? blkpg_ioctl+0x8d0/0x8d0 [ 1416.973751] ? trace_hardirqs_on+0x10/0x10 [ 1416.977982] ? _raw_spin_unlock_irqrestore+0x66/0xe0 06:18:20 executing program 5: socket$inet_udp(0x2, 0x2, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r1}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) ioctl$sock_inet_SIOCSARP(r1, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {0x0, @remote}, 0x4, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 'veth0\x00'}) ioctl$SIOCGETMIFCNT_IN6(0xffffffffffffffff, 0x89e0, &(0x7f0000000080)={0xffffffffffffffff}) [ 1416.983080] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1416.988098] block_ioctl+0xd9/0x120 [ 1416.991720] ? blkdev_fallocate+0x3a0/0x3a0 [ 1416.996040] do_vfs_ioctl+0x75a/0xff0 [ 1416.999838] ? lock_acquire+0x170/0x3f0 [ 1417.003810] ? ioctl_preallocate+0x1a0/0x1a0 [ 1417.008220] ? __fget+0x265/0x3e0 [ 1417.011668] ? do_vfs_ioctl+0xff0/0xff0 [ 1417.015644] ? security_file_ioctl+0x83/0xb0 [ 1417.020051] SyS_ioctl+0x7f/0xb0 [ 1417.023410] ? do_vfs_ioctl+0xff0/0xff0 [ 1417.027384] do_syscall_64+0x1d5/0x640 [ 1417.031276] entry_SYSCALL_64_after_hwframe+0x46/0xbb 06:18:20 executing program 5: socket$inet_udp(0x2, 0x2, 0x0) (async) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r1}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) ioctl$sock_inet_SIOCSARP(r1, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {0x0, @remote}, 0x4, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 'veth0\x00'}) (async) ioctl$SIOCGETMIFCNT_IN6(0xffffffffffffffff, 0x89e0, &(0x7f0000000080)={0xffffffffffffffff}) 06:18:20 executing program 5: socket$inet_udp(0x2, 0x2, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r1}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) ioctl$sock_inet_SIOCSARP(r1, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {0x0, @remote}, 0x4, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 'veth0\x00'}) ioctl$SIOCGETMIFCNT_IN6(0xffffffffffffffff, 0x89e0, &(0x7f0000000080)={0xffffffffffffffff}) socket$inet_udp(0x2, 0x2, 0x0) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) (async) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r1}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) (async) ioctl$sock_inet_SIOCSARP(r1, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {0x0, @remote}, 0x4, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 'veth0\x00'}) (async) ioctl$SIOCGETMIFCNT_IN6(0xffffffffffffffff, 0x89e0, &(0x7f0000000080)={0xffffffffffffffff}) (async) [ 1417.036459] RIP: 0033:0x7f5ff741b037 [ 1417.040163] RSP: 002b:00007f5ff5d8ff28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1417.047864] RAX: ffffffffffffffda RBX: 00007f5ff7464a20 RCX: 00007f5ff741b037 [ 1417.055136] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1417.062400] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f5ff5d901d0 [ 1417.069762] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1417.077026] R13: 0000000000000004 R14: 0000000020000240 R15: 0000000000000000 [ 1417.110151] FAULT_INJECTION: forcing a failure. [ 1417.110151] name failslab, interval 1, probability 0, space 0, times 0 [ 1417.122616] CPU: 0 PID: 31366 Comm: syz-executor.1 Not tainted 4.14.290-syzkaller #0 [ 1417.130496] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1417.139842] Call Trace: [ 1417.142409] dump_stack+0x1b2/0x281 [ 1417.146026] should_fail.cold+0x10a/0x149 [ 1417.150151] should_failslab+0xd6/0x130 [ 1417.154107] kmem_cache_alloc_node_trace+0x25a/0x400 [ 1417.159202] __kmalloc_node_track_caller+0x38/0x70 [ 1417.164111] __alloc_skb+0x96/0x510 [ 1417.167719] kobject_uevent_env+0x882/0xf30 [ 1417.172023] lo_ioctl+0x11a6/0x1cd0 [ 1417.175628] ? loop_set_status64+0xe0/0xe0 [ 1417.179860] blkdev_ioctl+0x540/0x1830 [ 1417.183735] ? blkpg_ioctl+0x8d0/0x8d0 [ 1417.187598] ? trace_hardirqs_on+0x10/0x10 [ 1417.191809] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1417.196887] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1417.201880] block_ioctl+0xd9/0x120 [ 1417.205481] ? blkdev_fallocate+0x3a0/0x3a0 [ 1417.209787] do_vfs_ioctl+0x75a/0xff0 [ 1417.213574] ? lock_acquire+0x170/0x3f0 [ 1417.217521] ? ioctl_preallocate+0x1a0/0x1a0 [ 1417.221906] ? __fget+0x265/0x3e0 [ 1417.225336] ? do_vfs_ioctl+0xff0/0xff0 [ 1417.229289] ? security_file_ioctl+0x83/0xb0 [ 1417.233766] SyS_ioctl+0x7f/0xb0 [ 1417.237104] ? do_vfs_ioctl+0xff0/0xff0 [ 1417.241054] do_syscall_64+0x1d5/0x640 [ 1417.244931] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1417.250094] RIP: 0033:0x7f5650cf9037 06:18:20 executing program 3: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 31) 06:18:20 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYRES32], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:20 executing program 2: openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x14}, 0x14}}, 0x0) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000bc0), r0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) write$apparmor_current(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYRESHEX=r1], 0xfffffffffffffd95) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r2, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r3}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r5}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000800)={0xffffffffffffffff, 0xe0, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000540)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8, &(0x7f0000000580)=[0x0], &(0x7f00000005c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000000600)=[{}, {}], 0x10, 0x10, &(0x7f0000000640), &(0x7f0000000680), 0x8, 0x10, 0x8, 0x8, &(0x7f00000006c0)}}, 0x10) r7 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000840), 0x4) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000940)={0x800}, 0x8) r9 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r8, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r9}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x8034873723730d5a, 0x12, &(0x7f0000000300)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4}, [@call={0x85, 0x0, 0x0, 0xb}, @func={0x85, 0x0, 0x1, 0x0, 0x5}, @map_val={0x18, 0x5, 0x2, 0x0, r3, 0x0, 0x0, 0x0, 0x8000}, @map_val={0x18, 0x9, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0xd5a000}, @jmp={0x5, 0x0, 0x5, 0x6, 0x9, 0xffffffffffffffff, 0x4}, @initr0={0x18, 0x0, 0x0, 0x0, 0xffffff01, 0x0, 0x0, 0x0, 0xfffffffd}, @cb_func={0x18, 0x3, 0x4, 0x0, 0xfffffffffffffffe}, @map_idx={0x18, 0xb, 0x5, 0x0, 0xe}, @cb_func={0x18, 0xb}]}, &(0x7f00000003c0)='syzkaller\x00', 0x7, 0x96, &(0x7f0000000400)=""/150, 0x0, 0x18, '\x00', 0x0, 0x2, r5, 0x8, &(0x7f00000004c0)={0xa, 0x2}, 0x8, 0x10, &(0x7f0000000500)={0x0, 0xb, 0x1, 0xffffffff}, 0x10, r6, r7, 0x0, &(0x7f0000000880)=[0xffffffffffffffff, r9, 0x1]}, 0x80) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x14}, 0x14}}, 0x0) (async) syz_genetlink_get_family_id$nbd(&(0x7f0000000bc0), r0) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) (async) write$apparmor_current(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYRESHEX=r1], 0xfffffffffffffd95) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) (async) sendmsg$NBD_CMD_STATUS(r2, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r3}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) (async) sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r5}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000800)={0xffffffffffffffff, 0xe0, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000540)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8, &(0x7f0000000580)=[0x0], &(0x7f00000005c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000000600)=[{}, {}], 0x10, 0x10, &(0x7f0000000640), &(0x7f0000000680), 0x8, 0x10, 0x8, 0x8, &(0x7f00000006c0)}}, 0x10) (async) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000840), 0x4) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000940)={0x800}, 0x8) (async) openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) (async) sendmsg$NBD_CMD_STATUS(r8, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r9}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) (async) bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x8034873723730d5a, 0x12, &(0x7f0000000300)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4}, [@call={0x85, 0x0, 0x0, 0xb}, @func={0x85, 0x0, 0x1, 0x0, 0x5}, @map_val={0x18, 0x5, 0x2, 0x0, r3, 0x0, 0x0, 0x0, 0x8000}, @map_val={0x18, 0x9, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0xd5a000}, @jmp={0x5, 0x0, 0x5, 0x6, 0x9, 0xffffffffffffffff, 0x4}, @initr0={0x18, 0x0, 0x0, 0x0, 0xffffff01, 0x0, 0x0, 0x0, 0xfffffffd}, @cb_func={0x18, 0x3, 0x4, 0x0, 0xfffffffffffffffe}, @map_idx={0x18, 0xb, 0x5, 0x0, 0xe}, @cb_func={0x18, 0xb}]}, &(0x7f00000003c0)='syzkaller\x00', 0x7, 0x96, &(0x7f0000000400)=""/150, 0x0, 0x18, '\x00', 0x0, 0x2, r5, 0x8, &(0x7f00000004c0)={0xa, 0x2}, 0x8, 0x10, &(0x7f0000000500)={0x0, 0xb, 0x1, 0xffffffff}, 0x10, r6, r7, 0x0, &(0x7f0000000880)=[0xffffffffffffffff, r9, 0x1]}, 0x80) (async) 06:18:20 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$IP_VS_SO_SET_STOPDAEMON(r1, 0x0, 0x48c, &(0x7f0000000040)={0x2, 'netdevsim0\x00'}, 0x18) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @empty}, {}, 0x4, {0x2, 0x0, @empty}, 'veth0\x00'}) 06:18:20 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x4e20, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r2}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) getsockopt$ARPT_SO_GET_ENTRIES(r2, 0x0, 0x61, &(0x7f0000000080)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000630000000b1ea4613aa0d23b113256bf6f60115c21015259eff9803bb82c26f00568a65ea18d8a5b886780b51dda6d1d37ef83d01dfa78e9f303717e4e0eea42d288952e9cbb0da0f541102cbab371ebb8efbb9c8d140e"], &(0x7f0000000140)=0x87) [ 1417.253780] RSP: 002b:00007f564f66df28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1417.261477] RAX: ffffffffffffffda RBX: 00007f5650d42a20 RCX: 00007f5650cf9037 [ 1417.268724] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1417.275971] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f564f66e1d0 [ 1417.283216] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1417.290460] R13: 0000000000000004 R14: 0000000020000240 R15: 0000000000000000 06:18:20 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 30) 06:18:20 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$IP_VS_SO_SET_STOPDAEMON(r1, 0x0, 0x48c, &(0x7f0000000040)={0x2, 'netdevsim0\x00'}, 0x18) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @empty}, {}, 0x4, {0x2, 0x0, @empty}, 'veth0\x00'}) 06:18:20 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x4e20, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) (async) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r2}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) (async) getsockopt$ARPT_SO_GET_ENTRIES(r2, 0x0, 0x61, &(0x7f0000000080)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000630000000b1ea4613aa0d23b113256bf6f60115c21015259eff9803bb82c26f00568a65ea18d8a5b886780b51dda6d1d37ef83d01dfa78e9f303717e4e0eea42d288952e9cbb0da0f541102cbab371ebb8efbb9c8d140e"], &(0x7f0000000140)=0x87) 06:18:20 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYRES32], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) [ 1417.410654] FAULT_INJECTION: forcing a failure. [ 1417.410654] name failslab, interval 1, probability 0, space 0, times 0 06:18:20 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32=r1, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0832a0114d210b4b4a111584000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0800010000000000"], 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) ioctl$SG_IO(r1, 0x2285, &(0x7f0000001640)={0x0, 0xffffffffffffffff, 0x39, 0x8, @scatter={0x5, 0x0, &(0x7f0000000340)=[{&(0x7f0000000040)=""/216, 0xd8}, {&(0x7f0000000140)}, {&(0x7f0000000180)}, {&(0x7f00000001c0)=""/207, 0xcf}, {&(0x7f00000002c0)=""/116, 0x74}]}, &(0x7f00000003c0)="6a2926a616153488b56704bc9e05045c312599b77e68197eb554f2ce33ee678f5a220fe1cea2c874425eb3a0d2129a3f890915477c486cd4a4", &(0x7f0000000640)=""/4096, 0x9, 0x10000, 0xffffffffffffffff, &(0x7f0000000400)}) r2 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r2, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) 06:18:20 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32=r1, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0832a0114d210b4b4a111584000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0800010000000000"], 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) ioctl$SG_IO(r1, 0x2285, &(0x7f0000001640)={0x0, 0xffffffffffffffff, 0x39, 0x8, @scatter={0x5, 0x0, &(0x7f0000000340)=[{&(0x7f0000000040)=""/216, 0xd8}, {&(0x7f0000000140)}, {&(0x7f0000000180)}, {&(0x7f00000001c0)=""/207, 0xcf}, {&(0x7f00000002c0)=""/116, 0x74}]}, &(0x7f00000003c0)="6a2926a616153488b56704bc9e05045c312599b77e68197eb554f2ce33ee678f5a220fe1cea2c874425eb3a0d2129a3f890915477c486cd4a4", &(0x7f0000000640)=""/4096, 0x9, 0x10000, 0xffffffffffffffff, &(0x7f0000000400)}) (async) r2 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r2, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) [ 1417.452076] CPU: 0 PID: 31421 Comm: syz-executor.3 Not tainted 4.14.290-syzkaller #0 [ 1417.460095] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1417.469445] Call Trace: [ 1417.472032] dump_stack+0x1b2/0x281 [ 1417.475659] should_fail.cold+0x10a/0x149 [ 1417.479814] should_failslab+0xd6/0x130 [ 1417.483803] kmem_cache_alloc_node_trace+0x25a/0x400 [ 1417.488907] __kmalloc_node_track_caller+0x38/0x70 [ 1417.493834] __alloc_skb+0x96/0x510 [ 1417.497463] kobject_uevent_env+0x882/0xf30 06:18:20 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYRES32], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) [ 1417.501789] lo_ioctl+0x11a6/0x1cd0 [ 1417.505417] ? loop_set_status64+0xe0/0xe0 [ 1417.509656] blkdev_ioctl+0x540/0x1830 [ 1417.513578] ? blkpg_ioctl+0x8d0/0x8d0 [ 1417.517458] ? trace_hardirqs_on+0x10/0x10 [ 1417.521705] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1417.526813] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1417.531832] block_ioctl+0xd9/0x120 [ 1417.535548] ? blkdev_fallocate+0x3a0/0x3a0 [ 1417.539872] do_vfs_ioctl+0x75a/0xff0 [ 1417.543677] ? lock_acquire+0x170/0x3f0 [ 1417.547649] ? ioctl_preallocate+0x1a0/0x1a0 [ 1417.552062] ? __fget+0x265/0x3e0 [ 1417.555530] ? do_vfs_ioctl+0xff0/0xff0 [ 1417.559482] ? security_file_ioctl+0x83/0xb0 [ 1417.563876] SyS_ioctl+0x7f/0xb0 [ 1417.567217] ? do_vfs_ioctl+0xff0/0xff0 [ 1417.571170] do_syscall_64+0x1d5/0x640 [ 1417.575062] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1417.580237] RIP: 0033:0x7f5ff741b037 [ 1417.583932] RSP: 002b:00007f5ff5d8ff28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1417.591617] RAX: ffffffffffffffda RBX: 00007f5ff7464a20 RCX: 00007f5ff741b037 [ 1417.598863] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1417.606111] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f5ff5d901d0 [ 1417.613355] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1417.620602] R13: 0000000000000004 R14: 0000000020000240 R15: 0000000000000000 [ 1417.636357] FAULT_INJECTION: forcing a failure. [ 1417.636357] name failslab, interval 1, probability 0, space 0, times 0 [ 1417.647840] CPU: 0 PID: 31445 Comm: syz-executor.1 Not tainted 4.14.290-syzkaller #0 [ 1417.655724] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1417.665072] Call Trace: [ 1417.667663] dump_stack+0x1b2/0x281 [ 1417.671296] should_fail.cold+0x10a/0x149 [ 1417.675448] should_failslab+0xd6/0x130 [ 1417.679423] kmem_cache_alloc_node+0x263/0x410 [ 1417.684007] __alloc_skb+0x5c/0x510 [ 1417.687626] kobject_uevent_env+0x882/0xf30 [ 1417.691928] lo_ioctl+0x11a6/0x1cd0 [ 1417.695535] ? loop_set_status64+0xe0/0xe0 [ 1417.699748] blkdev_ioctl+0x540/0x1830 [ 1417.703622] ? blkpg_ioctl+0x8d0/0x8d0 [ 1417.707491] ? trace_hardirqs_on+0x10/0x10 [ 1417.711707] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1417.716786] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1417.721780] block_ioctl+0xd9/0x120 [ 1417.725382] ? blkdev_fallocate+0x3a0/0x3a0 [ 1417.729683] do_vfs_ioctl+0x75a/0xff0 [ 1417.733462] ? lock_acquire+0x170/0x3f0 [ 1417.737433] ? ioctl_preallocate+0x1a0/0x1a0 [ 1417.741839] ? __fget+0x265/0x3e0 [ 1417.745290] ? do_vfs_ioctl+0xff0/0xff0 [ 1417.749240] ? security_file_ioctl+0x83/0xb0 [ 1417.753641] SyS_ioctl+0x7f/0xb0 [ 1417.757016] ? do_vfs_ioctl+0xff0/0xff0 [ 1417.760970] do_syscall_64+0x1d5/0x640 [ 1417.764841] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1417.770010] RIP: 0033:0x7f5650cf9037 [ 1417.773697] RSP: 002b:00007f564f66df28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1417.781378] RAX: ffffffffffffffda RBX: 00007f5650d42a20 RCX: 00007f5650cf9037 [ 1417.788634] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1417.795880] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f564f66e1d0 06:18:20 executing program 3: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 32) 06:18:20 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB, @ANYRES32], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:20 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32=r1, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0832a0114d210b4b4a111584000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0800010000000000"], 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) (async) ioctl$SG_IO(r1, 0x2285, &(0x7f0000001640)={0x0, 0xffffffffffffffff, 0x39, 0x8, @scatter={0x5, 0x0, &(0x7f0000000340)=[{&(0x7f0000000040)=""/216, 0xd8}, {&(0x7f0000000140)}, {&(0x7f0000000180)}, {&(0x7f00000001c0)=""/207, 0xcf}, {&(0x7f00000002c0)=""/116, 0x74}]}, &(0x7f00000003c0)="6a2926a616153488b56704bc9e05045c312599b77e68197eb554f2ce33ee678f5a220fe1cea2c874425eb3a0d2129a3f890915477c486cd4a4", &(0x7f0000000640)=""/4096, 0x9, 0x10000, 0xffffffffffffffff, &(0x7f0000000400)}) (async) r2 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r2, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) 06:18:20 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x4e20, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) (async) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r2}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) (async) getsockopt$ARPT_SO_GET_ENTRIES(r2, 0x0, 0x61, &(0x7f0000000080)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000630000000b1ea4613aa0d23b113256bf6f60115c21015259eff9803bb82c26f00568a65ea18d8a5b886780b51dda6d1d37ef83d01dfa78e9f303717e4e0eea42d288952e9cbb0da0f541102cbab371ebb8efbb9c8d140e"], &(0x7f0000000140)=0x87) 06:18:20 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(0xffffffffffffffff, 0x0, 0x48c, &(0x7f0000000040)={0x2, 'netdevsim0\x00'}, 0x18) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @empty}, {}, 0x4, {0x2, 0x0, @empty}, 'veth0\x00'}) 06:18:20 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 31) [ 1417.803128] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1417.810374] R13: 0000000000000004 R14: 0000000020000240 R15: 0000000000000000 06:18:20 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB, @ANYRES32], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:20 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="7065726d686174203078303030303030303030303030303030305e716e783400716e05340079f11a017dc13814dc9cab696aa2e76efadf6ce9242d2e2ceb278a3a2500c4c9b25a47765256b06a47e4183380ec41a6e5b5702e5ead797f244a3775ecc41b5db3d0b5c02b30caa57a63c861bc3bb97abc58c50a3a9accdeb4546905085e9f7a03d18a91801f46ecf7b852545d55833962bf6c159a07aeb2f8d39672693343bec9ba023a07b810362e1b02bdb7f1f5df6fc00b55d55f4038bbfeb9dcae81dce7007fa32758fa88e4be5c0577e5aa9e764fae205dacb1b342d2f9352e163532ac8f1d5d62d687f8b3435c7171e5b3af99ce24b8921ef8ab63c3d796af66d4fbe1909396c9dcf80dae334d6acacf53178f639bfa81825bfb13ba506547963d00d75a699855c44e798e91f460a06655098beb0ac0dc487b6767d0c053360e40ff38a2ff834c31926a635b456d1b8f67bd1638ac81de0656dd866d8fdc5c394dea7edc2c538e26c7b2efd7a90797865db97a17dbc03b0e002757eb77aea34011a0c04924b89535a86e64a0bbd1e059df8cf8aa28688d2f76a9350c6d807c891dac888dc6e62dadcc0b43cf3170f1cacdc0b7afc717ee6c91b2c35d046c77db809d597b086861fbd3db6eab74faa8d21bf7ce6316159c06d9716e7834003a18123adc93dca988018000080000000000000000000046c3f19f93bc871edb681db183a706c32105d0f00e46806ea8678633543e2d68131e11463f43a0e8161bd48b930a7d7712f3b4d7e98b6fe0149365af6ec882ccb1023bf70c344116cbb97d7cd4a9bba3ed6362be92bd473c6da17fa5a8ddbc4e3161c84beedfb78f66d049ee9cf8510da79508abf8a09a9d01b52ee595e7a6a6e8d1b57ea24c6a76055d5b25b5b5a75e51408504b9d6f84942b52563a827626bace7a6d92bd86b0a6abd179111b69a4a7230e69a428223357854d6c9525e62085aa773291e26daa7aa40227921d980434d4c220c3d3dbe556dd790080a77701bc3f3941e364f23f4d1b63eb6fcdd86a1be6d8587cf086b32b7c5473bce92df85d5ad1567e258edc385d2bfbac6790e7e4b25119016fbbd6d71d307849712852dca07bbad1b3e8b05de3a306dc6c787a577d1cbdcc45ddcd0a59ad0fd142b27347a24aac15503ed8e1ed99bb0f5f86ab79feba8a49ab53b2df9689eb399fb07e923009595"], 0xfffffffffffffd95) 06:18:20 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000300), 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_DELETE(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x50, r1, 0x400, 0x70bd27, 0x25dfdbfb, {}, [@L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x4}, @L2TP_ATTR_LNS_MODE={0x5, 0x14, 0x3}, @L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x2}, @L2TP_ATTR_UDP_SPORT={0x6, 0x1a, 0x4e20}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010100}}, @L2TP_ATTR_OFFSET={0x6, 0x3, 0x8}]}, 0x50}, 0x1, 0x0, 0x0, 0x4000010}, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) ioctl$sock_inet_SIOCRTMSG(r0, 0x890d, &(0x7f00000000c0)={0x0, {0x2, 0x4e20, @multicast1}, {0x2, 0x4e20, @empty}, {0x2, 0x4e21, @multicast1}, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000080)='bond0\x00', 0x8, 0x2, 0x5}) r2 = socket(0x2a, 0x3, 0x80000000) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$l2tp(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_CREATE(r3, &(0x7f0000000280)={&(0x7f0000000080), 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x24, r4, 0x1, 0x0, 0x0, {}, [@L2TP_ATTR_MRU={0x6}, @L2TP_ATTR_UDP_ZERO_CSUM6_TX={0x5}]}, 0x24}}, 0x0) sendmsg$L2TP_CMD_SESSION_MODIFY(r2, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, r4, 0x100, 0x70bd2a, 0x25dfdbfd, {}, [@L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x7}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000084}, 0x44001) sendmsg$L2TP_CMD_SESSION_DELETE(r3, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000500)={&(0x7f0000000480)={0x48, r1, 0x2, 0x70bd25, 0x25dfdbfe, {}, [@L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x2}, @L2TP_ATTR_L2SPEC_LEN={0x5, 0x6, 0x9}, @L2TP_ATTR_L2SPEC_TYPE={0x5}, @L2TP_ATTR_IFNAME={0x14, 0x8, 'veth0_macvtap\x00'}, @L2TP_ATTR_UDP_ZERO_CSUM6_TX={0x5, 0x21, 0x1}]}, 0x48}, 0x1, 0x0, 0x0, 0x40800}, 0x200408a0) [ 1417.931720] FAULT_INJECTION: forcing a failure. [ 1417.931720] name failslab, interval 1, probability 0, space 0, times 0 [ 1417.944098] CPU: 0 PID: 31483 Comm: syz-executor.3 Not tainted 4.14.290-syzkaller #0 [ 1417.952247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1417.961689] Call Trace: [ 1417.964271] dump_stack+0x1b2/0x281 [ 1417.967900] should_fail.cold+0x10a/0x149 [ 1417.972053] should_failslab+0xd6/0x130 [ 1417.976033] kmem_cache_alloc_node+0x263/0x410 [ 1417.980617] __alloc_skb+0x5c/0x510 [ 1417.984243] kobject_uevent_env+0x882/0xf30 [ 1417.988565] lo_ioctl+0x11a6/0x1cd0 [ 1417.992194] ? loop_set_status64+0xe0/0xe0 [ 1417.996425] blkdev_ioctl+0x540/0x1830 [ 1418.000310] ? blkpg_ioctl+0x8d0/0x8d0 [ 1418.004192] ? trace_hardirqs_on+0x10/0x10 [ 1418.008419] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1418.013511] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1418.018531] block_ioctl+0xd9/0x120 [ 1418.022158] ? blkdev_fallocate+0x3a0/0x3a0 [ 1418.026478] do_vfs_ioctl+0x75a/0xff0 06:18:21 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) (async) r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000300), 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_DELETE(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x50, r1, 0x400, 0x70bd27, 0x25dfdbfb, {}, [@L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x4}, @L2TP_ATTR_LNS_MODE={0x5, 0x14, 0x3}, @L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x2}, @L2TP_ATTR_UDP_SPORT={0x6, 0x1a, 0x4e20}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010100}}, @L2TP_ATTR_OFFSET={0x6, 0x3, 0x8}]}, 0x50}, 0x1, 0x0, 0x0, 0x4000010}, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) (async) ioctl$sock_inet_SIOCRTMSG(r0, 0x890d, &(0x7f00000000c0)={0x0, {0x2, 0x4e20, @multicast1}, {0x2, 0x4e20, @empty}, {0x2, 0x4e21, @multicast1}, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000080)='bond0\x00', 0x8, 0x2, 0x5}) r2 = socket(0x2a, 0x3, 0x80000000) (async) r3 = socket$nl_generic(0x10, 0x3, 0x10) (async) r4 = syz_genetlink_get_family_id$l2tp(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_CREATE(r3, &(0x7f0000000280)={&(0x7f0000000080), 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x24, r4, 0x1, 0x0, 0x0, {}, [@L2TP_ATTR_MRU={0x6}, @L2TP_ATTR_UDP_ZERO_CSUM6_TX={0x5}]}, 0x24}}, 0x0) (async) sendmsg$L2TP_CMD_SESSION_MODIFY(r2, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, r4, 0x100, 0x70bd2a, 0x25dfdbfd, {}, [@L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x7}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000084}, 0x44001) sendmsg$L2TP_CMD_SESSION_DELETE(r3, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000500)={&(0x7f0000000480)={0x48, r1, 0x2, 0x70bd25, 0x25dfdbfe, {}, [@L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x2}, @L2TP_ATTR_L2SPEC_LEN={0x5, 0x6, 0x9}, @L2TP_ATTR_L2SPEC_TYPE={0x5}, @L2TP_ATTR_IFNAME={0x14, 0x8, 'veth0_macvtap\x00'}, @L2TP_ATTR_UDP_ZERO_CSUM6_TX={0x5, 0x21, 0x1}]}, 0x48}, 0x1, 0x0, 0x0, 0x40800}, 0x200408a0) 06:18:21 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) (async, rerun: 32) r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000300), 0xffffffffffffffff) (rerun: 32) sendmsg$L2TP_CMD_TUNNEL_DELETE(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x50, r1, 0x400, 0x70bd27, 0x25dfdbfb, {}, [@L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x4}, @L2TP_ATTR_LNS_MODE={0x5, 0x14, 0x3}, @L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x2}, @L2TP_ATTR_UDP_SPORT={0x6, 0x1a, 0x4e20}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010100}}, @L2TP_ATTR_OFFSET={0x6, 0x3, 0x8}]}, 0x50}, 0x1, 0x0, 0x0, 0x4000010}, 0x0) (async, rerun: 32) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) (rerun: 32) ioctl$sock_inet_SIOCRTMSG(r0, 0x890d, &(0x7f00000000c0)={0x0, {0x2, 0x4e20, @multicast1}, {0x2, 0x4e20, @empty}, {0x2, 0x4e21, @multicast1}, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000080)='bond0\x00', 0x8, 0x2, 0x5}) r2 = socket(0x2a, 0x3, 0x80000000) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$l2tp(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_CREATE(r3, &(0x7f0000000280)={&(0x7f0000000080), 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x24, r4, 0x1, 0x0, 0x0, {}, [@L2TP_ATTR_MRU={0x6}, @L2TP_ATTR_UDP_ZERO_CSUM6_TX={0x5}]}, 0x24}}, 0x0) (async) sendmsg$L2TP_CMD_SESSION_MODIFY(r2, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, r4, 0x100, 0x70bd2a, 0x25dfdbfd, {}, [@L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x7}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000084}, 0x44001) (async, rerun: 64) sendmsg$L2TP_CMD_SESSION_DELETE(r3, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000500)={&(0x7f0000000480)={0x48, r1, 0x2, 0x70bd25, 0x25dfdbfe, {}, [@L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x2}, @L2TP_ATTR_L2SPEC_LEN={0x5, 0x6, 0x9}, @L2TP_ATTR_L2SPEC_TYPE={0x5}, @L2TP_ATTR_IFNAME={0x14, 0x8, 'veth0_macvtap\x00'}, @L2TP_ATTR_UDP_ZERO_CSUM6_TX={0x5, 0x21, 0x1}]}, 0x48}, 0x1, 0x0, 0x0, 0x40800}, 0x200408a0) (rerun: 64) [ 1418.030277] ? lock_acquire+0x170/0x3f0 [ 1418.034251] ? ioctl_preallocate+0x1a0/0x1a0 [ 1418.038666] ? __fget+0x265/0x3e0 [ 1418.042124] ? do_vfs_ioctl+0xff0/0xff0 [ 1418.046099] ? security_file_ioctl+0x83/0xb0 [ 1418.050502] SyS_ioctl+0x7f/0xb0 [ 1418.053866] ? do_vfs_ioctl+0xff0/0xff0 [ 1418.057836] do_syscall_64+0x1d5/0x640 [ 1418.061729] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1418.066911] RIP: 0033:0x7f5ff741b037 [ 1418.070618] RSP: 002b:00007f5ff5d8ff28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 06:18:21 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="7065726d686174203078303030303030303030303030303030305e716e783400716e05340079f11a017dc13814dc9cab696aa2e76efadf6ce9242d2e2ceb278a3a2500c4c9b25a47765256b06a47e4183380ec41a6e5b5702e5ead797f244a3775ecc41b5db3d0b5c02b30caa57a63c861bc3bb97abc58c50a3a9accdeb4546905085e9f7a03d18a91801f46ecf7b852545d55833962bf6c159a07aeb2f8d39672693343bec9ba023a07b810362e1b02bdb7f1f5df6fc00b55d55f4038bbfeb9dcae81dce7007fa32758fa88e4be5c0577e5aa9e764fae205dacb1b342d2f9352e163532ac8f1d5d62d687f8b3435c7171e5b3af99ce24b8921ef8ab63c3d796af66d4fbe1909396c9dcf80dae334d6acacf53178f639bfa81825bfb13ba506547963d00d75a699855c44e798e91f460a06655098beb0ac0dc487b6767d0c053360e40ff38a2ff834c31926a635b456d1b8f67bd1638ac81de0656dd866d8fdc5c394dea7edc2c538e26c7b2efd7a90797865db97a17dbc03b0e002757eb77aea34011a0c04924b89535a86e64a0bbd1e059df8cf8aa28688d2f76a9350c6d807c891dac888dc6e62dadcc0b43cf3170f1cacdc0b7afc717ee6c91b2c35d046c77db809d597b086861fbd3db6eab74faa8d21bf7ce6316159c06d9716e7834003a18123adc93dca988018000080000000000000000000046c3f19f93bc871edb681db183a706c32105d0f00e46806ea8678633543e2d68131e11463f43a0e8161bd48b930a7d7712f3b4d7e98b6fe0149365af6ec882ccb1023bf70c344116cbb97d7cd4a9bba3ed6362be92bd473c6da17fa5a8ddbc4e3161c84beedfb78f66d049ee9cf8510da79508abf8a09a9d01b52ee595e7a6a6e8d1b57ea24c6a76055d5b25b5b5a75e51408504b9d6f84942b52563a827626bace7a6d92bd86b0a6abd179111b69a4a7230e69a428223357854d6c9525e62085aa773291e26daa7aa40227921d980434d4c220c3d3dbe556dd790080a77701bc3f3941e364f23f4d1b63eb6fcdd86a1be6d8587cf086b32b7c5473bce92df85d5ad1567e258edc385d2bfbac6790e7e4b25119016fbbd6d71d307849712852dca07bbad1b3e8b05de3a306dc6c787a577d1cbdcc45ddcd0a59ad0fd142b27347a24aac15503ed8e1ed99bb0f5f86ab79feba8a49ab53b2df9689eb399fb07e923009595"], 0xfffffffffffffd95) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async) write$apparmor_current(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="7065726d686174203078303030303030303030303030303030305e716e783400716e05340079f11a017dc13814dc9cab696aa2e76efadf6ce9242d2e2ceb278a3a2500c4c9b25a47765256b06a47e4183380ec41a6e5b5702e5ead797f244a3775ecc41b5db3d0b5c02b30caa57a63c861bc3bb97abc58c50a3a9accdeb4546905085e9f7a03d18a91801f46ecf7b852545d55833962bf6c159a07aeb2f8d39672693343bec9ba023a07b810362e1b02bdb7f1f5df6fc00b55d55f4038bbfeb9dcae81dce7007fa32758fa88e4be5c0577e5aa9e764fae205dacb1b342d2f9352e163532ac8f1d5d62d687f8b3435c7171e5b3af99ce24b8921ef8ab63c3d796af66d4fbe1909396c9dcf80dae334d6acacf53178f639bfa81825bfb13ba506547963d00d75a699855c44e798e91f460a06655098beb0ac0dc487b6767d0c053360e40ff38a2ff834c31926a635b456d1b8f67bd1638ac81de0656dd866d8fdc5c394dea7edc2c538e26c7b2efd7a90797865db97a17dbc03b0e002757eb77aea34011a0c04924b89535a86e64a0bbd1e059df8cf8aa28688d2f76a9350c6d807c891dac888dc6e62dadcc0b43cf3170f1cacdc0b7afc717ee6c91b2c35d046c77db809d597b086861fbd3db6eab74faa8d21bf7ce6316159c06d9716e7834003a18123adc93dca988018000080000000000000000000046c3f19f93bc871edb681db183a706c32105d0f00e46806ea8678633543e2d68131e11463f43a0e8161bd48b930a7d7712f3b4d7e98b6fe0149365af6ec882ccb1023bf70c344116cbb97d7cd4a9bba3ed6362be92bd473c6da17fa5a8ddbc4e3161c84beedfb78f66d049ee9cf8510da79508abf8a09a9d01b52ee595e7a6a6e8d1b57ea24c6a76055d5b25b5b5a75e51408504b9d6f84942b52563a827626bace7a6d92bd86b0a6abd179111b69a4a7230e69a428223357854d6c9525e62085aa773291e26daa7aa40227921d980434d4c220c3d3dbe556dd790080a77701bc3f3941e364f23f4d1b63eb6fcdd86a1be6d8587cf086b32b7c5473bce92df85d5ad1567e258edc385d2bfbac6790e7e4b25119016fbbd6d71d307849712852dca07bbad1b3e8b05de3a306dc6c787a577d1cbdcc45ddcd0a59ad0fd142b27347a24aac15503ed8e1ed99bb0f5f86ab79feba8a49ab53b2df9689eb399fb07e923009595"], 0xfffffffffffffd95) (async) [ 1418.078321] RAX: ffffffffffffffda RBX: 00007f5ff7464a20 RCX: 00007f5ff741b037 [ 1418.085591] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1418.092878] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f5ff5d901d0 [ 1418.100142] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1418.107425] R13: 0000000000000004 R14: 0000000020000240 R15: 0000000000000000 [ 1418.129827] FAULT_INJECTION: forcing a failure. [ 1418.129827] name failslab, interval 1, probability 0, space 0, times 0 [ 1418.149845] CPU: 0 PID: 31482 Comm: syz-executor.1 Not tainted 4.14.290-syzkaller #0 [ 1418.157745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1418.167091] Call Trace: [ 1418.169680] dump_stack+0x1b2/0x281 [ 1418.173311] should_fail.cold+0x10a/0x149 [ 1418.177458] should_failslab+0xd6/0x130 [ 1418.181434] kmem_cache_alloc_node_trace+0x25a/0x400 [ 1418.186540] __kmalloc_node_track_caller+0x38/0x70 [ 1418.191466] __alloc_skb+0x96/0x510 [ 1418.195100] kobject_uevent_env+0x882/0xf30 [ 1418.199426] lo_ioctl+0x11a6/0x1cd0 [ 1418.203052] ? loop_set_status64+0xe0/0xe0 [ 1418.207287] blkdev_ioctl+0x540/0x1830 [ 1418.211172] ? blkpg_ioctl+0x8d0/0x8d0 [ 1418.215056] ? trace_hardirqs_on+0x10/0x10 [ 1418.219279] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1418.224364] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1418.229363] block_ioctl+0xd9/0x120 [ 1418.232971] ? blkdev_fallocate+0x3a0/0x3a0 [ 1418.237272] do_vfs_ioctl+0x75a/0xff0 [ 1418.241063] ? lock_acquire+0x170/0x3f0 [ 1418.245042] ? ioctl_preallocate+0x1a0/0x1a0 [ 1418.249445] ? __fget+0x265/0x3e0 [ 1418.252885] ? do_vfs_ioctl+0xff0/0xff0 [ 1418.256837] ? security_file_ioctl+0x83/0xb0 [ 1418.261222] SyS_ioctl+0x7f/0xb0 [ 1418.264575] ? do_vfs_ioctl+0xff0/0xff0 [ 1418.268542] do_syscall_64+0x1d5/0x640 [ 1418.272413] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1418.277593] RIP: 0033:0x7f5650cf9037 06:18:21 executing program 3: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 33) 06:18:21 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(0xffffffffffffffff, 0x0, 0x48c, &(0x7f0000000040)={0x2, 'netdevsim0\x00'}, 0x18) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @empty}, {}, 0x4, {0x2, 0x0, @empty}, 'veth0\x00'}) 06:18:21 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="7065726d686174203078303030303030303030303030303030305e716e783400716e05340079f11a017dc13814dc9cab696aa2e76efadf6ce9242d2e2ceb278a3a2500c4c9b25a47765256b06a47e4183380ec41a6e5b5702e5ead797f244a3775ecc41b5db3d0b5c02b30caa57a63c861bc3bb97abc58c50a3a9accdeb4546905085e9f7a03d18a91801f46ecf7b852545d55833962bf6c159a07aeb2f8d39672693343bec9ba023a07b810362e1b02bdb7f1f5df6fc00b55d55f4038bbfeb9dcae81dce7007fa32758fa88e4be5c0577e5aa9e764fae205dacb1b342d2f9352e163532ac8f1d5d62d687f8b3435c7171e5b3af99ce24b8921ef8ab63c3d796af66d4fbe1909396c9dcf80dae334d6acacf53178f639bfa81825bfb13ba506547963d00d75a699855c44e798e91f460a06655098beb0ac0dc487b6767d0c053360e40ff38a2ff834c31926a635b456d1b8f67bd1638ac81de0656dd866d8fdc5c394dea7edc2c538e26c7b2efd7a90797865db97a17dbc03b0e002757eb77aea34011a0c04924b89535a86e64a0bbd1e059df8cf8aa28688d2f76a9350c6d807c891dac888dc6e62dadcc0b43cf3170f1cacdc0b7afc717ee6c91b2c35d046c77db809d597b086861fbd3db6eab74faa8d21bf7ce6316159c06d9716e7834003a18123adc93dca988018000080000000000000000000046c3f19f93bc871edb681db183a706c32105d0f00e46806ea8678633543e2d68131e11463f43a0e8161bd48b930a7d7712f3b4d7e98b6fe0149365af6ec882ccb1023bf70c344116cbb97d7cd4a9bba3ed6362be92bd473c6da17fa5a8ddbc4e3161c84beedfb78f66d049ee9cf8510da79508abf8a09a9d01b52ee595e7a6a6e8d1b57ea24c6a76055d5b25b5b5a75e51408504b9d6f84942b52563a827626bace7a6d92bd86b0a6abd179111b69a4a7230e69a428223357854d6c9525e62085aa773291e26daa7aa40227921d980434d4c220c3d3dbe556dd790080a77701bc3f3941e364f23f4d1b63eb6fcdd86a1be6d8587cf086b32b7c5473bce92df85d5ad1567e258edc385d2bfbac6790e7e4b25119016fbbd6d71d307849712852dca07bbad1b3e8b05de3a306dc6c787a577d1cbdcc45ddcd0a59ad0fd142b27347a24aac15503ed8e1ed99bb0f5f86ab79feba8a49ab53b2df9689eb399fb07e923009595"], 0xfffffffffffffd95) 06:18:21 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB, @ANYRES32], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:21 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) r1 = socket$l2tp(0x2, 0x2, 0x73) setsockopt$IP_VS_SO_SET_ADDDEST(r1, 0x0, 0x487, &(0x7f0000000080)={{0x89, @loopback, 0x4e21, 0x2, 'wlc\x00', 0x28, 0x7ff, 0x1d}, {@dev={0xac, 0x14, 0x14, 0x41}, 0x4e20, 0x0, 0x8, 0x37, 0x7}}, 0x44) [ 1418.281282] RSP: 002b:00007f564f66df28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1418.288989] RAX: ffffffffffffffda RBX: 00007f5650d42a20 RCX: 00007f5650cf9037 [ 1418.296241] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1418.303512] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f564f66e1d0 [ 1418.310762] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1418.318013] R13: 0000000000000004 R14: 0000000020000240 R15: 0000000000000000 06:18:21 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 32) 06:18:21 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf2505", @ANYRES32], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) [ 1418.402364] FAULT_INJECTION: forcing a failure. [ 1418.402364] name failslab, interval 1, probability 0, space 0, times 0 [ 1418.418070] IPVS: set_ctl: invalid protocol: 137 127.0.0.1:20001 [ 1418.432009] CPU: 0 PID: 31519 Comm: syz-executor.3 Not tainted 4.14.290-syzkaller #0 [ 1418.439898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1418.449243] Call Trace: 06:18:21 executing program 2: write$apparmor_current(0xffffffffffffffff, &(0x7f0000000040)=@hat={'permhat ', 0x4, 0x5e, ['\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9']}, 0x35) r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) 06:18:21 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(0xffffffffffffffff, 0x0, 0x48c, &(0x7f0000000040)={0x2, 'netdevsim0\x00'}, 0x18) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @empty}, {}, 0x4, {0x2, 0x0, @empty}, 'veth0\x00'}) [ 1418.451826] dump_stack+0x1b2/0x281 [ 1418.455453] should_fail.cold+0x10a/0x149 [ 1418.459600] should_failslab+0xd6/0x130 [ 1418.463584] kmem_cache_alloc_trace+0x29a/0x3d0 [ 1418.468252] ? kobj_ns_drop+0x80/0x80 [ 1418.472050] call_usermodehelper_setup+0x73/0x2e0 [ 1418.476896] kobject_uevent_env+0xc21/0xf30 [ 1418.481219] lo_ioctl+0x11a6/0x1cd0 [ 1418.483021] FAULT_INJECTION: forcing a failure. [ 1418.483021] name failslab, interval 1, probability 0, space 0, times 0 [ 1418.484851] ? loop_set_status64+0xe0/0xe0 06:18:21 executing program 2: write$apparmor_current(0xffffffffffffffff, &(0x7f0000000040)=@hat={'permhat ', 0x4, 0x5e, ['\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9']}, 0x35) r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) write$apparmor_current(0xffffffffffffffff, &(0x7f0000000040)=@hat={'permhat ', 0x4, 0x5e, ['\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9']}, 0x35) (async) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) (async) [ 1418.484866] blkdev_ioctl+0x540/0x1830 [ 1418.484876] ? blkpg_ioctl+0x8d0/0x8d0 [ 1418.484885] ? trace_hardirqs_on+0x10/0x10 [ 1418.484901] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1418.517325] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1418.522346] block_ioctl+0xd9/0x120 [ 1418.525970] ? blkdev_fallocate+0x3a0/0x3a0 [ 1418.530286] do_vfs_ioctl+0x75a/0xff0 [ 1418.534075] ? lock_acquire+0x170/0x3f0 [ 1418.538044] ? ioctl_preallocate+0x1a0/0x1a0 [ 1418.542445] ? __fget+0x265/0x3e0 [ 1418.545891] ? do_vfs_ioctl+0xff0/0xff0 [ 1418.549862] ? security_file_ioctl+0x83/0xb0 [ 1418.554269] SyS_ioctl+0x7f/0xb0 [ 1418.557630] ? do_vfs_ioctl+0xff0/0xff0 [ 1418.561603] do_syscall_64+0x1d5/0x640 [ 1418.565485] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1418.570856] RIP: 0033:0x7f5ff741b037 [ 1418.574580] RSP: 002b:00007f5ff5d8ff28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1418.582289] RAX: ffffffffffffffda RBX: 00007f5ff7464a20 RCX: 00007f5ff741b037 [ 1418.589550] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 06:18:21 executing program 2: write$apparmor_current(0xffffffffffffffff, &(0x7f0000000040)=@hat={'permhat ', 0x4, 0x5e, ['\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9']}, 0x35) r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) write$apparmor_current(0xffffffffffffffff, &(0x7f0000000040)=@hat={'permhat ', 0x4, 0x5e, ['\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9']}, 0x35) (async) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) (async) [ 1418.596807] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f5ff5d901d0 [ 1418.604064] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1418.611321] R13: 0000000000000004 R14: 0000000020000240 R15: 0000000000000000 [ 1418.618594] CPU: 1 PID: 31527 Comm: syz-executor.1 Not tainted 4.14.290-syzkaller #0 [ 1418.626475] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1418.635904] Call Trace: [ 1418.638487] dump_stack+0x1b2/0x281 [ 1418.642114] should_fail.cold+0x10a/0x149 [ 1418.646258] should_failslab+0xd6/0x130 [ 1418.650410] kmem_cache_alloc_node_trace+0x25a/0x400 [ 1418.655517] __kmalloc_node_track_caller+0x38/0x70 [ 1418.660446] __alloc_skb+0x96/0x510 [ 1418.664080] kobject_uevent_env+0x882/0xf30 [ 1418.664597] nla_parse: 7 callbacks suppressed [ 1418.664603] netlink: 92 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1418.668402] lo_ioctl+0x11a6/0x1cd0 [ 1418.668416] ? loop_set_status64+0xe0/0xe0 [ 1418.668431] blkdev_ioctl+0x540/0x1830 [ 1418.693267] ? blkpg_ioctl+0x8d0/0x8d0 [ 1418.697154] ? trace_hardirqs_on+0x10/0x10 [ 1418.701386] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1418.706485] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1418.711503] block_ioctl+0xd9/0x120 [ 1418.715139] ? blkdev_fallocate+0x3a0/0x3a0 [ 1418.719443] do_vfs_ioctl+0x75a/0xff0 [ 1418.723403] ? lock_acquire+0x170/0x3f0 [ 1418.727357] ? ioctl_preallocate+0x1a0/0x1a0 [ 1418.731745] ? __fget+0x265/0x3e0 [ 1418.735177] ? do_vfs_ioctl+0xff0/0xff0 [ 1418.739303] ? security_file_ioctl+0x83/0xb0 [ 1418.743719] SyS_ioctl+0x7f/0xb0 [ 1418.747067] ? do_vfs_ioctl+0xff0/0xff0 [ 1418.751021] do_syscall_64+0x1d5/0x640 [ 1418.754980] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1418.760154] RIP: 0033:0x7f5650cf9037 [ 1418.763861] RSP: 002b:00007f564f66df28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1418.771553] RAX: ffffffffffffffda RBX: 00007f5650d42a20 RCX: 00007f5650cf9037 [ 1418.778804] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1418.786059] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f564f66e1d0 [ 1418.793304] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 06:18:21 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r1}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) getsockopt$ARPT_SO_GET_ENTRIES(r1, 0x0, 0x61, &(0x7f0000000040)={'filter\x00', 0x5, "c9073a3179"}, &(0x7f0000000080)=0x29) r2 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, &(0x7f00000000c0)={{0x2, 0x4e22, @private=0xa010102}, {0x306}, 0x52, {0x2, 0x4e20, @broadcast}, 'vlan0\x00'}) write$apparmor_current(r2, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r3, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r4}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) write$apparmor_current(r4, &(0x7f0000000140)=@hat={'changehat ', 0x1, 0x5e, ['vlan0\x00', '\\\x00', 'filter\x00', '/dev/zero\x00', '/dev/zero\x00', '($,\x00']}, 0x44) 06:18:21 executing program 3: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 34) 06:18:21 executing program 4: r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000040)={0x2, 'netdevsim0\x00'}, 0x18) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @empty}, {}, 0x4, {0x2, 0x0, @empty}, 'veth0\x00'}) 06:18:21 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01", @ANYRES32], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:21 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) r1 = socket$l2tp(0x2, 0x2, 0x73) setsockopt$IP_VS_SO_SET_ADDDEST(r1, 0x0, 0x487, &(0x7f0000000080)={{0x89, @loopback, 0x4e21, 0x2, 'wlc\x00', 0x28, 0x7ff, 0x1d}, {@dev={0xac, 0x14, 0x14, 0x41}, 0x4e20, 0x0, 0x8, 0x37, 0x7}}, 0x44) [ 1418.800552] R13: 0000000000000004 R14: 0000000020000240 R15: 0000000000000000 06:18:21 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 33) 06:18:21 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r1}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) (async) getsockopt$ARPT_SO_GET_ENTRIES(r1, 0x0, 0x61, &(0x7f0000000040)={'filter\x00', 0x5, "c9073a3179"}, &(0x7f0000000080)=0x29) (async) r2 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, &(0x7f00000000c0)={{0x2, 0x4e22, @private=0xa010102}, {0x306}, 0x52, {0x2, 0x4e20, @broadcast}, 'vlan0\x00'}) write$apparmor_current(r2, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) (async) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r3, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r4}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) (async) write$apparmor_current(r4, &(0x7f0000000140)=@hat={'changehat ', 0x1, 0x5e, ['vlan0\x00', '\\\x00', 'filter\x00', '/dev/zero\x00', '/dev/zero\x00', '($,\x00']}, 0x44) 06:18:21 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) (async, rerun: 64) r1 = socket$l2tp(0x2, 0x2, 0x73) (rerun: 64) setsockopt$IP_VS_SO_SET_ADDDEST(r1, 0x0, 0x487, &(0x7f0000000080)={{0x89, @loopback, 0x4e21, 0x2, 'wlc\x00', 0x28, 0x7ff, 0x1d}, {@dev={0xac, 0x14, 0x14, 0x41}, 0x4e20, 0x0, 0x8, 0x37, 0x7}}, 0x44) 06:18:21 executing program 4: r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000040)={0x2, 'netdevsim0\x00'}, 0x18) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @empty}, {}, 0x4, {0x2, 0x0, @empty}, 'veth0\x00'}) [ 1418.924416] FAULT_INJECTION: forcing a failure. [ 1418.924416] name failslab, interval 1, probability 0, space 0, times 0 [ 1418.939511] IPVS: set_ctl: invalid protocol: 137 127.0.0.1:20001 [ 1418.952238] CPU: 0 PID: 31556 Comm: syz-executor.3 Not tainted 4.14.290-syzkaller #0 [ 1418.960221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1418.969568] Call Trace: 06:18:22 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01", @ANYRES32], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:22 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r1}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) (async) getsockopt$ARPT_SO_GET_ENTRIES(r1, 0x0, 0x61, &(0x7f0000000040)={'filter\x00', 0x5, "c9073a3179"}, &(0x7f0000000080)=0x29) (async) r2 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, &(0x7f00000000c0)={{0x2, 0x4e22, @private=0xa010102}, {0x306}, 0x52, {0x2, 0x4e20, @broadcast}, 'vlan0\x00'}) (async) write$apparmor_current(r2, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) (async) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r3, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r4}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) (async) write$apparmor_current(r4, &(0x7f0000000140)=@hat={'changehat ', 0x1, 0x5e, ['vlan0\x00', '\\\x00', 'filter\x00', '/dev/zero\x00', '/dev/zero\x00', '($,\x00']}, 0x44) [ 1418.972150] dump_stack+0x1b2/0x281 [ 1418.975780] should_fail.cold+0x10a/0x149 [ 1418.979930] should_failslab+0xd6/0x130 [ 1418.983907] kmem_cache_alloc_node_trace+0x25a/0x400 [ 1418.989011] __kmalloc_node_track_caller+0x38/0x70 [ 1418.993945] __alloc_skb+0x96/0x510 [ 1418.997579] kobject_uevent_env+0x882/0xf30 [ 1419.001910] lo_ioctl+0x11a6/0x1cd0 [ 1419.005547] ? loop_set_status64+0xe0/0xe0 [ 1419.009782] blkdev_ioctl+0x540/0x1830 [ 1419.013666] ? blkpg_ioctl+0x8d0/0x8d0 [ 1419.017637] ? trace_hardirqs_on+0x10/0x10 06:18:22 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) pipe(&(0x7f0000000080)) write$apparmor_current(r0, &(0x7f0000000040)=ANY=[@ANYRES16=r0], 0xfffffffffffffd95) [ 1419.021872] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1419.027064] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1419.032086] block_ioctl+0xd9/0x120 [ 1419.035702] ? blkdev_fallocate+0x3a0/0x3a0 [ 1419.040022] do_vfs_ioctl+0x75a/0xff0 [ 1419.043821] ? lock_acquire+0x170/0x3f0 [ 1419.047791] ? ioctl_preallocate+0x1a0/0x1a0 [ 1419.052200] ? __fget+0x265/0x3e0 [ 1419.055653] ? do_vfs_ioctl+0xff0/0xff0 [ 1419.059621] ? security_file_ioctl+0x83/0xb0 [ 1419.064114] SyS_ioctl+0x7f/0xb0 [ 1419.067471] ? do_vfs_ioctl+0xff0/0xff0 06:18:22 executing program 4: r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000040)={0x2, 'netdevsim0\x00'}, 0x18) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @empty}, {}, 0x4, {0x2, 0x0, @empty}, 'veth0\x00'}) [ 1419.071441] do_syscall_64+0x1d5/0x640 [ 1419.075327] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1419.080506] RIP: 0033:0x7f5ff741b037 [ 1419.084209] RSP: 002b:00007f5ff5d8ff28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1419.091913] RAX: ffffffffffffffda RBX: 00007f5ff7464a20 RCX: 00007f5ff741b037 [ 1419.099173] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1419.106431] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f5ff5d901d0 [ 1419.113687] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1419.120962] R13: 0000000000000004 R14: 0000000020000240 R15: 0000000000000000 [ 1419.153192] FAULT_INJECTION: forcing a failure. [ 1419.153192] name failslab, interval 1, probability 0, space 0, times 0 [ 1419.165012] CPU: 0 PID: 31565 Comm: syz-executor.1 Not tainted 4.14.290-syzkaller #0 [ 1419.172902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1419.182251] Call Trace: [ 1419.184587] IPVS: set_ctl: invalid protocol: 137 127.0.0.1:20001 [ 1419.184828] dump_stack+0x1b2/0x281 [ 1419.194569] should_fail.cold+0x10a/0x149 [ 1419.198719] should_failslab+0xd6/0x130 [ 1419.202696] kmem_cache_alloc_node_trace+0x25a/0x400 [ 1419.207799] __kmalloc_node_track_caller+0x38/0x70 [ 1419.212733] __alloc_skb+0x96/0x510 [ 1419.216344] kobject_uevent_env+0x882/0xf30 [ 1419.220652] lo_ioctl+0x11a6/0x1cd0 [ 1419.224255] ? loop_set_status64+0xe0/0xe0 [ 1419.228476] blkdev_ioctl+0x540/0x1830 [ 1419.232340] ? blkpg_ioctl+0x8d0/0x8d0 [ 1419.236203] ? trace_hardirqs_on+0x10/0x10 [ 1419.240417] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1419.245510] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1419.250527] block_ioctl+0xd9/0x120 [ 1419.254138] ? blkdev_fallocate+0x3a0/0x3a0 [ 1419.258443] do_vfs_ioctl+0x75a/0xff0 [ 1419.262222] ? lock_acquire+0x170/0x3f0 [ 1419.266177] ? ioctl_preallocate+0x1a0/0x1a0 [ 1419.270570] ? __fget+0x265/0x3e0 [ 1419.274004] ? do_vfs_ioctl+0xff0/0xff0 [ 1419.277957] ? security_file_ioctl+0x83/0xb0 [ 1419.282354] SyS_ioctl+0x7f/0xb0 [ 1419.285696] ? do_vfs_ioctl+0xff0/0xff0 [ 1419.289654] do_syscall_64+0x1d5/0x640 [ 1419.293522] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1419.298690] RIP: 0033:0x7f5650cf9037 06:18:22 executing program 3: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 35) 06:18:22 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01", @ANYRES32], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:22 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$inet_sctp(0x2, 0x0, 0x84) setsockopt$IP_VS_SO_SET_STOPDAEMON(r1, 0x0, 0x48c, &(0x7f0000000040)={0x2, 'netdevsim0\x00'}, 0x18) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @empty}, {}, 0x4, {0x2, 0x0, @empty}, 'veth0\x00'}) 06:18:22 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) pipe(&(0x7f0000000080)) write$apparmor_current(r0, &(0x7f0000000040)=ANY=[@ANYRES16=r0], 0xfffffffffffffd95) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async) pipe(&(0x7f0000000080)) (async) write$apparmor_current(r0, &(0x7f0000000040)=ANY=[@ANYRES16=r0], 0xfffffffffffffd95) (async) [ 1419.302388] RSP: 002b:00007f564f66df28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1419.310078] RAX: ffffffffffffffda RBX: 00007f5650d42a20 RCX: 00007f5650cf9037 [ 1419.317323] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1419.324570] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f564f66e1d0 [ 1419.331813] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1419.339067] R13: 0000000000000004 R14: 0000000020000240 R15: 0000000000000000 06:18:22 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 34) 06:18:22 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) r3 = socket(0x1e, 0x2, 0x5) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000280)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES32=r2, @ANYRESDEC=r2, @ANYRES32=r2, @ANYBLOB="080001006cbda5daa94f81365b48b6230cc376187dd6049c491729ba055787e1dce9315e6a36db359c0ae11ee4c66e7aed54200cb1fbb3ca44cc8028240c1609910fa7420ae7e5b55d20057c01737010206173c2e6dba97770ec2c46f272b866c21d3d3858577c8954171b759a2c563876a9e9d84dcf89df0e23bf1317213d7a0bdefbce3fb951bf8ec2eee01df9afad6d79f7165bd0e7a443bff85b9536f9f14d20ead6cb704ef57a9b616a0e0052dda100d901b1d81dcaa7727805b26f171de12095a5c6aa1a4a191740ac5e73ba563c6d53daf3ccd43e2d174fca050e155199df5ce6f654753c427e1fd9513022383b9f90b0f9f39e7b5fcc6cda8bb5bdabd05259c3deee49eb3575ae53c40e59d429485e2cb3e1e1ce437b28d632e5a3a2c04ffdd9d7b99d62aec6d7f497b563282f4123d3b35e114cd0bd2087634f791765152e4ced59520f17959c72a23e2b0969e6d62a56d5699adea37bb52a4992993b525e8183fd778d7395211a810afee2557a727b184f4b8af85bbcea", @ANYRESHEX=r1, @ANYBLOB="08000100", @ANYRES16=r3, @ANYBLOB="08000100", @ANYRES32=r2, @ANYBLOB="0840010000020000"], 0x54}, 0x1, 0x0, 0x0, 0x84}, 0x4004044) syz_genetlink_get_family_id$wireguard(&(0x7f0000000080), r2) 06:18:22 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000", @ANYRES32], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:22 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async, rerun: 64) pipe(&(0x7f0000000080)) (rerun: 64) write$apparmor_current(r0, &(0x7f0000000040)=ANY=[@ANYRES16=r0], 0xfffffffffffffd95) 06:18:22 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) (async) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) (async) r3 = socket(0x1e, 0x2, 0x5) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000280)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES32=r2, @ANYRESDEC=r2, @ANYRES32=r2, @ANYBLOB="080001006cbda5daa94f81365b48b6230cc376187dd6049c491729ba055787e1dce9315e6a36db359c0ae11ee4c66e7aed54200cb1fbb3ca44cc8028240c1609910fa7420ae7e5b55d20057c01737010206173c2e6dba97770ec2c46f272b866c21d3d3858577c8954171b759a2c563876a9e9d84dcf89df0e23bf1317213d7a0bdefbce3fb951bf8ec2eee01df9afad6d79f7165bd0e7a443bff85b9536f9f14d20ead6cb704ef57a9b616a0e0052dda100d901b1d81dcaa7727805b26f171de12095a5c6aa1a4a191740ac5e73ba563c6d53daf3ccd43e2d174fca050e155199df5ce6f654753c427e1fd9513022383b9f90b0f9f39e7b5fcc6cda8bb5bdabd05259c3deee49eb3575ae53c40e59d429485e2cb3e1e1ce437b28d632e5a3a2c04ffdd9d7b99d62aec6d7f497b563282f4123d3b35e114cd0bd2087634f791765152e4ced59520f17959c72a23e2b0969e6d62a56d5699adea37bb52a4992993b525e8183fd778d7395211a810afee2557a727b184f4b8af85bbcea", @ANYRESHEX=r1, @ANYBLOB="08000100", @ANYRES16=r3, @ANYBLOB="08000100", @ANYRES32=r2, @ANYBLOB="0840010000020000"], 0x54}, 0x1, 0x0, 0x0, 0x84}, 0x4004044) (async) syz_genetlink_get_family_id$wireguard(&(0x7f0000000080), r2) 06:18:22 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$inet_sctp(0x2, 0x0, 0x84) setsockopt$IP_VS_SO_SET_STOPDAEMON(r1, 0x0, 0x48c, &(0x7f0000000040)={0x2, 'netdevsim0\x00'}, 0x18) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @empty}, {}, 0x4, {0x2, 0x0, @empty}, 'veth0\x00'}) 06:18:22 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000", @ANYRES32], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) [ 1419.507119] FAULT_INJECTION: forcing a failure. [ 1419.507119] name failslab, interval 1, probability 0, space 0, times 0 [ 1419.514581] FAULT_INJECTION: forcing a failure. [ 1419.514581] name failslab, interval 1, probability 0, space 0, times 0 [ 1419.540908] CPU: 0 PID: 31609 Comm: syz-executor.1 Not tainted 4.14.290-syzkaller #0 [ 1419.548806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1419.558155] Call Trace: [ 1419.560741] dump_stack+0x1b2/0x281 [ 1419.564372] should_fail.cold+0x10a/0x149 [ 1419.568519] should_failslab+0xd6/0x130 [ 1419.572539] kmem_cache_alloc_trace+0x29a/0x3d0 [ 1419.577207] ? kobj_ns_drop+0x80/0x80 [ 1419.581008] call_usermodehelper_setup+0x73/0x2e0 [ 1419.585855] kobject_uevent_env+0xc21/0xf30 [ 1419.590186] lo_ioctl+0x11a6/0x1cd0 [ 1419.593814] ? loop_set_status64+0xe0/0xe0 [ 1419.598050] blkdev_ioctl+0x540/0x1830 [ 1419.601926] ? blkpg_ioctl+0x8d0/0x8d0 [ 1419.605794] ? trace_hardirqs_on+0x10/0x10 [ 1419.610019] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1419.615115] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1419.620119] block_ioctl+0xd9/0x120 [ 1419.623734] ? blkdev_fallocate+0x3a0/0x3a0 [ 1419.628060] do_vfs_ioctl+0x75a/0xff0 [ 1419.631865] ? lock_acquire+0x170/0x3f0 [ 1419.635826] ? ioctl_preallocate+0x1a0/0x1a0 [ 1419.640219] ? __fget+0x265/0x3e0 [ 1419.643666] ? do_vfs_ioctl+0xff0/0xff0 [ 1419.647629] ? security_file_ioctl+0x83/0xb0 [ 1419.652021] SyS_ioctl+0x7f/0xb0 [ 1419.655369] ? do_vfs_ioctl+0xff0/0xff0 [ 1419.659327] do_syscall_64+0x1d5/0x640 [ 1419.663206] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1419.668381] RIP: 0033:0x7f5650cf9037 [ 1419.672070] RSP: 002b:00007f564f66df28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1419.679758] RAX: ffffffffffffffda RBX: 00007f5650d42a20 RCX: 00007f5650cf9037 [ 1419.687009] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1419.694265] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f564f66e1d0 [ 1419.701531] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1419.708783] R13: 0000000000000004 R14: 0000000020000240 R15: 0000000000000000 [ 1419.716138] CPU: 1 PID: 31612 Comm: syz-executor.3 Not tainted 4.14.290-syzkaller #0 [ 1419.724020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1419.733368] Call Trace: [ 1419.735954] dump_stack+0x1b2/0x281 [ 1419.739588] should_fail.cold+0x10a/0x149 [ 1419.743748] should_failslab+0xd6/0x130 [ 1419.747725] kmem_cache_alloc+0x28e/0x3c0 [ 1419.751877] getname_flags+0xc8/0x550 [ 1419.755768] SyS_mkdirat+0x83/0x270 [ 1419.759398] ? SyS_mknod+0x30/0x30 [ 1419.762947] ? fput_many+0xe/0x140 [ 1419.766491] ? do_syscall_64+0x4c/0x640 [ 1419.770468] ? SyS_mknod+0x30/0x30 [ 1419.774013] do_syscall_64+0x1d5/0x640 [ 1419.777905] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1419.783192] RIP: 0033:0x7f5ff741a387 [ 1419.786898] RSP: 002b:00007f5ff5d8ff88 EFLAGS: 00000213 ORIG_RAX: 0000000000000102 [ 1419.794694] RAX: ffffffffffffffda RBX: 0000000020000240 RCX: 00007f5ff741a387 06:18:22 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000", @ANYRES32], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) [ 1419.801956] RDX: 00000000000001ff RSI: 0000000020000040 RDI: 00000000ffffff9c [ 1419.809223] RBP: 00007f5ff5d901d0 R08: 0000000000000000 R09: 00007f5ff5d901d0 [ 1419.816487] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000020000000 [ 1419.823753] R13: 0000000020000040 R14: 00007f5ff5d8ffe0 R15: 0000000020000280 06:18:22 executing program 3: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 36) 06:18:22 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7065726d686174203078303030303030303030303030303030305e716e783400716e05340079f11a017dc13814dc9cab696aa2e76efadf6ce9242d2e2ceb278a3a2500c4c9b25a47765256b06a47e4183380ec41a6e5376aa073e85af66c3eb5702e5ead797f244a3775ecc41b5d2c50a5c02b30caa57a63c861bc3bb97abc58c50a3a9accdbf35646c5cd307a7a03d18a91801f46ecf7b852545d55833962bf6c159a07aeb2f8d39672693343bec9ba023a07b810362e1b02bdb7f1f5df6fc00b55d55f4038bbfeb9dcae81dce7007fa32758fa88e4be5c0577e5aa9e764fae205dacb1b342d2f9352e163532ac8f1d5d62d687f8b3435c7171e5b3af99ce24b8921ef8ab63c3d796af66d4fbe1909396c9dcf80dae334d6acacf53178f639bfa81825bfb13ba506547963d00d75a699855c44e798e91f460a06655098beb0ac0dc487b6767d0c053360e40ff380180000031926a635b456d1b8f67bd1638ac81de0656dd866d8fdc5c394dea7edc2c538e26c7b2efd7a90797865db97a17dbc03b0e002757eb77aea34011a0c04924b89535a86e64a0bbd1e059df8cf8aa28688d2f76a9350c6d807c891dac888dc6e62dadcc0b43cf3170f1cacdc0b7afc717ee6c91b2c35d046c77db809d597b080961fbd3db6eab74faa8d21bf7ce6316159c06d9716e7834003a18123adc93dca9880180000800"], 0xfffffffffffffd95) 06:18:22 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) r3 = socket(0x1e, 0x2, 0x5) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000280)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES32=r2, @ANYRESDEC=r2, @ANYRES32=r2, @ANYBLOB="080001006cbda5daa94f81365b48b6230cc376187dd6049c491729ba055787e1dce9315e6a36db359c0ae11ee4c66e7aed54200cb1fbb3ca44cc8028240c1609910fa7420ae7e5b55d20057c01737010206173c2e6dba97770ec2c46f272b866c21d3d3858577c8954171b759a2c563876a9e9d84dcf89df0e23bf1317213d7a0bdefbce3fb951bf8ec2eee01df9afad6d79f7165bd0e7a443bff85b9536f9f14d20ead6cb704ef57a9b616a0e0052dda100d901b1d81dcaa7727805b26f171de12095a5c6aa1a4a191740ac5e73ba563c6d53daf3ccd43e2d174fca050e155199df5ce6f654753c427e1fd9513022383b9f90b0f9f39e7b5fcc6cda8bb5bdabd05259c3deee49eb3575ae53c40e59d429485e2cb3e1e1ce437b28d632e5a3a2c04ffdd9d7b99d62aec6d7f497b563282f4123d3b35e114cd0bd2087634f791765152e4ced59520f17959c72a23e2b0969e6d62a56d5699adea37bb52a4992993b525e8183fd778d7395211a810afee2557a727b184f4b8af85bbcea", @ANYRESHEX=r1, @ANYBLOB="08000100", @ANYRES16=r3, @ANYBLOB="08000100", @ANYRES32=r2, @ANYBLOB="0840010000020000"], 0x54}, 0x1, 0x0, 0x0, 0x84}, 0x4004044) syz_genetlink_get_family_id$wireguard(&(0x7f0000000080), r2) socket$inet_udp(0x2, 0x2, 0x0) (async) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) (async) socket(0x1e, 0x2, 0x5) (async) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000280)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES32=r2, @ANYRESDEC=r2, @ANYRES32=r2, @ANYBLOB="080001006cbda5daa94f81365b48b6230cc376187dd6049c491729ba055787e1dce9315e6a36db359c0ae11ee4c66e7aed54200cb1fbb3ca44cc8028240c1609910fa7420ae7e5b55d20057c01737010206173c2e6dba97770ec2c46f272b866c21d3d3858577c8954171b759a2c563876a9e9d84dcf89df0e23bf1317213d7a0bdefbce3fb951bf8ec2eee01df9afad6d79f7165bd0e7a443bff85b9536f9f14d20ead6cb704ef57a9b616a0e0052dda100d901b1d81dcaa7727805b26f171de12095a5c6aa1a4a191740ac5e73ba563c6d53daf3ccd43e2d174fca050e155199df5ce6f654753c427e1fd9513022383b9f90b0f9f39e7b5fcc6cda8bb5bdabd05259c3deee49eb3575ae53c40e59d429485e2cb3e1e1ce437b28d632e5a3a2c04ffdd9d7b99d62aec6d7f497b563282f4123d3b35e114cd0bd2087634f791765152e4ced59520f17959c72a23e2b0969e6d62a56d5699adea37bb52a4992993b525e8183fd778d7395211a810afee2557a727b184f4b8af85bbcea", @ANYRESHEX=r1, @ANYBLOB="08000100", @ANYRES16=r3, @ANYBLOB="08000100", @ANYRES32=r2, @ANYBLOB="0840010000020000"], 0x54}, 0x1, 0x0, 0x0, 0x84}, 0x4004044) (async) syz_genetlink_get_family_id$wireguard(&(0x7f0000000080), r2) (async) 06:18:22 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf", @ANYRES32], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) [ 1419.972455] FAULT_INJECTION: forcing a failure. [ 1419.972455] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1419.984276] CPU: 0 PID: 31649 Comm: syz-executor.3 Not tainted 4.14.290-syzkaller #0 [ 1419.992151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1420.001499] Call Trace: [ 1420.004085] dump_stack+0x1b2/0x281 [ 1420.007714] should_fail.cold+0x10a/0x149 [ 1420.011862] __alloc_pages_nodemask+0x22c/0x2720 [ 1420.016619] ? kobject_uevent_env+0x274/0xf30 [ 1420.021117] ? __lock_acquire+0x5fc/0x3f20 [ 1420.025351] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1420.030196] ? blkdev_ioctl+0xf4/0x1830 [ 1420.034167] ? blkpg_ioctl+0x8d0/0x8d0 [ 1420.038049] ? trace_hardirqs_on+0x10/0x10 [ 1420.042386] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1420.047490] cache_grow_begin+0x91/0x700 [ 1420.051553] ? fs_reclaim_release+0xd0/0x110 [ 1420.055960] ? check_preemption_disabled+0x35/0x240 [ 1420.060975] cache_alloc_refill+0x273/0x350 [ 1420.065311] kmem_cache_alloc+0x333/0x3c0 [ 1420.069465] getname_flags+0xc8/0x550 [ 1420.073267] SyS_mkdirat+0x83/0x270 [ 1420.076891] ? SyS_mknod+0x30/0x30 [ 1420.080424] ? fput_many+0xe/0x140 [ 1420.083965] ? do_syscall_64+0x4c/0x640 [ 1420.087934] ? SyS_mknod+0x30/0x30 [ 1420.091468] do_syscall_64+0x1d5/0x640 [ 1420.095358] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1420.100546] RIP: 0033:0x7f5ff741a387 [ 1420.104247] RSP: 002b:00007f5ff5d8ff88 EFLAGS: 00000213 ORIG_RAX: 0000000000000102 [ 1420.111951] RAX: ffffffffffffffda RBX: 0000000020000240 RCX: 00007f5ff741a387 [ 1420.119216] RDX: 00000000000001ff RSI: 0000000020000040 RDI: 00000000ffffff9c [ 1420.126479] RBP: 00007f5ff5d901d0 R08: 0000000000000000 R09: 00007f5ff5d901d0 [ 1420.133740] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000020000000 [ 1420.141001] R13: 0000000020000040 R14: 00007f5ff5d8ffe0 R15: 0000000020000280 06:18:23 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 35) 06:18:23 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7065726d686174203078303030303030303030303030303030305e716e783400716e05340079f11a017dc13814dc9cab696aa2e76efadf6ce9242d2e2ceb278a3a2500c4c9b25a47765256b06a47e4183380ec41a6e5376aa073e85af66c3eb5702e5ead797f244a3775ecc41b5d2c50a5c02b30caa57a63c861bc3bb97abc58c50a3a9accdbf35646c5cd307a7a03d18a91801f46ecf7b852545d55833962bf6c159a07aeb2f8d39672693343bec9ba023a07b810362e1b02bdb7f1f5df6fc00b55d55f4038bbfeb9dcae81dce7007fa32758fa88e4be5c0577e5aa9e764fae205dacb1b342d2f9352e163532ac8f1d5d62d687f8b3435c7171e5b3af99ce24b8921ef8ab63c3d796af66d4fbe1909396c9dcf80dae334d6acacf53178f639bfa81825bfb13ba506547963d00d75a699855c44e798e91f460a06655098beb0ac0dc487b6767d0c053360e40ff380180000031926a635b456d1b8f67bd1638ac81de0656dd866d8fdc5c394dea7edc2c538e26c7b2efd7a90797865db97a17dbc03b0e002757eb77aea34011a0c04924b89535a86e64a0bbd1e059df8cf8aa28688d2f76a9350c6d807c891dac888dc6e62dadcc0b43cf3170f1cacdc0b7afc717ee6c91b2c35d046c77db809d597b080961fbd3db6eab74faa8d21bf7ce6316159c06d9716e7834003a18123adc93dca9880180000800"], 0xfffffffffffffd95) 06:18:23 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$inet_sctp(0x2, 0x0, 0x84) setsockopt$IP_VS_SO_SET_STOPDAEMON(r1, 0x0, 0x48c, &(0x7f0000000040)={0x2, 'netdevsim0\x00'}, 0x18) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @empty}, {}, 0x4, {0x2, 0x0, @empty}, 'veth0\x00'}) 06:18:23 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf", @ANYRES32], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:23 executing program 5: socket$inet_udp(0x2, 0x2, 0x0) socketpair(0x18, 0x1, 0x1, &(0x7f0000000080)={0xffffffffffffffff}) setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x48b, &(0x7f00000000c0)={0x0, 'veth0_virt_wifi\x00', 0x1}, 0x18) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100), 0x6088c3, 0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r2, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r3}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r3, &(0x7f0000000140)={0x2010}) 06:18:23 executing program 3: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 37) 06:18:23 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf", @ANYRES32], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:23 executing program 5: socket$inet_udp(0x2, 0x2, 0x0) socketpair(0x18, 0x1, 0x1, &(0x7f0000000080)={0xffffffffffffffff}) setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x48b, &(0x7f00000000c0)={0x0, 'veth0_virt_wifi\x00', 0x1}, 0x18) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100), 0x6088c3, 0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r2, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r3}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r3, &(0x7f0000000140)={0x2010}) socket$inet_udp(0x2, 0x2, 0x0) (async) socketpair(0x18, 0x1, 0x1, &(0x7f0000000080)) (async) setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x48b, &(0x7f00000000c0)={0x0, 'veth0_virt_wifi\x00', 0x1}, 0x18) (async) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100), 0x6088c3, 0x0) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) (async) sendmsg$NBD_CMD_STATUS(r2, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r3}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) (async) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r3, &(0x7f0000000140)={0x2010}) (async) 06:18:23 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7065726d686174203078303030303030303030303030303030305e716e783400716e05340079f11a017dc13814dc9cab696aa2e76efadf6ce9242d2e2ceb278a3a2500c4c9b25a47765256b06a47e4183380ec41a6e5376aa073e85af66c3eb5702e5ead797f244a3775ecc41b5d2c50a5c02b30caa57a63c861bc3bb97abc58c50a3a9accdbf35646c5cd307a7a03d18a91801f46ecf7b852545d55833962bf6c159a07aeb2f8d39672693343bec9ba023a07b810362e1b02bdb7f1f5df6fc00b55d55f4038bbfeb9dcae81dce7007fa32758fa88e4be5c0577e5aa9e764fae205dacb1b342d2f9352e163532ac8f1d5d62d687f8b3435c7171e5b3af99ce24b8921ef8ab63c3d796af66d4fbe1909396c9dcf80dae334d6acacf53178f639bfa81825bfb13ba506547963d00d75a699855c44e798e91f460a06655098beb0ac0dc487b6767d0c053360e40ff380180000031926a635b456d1b8f67bd1638ac81de0656dd866d8fdc5c394dea7edc2c538e26c7b2efd7a90797865db97a17dbc03b0e002757eb77aea34011a0c04924b89535a86e64a0bbd1e059df8cf8aa28688d2f76a9350c6d807c891dac888dc6e62dadcc0b43cf3170f1cacdc0b7afc717ee6c91b2c35d046c77db809d597b080961fbd3db6eab74faa8d21bf7ce6316159c06d9716e7834003a18123adc93dca9880180000800"], 0xfffffffffffffd95) [ 1420.271381] FAULT_INJECTION: forcing a failure. [ 1420.271381] name failslab, interval 1, probability 0, space 0, times 0 [ 1420.302289] CPU: 0 PID: 31676 Comm: syz-executor.1 Not tainted 4.14.290-syzkaller #0 [ 1420.310188] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 06:18:23 executing program 2: socket$l2tp(0x2, 0x2, 0x73) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r1}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r2, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r3}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) getsockopt$inet_IP_IPSEC_POLICY(r3, 0x0, 0x10, &(0x7f0000000240)={{{@in6=@initdev, @in=@local}}, {{@in6}, 0x0, @in6=@private2}}, &(0x7f0000000380)=0xe8) r4 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r5 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nbd(&(0x7f0000000340), r6) write$apparmor_current(r5, &(0x7f0000000080)=@profile={'stack ', '\x00'}, 0x7) write$apparmor_current(r4, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) r7 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000000c0), 0x8000, 0x0) ioctl$BINDER_CTL_ADD(r7, 0xc1086201, &(0x7f0000000100)={'binder1\x00'}) [ 1420.319540] Call Trace: [ 1420.322131] dump_stack+0x1b2/0x281 [ 1420.325850] should_fail.cold+0x10a/0x149 [ 1420.330044] should_failslab+0xd6/0x130 [ 1420.334019] kmem_cache_alloc_node_trace+0x25a/0x400 [ 1420.339212] __kmalloc_node_track_caller+0x38/0x70 [ 1420.344140] __alloc_skb+0x96/0x510 [ 1420.347769] kobject_uevent_env+0x882/0xf30 [ 1420.352271] lo_ioctl+0x11a6/0x1cd0 [ 1420.355904] ? loop_set_status64+0xe0/0xe0 [ 1420.360140] blkdev_ioctl+0x540/0x1830 [ 1420.364021] ? blkpg_ioctl+0x8d0/0x8d0 06:18:23 executing program 2: socket$l2tp(0x2, 0x2, 0x73) (async) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r1}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r2, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r3}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) (async) getsockopt$inet_IP_IPSEC_POLICY(r3, 0x0, 0x10, &(0x7f0000000240)={{{@in6=@initdev, @in=@local}}, {{@in6}, 0x0, @in6=@private2}}, &(0x7f0000000380)=0xe8) (async) r4 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async) r5 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nbd(&(0x7f0000000340), r6) write$apparmor_current(r5, &(0x7f0000000080)=@profile={'stack ', '\x00'}, 0x7) (async) write$apparmor_current(r4, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) r7 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000000c0), 0x8000, 0x0) ioctl$BINDER_CTL_ADD(r7, 0xc1086201, &(0x7f0000000100)={'binder1\x00'}) 06:18:23 executing program 5: socket$inet_udp(0x2, 0x2, 0x0) (async) socketpair(0x18, 0x1, 0x1, &(0x7f0000000080)={0xffffffffffffffff}) setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x48b, &(0x7f00000000c0)={0x0, 'veth0_virt_wifi\x00', 0x1}, 0x18) (async) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100), 0x6088c3, 0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r2, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r3}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r3, &(0x7f0000000140)={0x2010}) [ 1420.367902] ? trace_hardirqs_on+0x10/0x10 [ 1420.372223] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1420.377325] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1420.382346] block_ioctl+0xd9/0x120 [ 1420.385969] ? blkdev_fallocate+0x3a0/0x3a0 [ 1420.390288] do_vfs_ioctl+0x75a/0xff0 [ 1420.394088] ? lock_acquire+0x170/0x3f0 [ 1420.398057] ? ioctl_preallocate+0x1a0/0x1a0 [ 1420.402464] ? __fget+0x265/0x3e0 [ 1420.405912] ? do_vfs_ioctl+0xff0/0xff0 [ 1420.409883] ? security_file_ioctl+0x83/0xb0 [ 1420.414289] SyS_ioctl+0x7f/0xb0 [ 1420.417649] ? do_vfs_ioctl+0xff0/0xff0 [ 1420.421708] do_syscall_64+0x1d5/0x640 [ 1420.425598] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1420.430777] RIP: 0033:0x7f5650cf9037 [ 1420.434572] RSP: 002b:00007f564f66df28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1420.442271] RAX: ffffffffffffffda RBX: 00007f5650d42a20 RCX: 00007f5650cf9037 [ 1420.449533] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1420.456779] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f564f66e1d0 [ 1420.464026] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1420.471279] R13: 0000000000000004 R14: 0000000020000240 R15: 0000000000000000 [ 1420.502517] FAULT_INJECTION: forcing a failure. [ 1420.502517] name failslab, interval 1, probability 0, space 0, times 0 06:18:23 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 36) 06:18:23 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0xe, {0x2, 0x0, @local}, 'veth0\x00'}) 06:18:23 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$IP_VS_SO_SET_STOPDAEMON(0xffffffffffffffff, 0x0, 0x48c, &(0x7f0000000040)={0x2, 'netdevsim0\x00'}, 0x18) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @empty}, {}, 0x4, {0x2, 0x0, @empty}, 'veth0\x00'}) 06:18:23 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf25", @ANYRES32], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:23 executing program 2: socket$l2tp(0x2, 0x2, 0x73) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r1}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r2, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r3}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) getsockopt$inet_IP_IPSEC_POLICY(r3, 0x0, 0x10, &(0x7f0000000240)={{{@in6=@initdev, @in=@local}}, {{@in6}, 0x0, @in6=@private2}}, &(0x7f0000000380)=0xe8) r4 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r5 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nbd(&(0x7f0000000340), r6) write$apparmor_current(r5, &(0x7f0000000080)=@profile={'stack ', '\x00'}, 0x7) write$apparmor_current(r4, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) r7 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000000c0), 0x8000, 0x0) ioctl$BINDER_CTL_ADD(r7, 0xc1086201, &(0x7f0000000100)={'binder1\x00'}) socket$l2tp(0x2, 0x2, 0x73) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) (async) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r1}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) (async) sendmsg$NBD_CMD_STATUS(r2, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r3}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) (async) getsockopt$inet_IP_IPSEC_POLICY(r3, 0x0, 0x10, &(0x7f0000000240)={{{@in6=@initdev, @in=@local}}, {{@in6}, 0x0, @in6=@private2}}, &(0x7f0000000380)=0xe8) (async) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$nbd(&(0x7f0000000340), r6) (async) write$apparmor_current(r5, &(0x7f0000000080)=@profile={'stack ', '\x00'}, 0x7) (async) write$apparmor_current(r4, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) (async) openat$hwrng(0xffffffffffffff9c, &(0x7f00000000c0), 0x8000, 0x0) (async) ioctl$BINDER_CTL_ADD(r7, 0xc1086201, &(0x7f0000000100)={'binder1\x00'}) (async) [ 1420.565198] CPU: 0 PID: 31684 Comm: syz-executor.3 Not tainted 4.14.290-syzkaller #0 [ 1420.573104] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1420.582537] Call Trace: [ 1420.585125] dump_stack+0x1b2/0x281 [ 1420.588755] should_fail.cold+0x10a/0x149 [ 1420.592925] should_failslab+0xd6/0x130 [ 1420.596898] kmem_cache_alloc+0x28e/0x3c0 [ 1420.601045] __d_alloc+0x2a/0xa20 [ 1420.604515] ? d_lookup+0x172/0x220 [ 1420.605972] FAULT_INJECTION: forcing a failure. [ 1420.605972] name failslab, interval 1, probability 0, space 0, times 0 [ 1420.608139] d_alloc+0x46/0x240 [ 1420.608154] __lookup_hash+0x101/0x270 [ 1420.608170] filename_create+0x156/0x3f0 [ 1420.630535] ? kern_path_mountpoint+0x40/0x40 [ 1420.635021] SyS_mkdirat+0x95/0x270 [ 1420.638630] ? SyS_mknod+0x30/0x30 [ 1420.642150] ? fput_many+0xe/0x140 [ 1420.645673] ? do_syscall_64+0x4c/0x640 [ 1420.649644] ? SyS_mknod+0x30/0x30 [ 1420.653172] do_syscall_64+0x1d5/0x640 [ 1420.657047] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1420.662218] RIP: 0033:0x7f5ff741a387 [ 1420.665910] RSP: 002b:00007f5ff5d8ff88 EFLAGS: 00000213 ORIG_RAX: 0000000000000102 [ 1420.673688] RAX: ffffffffffffffda RBX: 0000000020000240 RCX: 00007f5ff741a387 [ 1420.680941] RDX: 00000000000001ff RSI: 0000000020000040 RDI: 00000000ffffff9c [ 1420.688194] RBP: 00007f5ff5d901d0 R08: 0000000000000000 R09: 00007f5ff5d901d0 [ 1420.695461] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000020000000 [ 1420.702728] R13: 0000000020000040 R14: 00007f5ff5d8ffe0 R15: 0000000020000280 [ 1420.710010] CPU: 1 PID: 31726 Comm: syz-executor.1 Not tainted 4.14.290-syzkaller #0 [ 1420.717900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1420.727252] Call Trace: [ 1420.729837] dump_stack+0x1b2/0x281 [ 1420.733465] should_fail.cold+0x10a/0x149 [ 1420.737612] should_failslab+0xd6/0x130 [ 1420.741589] kmem_cache_alloc+0x28e/0x3c0 [ 1420.745739] getname_flags+0xc8/0x550 [ 1420.749543] SyS_mkdirat+0x83/0x270 [ 1420.753170] ? SyS_mknod+0x30/0x30 [ 1420.756704] ? fput_many+0xe/0x140 [ 1420.760242] ? do_syscall_64+0x4c/0x640 [ 1420.764210] ? SyS_mknod+0x30/0x30 [ 1420.767753] do_syscall_64+0x1d5/0x640 [ 1420.771647] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1420.776837] RIP: 0033:0x7f5650cf8387 [ 1420.780542] RSP: 002b:00007f564f66df88 EFLAGS: 00000213 ORIG_RAX: 0000000000000102 [ 1420.788246] RAX: ffffffffffffffda RBX: 0000000020000240 RCX: 00007f5650cf8387 [ 1420.795514] RDX: 00000000000001ff RSI: 0000000020000040 RDI: 00000000ffffff9c [ 1420.802778] RBP: 00007f564f66e1d0 R08: 0000000000000000 R09: 00007f564f66e1d0 06:18:23 executing program 3: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 38) 06:18:23 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0xe, {0x2, 0x0, @local}, 'veth0\x00'}) 06:18:23 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) r1 = epoll_create(0x8001) r2 = socket(0x18, 0x800, 0x7) epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r2) setsockopt$inet_sctp6_SCTP_HMAC_IDENT(0xffffffffffffffff, 0x84, 0x16, &(0x7f0000000100)={0x8000000000000008, [0x6, 0x4, 0x3, 0x7ff, 0x9, 0x645]}, 0x10) r3 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r3, &(0x7f0000000080)={0x2000}) write$apparmor_current(r0, &(0x7f00000000c0)=@profile={'changeprofile ', ']-$%\'.\x00'}, 0x15) ioctl$SCSI_IOCTL_START_UNIT(0xffffffffffffffff, 0x5) 06:18:23 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$IP_VS_SO_SET_STOPDAEMON(0xffffffffffffffff, 0x0, 0x48c, &(0x7f0000000040)={0x2, 'netdevsim0\x00'}, 0x18) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @empty}, {}, 0x4, {0x2, 0x0, @empty}, 'veth0\x00'}) [ 1420.810040] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000020000000 [ 1420.817305] R13: 0000000020000040 R14: 00007f564f66dfe0 R15: 0000000020000280 06:18:23 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 37) 06:18:23 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf25", @ANYRES32], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:23 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0xe, {0x2, 0x0, @local}, 'veth0\x00'}) [ 1420.950761] audit: type=1400 audit(1660285103.965:68): apparmor="DENIED" operation="change_profile" info="label not found" error=-2 profile="unconfined" name="]-$%'." pid=31755 comm="syz-executor.2" [ 1420.953173] FAULT_INJECTION: forcing a failure. [ 1420.953173] name failslab, interval 1, probability 0, space 0, times 0 [ 1420.985686] CPU: 1 PID: 31766 Comm: syz-executor.1 Not tainted 4.14.290-syzkaller #0 [ 1420.993581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1421.002931] Call Trace: [ 1421.005518] dump_stack+0x1b2/0x281 [ 1421.009160] should_fail.cold+0x10a/0x149 [ 1421.013311] should_failslab+0xd6/0x130 [ 1421.017286] kmem_cache_alloc_trace+0x29a/0x3d0 [ 1421.021963] ? kobj_ns_drop+0x80/0x80 [ 1421.025765] call_usermodehelper_setup+0x73/0x2e0 [ 1421.030612] kobject_uevent_env+0xc21/0xf30 [ 1421.034943] lo_ioctl+0x11a6/0x1cd0 [ 1421.038570] ? loop_set_status64+0xe0/0xe0 [ 1421.042803] blkdev_ioctl+0x540/0x1830 [ 1421.046687] ? blkpg_ioctl+0x8d0/0x8d0 [ 1421.050575] ? trace_hardirqs_on+0x10/0x10 [ 1421.054817] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1421.059920] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1421.064938] block_ioctl+0xd9/0x120 [ 1421.068560] ? blkdev_fallocate+0x3a0/0x3a0 [ 1421.072888] do_vfs_ioctl+0x75a/0xff0 [ 1421.076690] ? lock_acquire+0x170/0x3f0 [ 1421.080666] ? ioctl_preallocate+0x1a0/0x1a0 [ 1421.085075] ? __fget+0x265/0x3e0 [ 1421.088530] ? do_vfs_ioctl+0xff0/0xff0 [ 1421.092502] ? security_file_ioctl+0x83/0xb0 [ 1421.096919] SyS_ioctl+0x7f/0xb0 06:18:24 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) (async) r1 = epoll_create(0x8001) (async) r2 = socket(0x18, 0x800, 0x7) epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r2) (async) setsockopt$inet_sctp6_SCTP_HMAC_IDENT(0xffffffffffffffff, 0x84, 0x16, &(0x7f0000000100)={0x8000000000000008, [0x6, 0x4, 0x3, 0x7ff, 0x9, 0x645]}, 0x10) (async) r3 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r3, &(0x7f0000000080)={0x2000}) (async) write$apparmor_current(r0, &(0x7f00000000c0)=@profile={'changeprofile ', ']-$%\'.\x00'}, 0x15) ioctl$SCSI_IOCTL_START_UNIT(0xffffffffffffffff, 0x5) 06:18:24 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf25", @ANYRES32], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:24 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$IP_VS_SO_SET_STOPDAEMON(0xffffffffffffffff, 0x0, 0x48c, &(0x7f0000000040)={0x2, 'netdevsim0\x00'}, 0x18) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @empty}, {}, 0x4, {0x2, 0x0, @empty}, 'veth0\x00'}) 06:18:24 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x8c0}, 0x4000000) getsockopt$IPT_SO_GET_REVISION_TARGET(0xffffffffffffffff, 0x0, 0x43, &(0x7f0000000080)={'ipvs\x00'}, &(0x7f00000000c0)=0x1e) 06:18:24 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$IP_VS_SO_SET_STOPDAEMON(r1, 0x0, 0x48c, 0x0, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @empty}, {}, 0x4, {0x2, 0x0, @empty}, 'veth0\x00'}) [ 1421.100281] ? do_vfs_ioctl+0xff0/0xff0 [ 1421.104255] do_syscall_64+0x1d5/0x640 [ 1421.108143] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1421.113329] RIP: 0033:0x7f5650cf9037 [ 1421.117031] RSP: 002b:00007f564f66df28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1421.124735] RAX: ffffffffffffffda RBX: 00007f5650d42a20 RCX: 00007f5650cf9037 [ 1421.132021] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1421.137778] FAULT_INJECTION: forcing a failure. [ 1421.137778] name failslab, interval 1, probability 0, space 0, times 0 [ 1421.139307] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f564f66e1d0 [ 1421.139313] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1421.139318] R13: 0000000000000004 R14: 0000000020000240 R15: 0000000000000000 [ 1421.232545] CPU: 1 PID: 31768 Comm: syz-executor.3 Not tainted 4.14.290-syzkaller #0 [ 1421.240447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1421.249793] Call Trace: [ 1421.252384] dump_stack+0x1b2/0x281 [ 1421.256024] should_fail.cold+0x10a/0x149 [ 1421.260176] should_failslab+0xd6/0x130 [ 1421.264149] kmem_cache_alloc+0x28e/0x3c0 [ 1421.268298] __d_alloc+0x2a/0xa20 [ 1421.271752] ? d_lookup+0x172/0x220 [ 1421.275414] d_alloc+0x46/0x240 [ 1421.278693] __lookup_hash+0x101/0x270 [ 1421.282587] filename_create+0x156/0x3f0 [ 1421.286647] ? kern_path_mountpoint+0x40/0x40 [ 1421.291146] SyS_mkdirat+0x95/0x270 [ 1421.294770] ? SyS_mknod+0x30/0x30 [ 1421.298309] ? fput_many+0xe/0x140 [ 1421.301846] ? do_syscall_64+0x4c/0x640 [ 1421.305821] ? SyS_mknod+0x30/0x30 [ 1421.309362] do_syscall_64+0x1d5/0x640 [ 1421.313258] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1421.318467] RIP: 0033:0x7f5ff741a387 [ 1421.322156] RSP: 002b:00007f5ff5d8ff88 EFLAGS: 00000213 ORIG_RAX: 0000000000000102 06:18:24 executing program 3: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 39) 06:18:24 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYBLOB="010000000000ffdbdf2505", @ANYRES32], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:24 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) (async) r1 = epoll_create(0x8001) (async) r2 = socket(0x18, 0x800, 0x7) epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r2) (async) setsockopt$inet_sctp6_SCTP_HMAC_IDENT(0xffffffffffffffff, 0x84, 0x16, &(0x7f0000000100)={0x8000000000000008, [0x6, 0x4, 0x3, 0x7ff, 0x9, 0x645]}, 0x10) r3 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r3, &(0x7f0000000080)={0x2000}) (async) write$apparmor_current(r0, &(0x7f00000000c0)=@profile={'changeprofile ', ']-$%\'.\x00'}, 0x15) (async) ioctl$SCSI_IOCTL_START_UNIT(0xffffffffffffffff, 0x5) 06:18:24 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) (async) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x8c0}, 0x4000000) getsockopt$IPT_SO_GET_REVISION_TARGET(0xffffffffffffffff, 0x0, 0x43, &(0x7f0000000080)={'ipvs\x00'}, &(0x7f00000000c0)=0x1e) 06:18:24 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$IP_VS_SO_SET_STOPDAEMON(r1, 0x0, 0x48c, 0x0, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @empty}, {}, 0x4, {0x2, 0x0, @empty}, 'veth0\x00'}) 06:18:24 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 38) [ 1421.329943] RAX: ffffffffffffffda RBX: 0000000020000240 RCX: 00007f5ff741a387 [ 1421.337197] RDX: 00000000000001ff RSI: 0000000020000040 RDI: 00000000ffffff9c [ 1421.344463] RBP: 00007f5ff5d901d0 R08: 0000000000000000 R09: 00007f5ff5d901d0 [ 1421.351824] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000020000000 [ 1421.359074] R13: 0000000020000040 R14: 00007f5ff5d8ffe0 R15: 0000000020000280 06:18:24 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x8c0}, 0x4000000) (async) getsockopt$IPT_SO_GET_REVISION_TARGET(0xffffffffffffffff, 0x0, 0x43, &(0x7f0000000080)={'ipvs\x00'}, &(0x7f00000000c0)=0x1e) 06:18:24 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYBLOB="010000000000ffdbdf2505", @ANYRES32], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:24 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$IP_VS_SO_SET_STOPDAEMON(r1, 0x0, 0x48c, 0x0, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @empty}, {}, 0x4, {0x2, 0x0, @empty}, 'veth0\x00'}) [ 1421.469181] FAULT_INJECTION: forcing a failure. [ 1421.469181] name failslab, interval 1, probability 0, space 0, times 0 [ 1421.505083] FAULT_INJECTION: forcing a failure. [ 1421.505083] name failslab, interval 1, probability 0, space 0, times 0 [ 1421.535480] CPU: 0 PID: 31809 Comm: syz-executor.1 Not tainted 4.14.290-syzkaller #0 [ 1421.543381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1421.552735] Call Trace: [ 1421.555322] dump_stack+0x1b2/0x281 [ 1421.558953] should_fail.cold+0x10a/0x149 [ 1421.563105] should_failslab+0xd6/0x130 [ 1421.567081] kmem_cache_alloc+0x28e/0x3c0 [ 1421.571229] ? ext4_sync_fs+0x7e0/0x7e0 [ 1421.575203] ext4_alloc_inode+0x1a/0x640 [ 1421.579270] ? ext4_sync_fs+0x7e0/0x7e0 [ 1421.583251] alloc_inode+0x5d/0x170 [ 1421.586962] new_inode+0x1d/0xf0 [ 1421.590331] __ext4_new_inode+0x360/0x4eb0 [ 1421.594567] ? kmem_cache_free+0x7c/0x2b0 [ 1421.598712] ? putname+0xcd/0x110 [ 1421.602164] ? SyS_mkdirat+0x95/0x270 [ 1421.605961] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1421.611343] ? ext4_free_inode+0x1460/0x1460 [ 1421.615750] ? lock_downgrade+0x740/0x740 [ 1421.619990] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1421.625101] ? dquot_initialize_needed+0x240/0x240 [ 1421.630038] ext4_mkdir+0x2e4/0xbd0 06:18:24 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$IP_VS_SO_SET_STOPDAEMON(r1, 0x0, 0x48c, &(0x7f0000000040)={0x0, 'netdevsim0\x00'}, 0x18) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @empty}, {}, 0x4, {0x2, 0x0, @empty}, 'veth0\x00'}) 06:18:24 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$IP_VS_SO_SET_STOPDAEMON(r1, 0x0, 0x48c, &(0x7f0000000040)={0x0, 'netdevsim0\x00'}, 0x18) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @empty}, {}, 0x4, {0x2, 0x0, @empty}, 'veth0\x00'}) [ 1421.633676] ? ext4_init_dot_dotdot+0x5a0/0x5a0 [ 1421.638348] ? security_inode_mkdir+0xca/0x100 [ 1421.642930] vfs_mkdir+0x463/0x6e0 [ 1421.646475] SyS_mkdirat+0x1fd/0x270 [ 1421.650186] ? SyS_mknod+0x30/0x30 [ 1421.653724] ? fput_many+0xe/0x140 [ 1421.657258] ? do_syscall_64+0x4c/0x640 [ 1421.661225] ? SyS_mknod+0x30/0x30 [ 1421.664767] do_syscall_64+0x1d5/0x640 [ 1421.668669] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1421.673852] RIP: 0033:0x7f5650cf8387 [ 1421.677560] RSP: 002b:00007f564f66df88 EFLAGS: 00000213 ORIG_RAX: 0000000000000102 06:18:24 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000280)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32=r2, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="2fc2ab300e71c77d3033c4e57285e7843fd5aa8cbfa93923dc753b4a395b83482eb9d675c1645a7eba6ee16cad2dc525367d484d3fad50c05978a0719e8a9b720a59d67938d42f792120b950fc9adb25665b47d2b7dc62de75bc86"], 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x54, 0x0, 0x200, 0x70bd2c, 0x25dfdbfc, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x1}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}, @NBD_ATTR_BACKEND_IDENTIFIER={0x5, 0xa, '['}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x4}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x3}, @NBD_ATTR_BACKEND_IDENTIFIER={0x5, 0xa, '\x00'}]}, 0x54}, 0x1, 0x0, 0x0, 0x40}, 0x20000000) getsockopt$EBT_SO_GET_INFO(r2, 0x0, 0x80, &(0x7f0000000080)={'broute\x00', 0x0, 0x0, 0x0, [0x40, 0x1, 0x9, 0x1, 0x7, 0x9]}, &(0x7f0000000100)=0x78) 06:18:24 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYBLOB="010000000000ffdbdf2505", @ANYRES32], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) [ 1421.685266] RAX: ffffffffffffffda RBX: 0000000020000240 RCX: 00007f5650cf8387 [ 1421.692531] RDX: 00000000000001ff RSI: 0000000020000040 RDI: 00000000ffffff9c [ 1421.700056] RBP: 00007f564f66e1d0 R08: 0000000000000000 R09: 00007f564f66e1d0 [ 1421.707321] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000020000000 [ 1421.714583] R13: 0000000020000040 R14: 00007f564f66dfe0 R15: 0000000020000280 [ 1421.734645] CPU: 0 PID: 31810 Comm: syz-executor.3 Not tainted 4.14.290-syzkaller #0 [ 1421.742534] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1421.751886] Call Trace: [ 1421.754477] dump_stack+0x1b2/0x281 [ 1421.758106] should_fail.cold+0x10a/0x149 [ 1421.762261] should_failslab+0xd6/0x130 [ 1421.766237] __kmalloc+0x2c1/0x400 [ 1421.769776] ? ext4_find_extent+0x879/0xbc0 [ 1421.774100] ext4_find_extent+0x879/0xbc0 [ 1421.778283] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1421.783733] ext4_ext_map_blocks+0x19a/0x6b10 [ 1421.788232] ? __lock_acquire+0x5fc/0x3f20 [ 1421.792471] ? __lock_acquire+0x5fc/0x3f20 [ 1421.796714] ? mark_buffer_dirty+0x95/0x480 [ 1421.801062] ? trace_hardirqs_on+0x10/0x10 [ 1421.805293] ? __ext4_handle_dirty_metadata+0x120/0x480 [ 1421.810660] ? ext4_find_delalloc_cluster+0x180/0x180 [ 1421.815850] ? trace_hardirqs_on+0x10/0x10 [ 1421.820085] ? ext4_mark_iloc_dirty+0x1822/0x26a0 [ 1421.824936] ? ext4_es_lookup_extent+0x321/0xac0 [ 1421.829700] ? lock_acquire+0x170/0x3f0 [ 1421.833681] ? lock_acquire+0x170/0x3f0 [ 1421.837655] ? ext4_map_blocks+0x29f/0x1730 [ 1421.841990] ext4_map_blocks+0xb19/0x1730 [ 1421.846141] ? ext4_issue_zeroout+0x150/0x150 [ 1421.850635] ? __ext4_new_inode+0x27c/0x4eb0 [ 1421.855048] ext4_getblk+0x98/0x3f0 [ 1421.858670] ? ext4_iomap_begin+0x7f0/0x7f0 [ 1421.862999] ext4_bread+0x6c/0x1a0 [ 1421.866537] ? ext4_getblk+0x3f0/0x3f0 [ 1421.870419] ? dquot_initialize_needed+0x240/0x240 [ 1421.875353] ext4_append+0x143/0x350 [ 1421.879067] ext4_mkdir+0x4c9/0xbd0 [ 1421.882695] ? ext4_init_dot_dotdot+0x5a0/0x5a0 [ 1421.887366] ? security_inode_mkdir+0xca/0x100 [ 1421.891939] vfs_mkdir+0x463/0x6e0 [ 1421.895464] SyS_mkdirat+0x1fd/0x270 [ 1421.899155] ? SyS_mknod+0x30/0x30 [ 1421.902671] ? fput_many+0xe/0x140 [ 1421.906188] ? do_syscall_64+0x4c/0x640 [ 1421.910145] ? SyS_mknod+0x30/0x30 [ 1421.913665] do_syscall_64+0x1d5/0x640 [ 1421.917554] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1421.922726] RIP: 0033:0x7f5ff741a387 [ 1421.926419] RSP: 002b:00007f5ff5d8ff88 EFLAGS: 00000213 ORIG_RAX: 0000000000000102 06:18:25 executing program 3: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 40) 06:18:25 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000080)=@hat={'changehat ', 0x2, 0x5e, ['*,*)\x00', '/dev/hwrng\x00', '/dev/hwrng\x00', '\x00', '--\\\x00', 'stack ', '$$)(\x00', '/dev/hwrng\x00', '/dev/hwrng\x00', '\x00']}, 0x5f) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040), 0x2000, 0x0) 06:18:25 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$IP_VS_SO_SET_STOPDAEMON(r1, 0x0, 0x48c, &(0x7f0000000040)={0x0, 'netdevsim0\x00'}, 0x18) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @empty}, {}, 0x4, {0x2, 0x0, @empty}, 'veth0\x00'}) 06:18:25 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000280)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32=r2, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="2fc2ab300e71c77d3033c4e57285e7843fd5aa8cbfa93923dc753b4a395b83482eb9d675c1645a7eba6ee16cad2dc525367d484d3fad50c05978a0719e8a9b720a59d67938d42f792120b950fc9adb25665b47d2b7dc62de75bc86"], 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) (async) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x54, 0x0, 0x200, 0x70bd2c, 0x25dfdbfc, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x1}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}, @NBD_ATTR_BACKEND_IDENTIFIER={0x5, 0xa, '['}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x4}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x3}, @NBD_ATTR_BACKEND_IDENTIFIER={0x5, 0xa, '\x00'}]}, 0x54}, 0x1, 0x0, 0x0, 0x40}, 0x20000000) getsockopt$EBT_SO_GET_INFO(r2, 0x0, 0x80, &(0x7f0000000080)={'broute\x00', 0x0, 0x0, 0x0, [0x40, 0x1, 0x9, 0x1, 0x7, 0x9]}, &(0x7f0000000100)=0x78) 06:18:25 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000000ffdbdf2505", @ANYRES32], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:25 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 39) [ 1421.934118] RAX: ffffffffffffffda RBX: 0000000020000240 RCX: 00007f5ff741a387 [ 1421.941374] RDX: 00000000000001ff RSI: 0000000020000040 RDI: 00000000ffffff9c [ 1421.948772] RBP: 00007f5ff5d901d0 R08: 0000000000000000 R09: 00007f5ff5d901d0 [ 1421.956036] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000020000000 [ 1421.963296] R13: 0000000020000040 R14: 00007f5ff5d8ffe0 R15: 0000000020000280 06:18:25 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) (rerun: 32) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000280)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32=r2, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="2fc2ab300e71c77d3033c4e57285e7843fd5aa8cbfa93923dc753b4a395b83482eb9d675c1645a7eba6ee16cad2dc525367d484d3fad50c05978a0719e8a9b720a59d67938d42f792120b950fc9adb25665b47d2b7dc62de75bc86"], 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) (async, rerun: 64) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x54, 0x0, 0x200, 0x70bd2c, 0x25dfdbfc, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x1}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}, @NBD_ATTR_BACKEND_IDENTIFIER={0x5, 0xa, '['}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x4}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x3}, @NBD_ATTR_BACKEND_IDENTIFIER={0x5, 0xa, '\x00'}]}, 0x54}, 0x1, 0x0, 0x0, 0x40}, 0x20000000) (rerun: 64) getsockopt$EBT_SO_GET_INFO(r2, 0x0, 0x80, &(0x7f0000000080)={'broute\x00', 0x0, 0x0, 0x0, [0x40, 0x1, 0x9, 0x1, 0x7, 0x9]}, &(0x7f0000000100)=0x78) 06:18:25 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$IP_VS_SO_SET_STOPDAEMON(r1, 0x0, 0x48c, &(0x7f0000000040)={0x2, 'netdevsim0\x00'}, 0x18) socket$inet_sctp(0x2, 0x0, 0x84) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @empty}, {}, 0x4, {0x2, 0x0, @empty}, 'veth0\x00'}) 06:18:25 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000080)=@hat={'changehat ', 0x2, 0x5e, ['*,*)\x00', '/dev/hwrng\x00', '/dev/hwrng\x00', '\x00', '--\\\x00', 'stack ', '$$)(\x00', '/dev/hwrng\x00', '/dev/hwrng\x00', '\x00']}, 0x5f) (async, rerun: 64) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040), 0x2000, 0x0) (rerun: 64) [ 1422.066208] audit: type=1400 audit(1660285105.085:69): apparmor="DENIED" operation="change_hat" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=31857 comm="syz-executor.2" 06:18:25 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000000ffdbdf2505", @ANYRES32], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) [ 1422.109363] FAULT_INJECTION: forcing a failure. [ 1422.109363] name failslab, interval 1, probability 0, space 0, times 0 [ 1422.123450] FAULT_INJECTION: forcing a failure. [ 1422.123450] name failslab, interval 1, probability 0, space 0, times 0 [ 1422.134910] CPU: 0 PID: 31876 Comm: syz-executor.3 Not tainted 4.14.290-syzkaller #0 [ 1422.142791] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1422.152148] Call Trace: [ 1422.154745] dump_stack+0x1b2/0x281 [ 1422.158400] should_fail.cold+0x10a/0x149 [ 1422.162557] should_failslab+0xd6/0x130 [ 1422.166539] kmem_cache_alloc+0x40/0x3c0 [ 1422.170601] __es_insert_extent+0x338/0x1360 [ 1422.175009] ? __es_shrink+0x8c0/0x8c0 [ 1422.178900] ? lock_acquire+0x170/0x3f0 [ 1422.182866] ? ext4_es_insert_extent+0x11f/0x530 [ 1422.187627] ext4_es_insert_extent+0x1b9/0x530 [ 1422.192218] ? ext4_es_find_delayed_extent_range+0x930/0x930 [ 1422.198020] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1422.203471] ? ext4_es_find_delayed_extent_range+0x646/0x930 [ 1422.209267] ext4_ext_map_blocks+0x1e2c/0x6b10 [ 1422.213846] ? __lock_acquire+0x5fc/0x3f20 [ 1422.218081] ? __lock_acquire+0x5fc/0x3f20 [ 1422.222323] ? mark_buffer_dirty+0x95/0x480 [ 1422.226638] ? trace_hardirqs_on+0x10/0x10 [ 1422.230867] ? __ext4_handle_dirty_metadata+0x120/0x480 [ 1422.236266] ? ext4_find_delalloc_cluster+0x180/0x180 [ 1422.241457] ? trace_hardirqs_on+0x10/0x10 [ 1422.245692] ? ext4_mark_iloc_dirty+0x1822/0x26a0 [ 1422.250544] ? ext4_es_lookup_extent+0x321/0xac0 [ 1422.255302] ? lock_acquire+0x170/0x3f0 [ 1422.259277] ? lock_acquire+0x170/0x3f0 [ 1422.263249] ? ext4_map_blocks+0x29f/0x1730 [ 1422.267571] ext4_map_blocks+0xb19/0x1730 [ 1422.271725] ? ext4_issue_zeroout+0x150/0x150 [ 1422.276212] ? __ext4_new_inode+0x27c/0x4eb0 [ 1422.280620] ext4_getblk+0x98/0x3f0 [ 1422.284240] ? ext4_iomap_begin+0x7f0/0x7f0 [ 1422.288654] ext4_bread+0x6c/0x1a0 [ 1422.292188] ? ext4_getblk+0x3f0/0x3f0 [ 1422.296079] ? dquot_initialize_needed+0x240/0x240 [ 1422.301008] ext4_append+0x143/0x350 [ 1422.304723] ext4_mkdir+0x4c9/0xbd0 [ 1422.308391] ? ext4_init_dot_dotdot+0x5a0/0x5a0 [ 1422.313062] ? security_inode_mkdir+0xca/0x100 [ 1422.317642] vfs_mkdir+0x463/0x6e0 [ 1422.321182] SyS_mkdirat+0x1fd/0x270 [ 1422.324897] ? SyS_mknod+0x30/0x30 [ 1422.328436] ? fput_many+0xe/0x140 [ 1422.331990] ? do_syscall_64+0x4c/0x640 [ 1422.335954] ? SyS_mknod+0x30/0x30 [ 1422.339492] do_syscall_64+0x1d5/0x640 [ 1422.343381] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1422.348564] RIP: 0033:0x7f5ff741a387 [ 1422.352261] RSP: 002b:00007f5ff5d8ff88 EFLAGS: 00000213 ORIG_RAX: 0000000000000102 [ 1422.359971] RAX: ffffffffffffffda RBX: 0000000020000240 RCX: 00007f5ff741a387 [ 1422.367311] RDX: 00000000000001ff RSI: 0000000020000040 RDI: 00000000ffffff9c [ 1422.374562] RBP: 00007f5ff5d901d0 R08: 0000000000000000 R09: 00007f5ff5d901d0 [ 1422.381815] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000020000000 [ 1422.389065] R13: 0000000020000040 R14: 00007f5ff5d8ffe0 R15: 0000000020000280 [ 1422.396335] CPU: 1 PID: 31868 Comm: syz-executor.1 Not tainted 4.14.290-syzkaller #0 [ 1422.404222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1422.410583] audit: type=1400 audit(1660285105.155:70): apparmor="DENIED" operation="change_hat" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=31875 comm="syz-executor.2" [ 1422.413566] Call Trace: [ 1422.413582] dump_stack+0x1b2/0x281 [ 1422.413594] should_fail.cold+0x10a/0x149 [ 1422.413607] should_failslab+0xd6/0x130 [ 1422.413618] kmem_cache_alloc+0x28e/0x3c0 [ 1422.413628] ? ext4_sync_fs+0x7e0/0x7e0 [ 1422.413637] ext4_alloc_inode+0x1a/0x640 [ 1422.413648] ? ext4_sync_fs+0x7e0/0x7e0 [ 1422.449351] audit: type=1400 audit(1660285105.155:71): apparmor="DENIED" operation="change_hat" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=31875 comm="syz-executor.2" [ 1422.449486] alloc_inode+0x5d/0x170 [ 1422.453576] audit: type=1400 audit(1660285105.155:72): apparmor="DENIED" operation="change_hat" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=31875 comm="syz-executor.2" [ 1422.457479] new_inode+0x1d/0xf0 [ 1422.457492] __ext4_new_inode+0x360/0x4eb0 [ 1422.457503] ? kmem_cache_free+0x7c/0x2b0 [ 1422.461533] audit: type=1400 audit(1660285105.155:73): apparmor="DENIED" operation="change_hat" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=31875 comm="syz-executor.2" [ 1422.478860] ? putname+0xcd/0x110 [ 1422.478870] ? SyS_mkdirat+0x95/0x270 [ 1422.478880] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1422.478896] ? ext4_free_inode+0x1460/0x1460 [ 1422.478905] ? lock_downgrade+0x740/0x740 [ 1422.478919] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1422.478928] ? dquot_initialize_needed+0x240/0x240 06:18:25 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) setsockopt$IPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x41, &(0x7f0000000080)={'nat\x00', 0x3, [{}, {}, {}]}, 0x58) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000100)={{0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x306, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x11}}, 0x42, {0x2, 0x4e21, @local}, 'netdevsim0\x00'}) 06:18:25 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000080)=@hat={'changehat ', 0x2, 0x5e, ['*,*)\x00', '/dev/hwrng\x00', '/dev/hwrng\x00', '\x00', '--\\\x00', 'stack ', '$$)(\x00', '/dev/hwrng\x00', '/dev/hwrng\x00', '\x00']}, 0x5f) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040), 0x2000, 0x0) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async) write$apparmor_current(r0, &(0x7f0000000080)=@hat={'changehat ', 0x2, 0x5e, ['*,*)\x00', '/dev/hwrng\x00', '/dev/hwrng\x00', '\x00', '--\\\x00', 'stack ', '$$)(\x00', '/dev/hwrng\x00', '/dev/hwrng\x00', '\x00']}, 0x5f) (async) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040), 0x2000, 0x0) (async) 06:18:25 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000000ffdbdf2505", @ANYRES32], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) [ 1422.478946] ext4_mkdir+0x2e4/0xbd0 [ 1422.482726] audit: type=1400 audit(1660285105.155:74): apparmor="DENIED" operation="change_hat" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=31875 comm="syz-executor.2" [ 1422.500002] ? ext4_init_dot_dotdot+0x5a0/0x5a0 [ 1422.500017] ? security_inode_mkdir+0xca/0x100 [ 1422.500028] vfs_mkdir+0x463/0x6e0 [ 1422.500041] SyS_mkdirat+0x1fd/0x270 [ 1422.500051] ? SyS_mknod+0x30/0x30 [ 1422.500059] ? fput_many+0xe/0x140 [ 1422.500070] ? do_syscall_64+0x4c/0x640 [ 1422.505096] audit: type=1400 audit(1660285105.155:75): apparmor="DENIED" operation="change_hat" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=31875 comm="syz-executor.2" [ 1422.507629] ? SyS_mknod+0x30/0x30 [ 1422.507642] do_syscall_64+0x1d5/0x640 [ 1422.507656] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1422.514078] audit: type=1400 audit(1660285105.155:76): apparmor="DENIED" operation="change_hat" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=31875 comm="syz-executor.2" [ 1422.529194] RIP: 0033:0x7f5650cf8387 [ 1422.529201] RSP: 002b:00007f564f66df88 EFLAGS: 00000213 ORIG_RAX: 0000000000000102 [ 1422.529211] RAX: ffffffffffffffda RBX: 0000000020000240 RCX: 00007f5650cf8387 [ 1422.529215] RDX: 00000000000001ff RSI: 0000000020000040 RDI: 00000000ffffff9c [ 1422.529220] RBP: 00007f564f66e1d0 R08: 0000000000000000 R09: 00007f564f66e1d0 [ 1422.529225] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000020000000 [ 1422.529230] R13: 0000000020000040 R14: 00007f564f66dfe0 R15: 0000000020000280 [ 1422.748790] audit: type=1400 audit(1660285105.155:77): apparmor="DENIED" operation="change_hat" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=31875 comm="syz-executor.2" 06:18:25 executing program 3: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 41) 06:18:25 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYRES16=r1, @ANYBLOB="010000000000ffdbdf2505", @ANYRES32], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:25 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) 06:18:25 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) setsockopt$IPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x41, &(0x7f0000000080)={'nat\x00', 0x3, [{}, {}, {}]}, 0x58) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000100)={{0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x306, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x11}}, 0x42, {0x2, 0x4e21, @local}, 'netdevsim0\x00'}) socket$inet_udp(0x2, 0x2, 0x0) (async) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) (async) setsockopt$IPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x41, &(0x7f0000000080)={'nat\x00', 0x3, [{}, {}, {}]}, 0x58) (async) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000100)={{0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x306, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x11}}, 0x42, {0x2, 0x4e21, @local}, 'netdevsim0\x00'}) (async) 06:18:25 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$IP_VS_SO_SET_STOPDAEMON(r1, 0x0, 0x48c, &(0x7f0000000040)={0x2, 'netdevsim0\x00'}, 0x18) socket$inet_sctp(0x2, 0x0, 0x84) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @empty}, {}, 0x4, {0x2, 0x0, @empty}, 'veth0\x00'}) 06:18:25 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 40) 06:18:25 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYRES16=r1, @ANYBLOB="010000000000ffdbdf2505", @ANYRES32], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:25 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) 06:18:25 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) setsockopt$IPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x41, &(0x7f0000000080)={'nat\x00', 0x3, [{}, {}, {}]}, 0x58) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000100)={{0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x306, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x11}}, 0x42, {0x2, 0x4e21, @local}, 'netdevsim0\x00'}) socket$inet_udp(0x2, 0x2, 0x0) (async) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) (async) setsockopt$IPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x41, &(0x7f0000000080)={'nat\x00', 0x3, [{}, {}, {}]}, 0x58) (async) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000100)={{0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x306, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x11}}, 0x42, {0x2, 0x4e21, @local}, 'netdevsim0\x00'}) (async) [ 1422.933043] FAULT_INJECTION: forcing a failure. [ 1422.933043] name failslab, interval 1, probability 0, space 0, times 0 [ 1422.944428] CPU: 0 PID: 31935 Comm: syz-executor.3 Not tainted 4.14.290-syzkaller #0 [ 1422.946533] FAULT_INJECTION: forcing a failure. [ 1422.946533] name failslab, interval 1, probability 0, space 0, times 0 [ 1422.952301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1422.952327] Call Trace: [ 1422.952342] dump_stack+0x1b2/0x281 [ 1422.952359] should_fail.cold+0x10a/0x149 [ 1422.983269] should_failslab+0xd6/0x130 [ 1422.987257] kmem_cache_alloc+0x40/0x3c0 [ 1422.991321] __es_insert_extent+0x338/0x1360 [ 1422.995727] ? __es_shrink+0x8c0/0x8c0 [ 1422.999616] ? lock_acquire+0x170/0x3f0 [ 1423.003584] ? ext4_es_insert_extent+0x11f/0x530 [ 1423.008340] ext4_es_insert_extent+0x1b9/0x530 [ 1423.012922] ? ext4_es_find_delayed_extent_range+0x930/0x930 [ 1423.018716] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1423.024166] ? ext4_es_find_delayed_extent_range+0x646/0x930 [ 1423.029963] ext4_ext_map_blocks+0x1e2c/0x6b10 [ 1423.034542] ? __lock_acquire+0x5fc/0x3f20 [ 1423.038769] ? __lock_acquire+0x5fc/0x3f20 [ 1423.042999] ? mark_buffer_dirty+0x95/0x480 [ 1423.047321] ? trace_hardirqs_on+0x10/0x10 [ 1423.051551] ? __ext4_handle_dirty_metadata+0x120/0x480 [ 1423.056904] ? ext4_find_delalloc_cluster+0x180/0x180 [ 1423.062103] ? trace_hardirqs_on+0x10/0x10 [ 1423.066331] ? ext4_mark_iloc_dirty+0x1822/0x26a0 [ 1423.071168] ? ext4_es_lookup_extent+0x321/0xac0 [ 1423.075910] ? lock_acquire+0x170/0x3f0 [ 1423.080131] ? lock_acquire+0x170/0x3f0 [ 1423.084084] ? ext4_map_blocks+0x29f/0x1730 [ 1423.088396] ext4_map_blocks+0xb19/0x1730 [ 1423.092543] ? ext4_issue_zeroout+0x150/0x150 [ 1423.097021] ? __ext4_new_inode+0x27c/0x4eb0 [ 1423.101425] ext4_getblk+0x98/0x3f0 [ 1423.105035] ? ext4_iomap_begin+0x7f0/0x7f0 [ 1423.109373] ext4_bread+0x6c/0x1a0 [ 1423.112947] ? ext4_getblk+0x3f0/0x3f0 [ 1423.116815] ? dquot_initialize_needed+0x240/0x240 [ 1423.121727] ext4_append+0x143/0x350 [ 1423.125423] ext4_mkdir+0x4c9/0xbd0 [ 1423.129034] ? ext4_init_dot_dotdot+0x5a0/0x5a0 [ 1423.133700] ? security_inode_mkdir+0xca/0x100 [ 1423.138278] vfs_mkdir+0x463/0x6e0 [ 1423.141811] SyS_mkdirat+0x1fd/0x270 [ 1423.145505] ? SyS_mknod+0x30/0x30 [ 1423.149031] ? fput_many+0xe/0x140 [ 1423.152551] ? do_syscall_64+0x4c/0x640 [ 1423.156505] ? SyS_mknod+0x30/0x30 [ 1423.160028] do_syscall_64+0x1d5/0x640 [ 1423.163901] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1423.169070] RIP: 0033:0x7f5ff741a387 [ 1423.172781] RSP: 002b:00007f5ff5d8ff88 EFLAGS: 00000213 ORIG_RAX: 0000000000000102 [ 1423.180475] RAX: ffffffffffffffda RBX: 0000000020000240 RCX: 00007f5ff741a387 [ 1423.187735] RDX: 00000000000001ff RSI: 0000000020000040 RDI: 00000000ffffff9c [ 1423.194987] RBP: 00007f5ff5d901d0 R08: 0000000000000000 R09: 00007f5ff5d901d0 [ 1423.202237] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000020000000 [ 1423.209490] R13: 0000000020000040 R14: 00007f5ff5d8ffe0 R15: 0000000020000280 [ 1423.216759] CPU: 1 PID: 31942 Comm: syz-executor.1 Not tainted 4.14.290-syzkaller #0 [ 1423.224640] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1423.233984] Call Trace: [ 1423.236564] dump_stack+0x1b2/0x281 [ 1423.240196] should_fail.cold+0x10a/0x149 [ 1423.244347] should_failslab+0xd6/0x130 [ 1423.248321] kmem_cache_alloc+0x28e/0x3c0 [ 1423.252468] ext4_mb_new_blocks+0x514/0x3db0 [ 1423.256878] ? ext4_find_extent+0x6f7/0xbc0 [ 1423.261201] ? ext4_ext_search_right+0x2bc/0xaa0 [ 1423.265955] ? ext4_inode_to_goal_block+0x29a/0x3b0 [ 1423.270973] ext4_ext_map_blocks+0x2845/0x6b10 [ 1423.275559] ? __lock_acquire+0x5fc/0x3f20 [ 1423.279793] ? mark_buffer_dirty+0x95/0x480 06:18:26 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) [ 1423.284124] ? trace_hardirqs_on+0x10/0x10 [ 1423.288351] ? __ext4_handle_dirty_metadata+0x120/0x480 [ 1423.293714] ? ext4_find_delalloc_cluster+0x180/0x180 [ 1423.298903] ? trace_hardirqs_on+0x10/0x10 [ 1423.303131] ? ext4_mark_iloc_dirty+0x1822/0x26a0 [ 1423.307981] ? ext4_es_lookup_extent+0x321/0xac0 [ 1423.312737] ? lock_acquire+0x170/0x3f0 [ 1423.316719] ext4_map_blocks+0x675/0x1730 [ 1423.320869] ? ext4_issue_zeroout+0x150/0x150 [ 1423.325363] ? __ext4_new_inode+0x27c/0x4eb0 [ 1423.329778] ext4_getblk+0x98/0x3f0 06:18:26 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) getsockopt$IPT_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x40, &(0x7f00000000c0)={'raw\x00', 0x0, [0x1ff, 0xb24, 0x6, 0xb2f, 0x101]}, &(0x7f0000000140)=0x54) syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, &(0x7f0000000080)={0x20000000}) 06:18:26 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) getsockopt$IPT_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x40, &(0x7f00000000c0)={'raw\x00', 0x0, [0x1ff, 0xb24, 0x6, 0xb2f, 0x101]}, &(0x7f0000000140)=0x54) (async) syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, &(0x7f0000000080)={0x20000000}) [ 1423.333408] ? ext4_iomap_begin+0x7f0/0x7f0 [ 1423.337732] ext4_bread+0x6c/0x1a0 [ 1423.341281] ? ext4_getblk+0x3f0/0x3f0 [ 1423.345162] ? dquot_initialize_needed+0x240/0x240 [ 1423.350094] ext4_append+0x143/0x350 [ 1423.353816] ext4_mkdir+0x4c9/0xbd0 [ 1423.357531] ? ext4_init_dot_dotdot+0x5a0/0x5a0 [ 1423.362200] ? security_inode_mkdir+0xca/0x100 [ 1423.366780] vfs_mkdir+0x463/0x6e0 [ 1423.370317] SyS_mkdirat+0x1fd/0x270 [ 1423.374028] ? SyS_mknod+0x30/0x30 [ 1423.377563] ? fput_many+0xe/0x140 [ 1423.381095] ? do_syscall_64+0x4c/0x640 [ 1423.385079] ? SyS_mknod+0x30/0x30 [ 1423.388618] do_syscall_64+0x1d5/0x640 [ 1423.392508] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1423.397689] RIP: 0033:0x7f5650cf8387 [ 1423.401392] RSP: 002b:00007f564f66df88 EFLAGS: 00000213 ORIG_RAX: 0000000000000102 [ 1423.409093] RAX: ffffffffffffffda RBX: 0000000020000240 RCX: 00007f5650cf8387 [ 1423.416355] RDX: 00000000000001ff RSI: 0000000020000040 RDI: 00000000ffffff9c [ 1423.423621] RBP: 00007f564f66e1d0 R08: 0000000000000000 R09: 00007f564f66e1d0 06:18:26 executing program 3: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 42) 06:18:26 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) getsockopt$IPT_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x40, &(0x7f00000000c0)={'raw\x00', 0x0, [0x1ff, 0xb24, 0x6, 0xb2f, 0x101]}, &(0x7f0000000140)=0x54) syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, &(0x7f0000000080)={0x20000000}) 06:18:26 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYRES16=r1, @ANYBLOB="010000000000ffdbdf2505", @ANYRES32], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:26 executing program 5: socket$inet_udp(0x2, 0x2, 0x0) r0 = socket(0x26, 0x4, 0x95a8) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'netpci0\x00'}) 06:18:26 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$IP_VS_SO_SET_STOPDAEMON(r1, 0x0, 0x48c, &(0x7f0000000040)={0x2, 'netdevsim0\x00'}, 0x18) socket$inet_sctp(0x2, 0x0, 0x84) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @empty}, {}, 0x4, {0x2, 0x0, @empty}, 'veth0\x00'}) 06:18:26 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 41) [ 1423.430883] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000020000000 [ 1423.438146] R13: 0000000020000040 R14: 00007f564f66dfe0 R15: 0000000020000280 06:18:26 executing program 5: socket$inet_udp(0x2, 0x2, 0x0) r0 = socket(0x26, 0x4, 0x95a8) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'netpci0\x00'}) socket$inet_udp(0x2, 0x2, 0x0) (async) socket(0x26, 0x4, 0x95a8) (async) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'netpci0\x00'}) (async) 06:18:26 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB, @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf2505", @ANYRES32], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) [ 1423.560606] FAULT_INJECTION: forcing a failure. [ 1423.560606] name failslab, interval 1, probability 0, space 0, times 0 [ 1423.589259] FAULT_INJECTION: forcing a failure. [ 1423.589259] name failslab, interval 1, probability 0, space 0, times 0 [ 1423.596653] CPU: 1 PID: 31991 Comm: syz-executor.1 Not tainted 4.14.290-syzkaller #0 [ 1423.608342] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1423.617686] Call Trace: [ 1423.620271] dump_stack+0x1b2/0x281 [ 1423.623901] should_fail.cold+0x10a/0x149 [ 1423.628044] should_failslab+0xd6/0x130 [ 1423.632019] __kmalloc+0x2c1/0x400 [ 1423.635555] ? ext4_find_extent+0x879/0xbc0 [ 1423.639872] ext4_find_extent+0x879/0xbc0 [ 1423.644017] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1423.649455] ext4_ext_map_blocks+0x19a/0x6b10 [ 1423.653941] ? __lock_acquire+0x5fc/0x3f20 [ 1423.658162] ? mark_buffer_dirty+0x95/0x480 [ 1423.662474] ? trace_hardirqs_on+0x10/0x10 [ 1423.666699] ? __ext4_handle_dirty_metadata+0x120/0x480 [ 1423.672145] ? ext4_find_delalloc_cluster+0x180/0x180 [ 1423.677331] ? trace_hardirqs_on+0x10/0x10 [ 1423.681560] ? ext4_mark_iloc_dirty+0x1822/0x26a0 [ 1423.686408] ? ext4_es_lookup_extent+0x321/0xac0 [ 1423.691163] ? lock_acquire+0x170/0x3f0 [ 1423.695131] ? lock_acquire+0x170/0x3f0 [ 1423.699098] ? ext4_map_blocks+0x623/0x1730 [ 1423.703423] ext4_map_blocks+0x675/0x1730 [ 1423.707571] ? ext4_issue_zeroout+0x150/0x150 [ 1423.712056] ? __ext4_new_inode+0x27c/0x4eb0 [ 1423.716465] ext4_getblk+0x98/0x3f0 [ 1423.720085] ? ext4_iomap_begin+0x7f0/0x7f0 [ 1423.724408] ext4_bread+0x6c/0x1a0 [ 1423.727936] ? ext4_getblk+0x3f0/0x3f0 [ 1423.731810] ? dquot_initialize_needed+0x240/0x240 [ 1423.736734] ext4_append+0x143/0x350 [ 1423.740619] ext4_mkdir+0x4c9/0xbd0 [ 1423.744336] ? ext4_init_dot_dotdot+0x5a0/0x5a0 [ 1423.749010] ? security_inode_mkdir+0xca/0x100 [ 1423.753591] vfs_mkdir+0x463/0x6e0 [ 1423.757132] SyS_mkdirat+0x1fd/0x270 06:18:26 executing program 4: socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000040)={0x2, 'netdevsim0\x00'}, 0x18) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @empty}, {}, 0x4, {0x2, 0x0, @empty}, 'veth0\x00'}) 06:18:26 executing program 2: personality(0x40000) r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) [ 1423.760844] ? SyS_mknod+0x30/0x30 [ 1423.764366] ? fput_many+0xe/0x140 [ 1423.767892] ? do_syscall_64+0x4c/0x640 [ 1423.771849] ? SyS_mknod+0x30/0x30 [ 1423.775380] do_syscall_64+0x1d5/0x640 [ 1423.779268] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1423.784450] RIP: 0033:0x7f5650cf8387 [ 1423.788149] RSP: 002b:00007f564f66df88 EFLAGS: 00000213 ORIG_RAX: 0000000000000102 [ 1423.795965] RAX: ffffffffffffffda RBX: 0000000020000240 RCX: 00007f5650cf8387 [ 1423.803256] RDX: 00000000000001ff RSI: 0000000020000040 RDI: 00000000ffffff9c [ 1423.810518] RBP: 00007f564f66e1d0 R08: 0000000000000000 R09: 00007f564f66e1d0 [ 1423.817785] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000020000000 [ 1423.825044] R13: 0000000020000040 R14: 00007f564f66dfe0 R15: 0000000020000280 [ 1423.832310] CPU: 0 PID: 31999 Comm: syz-executor.3 Not tainted 4.14.290-syzkaller #0 [ 1423.840186] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1423.849530] Call Trace: [ 1423.852120] dump_stack+0x1b2/0x281 [ 1423.855776] should_fail.cold+0x10a/0x149 06:18:26 executing program 5: socket$inet_udp(0x2, 0x2, 0x0) (async) r0 = socket(0x26, 0x4, 0x95a8) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'netpci0\x00'}) 06:18:26 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) socket$inet6_udplite(0xa, 0x2, 0x88) [ 1423.859925] should_failslab+0xd6/0x130 [ 1423.863898] kmem_cache_alloc+0x28e/0x3c0 [ 1423.868043] ext4_mb_new_blocks+0x514/0x3db0 [ 1423.872452] ? ext4_find_extent+0x6f7/0xbc0 [ 1423.876866] ? ext4_ext_search_right+0x2bc/0xaa0 [ 1423.881617] ? ext4_inode_to_goal_block+0x29a/0x3b0 [ 1423.886634] ext4_ext_map_blocks+0x2845/0x6b10 [ 1423.891224] ? __lock_acquire+0x5fc/0x3f20 [ 1423.895465] ? mark_buffer_dirty+0x95/0x480 [ 1423.899781] ? trace_hardirqs_on+0x10/0x10 [ 1423.904010] ? __ext4_handle_dirty_metadata+0x120/0x480 [ 1423.909370] ? ext4_find_delalloc_cluster+0x180/0x180 [ 1423.914556] ? trace_hardirqs_on+0x10/0x10 [ 1423.918790] ? ext4_mark_iloc_dirty+0x1822/0x26a0 [ 1423.923644] ? ext4_es_lookup_extent+0x321/0xac0 [ 1423.928402] ? lock_acquire+0x170/0x3f0 [ 1423.932387] ext4_map_blocks+0x675/0x1730 [ 1423.936539] ? ext4_issue_zeroout+0x150/0x150 [ 1423.941027] ? __ext4_new_inode+0x27c/0x4eb0 [ 1423.945448] ext4_getblk+0x98/0x3f0 [ 1423.949071] ? ext4_iomap_begin+0x7f0/0x7f0 [ 1423.953393] ext4_bread+0x6c/0x1a0 [ 1423.956930] ? ext4_getblk+0x3f0/0x3f0 [ 1423.960811] ? dquot_initialize_needed+0x240/0x240 [ 1423.965740] ext4_append+0x143/0x350 [ 1423.969453] ext4_mkdir+0x4c9/0xbd0 [ 1423.973078] ? ext4_init_dot_dotdot+0x5a0/0x5a0 [ 1423.977751] ? security_inode_mkdir+0xca/0x100 [ 1423.982322] vfs_mkdir+0x463/0x6e0 [ 1423.985976] SyS_mkdirat+0x1fd/0x270 [ 1423.989683] ? SyS_mknod+0x30/0x30 [ 1423.993201] ? fput_many+0xe/0x140 [ 1423.996716] ? do_syscall_64+0x4c/0x640 [ 1424.000671] ? SyS_mknod+0x30/0x30 [ 1424.004196] do_syscall_64+0x1d5/0x640 [ 1424.008078] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1424.013252] RIP: 0033:0x7f5ff741a387 [ 1424.016954] RSP: 002b:00007f5ff5d8ff88 EFLAGS: 00000213 ORIG_RAX: 0000000000000102 [ 1424.024649] RAX: ffffffffffffffda RBX: 0000000020000240 RCX: 00007f5ff741a387 [ 1424.031896] RDX: 00000000000001ff RSI: 0000000020000040 RDI: 00000000ffffff9c [ 1424.039143] RBP: 00007f5ff5d901d0 R08: 0000000000000000 R09: 00007f5ff5d901d0 [ 1424.046392] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000020000000 [ 1424.053638] R13: 0000000020000040 R14: 00007f5ff5d8ffe0 R15: 0000000020000280 06:18:27 executing program 3: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 43) 06:18:27 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) socket$inet6_udplite(0xa, 0x2, 0x88) 06:18:27 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB, @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf2505", @ANYRES32], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:27 executing program 4: socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000040)={0x2, 'netdevsim0\x00'}, 0x18) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @empty}, {}, 0x4, {0x2, 0x0, @empty}, 'veth0\x00'}) 06:18:27 executing program 2: personality(0x40000) (async) r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) 06:18:27 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 42) 06:18:27 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udp(0x2, 0x2, 0x0) (async) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) (async) socket$inet6_udplite(0xa, 0x2, 0x88) (async) 06:18:27 executing program 2: personality(0x40000) (async) r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) 06:18:27 executing program 4: socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000040)={0x2, 'netdevsim0\x00'}, 0x18) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @empty}, {}, 0x4, {0x2, 0x0, @empty}, 'veth0\x00'}) [ 1424.216809] FAULT_INJECTION: forcing a failure. [ 1424.216809] name failslab, interval 1, probability 0, space 0, times 0 06:18:27 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7065726d686174203078303030303030303030303030303030305e716e783400716e05340079f11a017dc13814dc9cab696aa2e76efadf6ce9242d2e2ceb278a3a2500c4c9b25a47765256b06a47e4183380ec41a6e5376aa073e85af66c3eb5702e5ead797f244a3775e4c41b5db3d0a5c02b30caa57a63c861bc3bb97abc58c50a3a9accdbf35646c5cd307a7a03d18a91801f46ecf7b852545d55833962bf6c159a07aeb2f8d39672693343bec9ba023a07b810362e1b02bdb7f1f5df6fc00b55d55f4038bbfeb9dcae81dce7007fa32758fa88e4be5c0577e5aa9e764fae205dacb1b342d2f9352e163532ac8f1d5d62d687f8b3435c7171e5b3af99ce24b8921ef8ab63c3d796af66d4fbe1909396c9dcf80dae334d6acacf53178f639bfa81825bfb13ba506547963d00d75a699855c44e798e91f460a06655098beb0ac0dc487b6767d0c053360e40ff38a2ff834c31926a635b456d1b8f67bd1638ac81de0656dd866d8fdc5c394dea7edc2c538e26c7b2efd7a90797865db97a17dbc03bf9002757eb77aea34011a0c04924b89535a86e64a0bbd1e059df8cf8aa28688d2f76a9350c6d807c891dac888dc6e62dadcc0b43cf3170f1cacdc0b7afc717ee6c91b2c35d046c77db809d597b086861fbd3db6eab74faa8d21bf7ce6316159c06d9716e783400fceb8a1604164c753a629cc786cb"], 0x1f7) 06:18:27 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB, @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf2505", @ANYRES32], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:27 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000080)={0x1, 'sit0\x00'}, 0x18) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) [ 1424.267748] FAULT_INJECTION: forcing a failure. [ 1424.267748] name failslab, interval 1, probability 0, space 0, times 0 [ 1424.312504] CPU: 1 PID: 32045 Comm: syz-executor.3 Not tainted 4.14.290-syzkaller #0 [ 1424.320410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1424.329760] Call Trace: [ 1424.332345] dump_stack+0x1b2/0x281 [ 1424.335972] should_fail.cold+0x10a/0x149 [ 1424.340117] should_failslab+0xd6/0x130 [ 1424.344088] kmem_cache_alloc+0x28e/0x3c0 [ 1424.348239] ext4_mb_new_blocks+0x514/0x3db0 [ 1424.352649] ? ext4_find_extent+0x6f7/0xbc0 [ 1424.356968] ? ext4_ext_search_right+0x2bc/0xaa0 [ 1424.361720] ? ext4_inode_to_goal_block+0x29a/0x3b0 [ 1424.366734] ext4_ext_map_blocks+0x2845/0x6b10 [ 1424.371318] ? __lock_acquire+0x5fc/0x3f20 [ 1424.375554] ? mark_buffer_dirty+0x95/0x480 [ 1424.376812] IPVS: stopping master sync thread 16188 ... [ 1424.379876] ? trace_hardirqs_on+0x10/0x10 [ 1424.379886] ? __ext4_handle_dirty_metadata+0x120/0x480 [ 1424.379897] ? ext4_find_delalloc_cluster+0x180/0x180 [ 1424.379907] ? trace_hardirqs_on+0x10/0x10 [ 1424.379919] ? ext4_mark_iloc_dirty+0x1822/0x26a0 [ 1424.379936] ? ext4_es_lookup_extent+0x321/0xac0 [ 1424.413920] ? lock_acquire+0x170/0x3f0 [ 1424.417905] ext4_map_blocks+0x675/0x1730 [ 1424.422055] ? ext4_issue_zeroout+0x150/0x150 [ 1424.426546] ? __ext4_new_inode+0x27c/0x4eb0 [ 1424.430956] ext4_getblk+0x98/0x3f0 [ 1424.434582] ? ext4_iomap_begin+0x7f0/0x7f0 [ 1424.438909] ext4_bread+0x6c/0x1a0 [ 1424.442443] ? ext4_getblk+0x3f0/0x3f0 [ 1424.446413] ? dquot_initialize_needed+0x240/0x240 [ 1424.451345] ext4_append+0x143/0x350 [ 1424.455059] ext4_mkdir+0x4c9/0xbd0 [ 1424.458776] ? ext4_init_dot_dotdot+0x5a0/0x5a0 [ 1424.463445] ? security_inode_mkdir+0xca/0x100 [ 1424.468023] vfs_mkdir+0x463/0x6e0 [ 1424.471562] SyS_mkdirat+0x1fd/0x270 [ 1424.475270] ? SyS_mknod+0x30/0x30 [ 1424.478807] ? fput_many+0xe/0x140 [ 1424.482348] ? do_syscall_64+0x4c/0x640 [ 1424.486315] ? SyS_mknod+0x30/0x30 [ 1424.489854] do_syscall_64+0x1d5/0x640 [ 1424.493749] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1424.498932] RIP: 0033:0x7f5ff741a387 [ 1424.502630] RSP: 002b:00007f5ff5d8ff88 EFLAGS: 00000213 ORIG_RAX: 0000000000000102 [ 1424.510333] RAX: ffffffffffffffda RBX: 0000000020000240 RCX: 00007f5ff741a387 [ 1424.517592] RDX: 00000000000001ff RSI: 0000000020000040 RDI: 00000000ffffff9c [ 1424.524853] RBP: 00007f5ff5d901d0 R08: 0000000000000000 R09: 00007f5ff5d901d0 [ 1424.532203] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000020000000 [ 1424.539466] R13: 0000000020000040 R14: 00007f5ff5d8ffe0 R15: 0000000020000280 [ 1424.548037] CPU: 1 PID: 32055 Comm: syz-executor.1 Not tainted 4.14.290-syzkaller #0 [ 1424.555917] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1424.565263] Call Trace: [ 1424.567850] dump_stack+0x1b2/0x281 [ 1424.571481] should_fail.cold+0x10a/0x149 [ 1424.575615] should_failslab+0xd6/0x130 [ 1424.579578] kmem_cache_alloc+0x28e/0x3c0 [ 1424.583726] ext4_mb_new_blocks+0x514/0x3db0 [ 1424.588129] ? ext4_find_extent+0x6f7/0xbc0 [ 1424.592455] ? ext4_ext_search_right+0x2bc/0xaa0 [ 1424.597202] ? ext4_inode_to_goal_block+0x29a/0x3b0 [ 1424.602213] ext4_ext_map_blocks+0x2845/0x6b10 [ 1424.606783] ? __lock_acquire+0x5fc/0x3f20 [ 1424.611000] ? mark_buffer_dirty+0x95/0x480 [ 1424.615317] ? trace_hardirqs_on+0x10/0x10 [ 1424.619544] ? __ext4_handle_dirty_metadata+0x120/0x480 [ 1424.624901] ? ext4_find_delalloc_cluster+0x180/0x180 [ 1424.630085] ? trace_hardirqs_on+0x10/0x10 [ 1424.634309] ? ext4_mark_iloc_dirty+0x1822/0x26a0 [ 1424.639151] ? ext4_es_lookup_extent+0x321/0xac0 [ 1424.643895] ? lock_acquire+0x170/0x3f0 [ 1424.647908] ext4_map_blocks+0x675/0x1730 [ 1424.652041] ? ext4_issue_zeroout+0x150/0x150 [ 1424.656514] ? __ext4_new_inode+0x27c/0x4eb0 [ 1424.660909] ext4_getblk+0x98/0x3f0 [ 1424.664520] ? ext4_iomap_begin+0x7f0/0x7f0 [ 1424.668828] ext4_bread+0x6c/0x1a0 [ 1424.672359] ? ext4_getblk+0x3f0/0x3f0 [ 1424.676254] ? dquot_initialize_needed+0x240/0x240 [ 1424.681163] ext4_append+0x143/0x350 [ 1424.684871] ext4_mkdir+0x4c9/0xbd0 [ 1424.688486] ? ext4_init_dot_dotdot+0x5a0/0x5a0 [ 1424.693159] ? security_inode_mkdir+0xca/0x100 [ 1424.697727] vfs_mkdir+0x463/0x6e0 [ 1424.701249] SyS_mkdirat+0x1fd/0x270 [ 1424.704939] ? SyS_mknod+0x30/0x30 [ 1424.708457] ? fput_many+0xe/0x140 [ 1424.711975] ? do_syscall_64+0x4c/0x640 [ 1424.715926] ? SyS_mknod+0x30/0x30 [ 1424.719465] do_syscall_64+0x1d5/0x640 [ 1424.723346] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1424.728518] RIP: 0033:0x7f5650cf8387 [ 1424.732203] RSP: 002b:00007f564f66df88 EFLAGS: 00000213 ORIG_RAX: 0000000000000102 [ 1424.739891] RAX: ffffffffffffffda RBX: 0000000020000240 RCX: 00007f5650cf8387 [ 1424.747137] RDX: 00000000000001ff RSI: 0000000020000040 RDI: 00000000ffffff9c [ 1424.754389] RBP: 00007f564f66e1d0 R08: 0000000000000000 R09: 00007f564f66e1d0 06:18:27 executing program 3: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 44) 06:18:27 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000080)={0x1, 'sit0\x00'}, 0x18) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) socket$inet_udp(0x2, 0x2, 0x0) (async) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000080)={0x1, 'sit0\x00'}, 0x18) (async) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) (async) 06:18:27 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7065726d686174203078303030303030303030303030303030305e716e783400716e05340079f11a017dc13814dc9cab696aa2e76efadf6ce9242d2e2ceb278a3a2500c4c9b25a47765256b06a47e4183380ec41a6e5376aa073e85af66c3eb5702e5ead797f244a3775e4c41b5db3d0a5c02b30caa57a63c861bc3bb97abc58c50a3a9accdbf35646c5cd307a7a03d18a91801f46ecf7b852545d55833962bf6c159a07aeb2f8d39672693343bec9ba023a07b810362e1b02bdb7f1f5df6fc00b55d55f4038bbfeb9dcae81dce7007fa32758fa88e4be5c0577e5aa9e764fae205dacb1b342d2f9352e163532ac8f1d5d62d687f8b3435c7171e5b3af99ce24b8921ef8ab63c3d796af66d4fbe1909396c9dcf80dae334d6acacf53178f639bfa81825bfb13ba506547963d00d75a699855c44e798e91f460a06655098beb0ac0dc487b6767d0c053360e40ff38a2ff834c31926a635b456d1b8f67bd1638ac81de0656dd866d8fdc5c394dea7edc2c538e26c7b2efd7a90797865db97a17dbc03bf9002757eb77aea34011a0c04924b89535a86e64a0bbd1e059df8cf8aa28688d2f76a9350c6d807c891dac888dc6e62dadcc0b43cf3170f1cacdc0b7afc717ee6c91b2c35d046c77db809d597b086861fbd3db6eab74faa8d21bf7ce6316159c06d9716e783400fceb8a1604164c753a629cc786cb"], 0x1f7) 06:18:27 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf2505", @ANYRES32], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:27 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$IP_VS_SO_SET_STOPDAEMON(r1, 0x0, 0x48c, &(0x7f0000000040)={0x2, 'netdevsim0\x00'}, 0x18) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$sock_inet_SIOCSARP(r0, 0x8955, 0x0) 06:18:27 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 43) [ 1424.761644] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000020000000 [ 1424.768890] R13: 0000000020000040 R14: 00007f564f66dfe0 R15: 0000000020000280 06:18:27 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7065726d686174203078303030303030303030303030303030305e716e783400716e05340079f11a017dc13814dc9cab696aa2e76efadf6ce9242d2e2ceb278a3a2500c4c9b25a47765256b06a47e4183380ec41a6e5376aa073e85af66c3eb5702e5ead797f244a3775e4c41b5db3d0a5c02b30caa57a63c861bc3bb97abc58c50a3a9accdbf35646c5cd307a7a03d18a91801f46ecf7b852545d55833962bf6c159a07aeb2f8d39672693343bec9ba023a07b810362e1b02bdb7f1f5df6fc00b55d55f4038bbfeb9dcae81dce7007fa32758fa88e4be5c0577e5aa9e764fae205dacb1b342d2f9352e163532ac8f1d5d62d687f8b3435c7171e5b3af99ce24b8921ef8ab63c3d796af66d4fbe1909396c9dcf80dae334d6acacf53178f639bfa81825bfb13ba506547963d00d75a699855c44e798e91f460a06655098beb0ac0dc487b6767d0c053360e40ff38a2ff834c31926a635b456d1b8f67bd1638ac81de0656dd866d8fdc5c394dea7edc2c538e26c7b2efd7a90797865db97a17dbc03bf9002757eb77aea34011a0c04924b89535a86e64a0bbd1e059df8cf8aa28688d2f76a9350c6d807c891dac888dc6e62dadcc0b43cf3170f1cacdc0b7afc717ee6c91b2c35d046c77db809d597b086861fbd3db6eab74faa8d21bf7ce6316159c06d9716e783400fceb8a1604164c753a629cc786cb"], 0x1f7) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async) write$apparmor_current(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7065726d686174203078303030303030303030303030303030305e716e783400716e05340079f11a017dc13814dc9cab696aa2e76efadf6ce9242d2e2ceb278a3a2500c4c9b25a47765256b06a47e4183380ec41a6e5376aa073e85af66c3eb5702e5ead797f244a3775e4c41b5db3d0a5c02b30caa57a63c861bc3bb97abc58c50a3a9accdbf35646c5cd307a7a03d18a91801f46ecf7b852545d55833962bf6c159a07aeb2f8d39672693343bec9ba023a07b810362e1b02bdb7f1f5df6fc00b55d55f4038bbfeb9dcae81dce7007fa32758fa88e4be5c0577e5aa9e764fae205dacb1b342d2f9352e163532ac8f1d5d62d687f8b3435c7171e5b3af99ce24b8921ef8ab63c3d796af66d4fbe1909396c9dcf80dae334d6acacf53178f639bfa81825bfb13ba506547963d00d75a699855c44e798e91f460a06655098beb0ac0dc487b6767d0c053360e40ff38a2ff834c31926a635b456d1b8f67bd1638ac81de0656dd866d8fdc5c394dea7edc2c538e26c7b2efd7a90797865db97a17dbc03bf9002757eb77aea34011a0c04924b89535a86e64a0bbd1e059df8cf8aa28688d2f76a9350c6d807c891dac888dc6e62dadcc0b43cf3170f1cacdc0b7afc717ee6c91b2c35d046c77db809d597b086861fbd3db6eab74faa8d21bf7ce6316159c06d9716e783400fceb8a1604164c753a629cc786cb"], 0x1f7) (async) 06:18:27 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$IP_VS_SO_SET_STOPDAEMON(r1, 0x0, 0x48c, &(0x7f0000000040)={0x2, 'netdevsim0\x00'}, 0x18) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$sock_inet_SIOCSARP(r0, 0x8955, 0x0) 06:18:27 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf2505", @ANYRES32], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) [ 1424.900383] FAULT_INJECTION: forcing a failure. [ 1424.900383] name failslab, interval 1, probability 0, space 0, times 0 [ 1424.911849] CPU: 1 PID: 32106 Comm: syz-executor.1 Not tainted 4.14.290-syzkaller #0 [ 1424.919728] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1424.929074] Call Trace: [ 1424.931668] dump_stack+0x1b2/0x281 [ 1424.935300] should_fail.cold+0x10a/0x149 [ 1424.939451] should_failslab+0xd6/0x130 [ 1424.943424] kmem_cache_alloc+0x40/0x3c0 06:18:28 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf2505", @ANYRES32], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) [ 1424.947520] __es_insert_extent+0x338/0x1360 [ 1424.951943] ext4_es_insert_extent+0x1b9/0x530 [ 1424.956646] ? ext4_es_find_delayed_extent_range+0x930/0x930 [ 1424.962455] ext4_map_blocks+0x887/0x1730 [ 1424.966613] ? ext4_issue_zeroout+0x150/0x150 [ 1424.971108] ? __ext4_new_inode+0x27c/0x4eb0 [ 1424.975525] ext4_getblk+0x98/0x3f0 [ 1424.979152] ? ext4_iomap_begin+0x7f0/0x7f0 [ 1424.983479] ext4_bread+0x6c/0x1a0 [ 1424.987021] ? ext4_getblk+0x3f0/0x3f0 [ 1424.990905] ? dquot_initialize_needed+0x240/0x240 [ 1424.995838] ext4_append+0x143/0x350 06:18:28 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000080)={0x1, 'sit0\x00'}, 0x18) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) 06:18:28 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7065726d686174203078303030303030303030303030303030305e716e783400716e05340079f11a017dc13814dc9cab696aa2e76efadf6ce9242d2e2ceb2709000000e8ea6c865587f9a65e4ea2fc1e99592bb6407461e5c2b1e6c1ec60ed17d669ed9e8ae5dff0ab15db36aefbcd655509fc82bcc8bb0c0990d22dc203dcb11ad664524619c6552658a9bf3995870f9e15c976a3fa98e606243542611dff83a94d86f89027d5191b47f9f3568c48a57f90c8310d01ce0ee21c8bc406907990a92b965a6f0f0abf86e1b90b628c142fd3d29a93b2246eb9881e285830bfa602179af62b2a1bafe94c2956e4f5e991ed452908c76a15b2684baffcd6bd92df53b219414245c015b42843df259a6426d272652fa3da0a5c3d7796fb8d270e690b2200dcb00dfb94355f9366650833f89014985535a6ec35a4d65f9cad2c7b85b41d59081df146288e6a463473b02c0a13e982765763d18a9cfb6212268c7122c9abbb33a6697448407f812b9f20c3e10c3e783d434782bf5c30e4cd646f0c0bf530a080c858aaef806d852d4390cb10223dea04c117314a3489fe66a8cb5b49820b078cacaaa60d9068147b3c0f7305dcaa16e9a171b1c4c9b25a47765256b06a47e4183380ec41a6e5376aa073e85af66c3eb5702e5ead797f244a3775ecc41b5db3d0a5c02b30caa57a63c861093bb97abc58c50a3a9accdbf35646c5cd307a7a03d18a91801f46ecf7b852545d55833962bf6c159a07aeb2f8d39672693343be89ba023a07b810362e1b02bdb7f1f5df6fc00b55d55f4038bbfeb9dcae81dce7007fa32758fa88e4be5c0577e5aa9e764fae205dacb1b342d2f9352e163532ac8f1d5d62d687f8b3435c7171e5b3af99ce24b8921ef8ab63c3d796af66d4fbe1909396c9dcf80dae334d6acacf53178f639bfa81825bfb13ba506547963d00d75a699855c44e798e91f460a06655098beb0ac0dc487b6767d0c053360e40ff38a2ff834c31926a635b456d1b8f67bd1638ac81de0656dd866d8fdc5c394dea7edc2c538e26c7b2efd7a90797865db97a17dbc03b0e002757eb77aea34011a0c04924b89535a86e64a0bbd1e059df8cf8aa28688d2f76a9350c6d807c891dac888dc6e62dadcc0b43cf3170f1cacdc0b7afc717ee6c91b2c35d046c77db809d597b086861fbd3db6eab74faa8d21bf7ce6316159c06d9716e7834003a18123adc93dca9880180000800"], 0x36a) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x34, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x4}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x34}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$inet(0x2, 0x80000, 0x9) setsockopt$IP_VS_SO_SET_STARTDAEMON(r4, 0x0, 0x48b, &(0x7f0000000440)={0x1, 'veth1_virt_wifi\x00', 0x4}, 0x18) r5 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r3, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32=r5, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="98061befd600"], 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) write$apparmor_current(r5, &(0x7f0000000400)=@profile={'permprofile ', ']{\x00'}, 0xf) [ 1424.999550] ext4_mkdir+0x4c9/0xbd0 [ 1425.003184] ? ext4_init_dot_dotdot+0x5a0/0x5a0 [ 1425.007856] ? security_inode_mkdir+0xca/0x100 [ 1425.012444] vfs_mkdir+0x463/0x6e0 [ 1425.015982] SyS_mkdirat+0x1fd/0x270 [ 1425.019700] ? SyS_mknod+0x30/0x30 [ 1425.023239] ? fput_many+0xe/0x140 [ 1425.026777] ? do_syscall_64+0x4c/0x640 [ 1425.030750] ? SyS_mknod+0x30/0x30 [ 1425.034380] do_syscall_64+0x1d5/0x640 [ 1425.038272] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1425.043455] RIP: 0033:0x7f5650cf8387 [ 1425.047156] RSP: 002b:00007f564f66df88 EFLAGS: 00000213 ORIG_RAX: 0000000000000102 [ 1425.054859] RAX: ffffffffffffffda RBX: 0000000020000240 RCX: 00007f5650cf8387 [ 1425.062124] RDX: 00000000000001ff RSI: 0000000020000040 RDI: 00000000ffffff9c [ 1425.069420] RBP: 00007f564f66e1d0 R08: 0000000000000000 R09: 00007f564f66e1d0 [ 1425.076685] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000020000000 [ 1425.083951] R13: 0000000020000040 R14: 00007f564f66dfe0 R15: 0000000020000280 [ 1425.100280] FAULT_INJECTION: forcing a failure. [ 1425.100280] name failslab, interval 1, probability 0, space 0, times 0 [ 1425.142448] CPU: 1 PID: 32101 Comm: syz-executor.3 Not tainted 4.14.290-syzkaller #0 [ 1425.150352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1425.159704] Call Trace: [ 1425.162300] dump_stack+0x1b2/0x281 [ 1425.165933] should_fail.cold+0x10a/0x149 [ 1425.170090] should_failslab+0xd6/0x130 [ 1425.174070] __kmalloc_track_caller+0x2bc/0x400 [ 1425.178748] ? strndup_user+0x5b/0xf0 [ 1425.182552] memdup_user+0x22/0xa0 [ 1425.186087] strndup_user+0x5b/0xf0 [ 1425.189697] ? copy_mnt_ns+0xa30/0xa30 [ 1425.193562] SyS_mount+0x39/0x120 [ 1425.196994] ? copy_mnt_ns+0xa30/0xa30 [ 1425.200865] do_syscall_64+0x1d5/0x640 [ 1425.204759] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1425.209945] RIP: 0033:0x7f5ff741c7aa [ 1425.213636] RSP: 002b:00007f5ff5d8ff88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 1425.221323] RAX: ffffffffffffffda RBX: 0000000020000240 RCX: 00007f5ff741c7aa [ 1425.228569] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 00007f5ff5d8ffe0 [ 1425.235818] RBP: 00007f5ff5d90020 R08: 00007f5ff5d90020 R09: 0000000020000000 [ 1425.243087] R10: 0000000000008002 R11: 0000000000000202 R12: 0000000020000000 [ 1425.250340] R13: 0000000020000040 R14: 00007f5ff5d8ffe0 R15: 0000000020000280 06:18:28 executing program 3: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 45) 06:18:28 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$IP_VS_SO_SET_STOPDAEMON(r1, 0x0, 0x48c, &(0x7f0000000040)={0x2, 'netdevsim0\x00'}, 0x18) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$sock_inet_SIOCSARP(r0, 0x8955, 0x0) 06:18:28 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf2505", @ANYRES32], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:28 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 44) 06:18:28 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7065726d686174203078303030303030303030303030303030305e716e783400716e05340079f11a017dc13814dc9cab696aa2e76efadf6ce9242d2e2ceb2709000000e8ea6c865587f9a65e4ea2fc1e99592bb6407461e5c2b1e6c1ec60ed17d669ed9e8ae5dff0ab15db36aefbcd655509fc82bcc8bb0c0990d22dc203dcb11ad664524619c6552658a9bf3995870f9e15c976a3fa98e606243542611dff83a94d86f89027d5191b47f9f3568c48a57f90c8310d01ce0ee21c8bc406907990a92b965a6f0f0abf86e1b90b628c142fd3d29a93b2246eb9881e285830bfa602179af62b2a1bafe94c2956e4f5e991ed452908c76a15b2684baffcd6bd92df53b219414245c015b42843df259a6426d272652fa3da0a5c3d7796fb8d270e690b2200dcb00dfb94355f9366650833f89014985535a6ec35a4d65f9cad2c7b85b41d59081df146288e6a463473b02c0a13e982765763d18a9cfb6212268c7122c9abbb33a6697448407f812b9f20c3e10c3e783d434782bf5c30e4cd646f0c0bf530a080c858aaef806d852d4390cb10223dea04c117314a3489fe66a8cb5b49820b078cacaaa60d9068147b3c0f7305dcaa16e9a171b1c4c9b25a47765256b06a47e4183380ec41a6e5376aa073e85af66c3eb5702e5ead797f244a3775ecc41b5db3d0a5c02b30caa57a63c861093bb97abc58c50a3a9accdbf35646c5cd307a7a03d18a91801f46ecf7b852545d55833962bf6c159a07aeb2f8d39672693343be89ba023a07b810362e1b02bdb7f1f5df6fc00b55d55f4038bbfeb9dcae81dce7007fa32758fa88e4be5c0577e5aa9e764fae205dacb1b342d2f9352e163532ac8f1d5d62d687f8b3435c7171e5b3af99ce24b8921ef8ab63c3d796af66d4fbe1909396c9dcf80dae334d6acacf53178f639bfa81825bfb13ba506547963d00d75a699855c44e798e91f460a06655098beb0ac0dc487b6767d0c053360e40ff38a2ff834c31926a635b456d1b8f67bd1638ac81de0656dd866d8fdc5c394dea7edc2c538e26c7b2efd7a90797865db97a17dbc03b0e002757eb77aea34011a0c04924b89535a86e64a0bbd1e059df8cf8aa28688d2f76a9350c6d807c891dac888dc6e62dadcc0b43cf3170f1cacdc0b7afc717ee6c91b2c35d046c77db809d597b086861fbd3db6eab74faa8d21bf7ce6316159c06d9716e7834003a18123adc93dca9880180000800"], 0x36a) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x34, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x4}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x34}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$inet(0x2, 0x80000, 0x9) setsockopt$IP_VS_SO_SET_STARTDAEMON(r4, 0x0, 0x48b, &(0x7f0000000440)={0x1, 'veth1_virt_wifi\x00', 0x4}, 0x18) r5 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r3, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32=r5, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="98061befd600"], 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) write$apparmor_current(r5, &(0x7f0000000400)=@profile={'permprofile ', ']{\x00'}, 0xf) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async) write$apparmor_current(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7065726d686174203078303030303030303030303030303030305e716e783400716e05340079f11a017dc13814dc9cab696aa2e76efadf6ce9242d2e2ceb2709000000e8ea6c865587f9a65e4ea2fc1e99592bb6407461e5c2b1e6c1ec60ed17d669ed9e8ae5dff0ab15db36aefbcd655509fc82bcc8bb0c0990d22dc203dcb11ad664524619c6552658a9bf3995870f9e15c976a3fa98e606243542611dff83a94d86f89027d5191b47f9f3568c48a57f90c8310d01ce0ee21c8bc406907990a92b965a6f0f0abf86e1b90b628c142fd3d29a93b2246eb9881e285830bfa602179af62b2a1bafe94c2956e4f5e991ed452908c76a15b2684baffcd6bd92df53b219414245c015b42843df259a6426d272652fa3da0a5c3d7796fb8d270e690b2200dcb00dfb94355f9366650833f89014985535a6ec35a4d65f9cad2c7b85b41d59081df146288e6a463473b02c0a13e982765763d18a9cfb6212268c7122c9abbb33a6697448407f812b9f20c3e10c3e783d434782bf5c30e4cd646f0c0bf530a080c858aaef806d852d4390cb10223dea04c117314a3489fe66a8cb5b49820b078cacaaa60d9068147b3c0f7305dcaa16e9a171b1c4c9b25a47765256b06a47e4183380ec41a6e5376aa073e85af66c3eb5702e5ead797f244a3775ecc41b5db3d0a5c02b30caa57a63c861093bb97abc58c50a3a9accdbf35646c5cd307a7a03d18a91801f46ecf7b852545d55833962bf6c159a07aeb2f8d39672693343be89ba023a07b810362e1b02bdb7f1f5df6fc00b55d55f4038bbfeb9dcae81dce7007fa32758fa88e4be5c0577e5aa9e764fae205dacb1b342d2f9352e163532ac8f1d5d62d687f8b3435c7171e5b3af99ce24b8921ef8ab63c3d796af66d4fbe1909396c9dcf80dae334d6acacf53178f639bfa81825bfb13ba506547963d00d75a699855c44e798e91f460a06655098beb0ac0dc487b6767d0c053360e40ff38a2ff834c31926a635b456d1b8f67bd1638ac81de0656dd866d8fdc5c394dea7edc2c538e26c7b2efd7a90797865db97a17dbc03b0e002757eb77aea34011a0c04924b89535a86e64a0bbd1e059df8cf8aa28688d2f76a9350c6d807c891dac888dc6e62dadcc0b43cf3170f1cacdc0b7afc717ee6c91b2c35d046c77db809d597b086861fbd3db6eab74faa8d21bf7ce6316159c06d9716e7834003a18123adc93dca9880180000800"], 0x36a) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) (async) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x34, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x4}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x34}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) (async) bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) socket$inet(0x2, 0x80000, 0x9) (async) setsockopt$IP_VS_SO_SET_STARTDAEMON(r4, 0x0, 0x48b, &(0x7f0000000440)={0x1, 'veth1_virt_wifi\x00', 0x4}, 0x18) (async) openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) (async) sendmsg$NBD_CMD_STATUS(r3, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32=r5, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="98061befd600"], 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) (async) write$apparmor_current(r5, &(0x7f0000000400)=@profile={'permprofile ', ']{\x00'}, 0xf) (async) 06:18:28 executing program 5: ptrace$peekuser(0x3, 0x0, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x42a000, 0x0) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r2}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000080)={{{@in=@initdev, @in=@dev}}, {{@in6=@mcast2}, 0x0, @in=@dev}}, &(0x7f0000000180)=0xe8) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) 06:18:28 executing program 5: ptrace$peekuser(0x3, 0x0, 0x0) (async) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x42a000, 0x0) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r2}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) (async) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000080)={{{@in=@initdev, @in=@dev}}, {{@in6=@mcast2}, 0x0, @in=@dev}}, &(0x7f0000000180)=0xe8) (async) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) 06:18:28 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$IP_VS_SO_SET_STOPDAEMON(r1, 0x0, 0x48c, &(0x7f0000000040)={0x2, 'netdevsim0\x00'}, 0x18) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @empty}, {}, 0x0, {0x2, 0x0, @empty}, 'veth0\x00'}) 06:18:28 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf2505", @ANYRES32], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) [ 1425.365047] FAULT_INJECTION: forcing a failure. [ 1425.365047] name failslab, interval 1, probability 0, space 0, times 0 [ 1425.387426] FAULT_INJECTION: forcing a failure. [ 1425.387426] name failslab, interval 1, probability 0, space 0, times 0 [ 1425.413601] CPU: 0 PID: 32146 Comm: syz-executor.1 Not tainted 4.14.290-syzkaller #0 [ 1425.421511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1425.430862] Call Trace: [ 1425.433451] dump_stack+0x1b2/0x281 [ 1425.437089] should_fail.cold+0x10a/0x149 [ 1425.441242] should_failslab+0xd6/0x130 [ 1425.445221] kmem_cache_alloc+0x28e/0x3c0 [ 1425.449373] ext4_mb_new_blocks+0x514/0x3db0 [ 1425.453789] ? ext4_find_extent+0x6f7/0xbc0 [ 1425.458114] ? ext4_ext_search_right+0x2bc/0xaa0 [ 1425.462871] ? ext4_inode_to_goal_block+0x29a/0x3b0 [ 1425.467890] ext4_ext_map_blocks+0x2845/0x6b10 [ 1425.472482] ? __lock_acquire+0x5fc/0x3f20 [ 1425.476720] ? mark_buffer_dirty+0x95/0x480 [ 1425.481037] ? trace_hardirqs_on+0x10/0x10 [ 1425.485268] ? __ext4_handle_dirty_metadata+0x120/0x480 [ 1425.490632] ? ext4_find_delalloc_cluster+0x180/0x180 [ 1425.495819] ? trace_hardirqs_on+0x10/0x10 [ 1425.500052] ? ext4_mark_iloc_dirty+0x1822/0x26a0 [ 1425.504899] ? ext4_es_lookup_extent+0x321/0xac0 [ 1425.509655] ? lock_acquire+0x170/0x3f0 [ 1425.513638] ext4_map_blocks+0x675/0x1730 [ 1425.517793] ? ext4_issue_zeroout+0x150/0x150 [ 1425.522288] ? __ext4_new_inode+0x27c/0x4eb0 [ 1425.526706] ext4_getblk+0x98/0x3f0 [ 1425.530336] ? ext4_iomap_begin+0x7f0/0x7f0 [ 1425.534666] ext4_bread+0x6c/0x1a0 [ 1425.538212] ? ext4_getblk+0x3f0/0x3f0 [ 1425.542100] ? dquot_initialize_needed+0x240/0x240 [ 1425.547049] ext4_append+0x143/0x350 [ 1425.550769] ext4_mkdir+0x4c9/0xbd0 [ 1425.554412] ? ext4_init_dot_dotdot+0x5a0/0x5a0 [ 1425.559089] ? security_inode_mkdir+0xca/0x100 06:18:28 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf2505", @ANYRES32], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:28 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf2505", @ANYRES32], 0x70}}, 0x4000000) [ 1425.563679] vfs_mkdir+0x463/0x6e0 [ 1425.567228] SyS_mkdirat+0x1fd/0x270 [ 1425.570941] ? SyS_mknod+0x30/0x30 [ 1425.574480] ? fput_many+0xe/0x140 [ 1425.578022] ? do_syscall_64+0x4c/0x640 [ 1425.581995] ? SyS_mknod+0x30/0x30 [ 1425.585536] do_syscall_64+0x1d5/0x640 [ 1425.589426] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1425.594501] netlink: 92 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1425.594606] RIP: 0033:0x7f5650cf8387 [ 1425.606874] RSP: 002b:00007f564f66df88 EFLAGS: 00000213 ORIG_RAX: 0000000000000102 06:18:28 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf2505", @ANYRES32], 0x70}}, 0x0) [ 1425.614578] RAX: ffffffffffffffda RBX: 0000000020000240 RCX: 00007f5650cf8387 [ 1425.621838] RDX: 00000000000001ff RSI: 0000000020000040 RDI: 00000000ffffff9c [ 1425.629102] RBP: 00007f564f66e1d0 R08: 0000000000000000 R09: 00007f564f66e1d0 [ 1425.636372] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000020000000 [ 1425.643641] R13: 0000000020000040 R14: 00007f564f66dfe0 R15: 0000000020000280 [ 1425.664379] CPU: 0 PID: 32148 Comm: syz-executor.3 Not tainted 4.14.290-syzkaller #0 [ 1425.672276] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1425.681627] Call Trace: [ 1425.684217] dump_stack+0x1b2/0x281 [ 1425.687849] should_fail.cold+0x10a/0x149 [ 1425.692003] should_failslab+0xd6/0x130 [ 1425.695979] __kmalloc_track_caller+0x2bc/0x400 [ 1425.699330] netlink: 92 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1425.700758] ? strndup_user+0x5b/0xf0 [ 1425.700771] memdup_user+0x22/0xa0 [ 1425.700782] strndup_user+0x5b/0xf0 [ 1425.720283] ? copy_mnt_ns+0xa30/0xa30 [ 1425.724169] SyS_mount+0x68/0x120 [ 1425.727622] ? copy_mnt_ns+0xa30/0xa30 [ 1425.731511] do_syscall_64+0x1d5/0x640 [ 1425.735403] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1425.741382] RIP: 0033:0x7f5ff741c7aa [ 1425.745084] RSP: 002b:00007f5ff5d8ff88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 1425.752792] RAX: ffffffffffffffda RBX: 0000000020000240 RCX: 00007f5ff741c7aa [ 1425.760058] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 00007f5ff5d8ffe0 [ 1425.767329] RBP: 00007f5ff5d90020 R08: 00007f5ff5d90020 R09: 0000000020000000 [ 1425.774595] R10: 0000000000008002 R11: 0000000000000202 R12: 0000000020000000 [ 1425.781959] R13: 0000000020000040 R14: 00007f5ff5d8ffe0 R15: 0000000020000280 06:18:28 executing program 3: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 46) 06:18:28 executing program 5: ptrace$peekuser(0x3, 0x0, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x42a000, 0x0) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r2}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000080)={{{@in=@initdev, @in=@dev}}, {{@in6=@mcast2}, 0x0, @in=@dev}}, &(0x7f0000000180)=0xe8) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) ptrace$peekuser(0x3, 0x0, 0x0) (async) socket$inet_udp(0x2, 0x2, 0x0) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x42a000, 0x0) (async) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r2}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) (async) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000080)={{{@in=@initdev, @in=@dev}}, {{@in6=@mcast2}, 0x0, @in=@dev}}, &(0x7f0000000180)=0xe8) (async) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) (async) 06:18:28 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$IP_VS_SO_SET_STOPDAEMON(r1, 0x0, 0x48c, &(0x7f0000000040)={0x2, 'netdevsim0\x00'}, 0x18) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @empty}, {}, 0x0, {0x2, 0x0, @empty}, 'veth0\x00'}) 06:18:28 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$IP_VS_SO_SET_STOPDAEMON(r1, 0x0, 0x48c, &(0x7f0000000040)={0x2, 'netdevsim0\x00'}, 0x18) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @empty}, {}, 0x0, {0x2, 0x0, @empty}, 'veth0\x00'}) 06:18:28 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7065726d686174203078303030303030303030303030303030305e716e783400716e05340079f11a017dc13814dc9cab696aa2e76efadf6ce9242d2e2ceb2709000000e8ea6c865587f9a65e4ea2fc1e99592bb6407461e5c2b1e6c1ec60ed17d669ed9e8ae5dff0ab15db36aefbcd655509fc82bcc8bb0c0990d22dc203dcb11ad664524619c6552658a9bf3995870f9e15c976a3fa98e606243542611dff83a94d86f89027d5191b47f9f3568c48a57f90c8310d01ce0ee21c8bc406907990a92b965a6f0f0abf86e1b90b628c142fd3d29a93b2246eb9881e285830bfa602179af62b2a1bafe94c2956e4f5e991ed452908c76a15b2684baffcd6bd92df53b219414245c015b42843df259a6426d272652fa3da0a5c3d7796fb8d270e690b2200dcb00dfb94355f9366650833f89014985535a6ec35a4d65f9cad2c7b85b41d59081df146288e6a463473b02c0a13e982765763d18a9cfb6212268c7122c9abbb33a6697448407f812b9f20c3e10c3e783d434782bf5c30e4cd646f0c0bf530a080c858aaef806d852d4390cb10223dea04c117314a3489fe66a8cb5b49820b078cacaaa60d9068147b3c0f7305dcaa16e9a171b1c4c9b25a47765256b06a47e4183380ec41a6e5376aa073e85af66c3eb5702e5ead797f244a3775ecc41b5db3d0a5c02b30caa57a63c861093bb97abc58c50a3a9accdbf35646c5cd307a7a03d18a91801f46ecf7b852545d55833962bf6c159a07aeb2f8d39672693343be89ba023a07b810362e1b02bdb7f1f5df6fc00b55d55f4038bbfeb9dcae81dce7007fa32758fa88e4be5c0577e5aa9e764fae205dacb1b342d2f9352e163532ac8f1d5d62d687f8b3435c7171e5b3af99ce24b8921ef8ab63c3d796af66d4fbe1909396c9dcf80dae334d6acacf53178f639bfa81825bfb13ba506547963d00d75a699855c44e798e91f460a06655098beb0ac0dc487b6767d0c053360e40ff38a2ff834c31926a635b456d1b8f67bd1638ac81de0656dd866d8fdc5c394dea7edc2c538e26c7b2efd7a90797865db97a17dbc03b0e002757eb77aea34011a0c04924b89535a86e64a0bbd1e059df8cf8aa28688d2f76a9350c6d807c891dac888dc6e62dadcc0b43cf3170f1cacdc0b7afc717ee6c91b2c35d046c77db809d597b086861fbd3db6eab74faa8d21bf7ce6316159c06d9716e7834003a18123adc93dca9880180000800"], 0x36a) (async) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) (async) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x34, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x4}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x34}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) (async) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r4 = socket$inet(0x2, 0x80000, 0x9) setsockopt$IP_VS_SO_SET_STARTDAEMON(r4, 0x0, 0x48b, &(0x7f0000000440)={0x1, 'veth1_virt_wifi\x00', 0x4}, 0x18) (async) r5 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r3, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32=r5, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="98061befd600"], 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) write$apparmor_current(r5, &(0x7f0000000400)=@profile={'permprofile ', ']{\x00'}, 0xf) 06:18:28 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 45) 06:18:28 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$IP_VS_SO_SET_STOPDAEMON(r1, 0x0, 0x48c, &(0x7f0000000040)={0x2, 'netdevsim0\x00'}, 0x18) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @empty}, {}, 0x0, {0x2, 0x0, @empty}, 'veth0\x00'}) 06:18:28 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000080)={0x1, 'sit0\x00'}, 0x18) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) 06:18:28 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private=0xfffffffd}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) [ 1425.906900] IPVS: stopping backup sync thread 31744 ... [ 1425.945995] FAULT_INJECTION: forcing a failure. [ 1425.945995] name failslab, interval 1, probability 0, space 0, times 0 06:18:29 executing program 4: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000080)=@hat={'changehat ', 0x2, 0x5e, ['*,*)\x00', '/dev/hwrng\x00', '/dev/hwrng\x00', '\x00', '--\\\x00', 'stack ', '$$)(\x00', '/dev/hwrng\x00', '/dev/hwrng\x00', '\x00']}, 0x5f) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040), 0x2000, 0x0) [ 1425.972213] FAULT_INJECTION: forcing a failure. [ 1425.972213] name failslab, interval 1, probability 0, space 0, times 0 [ 1425.992614] CPU: 0 PID: 32227 Comm: syz-executor.3 Not tainted 4.14.290-syzkaller #0 [ 1426.000513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1426.009866] Call Trace: [ 1426.012486] dump_stack+0x1b2/0x281 [ 1426.016118] should_fail.cold+0x10a/0x149 06:18:29 executing program 4: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000080)=@hat={'changehat ', 0x2, 0x5e, ['*,*)\x00', '/dev/hwrng\x00', '/dev/hwrng\x00', '\x00', '--\\\x00', 'stack ', '$$)(\x00', '/dev/hwrng\x00', '/dev/hwrng\x00', '\x00']}, 0x5f) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040), 0x2000, 0x0) [ 1426.020297] should_failslab+0xd6/0x130 [ 1426.024272] __kmalloc_track_caller+0x2bc/0x400 [ 1426.028935] ? strndup_user+0x5b/0xf0 [ 1426.032733] memdup_user+0x22/0xa0 [ 1426.036271] strndup_user+0x5b/0xf0 [ 1426.039890] ? copy_mnt_ns+0xa30/0xa30 [ 1426.043770] SyS_mount+0x39/0x120 [ 1426.047220] ? copy_mnt_ns+0xa30/0xa30 [ 1426.051104] do_syscall_64+0x1d5/0x640 [ 1426.054989] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1426.060167] RIP: 0033:0x7f5ff741c7aa [ 1426.063865] RSP: 002b:00007f5ff5d8ff88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 06:18:29 executing program 4: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000080)=@hat={'changehat ', 0x2, 0x5e, ['*,*)\x00', '/dev/hwrng\x00', '/dev/hwrng\x00', '\x00', '--\\\x00', 'stack ', '$$)(\x00', '/dev/hwrng\x00', '/dev/hwrng\x00', '\x00']}, 0x5f) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040), 0x2000, 0x0) [ 1426.071567] RAX: ffffffffffffffda RBX: 0000000020000240 RCX: 00007f5ff741c7aa [ 1426.078831] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 00007f5ff5d8ffe0 [ 1426.086095] RBP: 00007f5ff5d90020 R08: 00007f5ff5d90020 R09: 0000000020000000 [ 1426.093357] R10: 0000000000008002 R11: 0000000000000202 R12: 0000000020000000 [ 1426.100618] R13: 0000000020000040 R14: 00007f5ff5d8ffe0 R15: 0000000020000280 [ 1426.107894] CPU: 1 PID: 32228 Comm: syz-executor.1 Not tainted 4.14.290-syzkaller #0 [ 1426.108118] kauditd_printk_skb: 63 callbacks suppressed [ 1426.108126] audit: type=1400 audit(1660285109.015:141): apparmor="DENIED" operation="change_hat" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=32239 comm="syz-executor.4" [ 1426.115767] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1426.115771] Call Trace: [ 1426.115784] dump_stack+0x1b2/0x281 [ 1426.115797] should_fail.cold+0x10a/0x149 [ 1426.115810] should_failslab+0xd6/0x130 [ 1426.137605] audit: type=1400 audit(1660285109.015:142): apparmor="DENIED" operation="change_hat" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=32243 comm="syz-executor.4" [ 1426.138681] __kmalloc_track_caller+0x2bc/0x400 [ 1426.184531] ? strndup_user+0x5b/0xf0 [ 1426.188338] memdup_user+0x22/0xa0 [ 1426.191883] strndup_user+0x5b/0xf0 [ 1426.195508] ? copy_mnt_ns+0xa30/0xa30 [ 1426.199392] SyS_mount+0x68/0x120 [ 1426.202839] ? copy_mnt_ns+0xa30/0xa30 [ 1426.206724] do_syscall_64+0x1d5/0x640 [ 1426.210613] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1426.214966] audit: type=1400 audit(1660285109.235:143): apparmor="DENIED" operation="change_hat" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=32248 comm="syz-executor.4" [ 1426.215793] RIP: 0033:0x7f5650cfa7aa [ 1426.237103] RSP: 002b:00007f564f66df88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 1426.244805] RAX: ffffffffffffffda RBX: 0000000020000240 RCX: 00007f5650cfa7aa [ 1426.252155] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 00007f564f66dfe0 [ 1426.259405] RBP: 00007f564f66e020 R08: 00007f564f66e020 R09: 0000000020000000 [ 1426.266756] R10: 0000000000008002 R11: 0000000000000202 R12: 0000000020000000 [ 1426.274005] R13: 0000000020000040 R14: 00007f564f66dfe0 R15: 0000000020000280 06:18:29 executing program 3: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 47) 06:18:29 executing program 4: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000080)=@hat={'changehat ', 0x2, 0x5e, ['*,*)\x00', '/dev/hwrng\x00', '/dev/hwrng\x00', '\x00', '--\\\x00', 'stack ', '$$)(\x00', '/dev/hwrng\x00', '/dev/hwrng\x00', '\x00']}, 0x5f) 06:18:29 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private=0xfffffffd}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) 06:18:29 executing program 2: setsockopt$inet_sctp6_SCTP_RECVNXTINFO(0xffffffffffffffff, 0x84, 0x21, &(0x7f00000000c0)=0x80, 0x4) r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) socket$l2tp(0x2, 0x2, 0x73) ioctl$SG_GET_PACK_ID(0xffffffffffffffff, 0x227c, &(0x7f0000000080)) write$apparmor_current(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7065726d686174203078303030303030303030303030303030305e716e783400716e05340079f11a017dc13814dc9cab696aa2e76efadf6ce9242d2e2ceb278a3a2500c4c9b25a47765256b06a47e4183380ec41a6e5376aa073e85af66c3eb5702e5ead797f244a3775ecc41b5db3d0a5c02b30caa57a63c861bc3bb97abc58c50a3a9accdbf35646c5cd307a7a03d18a91801f46ecf7b852545d55833962bf6c159a07aeb2f8d39672693343bec9ba023a07b810362e1b02bdb7f1f5df6fc00b55d55f4038bbfeb9dcae81dce7007fa32758fa88e4be5c0577e5aa9e764fae205dacb1b342d2f9352e163532ac8f1d5d62d687f8b3435c7171e5b3af99ce24b8921ef8ab63c3d796af66d4fbe1909396c9dcf80dae334d6acacf53178f639bfa81825bfb13ba506547963d00d75a699855c44e798e91f460a06655098beb0ac0dc487b6767d0c053360e40ff38a2ff834c31926a635b456d1b8f67bd1638ac81de0656dd866d8fdc5c394dea7edc2c538e26c7b2efd7a90797865db97a17dbc03b0e002757eb77aea34011a0c04924b89535a86e64a0bbd1e059df8cf8aa28688d2f76a9350c6d807c891dac888dc6e62dadcc0b43cf3170f1cacdc0b7afc717ee6c91b2c35d046c77db809d597b086861fbd3db6eab74faa8d21bf7ce6316159c06d95e6e7834003a18123adc93dca9880180000800"], 0x1f7) 06:18:29 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000080)={0x1, 'sit0\x00'}, 0x18) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) 06:18:29 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 46) 06:18:29 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) socket$inet_udp(0x2, 0x2, 0x0) (async) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private=0xfffffffd}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) 06:18:29 executing program 2: setsockopt$inet_sctp6_SCTP_RECVNXTINFO(0xffffffffffffffff, 0x84, 0x21, &(0x7f00000000c0)=0x80, 0x4) (async, rerun: 32) r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async, rerun: 32) socket$l2tp(0x2, 0x2, 0x73) (async) ioctl$SG_GET_PACK_ID(0xffffffffffffffff, 0x227c, &(0x7f0000000080)) write$apparmor_current(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7065726d686174203078303030303030303030303030303030305e716e783400716e05340079f11a017dc13814dc9cab696aa2e76efadf6ce9242d2e2ceb278a3a2500c4c9b25a47765256b06a47e4183380ec41a6e5376aa073e85af66c3eb5702e5ead797f244a3775ecc41b5db3d0a5c02b30caa57a63c861bc3bb97abc58c50a3a9accdbf35646c5cd307a7a03d18a91801f46ecf7b852545d55833962bf6c159a07aeb2f8d39672693343bec9ba023a07b810362e1b02bdb7f1f5df6fc00b55d55f4038bbfeb9dcae81dce7007fa32758fa88e4be5c0577e5aa9e764fae205dacb1b342d2f9352e163532ac8f1d5d62d687f8b3435c7171e5b3af99ce24b8921ef8ab63c3d796af66d4fbe1909396c9dcf80dae334d6acacf53178f639bfa81825bfb13ba506547963d00d75a699855c44e798e91f460a06655098beb0ac0dc487b6767d0c053360e40ff38a2ff834c31926a635b456d1b8f67bd1638ac81de0656dd866d8fdc5c394dea7edc2c538e26c7b2efd7a90797865db97a17dbc03b0e002757eb77aea34011a0c04924b89535a86e64a0bbd1e059df8cf8aa28688d2f76a9350c6d807c891dac888dc6e62dadcc0b43cf3170f1cacdc0b7afc717ee6c91b2c35d046c77db809d597b086861fbd3db6eab74faa8d21bf7ce6316159c06d95e6e7834003a18123adc93dca9880180000800"], 0x1f7) 06:18:29 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000080)={0x1, 'sit0\x00'}, 0x18) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) 06:18:29 executing program 4: write$apparmor_current(0xffffffffffffffff, &(0x7f0000000080)=@hat={'changehat ', 0x2, 0x5e, ['*,*)\x00', '/dev/hwrng\x00', '/dev/hwrng\x00', '\x00', '--\\\x00', 'stack ', '$$)(\x00', '/dev/hwrng\x00', '/dev/hwrng\x00', '\x00']}, 0x5f) [ 1426.402169] IPVS: stopping master sync thread 8003 ... [ 1426.409580] audit: type=1400 audit(1660285109.425:144): apparmor="DENIED" operation="change_hat" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=32270 comm="syz-executor.2" 06:18:29 executing program 5: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r1}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) ioctl$SCSI_IOCTL_START_UNIT(r1, 0x5) socket$inet_udp(0x2, 0x2, 0x0) [ 1426.465746] audit: type=1400 audit(1660285109.445:145): apparmor="DENIED" operation="change_hat" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=32267 comm="syz-executor.4" [ 1426.467067] FAULT_INJECTION: forcing a failure. [ 1426.467067] name failslab, interval 1, probability 0, space 0, times 0 [ 1426.496588] FAULT_INJECTION: forcing a failure. [ 1426.496588] name failslab, interval 1, probability 0, space 0, times 0 [ 1426.532408] CPU: 1 PID: 32280 Comm: syz-executor.3 Not tainted 4.14.290-syzkaller #0 [ 1426.540314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1426.549667] Call Trace: [ 1426.552256] dump_stack+0x1b2/0x281 [ 1426.555891] should_fail.cold+0x10a/0x149 [ 1426.560047] should_failslab+0xd6/0x130 [ 1426.564022] __kmalloc_track_caller+0x2bc/0x400 [ 1426.568689] ? strndup_user+0x5b/0xf0 [ 1426.572489] memdup_user+0x22/0xa0 [ 1426.576030] strndup_user+0x5b/0xf0 [ 1426.579668] ? copy_mnt_ns+0xa30/0xa30 [ 1426.583561] SyS_mount+0x68/0x120 [ 1426.587027] ? copy_mnt_ns+0xa30/0xa30 [ 1426.590904] do_syscall_64+0x1d5/0x640 [ 1426.594784] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1426.599953] RIP: 0033:0x7f5ff741c7aa [ 1426.603650] RSP: 002b:00007f5ff5d8ff88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 1426.611346] RAX: ffffffffffffffda RBX: 0000000020000240 RCX: 00007f5ff741c7aa [ 1426.618599] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 00007f5ff5d8ffe0 06:18:29 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000080)={0x1, 'sit0\x00'}, 0x18) [ 1426.625855] RBP: 00007f5ff5d90020 R08: 00007f5ff5d90020 R09: 0000000020000000 [ 1426.633113] R10: 0000000000008002 R11: 0000000000000202 R12: 0000000020000000 [ 1426.640634] R13: 0000000020000040 R14: 00007f5ff5d8ffe0 R15: 0000000020000280 [ 1426.648359] CPU: 0 PID: 32279 Comm: syz-executor.1 Not tainted 4.14.290-syzkaller #0 [ 1426.656249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1426.665594] Call Trace: [ 1426.668181] dump_stack+0x1b2/0x281 [ 1426.671813] should_fail.cold+0x10a/0x149 [ 1426.675979] should_failslab+0xd6/0x130 [ 1426.679972] kmem_cache_alloc_trace+0x29a/0x3d0 [ 1426.684672] ? copy_mnt_ns+0xa30/0xa30 [ 1426.688562] copy_mount_options+0x59/0x2f0 [ 1426.692804] ? copy_mnt_ns+0xa30/0xa30 [ 1426.696696] SyS_mount+0x84/0x120 [ 1426.700145] ? copy_mnt_ns+0xa30/0xa30 [ 1426.704035] do_syscall_64+0x1d5/0x640 [ 1426.707926] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1426.713107] RIP: 0033:0x7f5650cfa7aa [ 1426.716813] RSP: 002b:00007f564f66df88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 1426.724692] RAX: ffffffffffffffda RBX: 0000000020000240 RCX: 00007f5650cfa7aa 06:18:29 executing program 3: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 48) 06:18:29 executing program 4: write$apparmor_current(0xffffffffffffffff, &(0x7f0000000080)=@hat={'changehat ', 0x2, 0x5e, ['*,*)\x00', '/dev/hwrng\x00', '/dev/hwrng\x00', '\x00', '--\\\x00', 'stack ', '$$)(\x00', '/dev/hwrng\x00', '/dev/hwrng\x00', '\x00']}, 0x5f) 06:18:29 executing program 5: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r1}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) ioctl$SCSI_IOCTL_START_UNIT(r1, 0x5) socket$inet_udp(0x2, 0x2, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) (async) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r1}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) (async) ioctl$SCSI_IOCTL_START_UNIT(r1, 0x5) (async) socket$inet_udp(0x2, 0x2, 0x0) (async) 06:18:29 executing program 2: setsockopt$inet_sctp6_SCTP_RECVNXTINFO(0xffffffffffffffff, 0x84, 0x21, &(0x7f00000000c0)=0x80, 0x4) r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) socket$l2tp(0x2, 0x2, 0x73) ioctl$SG_GET_PACK_ID(0xffffffffffffffff, 0x227c, &(0x7f0000000080)) write$apparmor_current(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7065726d686174203078303030303030303030303030303030305e716e783400716e05340079f11a017dc13814dc9cab696aa2e76efadf6ce9242d2e2ceb278a3a2500c4c9b25a47765256b06a47e4183380ec41a6e5376aa073e85af66c3eb5702e5ead797f244a3775ecc41b5db3d0a5c02b30caa57a63c861bc3bb97abc58c50a3a9accdbf35646c5cd307a7a03d18a91801f46ecf7b852545d55833962bf6c159a07aeb2f8d39672693343bec9ba023a07b810362e1b02bdb7f1f5df6fc00b55d55f4038bbfeb9dcae81dce7007fa32758fa88e4be5c0577e5aa9e764fae205dacb1b342d2f9352e163532ac8f1d5d62d687f8b3435c7171e5b3af99ce24b8921ef8ab63c3d796af66d4fbe1909396c9dcf80dae334d6acacf53178f639bfa81825bfb13ba506547963d00d75a699855c44e798e91f460a06655098beb0ac0dc487b6767d0c053360e40ff38a2ff834c31926a635b456d1b8f67bd1638ac81de0656dd866d8fdc5c394dea7edc2c538e26c7b2efd7a90797865db97a17dbc03b0e002757eb77aea34011a0c04924b89535a86e64a0bbd1e059df8cf8aa28688d2f76a9350c6d807c891dac888dc6e62dadcc0b43cf3170f1cacdc0b7afc717ee6c91b2c35d046c77db809d597b086861fbd3db6eab74faa8d21bf7ce6316159c06d95e6e7834003a18123adc93dca9880180000800"], 0x1f7) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(0xffffffffffffffff, 0x84, 0x21, &(0x7f00000000c0)=0x80, 0x4) (async) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async) socket$l2tp(0x2, 0x2, 0x73) (async) ioctl$SG_GET_PACK_ID(0xffffffffffffffff, 0x227c, &(0x7f0000000080)) (async) write$apparmor_current(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7065726d686174203078303030303030303030303030303030305e716e783400716e05340079f11a017dc13814dc9cab696aa2e76efadf6ce9242d2e2ceb278a3a2500c4c9b25a47765256b06a47e4183380ec41a6e5376aa073e85af66c3eb5702e5ead797f244a3775ecc41b5db3d0a5c02b30caa57a63c861bc3bb97abc58c50a3a9accdbf35646c5cd307a7a03d18a91801f46ecf7b852545d55833962bf6c159a07aeb2f8d39672693343bec9ba023a07b810362e1b02bdb7f1f5df6fc00b55d55f4038bbfeb9dcae81dce7007fa32758fa88e4be5c0577e5aa9e764fae205dacb1b342d2f9352e163532ac8f1d5d62d687f8b3435c7171e5b3af99ce24b8921ef8ab63c3d796af66d4fbe1909396c9dcf80dae334d6acacf53178f639bfa81825bfb13ba506547963d00d75a699855c44e798e91f460a06655098beb0ac0dc487b6767d0c053360e40ff38a2ff834c31926a635b456d1b8f67bd1638ac81de0656dd866d8fdc5c394dea7edc2c538e26c7b2efd7a90797865db97a17dbc03b0e002757eb77aea34011a0c04924b89535a86e64a0bbd1e059df8cf8aa28688d2f76a9350c6d807c891dac888dc6e62dadcc0b43cf3170f1cacdc0b7afc717ee6c91b2c35d046c77db809d597b086861fbd3db6eab74faa8d21bf7ce6316159c06d95e6e7834003a18123adc93dca9880180000800"], 0x1f7) (async) 06:18:29 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000080)={0x1, 'sit0\x00'}, 0x18) 06:18:29 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 47) [ 1426.731958] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 00007f564f66dfe0 [ 1426.739316] RBP: 00007f564f66e020 R08: 00007f564f66e020 R09: 0000000020000000 [ 1426.746581] R10: 0000000000008002 R11: 0000000000000202 R12: 0000000020000000 [ 1426.754279] R13: 0000000020000040 R14: 00007f564f66dfe0 R15: 0000000020000280 06:18:29 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000080)={0x1, 'sit0\x00'}, 0x18) [ 1426.859070] FAULT_INJECTION: forcing a failure. [ 1426.859070] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1426.870894] CPU: 0 PID: 32322 Comm: syz-executor.3 Not tainted 4.14.290-syzkaller #0 [ 1426.878770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1426.888121] Call Trace: [ 1426.890709] dump_stack+0x1b2/0x281 [ 1426.894338] should_fail.cold+0x10a/0x149 [ 1426.898491] __alloc_pages_nodemask+0x22c/0x2720 [ 1426.903244] ? __save_stack_trace+0x63/0x160 06:18:29 executing program 4: write$apparmor_current(0xffffffffffffffff, &(0x7f0000000080)=@hat={'changehat ', 0x2, 0x5e, ['*,*)\x00', '/dev/hwrng\x00', '/dev/hwrng\x00', '\x00', '--\\\x00', 'stack ', '$$)(\x00', '/dev/hwrng\x00', '/dev/hwrng\x00', '\x00']}, 0x5f) [ 1426.907652] ? is_bpf_text_address+0x91/0x150 [ 1426.912153] ? __lock_acquire+0x5fc/0x3f20 [ 1426.916389] ? cmp_ex_sort+0xb0/0xb0 [ 1426.920106] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1426.924947] ? search_extable+0x6f/0x80 [ 1426.928930] ? trim_init_extable+0x280/0x280 [ 1426.933342] ? __kernel_text_address+0x9/0x30 [ 1426.937837] ? copy_mount_options+0x194/0x2f0 [ 1426.942335] ? fixup_exception+0x93/0xd0 [ 1426.946397] ? no_context+0x9c/0x7c0 [ 1426.947170] FAULT_INJECTION: forcing a failure. 06:18:30 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) r2 = gettid() r3 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r5}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) kcmp$KCMP_EPOLL_TFD(0xffffffffffffffff, r2, 0x7, r3, &(0x7f0000000300)={0xffffffffffffffff, r5, 0x9}) sendmsg$NBD_CMD_STATUS(0xffffffffffffffff, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r1}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) epoll_ctl$EPOLL_CTL_DEL(0xffffffffffffffff, 0x2, r1) write$apparmor_current(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="7065726d686174203078303030303030303030303030303030305e716e783400716e05340079f11a017dc13814dc9cab696aa2e76efadf6ce9242d2e2ceb278a3a2500c4c9b25a47765256b06a47e418338004b81c5a42fcc753a6cc2ec1ec41a6e5376aa073e85af66c3eb5702e5ead797f244a3775ecc41b5db3d0a5c02b30caa57a63c861bc3bb97abc58c50a3a9accdbf35646c5cd307a7a03d18a91801f46ecf7b852505d55833962bf6c159a07aeb2f8d39672693343bec9ba023a07b810362e1b02bdb7f1f5df6fc00b55d55f4038bbfeb9dcae81dce7007fa32758fa88e4be5c0577e5aa9e764fae205dacb1b342d2f9352e163532ac8f1d5d62d687f8b3c9fdbea2e5b3af99ce24b8921ef8ab63c3d796af66d4fbe1909396c9dcf80dae334d6acacf53178f639bfa81825bfb13ba506547963d00d75a699855c44e798e91f460a06655098beb0ac0dc487b6767d0c053360e40ff38a2ff834c31926a635b456d1b8f67bd1638ac81de0656dd866d8fdc5c394dea7edc2c538e26c7b2efd7a9079786bbb97a17dbc03b0e002757eb77aea34011a0c04924b89535a86e64a0bbd1e059df8cf8aa28688d2f76a9350c6d807c891dac888dc6e62dadcc0b43cf3170f1cacdc0b7afc717ee6c91b2c35d046c77db809d597b086861fbd3db6eab74faa8d21bf7ce631615ffff0000000000003a183f887d575b4e3f97612a98aa13fb0f07be347f5e6c00370151b71008e358e8585b3a9f1a9e9b53e17bfb34f6e831322616c24602456979fec9519a3d82c67da44b383a52d2303db8dbd2840edf3e8695cd16f37be4ce01587e8dbf9123ce290d597b5c7c6d23d1686e3116358db120c50fcdcdd88f183878dc7ce7470cbc8d99393bec2cec77fe"], 0xfffffffffffffd95) 06:18:30 executing program 0: setsockopt$IP_VS_SO_SET_STOPDAEMON(0xffffffffffffffff, 0x0, 0x48c, &(0x7f0000000080)={0x1, 'sit0\x00'}, 0x18) ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) [ 1426.947170] name failslab, interval 1, probability 0, space 0, times 0 [ 1426.950108] ? force_sig_info_fault.constprop.0+0x260/0x260 [ 1426.950118] ? bad_area_access_error+0x1f8/0x3e0 [ 1426.950132] cache_grow_begin+0x91/0x700 [ 1426.950147] ? fs_reclaim_release+0xd0/0x110 [ 1426.980184] ? check_preemption_disabled+0x35/0x240 [ 1426.985205] cache_alloc_refill+0x273/0x350 [ 1426.989531] kmem_cache_alloc+0x333/0x3c0 [ 1426.993709] getname_flags+0xc8/0x550 [ 1426.997511] ? __do_page_fault+0x159/0xad0 [ 1427.001749] user_path_at_empty+0x2a/0x50 [ 1427.005901] do_mount+0x118/0x2a30 06:18:30 executing program 4: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000080)=@hat={'changehat ', 0x2, 0x5e, ['*,*)\x00', '/dev/hwrng\x00', '/dev/hwrng\x00', '\x00', '--\\\x00', 'stack ', '$$)(\x00', '/dev/hwrng\x00', '/dev/hwrng\x00', '\x00']}, 0x5f) [ 1427.009447] ? __do_page_fault+0x159/0xad0 [ 1427.013680] ? retint_kernel+0x2d/0x2d [ 1427.017570] ? copy_mount_string+0x40/0x40 [ 1427.021805] ? memset+0x20/0x40 [ 1427.025111] ? copy_mount_options+0x1fa/0x2f0 [ 1427.029605] ? copy_mnt_ns+0xa30/0xa30 [ 1427.034363] SyS_mount+0xa8/0x120 [ 1427.037816] ? copy_mnt_ns+0xa30/0xa30 [ 1427.041711] do_syscall_64+0x1d5/0x640 [ 1427.045604] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1427.050796] RIP: 0033:0x7f5ff741c7aa 06:18:30 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) r2 = gettid() r3 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r5}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) kcmp$KCMP_EPOLL_TFD(0xffffffffffffffff, r2, 0x7, r3, &(0x7f0000000300)={0xffffffffffffffff, r5, 0x9}) sendmsg$NBD_CMD_STATUS(0xffffffffffffffff, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r1}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) epoll_ctl$EPOLL_CTL_DEL(0xffffffffffffffff, 0x2, r1) write$apparmor_current(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="7065726d686174203078303030303030303030303030303030305e716e783400716e05340079f11a017dc13814dc9cab696aa2e76efadf6ce9242d2e2ceb278a3a2500c4c9b25a47765256b06a47e418338004b81c5a42fcc753a6cc2ec1ec41a6e5376aa073e85af66c3eb5702e5ead797f244a3775ecc41b5db3d0a5c02b30caa57a63c861bc3bb97abc58c50a3a9accdbf35646c5cd307a7a03d18a91801f46ecf7b852505d55833962bf6c159a07aeb2f8d39672693343bec9ba023a07b810362e1b02bdb7f1f5df6fc00b55d55f4038bbfeb9dcae81dce7007fa32758fa88e4be5c0577e5aa9e764fae205dacb1b342d2f9352e163532ac8f1d5d62d687f8b3c9fdbea2e5b3af99ce24b8921ef8ab63c3d796af66d4fbe1909396c9dcf80dae334d6acacf53178f639bfa81825bfb13ba506547963d00d75a699855c44e798e91f460a06655098beb0ac0dc487b6767d0c053360e40ff38a2ff834c31926a635b456d1b8f67bd1638ac81de0656dd866d8fdc5c394dea7edc2c538e26c7b2efd7a9079786bbb97a17dbc03b0e002757eb77aea34011a0c04924b89535a86e64a0bbd1e059df8cf8aa28688d2f76a9350c6d807c891dac888dc6e62dadcc0b43cf3170f1cacdc0b7afc717ee6c91b2c35d046c77db809d597b086861fbd3db6eab74faa8d21bf7ce631615ffff0000000000003a183f887d575b4e3f97612a98aa13fb0f07be347f5e6c00370151b71008e358e8585b3a9f1a9e9b53e17bfb34f6e831322616c24602456979fec9519a3d82c67da44b383a52d2303db8dbd2840edf3e8695cd16f37be4ce01587e8dbf9123ce290d597b5c7c6d23d1686e3116358db120c50fcdcdd88f183878dc7ce7470cbc8d99393bec2cec77fe"], 0xfffffffffffffd95) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async) openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) (async) gettid() (async) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) (async) sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r5}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) (async) kcmp$KCMP_EPOLL_TFD(0xffffffffffffffff, r2, 0x7, r3, &(0x7f0000000300)={0xffffffffffffffff, r5, 0x9}) (async) sendmsg$NBD_CMD_STATUS(0xffffffffffffffff, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r1}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) (async) epoll_ctl$EPOLL_CTL_DEL(0xffffffffffffffff, 0x2, r1) (async) write$apparmor_current(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="7065726d686174203078303030303030303030303030303030305e716e783400716e05340079f11a017dc13814dc9cab696aa2e76efadf6ce9242d2e2ceb278a3a2500c4c9b25a47765256b06a47e418338004b81c5a42fcc753a6cc2ec1ec41a6e5376aa073e85af66c3eb5702e5ead797f244a3775ecc41b5db3d0a5c02b30caa57a63c861bc3bb97abc58c50a3a9accdbf35646c5cd307a7a03d18a91801f46ecf7b852505d55833962bf6c159a07aeb2f8d39672693343bec9ba023a07b810362e1b02bdb7f1f5df6fc00b55d55f4038bbfeb9dcae81dce7007fa32758fa88e4be5c0577e5aa9e764fae205dacb1b342d2f9352e163532ac8f1d5d62d687f8b3c9fdbea2e5b3af99ce24b8921ef8ab63c3d796af66d4fbe1909396c9dcf80dae334d6acacf53178f639bfa81825bfb13ba506547963d00d75a699855c44e798e91f460a06655098beb0ac0dc487b6767d0c053360e40ff38a2ff834c31926a635b456d1b8f67bd1638ac81de0656dd866d8fdc5c394dea7edc2c538e26c7b2efd7a9079786bbb97a17dbc03b0e002757eb77aea34011a0c04924b89535a86e64a0bbd1e059df8cf8aa28688d2f76a9350c6d807c891dac888dc6e62dadcc0b43cf3170f1cacdc0b7afc717ee6c91b2c35d046c77db809d597b086861fbd3db6eab74faa8d21bf7ce631615ffff0000000000003a183f887d575b4e3f97612a98aa13fb0f07be347f5e6c00370151b71008e358e8585b3a9f1a9e9b53e17bfb34f6e831322616c24602456979fec9519a3d82c67da44b383a52d2303db8dbd2840edf3e8695cd16f37be4ce01587e8dbf9123ce290d597b5c7c6d23d1686e3116358db120c50fcdcdd88f183878dc7ce7470cbc8d99393bec2cec77fe"], 0xfffffffffffffd95) (async) [ 1427.054501] RSP: 002b:00007f5ff5d8ff88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 1427.062465] RAX: ffffffffffffffda RBX: 0000000020000240 RCX: 00007f5ff741c7aa [ 1427.069734] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 00007f5ff5d8ffe0 [ 1427.077121] RBP: 00007f5ff5d90020 R08: 00007f5ff5d90020 R09: 0000000020000000 [ 1427.084384] R10: 0000000000008002 R11: 0000000000000202 R12: 0000000020000000 [ 1427.091654] R13: 0000000020000040 R14: 00007f5ff5d8ffe0 R15: 0000000020000280 [ 1427.102495] audit: type=1400 audit(1660285109.875:146): apparmor="DENIED" operation="change_hat" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=32316 comm="syz-executor.2" [ 1427.115555] CPU: 1 PID: 32332 Comm: syz-executor.1 Not tainted 4.14.290-syzkaller #0 [ 1427.127905] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1427.137248] Call Trace: [ 1427.139818] dump_stack+0x1b2/0x281 [ 1427.143436] should_fail.cold+0x10a/0x149 [ 1427.147588] should_failslab+0xd6/0x130 [ 1427.151565] kmem_cache_alloc+0x28e/0x3c0 [ 1427.155725] getname_flags+0xc8/0x550 [ 1427.159523] ? __do_page_fault+0x159/0xad0 [ 1427.163755] user_path_at_empty+0x2a/0x50 [ 1427.167906] do_mount+0x118/0x2a30 [ 1427.171449] ? __do_page_fault+0x159/0xad0 [ 1427.175683] ? retint_kernel+0x2d/0x2d [ 1427.179564] ? copy_mount_string+0x40/0x40 [ 1427.183797] ? memset+0x20/0x40 [ 1427.187073] ? copy_mount_options+0x1fa/0x2f0 [ 1427.191575] ? copy_mnt_ns+0xa30/0xa30 [ 1427.195465] SyS_mount+0xa8/0x120 [ 1427.199176] ? copy_mnt_ns+0xa30/0xa30 [ 1427.203069] do_syscall_64+0x1d5/0x640 [ 1427.206961] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1427.212146] RIP: 0033:0x7f5650cfa7aa [ 1427.215951] RSP: 002b:00007f564f66df88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 1427.223724] RAX: ffffffffffffffda RBX: 0000000020000240 RCX: 00007f5650cfa7aa [ 1427.230971] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 00007f564f66dfe0 [ 1427.238220] RBP: 00007f564f66e020 R08: 00007f564f66e020 R09: 0000000020000000 [ 1427.245471] R10: 0000000000008002 R11: 0000000000000202 R12: 0000000020000000 [ 1427.252721] R13: 0000000020000040 R14: 00007f564f66dfe0 R15: 0000000020000280 06:18:30 executing program 3: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 49) 06:18:30 executing program 4: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000080)=@hat={'changehat ', 0x2, 0x5e, ['*,*)\x00', '/dev/hwrng\x00', '/dev/hwrng\x00', '\x00', '--\\\x00', 'stack ', '$$)(\x00', '/dev/hwrng\x00', '/dev/hwrng\x00', '\x00']}, 0x5f) 06:18:30 executing program 0: setsockopt$IP_VS_SO_SET_STOPDAEMON(0xffffffffffffffff, 0x0, 0x48c, &(0x7f0000000080)={0x1, 'sit0\x00'}, 0x18) ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) 06:18:30 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) r2 = gettid() (async) r3 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) (async) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r5 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r5}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) (async) kcmp$KCMP_EPOLL_TFD(0xffffffffffffffff, r2, 0x7, r3, &(0x7f0000000300)={0xffffffffffffffff, r5, 0x9}) sendmsg$NBD_CMD_STATUS(0xffffffffffffffff, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r1}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) (async) epoll_ctl$EPOLL_CTL_DEL(0xffffffffffffffff, 0x2, r1) write$apparmor_current(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="7065726d686174203078303030303030303030303030303030305e716e783400716e05340079f11a017dc13814dc9cab696aa2e76efadf6ce9242d2e2ceb278a3a2500c4c9b25a47765256b06a47e418338004b81c5a42fcc753a6cc2ec1ec41a6e5376aa073e85af66c3eb5702e5ead797f244a3775ecc41b5db3d0a5c02b30caa57a63c861bc3bb97abc58c50a3a9accdbf35646c5cd307a7a03d18a91801f46ecf7b852505d55833962bf6c159a07aeb2f8d39672693343bec9ba023a07b810362e1b02bdb7f1f5df6fc00b55d55f4038bbfeb9dcae81dce7007fa32758fa88e4be5c0577e5aa9e764fae205dacb1b342d2f9352e163532ac8f1d5d62d687f8b3c9fdbea2e5b3af99ce24b8921ef8ab63c3d796af66d4fbe1909396c9dcf80dae334d6acacf53178f639bfa81825bfb13ba506547963d00d75a699855c44e798e91f460a06655098beb0ac0dc487b6767d0c053360e40ff38a2ff834c31926a635b456d1b8f67bd1638ac81de0656dd866d8fdc5c394dea7edc2c538e26c7b2efd7a9079786bbb97a17dbc03b0e002757eb77aea34011a0c04924b89535a86e64a0bbd1e059df8cf8aa28688d2f76a9350c6d807c891dac888dc6e62dadcc0b43cf3170f1cacdc0b7afc717ee6c91b2c35d046c77db809d597b086861fbd3db6eab74faa8d21bf7ce631615ffff0000000000003a183f887d575b4e3f97612a98aa13fb0f07be347f5e6c00370151b71008e358e8585b3a9f1a9e9b53e17bfb34f6e831322616c24602456979fec9519a3d82c67da44b383a52d2303db8dbd2840edf3e8695cd16f37be4ce01587e8dbf9123ce290d597b5c7c6d23d1686e3116358db120c50fcdcdd88f183878dc7ce7470cbc8d99393bec2cec77fe"], 0xfffffffffffffd95) 06:18:30 executing program 5: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r1}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) ioctl$SCSI_IOCTL_START_UNIT(r1, 0x5) socket$inet_udp(0x2, 0x2, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) (async) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r1}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) (async) ioctl$SCSI_IOCTL_START_UNIT(r1, 0x5) (async) socket$inet_udp(0x2, 0x2, 0x0) (async) 06:18:30 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 48) 06:18:30 executing program 4: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000080)=@hat={'changehat ', 0x2, 0x5e, ['*,*)\x00', '/dev/hwrng\x00', '/dev/hwrng\x00', '\x00', '--\\\x00', 'stack ', '$$)(\x00', '/dev/hwrng\x00', '/dev/hwrng\x00', '\x00']}, 0x5f) 06:18:30 executing program 0: setsockopt$IP_VS_SO_SET_STOPDAEMON(0xffffffffffffffff, 0x0, 0x48c, &(0x7f0000000080)={0x1, 'sit0\x00'}, 0x18) ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) 06:18:30 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nbd(&(0x7f0000000140), r3) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32=r2, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0800010000000000"], 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) setsockopt$inet_MCAST_LEAVE_GROUP(r2, 0x0, 0x2d, &(0x7f0000000080)={0x2, {{0x2, 0x4e23, @local}}}, 0x88) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private=0xa010101}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) 06:18:30 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7065726d686174203078303030303030303030303030303030305e716e783400716e05340079f11a017dc13814dc9cab696aa2e76efadf6ce9242d2e2ceb278a3a2500c4c9b25a47765252b06a47e4183380ec41a6e5376aa073e85af66c3eb5702e5ead797f244a3775ecc41b5db3d0a5c02b30caa57a63c861bc3bb97abc58c50a3a9accdbf35646c5cd307a7a03d18a91801f46ecf7b852545d55833962bf6c159a07aeb2f8d39672693343bec9ba023a07b810362e1b02bdb7f1f5df6fc00b55d55f4038bbfeb9dcae81dce7007fa32758fa88e4be5c0577e5aa9e764fae205dacb1b342d2f9352e163532ac8f1d5d62d687f8b3435c7171e5b3af99ce24b8921ef8ab63c3d796af66d4fae1909396c9dcf80dae334d6acacf53178f639bfa81825bfb13ba506547963d00d75a699855c44e798e91f460a06655098beb0ac0dc487b6767d0c053360e40ff38a2ff834c31926a635b456d1b8f67bd1638ac81de0656dd866d8fdc5c394dea7edc2c538e26c7b2efd7a90797865db97a17dbc03b0e002757eb77aea34011a0e059df8cf8aa28688d2f76a9350c6d807c891dbd000000000000000b43cf3170f1cacdc0b7afc717ee6c91b2c35d046c77db809d597b086861fbd3db6eab74faa8d21bf7ce6316159c06d9716e7834003a18123adc93dca9880180000800e4334a77b0a0b8f5"], 0xfffffffffffffd95) [ 1427.378112] FAULT_INJECTION: forcing a failure. [ 1427.378112] name failslab, interval 1, probability 0, space 0, times 0 [ 1427.396536] FAULT_INJECTION: forcing a failure. [ 1427.396536] name failslab, interval 1, probability 0, space 0, times 0 [ 1427.426854] CPU: 0 PID: 32385 Comm: syz-executor.3 Not tainted 4.14.290-syzkaller #0 [ 1427.434755] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1427.444108] Call Trace: [ 1427.446693] dump_stack+0x1b2/0x281 [ 1427.450325] should_fail.cold+0x10a/0x149 [ 1427.454479] should_failslab+0xd6/0x130 [ 1427.458454] __kmalloc_track_caller+0x2bc/0x400 [ 1427.463120] ? kstrdup_const+0x35/0x60 [ 1427.467009] ? lock_downgrade+0x740/0x740 [ 1427.471158] kstrdup+0x36/0x70 [ 1427.474352] kstrdup_const+0x35/0x60 [ 1427.478067] alloc_vfsmnt+0xe0/0x7f0 [ 1427.481777] ? _raw_read_unlock+0x29/0x40 [ 1427.485926] vfs_kern_mount.part.0+0x27/0x470 [ 1427.490423] do_mount+0xe65/0x2a30 [ 1427.493970] ? __do_page_fault+0x159/0xad0 [ 1427.498205] ? retint_kernel+0x2d/0x2d [ 1427.502089] ? copy_mount_string+0x40/0x40 [ 1427.506323] ? memset+0x20/0x40 [ 1427.509600] ? copy_mount_options+0x1fa/0x2f0 [ 1427.514094] ? copy_mnt_ns+0xa30/0xa30 [ 1427.517980] SyS_mount+0xa8/0x120 [ 1427.521427] ? copy_mnt_ns+0xa30/0xa30 [ 1427.525312] do_syscall_64+0x1d5/0x640 [ 1427.529200] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1427.534383] RIP: 0033:0x7f5ff741c7aa [ 1427.538087] RSP: 002b:00007f5ff5d8ff88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 1427.545786] RAX: ffffffffffffffda RBX: 0000000020000240 RCX: 00007f5ff741c7aa [ 1427.553042] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 00007f5ff5d8ffe0 [ 1427.560292] RBP: 00007f5ff5d90020 R08: 00007f5ff5d90020 R09: 0000000020000000 [ 1427.567543] R10: 0000000000008002 R11: 0000000000000202 R12: 0000000020000000 06:18:30 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(0xffffffffffffffff, 0x0, 0x48c, &(0x7f0000000080)={0x1, 'sit0\x00'}, 0x18) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) 06:18:30 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nbd(&(0x7f0000000140), r3) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32=r2, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0800010000000000"], 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) setsockopt$inet_MCAST_LEAVE_GROUP(r2, 0x0, 0x2d, &(0x7f0000000080)={0x2, {{0x2, 0x4e23, @local}}}, 0x88) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private=0xa010101}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) socket$inet_udp(0x2, 0x2, 0x0) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$nbd(&(0x7f0000000140), r3) (async) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32=r2, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0800010000000000"], 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) (async) setsockopt$inet_MCAST_LEAVE_GROUP(r2, 0x0, 0x2d, &(0x7f0000000080)={0x2, {{0x2, 0x4e23, @local}}}, 0x88) (async) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private=0xa010101}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) (async) [ 1427.574791] R13: 0000000020000040 R14: 00007f5ff5d8ffe0 R15: 0000000020000280 [ 1427.582092] CPU: 1 PID: 32386 Comm: syz-executor.1 Not tainted 4.14.290-syzkaller #0 [ 1427.590058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1427.599408] Call Trace: [ 1427.601997] dump_stack+0x1b2/0x281 [ 1427.605626] should_fail.cold+0x10a/0x149 [ 1427.609775] should_failslab+0xd6/0x130 [ 1427.613748] __kmalloc_track_caller+0x2bc/0x400 [ 1427.618441] ? kstrdup_const+0x35/0x60 [ 1427.622336] ? lock_downgrade+0x740/0x740 [ 1427.626487] kstrdup+0x36/0x70 [ 1427.629677] kstrdup_const+0x35/0x60 [ 1427.633386] alloc_vfsmnt+0xe0/0x7f0 [ 1427.637096] ? _raw_read_unlock+0x29/0x40 [ 1427.641252] vfs_kern_mount.part.0+0x27/0x470 [ 1427.645750] do_mount+0xe65/0x2a30 [ 1427.649289] ? __do_page_fault+0x159/0xad0 [ 1427.653529] ? retint_kernel+0x2d/0x2d [ 1427.657414] ? copy_mount_string+0x40/0x40 [ 1427.661651] ? memset+0x20/0x40 [ 1427.664928] ? copy_mount_options+0x1fa/0x2f0 [ 1427.669423] ? copy_mnt_ns+0xa30/0xa30 [ 1427.673308] SyS_mount+0xa8/0x120 [ 1427.676760] ? copy_mnt_ns+0xa30/0xa30 [ 1427.680644] do_syscall_64+0x1d5/0x640 [ 1427.684533] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1427.689717] RIP: 0033:0x7f5650cfa7aa [ 1427.693424] RSP: 002b:00007f564f66df88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 1427.701155] RAX: ffffffffffffffda RBX: 0000000020000240 RCX: 00007f5650cfa7aa [ 1427.708453] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 00007f564f66dfe0 [ 1427.715717] RBP: 00007f564f66e020 R08: 00007f564f66e020 R09: 0000000020000000 06:18:30 executing program 3: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 50) 06:18:30 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(0xffffffffffffffff, 0x0, 0x48c, &(0x7f0000000080)={0x1, 'sit0\x00'}, 0x18) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) 06:18:30 executing program 4: openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(0xffffffffffffffff, &(0x7f0000000080)=@hat={'changehat ', 0x2, 0x5e, ['*,*)\x00', '/dev/hwrng\x00', '/dev/hwrng\x00', '\x00', '--\\\x00', 'stack ', '$$)(\x00', '/dev/hwrng\x00', '/dev/hwrng\x00', '\x00']}, 0x5f) 06:18:30 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nbd(&(0x7f0000000140), r3) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32=r2, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0800010000000000"], 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) setsockopt$inet_MCAST_LEAVE_GROUP(r2, 0x0, 0x2d, &(0x7f0000000080)={0x2, {{0x2, 0x4e23, @local}}}, 0x88) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private=0xa010101}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) socket$inet_udp(0x2, 0x2, 0x0) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$nbd(&(0x7f0000000140), r3) (async) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32=r2, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0800010000000000"], 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) (async) setsockopt$inet_MCAST_LEAVE_GROUP(r2, 0x0, 0x2d, &(0x7f0000000080)={0x2, {{0x2, 0x4e23, @local}}}, 0x88) (async) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private=0xa010101}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) (async) 06:18:30 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7065726d686174203078303030303030303030303030303030305e716e783400716e05340079f11a017dc13814dc9cab696aa2e76efadf6ce9242d2e2ceb278a3a2500c4c9b25a47765252b06a47e4183380ec41a6e5376aa073e85af66c3eb5702e5ead797f244a3775ecc41b5db3d0a5c02b30caa57a63c861bc3bb97abc58c50a3a9accdbf35646c5cd307a7a03d18a91801f46ecf7b852545d55833962bf6c159a07aeb2f8d39672693343bec9ba023a07b810362e1b02bdb7f1f5df6fc00b55d55f4038bbfeb9dcae81dce7007fa32758fa88e4be5c0577e5aa9e764fae205dacb1b342d2f9352e163532ac8f1d5d62d687f8b3435c7171e5b3af99ce24b8921ef8ab63c3d796af66d4fae1909396c9dcf80dae334d6acacf53178f639bfa81825bfb13ba506547963d00d75a699855c44e798e91f460a06655098beb0ac0dc487b6767d0c053360e40ff38a2ff834c31926a635b456d1b8f67bd1638ac81de0656dd866d8fdc5c394dea7edc2c538e26c7b2efd7a90797865db97a17dbc03b0e002757eb77aea34011a0e059df8cf8aa28688d2f76a9350c6d807c891dbd000000000000000b43cf3170f1cacdc0b7afc717ee6c91b2c35d046c77db809d597b086861fbd3db6eab74faa8d21bf7ce6316159c06d9716e7834003a18123adc93dca9880180000800e4334a77b0a0b8f5"], 0xfffffffffffffd95) [ 1427.722984] R10: 0000000000008002 R11: 0000000000000202 R12: 0000000020000000 [ 1427.730247] R13: 0000000020000040 R14: 00007f564f66dfe0 R15: 0000000020000280 06:18:30 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 49) 06:18:30 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(0xffffffffffffffff, 0x0, 0x48c, &(0x7f0000000080)={0x1, 'sit0\x00'}, 0x18) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) 06:18:30 executing program 4: openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(0xffffffffffffffff, &(0x7f0000000080)=@hat={'changehat ', 0x2, 0x5e, ['*,*)\x00', '/dev/hwrng\x00', '/dev/hwrng\x00', '\x00', '--\\\x00', 'stack ', '$$)(\x00', '/dev/hwrng\x00', '/dev/hwrng\x00', '\x00']}, 0x5f) 06:18:30 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7065726d686174203078303030303030303030303030303030305e716e783400716e05340079f11a017dc13814dc9cab696aa2e76efadf6ce9242d2e2ceb278a3a2500c4c9b25a47765252b06a47e4183380ec41a6e5376aa073e85af66c3eb5702e5ead797f244a3775ecc41b5db3d0a5c02b30caa57a63c861bc3bb97abc58c50a3a9accdbf35646c5cd307a7a03d18a91801f46ecf7b852545d55833962bf6c159a07aeb2f8d39672693343bec9ba023a07b810362e1b02bdb7f1f5df6fc00b55d55f4038bbfeb9dcae81dce7007fa32758fa88e4be5c0577e5aa9e764fae205dacb1b342d2f9352e163532ac8f1d5d62d687f8b3435c7171e5b3af99ce24b8921ef8ab63c3d796af66d4fae1909396c9dcf80dae334d6acacf53178f639bfa81825bfb13ba506547963d00d75a699855c44e798e91f460a06655098beb0ac0dc487b6767d0c053360e40ff38a2ff834c31926a635b456d1b8f67bd1638ac81de0656dd866d8fdc5c394dea7edc2c538e26c7b2efd7a90797865db97a17dbc03b0e002757eb77aea34011a0e059df8cf8aa28688d2f76a9350c6d807c891dbd000000000000000b43cf3170f1cacdc0b7afc717ee6c91b2c35d046c77db809d597b086861fbd3db6eab74faa8d21bf7ce6316159c06d9716e7834003a18123adc93dca9880180000800e4334a77b0a0b8f5"], 0xfffffffffffffd95) 06:18:30 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) ioctl$SCSI_IOCTL_STOP_UNIT(0xffffffffffffffff, 0x6) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) [ 1427.860793] FAULT_INJECTION: forcing a failure. [ 1427.860793] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1427.872613] CPU: 1 PID: 32448 Comm: syz-executor.3 Not tainted 4.14.290-syzkaller #0 [ 1427.880497] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1427.889851] Call Trace: [ 1427.889963] FAULT_INJECTION: forcing a failure. [ 1427.889963] name failslab, interval 1, probability 0, space 0, times 0 [ 1427.892434] dump_stack+0x1b2/0x281 [ 1427.892446] should_fail.cold+0x10a/0x149 [ 1427.892460] __alloc_pages_nodemask+0x22c/0x2720 [ 1427.892478] ? __lock_acquire+0x5fc/0x3f20 [ 1427.892492] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1427.892498] ? trace_hardirqs_on+0x10/0x10 [ 1427.892512] ? trace_hardirqs_on+0x10/0x10 [ 1427.933659] ? reacquire_held_locks+0xb5/0x3f0 [ 1427.938226] ? dput.part.0+0x3b4/0x710 [ 1427.942098] ? list_lru_add+0x22a/0x490 [ 1427.946061] cache_grow_begin+0x91/0x700 [ 1427.950107] ? fs_reclaim_release+0xd0/0x110 [ 1427.954619] ? check_preemption_disabled+0x35/0x240 [ 1427.959626] cache_alloc_refill+0x273/0x350 [ 1427.963946] kmem_cache_alloc_trace+0x340/0x3d0 [ 1427.968603] ? copy_mnt_ns+0xa30/0xa30 [ 1427.972480] copy_mount_options+0x59/0x2f0 [ 1427.976699] ? copy_mnt_ns+0xa30/0xa30 [ 1427.980593] SyS_mount+0x84/0x120 [ 1427.984030] ? copy_mnt_ns+0xa30/0xa30 [ 1427.987908] do_syscall_64+0x1d5/0x640 [ 1427.991787] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1427.996962] RIP: 0033:0x7f5ff741c7aa [ 1428.000663] RSP: 002b:00007f5ff5d8ff88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 1428.008363] RAX: ffffffffffffffda RBX: 0000000020000240 RCX: 00007f5ff741c7aa [ 1428.015616] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 00007f5ff5d8ffe0 [ 1428.022874] RBP: 00007f5ff5d90020 R08: 00007f5ff5d90020 R09: 0000000020000000 [ 1428.030140] R10: 0000000000008002 R11: 0000000000000202 R12: 0000000020000000 [ 1428.037405] R13: 0000000020000040 R14: 00007f5ff5d8ffe0 R15: 0000000020000280 [ 1428.057545] CPU: 0 PID: 32461 Comm: syz-executor.1 Not tainted 4.14.290-syzkaller #0 [ 1428.065440] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1428.074787] Call Trace: [ 1428.077375] dump_stack+0x1b2/0x281 [ 1428.081031] should_fail.cold+0x10a/0x149 [ 1428.085186] should_failslab+0xd6/0x130 [ 1428.089163] kmem_cache_alloc+0x28e/0x3c0 [ 1428.093312] alloc_vfsmnt+0x23/0x7f0 [ 1428.097023] ? _raw_read_unlock+0x29/0x40 [ 1428.101170] vfs_kern_mount.part.0+0x27/0x470 [ 1428.105666] do_mount+0xe65/0x2a30 [ 1428.109210] ? __do_page_fault+0x159/0xad0 [ 1428.113440] ? retint_kernel+0x2d/0x2d [ 1428.117325] ? copy_mount_string+0x40/0x40 [ 1428.121662] ? memset+0x20/0x40 [ 1428.124941] ? copy_mount_options+0x1fa/0x2f0 [ 1428.129437] ? copy_mnt_ns+0xa30/0xa30 [ 1428.133323] SyS_mount+0xa8/0x120 [ 1428.136771] ? copy_mnt_ns+0xa30/0xa30 [ 1428.140657] do_syscall_64+0x1d5/0x640 [ 1428.144551] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1428.149737] RIP: 0033:0x7f5650cfa7aa [ 1428.153569] RSP: 002b:00007f564f66df88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 06:18:31 executing program 4: openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(0xffffffffffffffff, &(0x7f0000000080)=@hat={'changehat ', 0x2, 0x5e, ['*,*)\x00', '/dev/hwrng\x00', '/dev/hwrng\x00', '\x00', '--\\\x00', 'stack ', '$$)(\x00', '/dev/hwrng\x00', '/dev/hwrng\x00', '\x00']}, 0x5f) 06:18:31 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) (async) ioctl$SCSI_IOCTL_STOP_UNIT(0xffffffffffffffff, 0x6) (async) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) [ 1428.161259] RAX: ffffffffffffffda RBX: 0000000020000240 RCX: 00007f5650cfa7aa [ 1428.168508] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 00007f564f66dfe0 [ 1428.175776] RBP: 00007f564f66e020 R08: 00007f564f66e020 R09: 0000000020000000 [ 1428.183026] R10: 0000000000008002 R11: 0000000000000202 R12: 0000000020000000 [ 1428.190273] R13: 0000000020000040 R14: 00007f564f66dfe0 R15: 0000000020000280 06:18:31 executing program 3: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 51) 06:18:31 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$NBD_CMD_STATUS(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x68, 0x0, 0x200, 0x70bd26, 0x25dfdbfc, {}, [@NBD_ATTR_BACKEND_IDENTIFIER={0xe, 0xa, '/dev/zero\x00'}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x11a}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x1ff}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x401}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x2}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x68}}, 0x41) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r2}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) socket$inet_udp(0x2, 0x2, 0x0) r3 = gettid() r4 = gettid() migrate_pages(r4, 0x9d, 0x0, &(0x7f00000006c0)) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r5, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r6}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) kcmp$KCMP_EPOLL_TFD(r3, r4, 0x7, r2, &(0x7f0000000280)={r2, r6, 0x1ff}) recvfrom$inet(r2, &(0x7f0000000080)=""/90, 0x5a, 0x40000002, &(0x7f0000000100)={0x2, 0x4e24, @rand_addr=0x64010101}, 0x10) r7 = gettid() prctl$PR_SCHED_CORE(0x3e, 0x1, r7, 0x1, &(0x7f00000002c0)) 06:18:31 executing program 4: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, 0x0, 0x0) 06:18:31 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, 0x0, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) 06:18:31 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) ioctl$SCSI_IOCTL_STOP_UNIT(0xffffffffffffffff, 0x6) (async) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) 06:18:31 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 50) 06:18:31 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, 0x0, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) 06:18:31 executing program 2: openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r1}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r2, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r3}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) write$apparmor_current(r3, &(0x7f0000000300)=@hat={'permhat ', 0x2}, 0x1b) 06:18:31 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$NBD_CMD_STATUS(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x68, 0x0, 0x200, 0x70bd26, 0x25dfdbfc, {}, [@NBD_ATTR_BACKEND_IDENTIFIER={0xe, 0xa, '/dev/zero\x00'}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x11a}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x1ff}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x401}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x2}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x68}}, 0x41) (async) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r2}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) socket$inet_udp(0x2, 0x2, 0x0) r3 = gettid() (async) r4 = gettid() migrate_pages(r4, 0x9d, 0x0, &(0x7f00000006c0)) (async) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r6 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r5, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r6}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) (async) kcmp$KCMP_EPOLL_TFD(r3, r4, 0x7, r2, &(0x7f0000000280)={r2, r6, 0x1ff}) (async) recvfrom$inet(r2, &(0x7f0000000080)=""/90, 0x5a, 0x40000002, &(0x7f0000000100)={0x2, 0x4e24, @rand_addr=0x64010101}, 0x10) (async) r7 = gettid() prctl$PR_SCHED_CORE(0x3e, 0x1, r7, 0x1, &(0x7f00000002c0)) 06:18:31 executing program 4: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, 0x0, 0x0) [ 1428.305065] FAULT_INJECTION: forcing a failure. [ 1428.305065] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1428.318845] FAULT_INJECTION: forcing a failure. [ 1428.318845] name failslab, interval 1, probability 0, space 0, times 0 06:18:31 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, 0x0, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) 06:18:31 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000080)={0x0, 'sit0\x00'}, 0x18) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) [ 1428.346548] CPU: 0 PID: 32493 Comm: syz-executor.3 Not tainted 4.14.290-syzkaller #0 [ 1428.354451] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1428.363804] Call Trace: [ 1428.366394] dump_stack+0x1b2/0x281 [ 1428.370032] should_fail.cold+0x10a/0x149 [ 1428.374193] should_failslab+0xd6/0x130 [ 1428.378171] __kmalloc_track_caller+0x2bc/0x400 [ 1428.382838] ? kstrdup_const+0x35/0x60 [ 1428.386725] ? lock_downgrade+0x740/0x740 [ 1428.390876] kstrdup+0x36/0x70 [ 1428.394070] kstrdup_const+0x35/0x60 [ 1428.397789] alloc_vfsmnt+0xe0/0x7f0 [ 1428.401501] ? _raw_read_unlock+0x29/0x40 [ 1428.405655] vfs_kern_mount.part.0+0x27/0x470 [ 1428.410151] do_mount+0xe65/0x2a30 [ 1428.413688] ? __do_page_fault+0x159/0xad0 [ 1428.417917] ? retint_kernel+0x2d/0x2d [ 1428.421791] ? copy_mount_string+0x40/0x40 [ 1428.426019] ? memset+0x20/0x40 [ 1428.429292] ? copy_mount_options+0x1fa/0x2f0 [ 1428.433776] ? copy_mnt_ns+0xa30/0xa30 [ 1428.437646] SyS_mount+0xa8/0x120 [ 1428.441095] ? copy_mnt_ns+0xa30/0xa30 [ 1428.444968] do_syscall_64+0x1d5/0x640 [ 1428.448843] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1428.454014] RIP: 0033:0x7f5ff741c7aa [ 1428.457706] RSP: 002b:00007f5ff5d8ff88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 1428.465399] RAX: ffffffffffffffda RBX: 0000000020000240 RCX: 00007f5ff741c7aa [ 1428.472675] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 00007f5ff5d8ffe0 [ 1428.479925] RBP: 00007f5ff5d90020 R08: 00007f5ff5d90020 R09: 0000000020000000 [ 1428.487175] R10: 0000000000008002 R11: 0000000000000202 R12: 0000000020000000 [ 1428.494426] R13: 0000000020000040 R14: 00007f5ff5d8ffe0 R15: 0000000020000280 [ 1428.501707] CPU: 1 PID: 32497 Comm: syz-executor.1 Not tainted 4.14.290-syzkaller #0 [ 1428.509589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1428.518935] Call Trace: [ 1428.521524] dump_stack+0x1b2/0x281 [ 1428.525152] should_fail.cold+0x10a/0x149 [ 1428.529305] __alloc_pages_nodemask+0x22c/0x2720 [ 1428.534069] ? trace_hardirqs_on+0x10/0x10 [ 1428.538307] ? pcpu_alloc+0xbe0/0xf50 [ 1428.542111] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1428.546965] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1428.552418] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1428.557442] alloc_pages_current+0x155/0x260 [ 1428.561854] ? __lockdep_init_map+0x100/0x560 [ 1428.566347] get_zeroed_page+0x19/0x50 [ 1428.570234] mount_fs+0x1c7/0x2a0 [ 1428.573687] vfs_kern_mount.part.0+0x5b/0x470 [ 1428.578214] do_mount+0xe65/0x2a30 [ 1428.581757] ? __do_page_fault+0x159/0xad0 [ 1428.585991] ? retint_kernel+0x2d/0x2d [ 1428.589886] ? copy_mount_string+0x40/0x40 [ 1428.594118] ? memset+0x20/0x40 [ 1428.597397] ? copy_mount_options+0x1fa/0x2f0 [ 1428.601893] ? copy_mnt_ns+0xa30/0xa30 [ 1428.605783] SyS_mount+0xa8/0x120 [ 1428.609233] ? copy_mnt_ns+0xa30/0xa30 [ 1428.613121] do_syscall_64+0x1d5/0x640 [ 1428.617027] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1428.622306] RIP: 0033:0x7f5650cfa7aa [ 1428.626014] RSP: 002b:00007f564f66df88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 1428.633722] RAX: ffffffffffffffda RBX: 0000000020000240 RCX: 00007f5650cfa7aa 06:18:31 executing program 3: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 52) 06:18:31 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$NBD_CMD_STATUS(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x68, 0x0, 0x200, 0x70bd26, 0x25dfdbfc, {}, [@NBD_ATTR_BACKEND_IDENTIFIER={0xe, 0xa, '/dev/zero\x00'}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x11a}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x1ff}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x401}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x2}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x68}}, 0x41) (async) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r2}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) (async) socket$inet_udp(0x2, 0x2, 0x0) r3 = gettid() (async) r4 = gettid() migrate_pages(r4, 0x9d, 0x0, &(0x7f00000006c0)) (async) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r6 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r5, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r6}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) (async) kcmp$KCMP_EPOLL_TFD(r3, r4, 0x7, r2, &(0x7f0000000280)={r2, r6, 0x1ff}) (async) recvfrom$inet(r2, &(0x7f0000000080)=""/90, 0x5a, 0x40000002, &(0x7f0000000100)={0x2, 0x4e24, @rand_addr=0x64010101}, 0x10) r7 = gettid() prctl$PR_SCHED_CORE(0x3e, 0x1, r7, 0x1, &(0x7f00000002c0)) 06:18:31 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000080)={0x0, 'sit0\x00'}, 0x18) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) 06:18:31 executing program 4: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, 0x0, 0x0) 06:18:31 executing program 2: openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r1}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) (async) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r2, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r3}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) write$apparmor_current(r3, &(0x7f0000000300)=@hat={'permhat ', 0x2}, 0x1b) [ 1428.640991] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 00007f564f66dfe0 [ 1428.648255] RBP: 00007f564f66e020 R08: 00007f564f66e020 R09: 0000000020000000 [ 1428.655523] R10: 0000000000008002 R11: 0000000000000202 R12: 0000000020000000 [ 1428.662790] R13: 0000000020000040 R14: 00007f564f66dfe0 R15: 0000000020000280 06:18:31 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 51) 06:18:31 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000080)={0x0, 'sit0\x00'}, 0x18) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) 06:18:31 executing program 5: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x14, 0x0, 0x200, 0x70bd26}, 0x14}}, 0x40000045) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000bc0), r0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NBD_CMD_STATUS(r2, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0xfffffffffffffe50}, 0x14}}, 0x0) syz_genetlink_get_family_id$nbd(&(0x7f0000000bc0), r2) sendmsg$NBD_CMD_RECONFIGURE(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000003c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="0200061d", @ANYRESDEC=r1, @ANYBLOB="00022bbd7000ffdbdf25030000000c00040002000000000000000800010000000000", @ANYRES64=r0, @ANYRESDEC, @ANYBLOB="7e1c7a00d0b302e411401ff7d6d60d3ab4c6b8c8d5a0be83a62077760a56f7b5a1e0d9aa18ce16c3efd773fedc85"], 0x28}, 0x1, 0x0, 0x0, 0x40400a1}, 0x2000001) r3 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r3, 0x8955, &(0x7f0000000000)={{0x2, 0x1, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) getsockopt$IPT_SO_GET_INFO(r3, 0x0, 0x40, &(0x7f00000001c0)={'filter\x00', 0x0, [0x1ff, 0x80, 0x6, 0x2, 0x17]}, &(0x7f0000000240)=0x54) ioctl$SIOCGETSGCNT(0xffffffffffffffff, 0x89e1, &(0x7f0000000180)={@empty, @broadcast}) ioctl$SCSI_IOCTL_STOP_UNIT(0xffffffffffffffff, 0x6) getsockopt$EBT_SO_GET_INFO(r3, 0x0, 0x80, &(0x7f0000000280)={'nat\x00', 0x0, 0x0, 0x0, [0x6, 0x9, 0x6, 0x1b, 0x7fff, 0xe2]}, &(0x7f0000000300)=0x78) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) connect$inet(r3, &(0x7f0000000440)={0x2, 0x4e23, @broadcast}, 0x10) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NBD_CMD_STATUS(r5, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000001c0)=ANY=[], 0x34}, 0x1, 0x0, 0x0, 0x90}, 0x4000000) socket$inet_udp(0x2, 0x2, 0x0) getsockopt$inet_opts(r4, 0x0, 0x9, &(0x7f0000000080)=""/181, &(0x7f0000000140)=0xb5) 06:18:31 executing program 4: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000080)=@hat={'changehat ', 0x0, 0x5e, ['*,*)\x00', '/dev/hwrng\x00', '/dev/hwrng\x00', '\x00', '--\\\x00', 'stack ', '$$)(\x00', '/dev/hwrng\x00', '/dev/hwrng\x00', '\x00']}, 0x5f) 06:18:31 executing program 2: openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r1}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) (async) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r2, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r3}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) (async) write$apparmor_current(r3, &(0x7f0000000300)=@hat={'permhat ', 0x2}, 0x1b) [ 1428.729508] FAULT_INJECTION: forcing a failure. [ 1428.729508] name fail_page_alloc, interval 1, probability 0, space 0, times 0 06:18:31 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000080)={0x1, 'sit0\x00'}, 0x18) ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) 06:18:31 executing program 5: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x14, 0x0, 0x200, 0x70bd26}, 0x14}}, 0x40000045) (async) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000bc0), r0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NBD_CMD_STATUS(r2, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0xfffffffffffffe50}, 0x14}}, 0x0) (async) syz_genetlink_get_family_id$nbd(&(0x7f0000000bc0), r2) sendmsg$NBD_CMD_RECONFIGURE(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000003c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="0200061d", @ANYRESDEC=r1, @ANYBLOB="00022bbd7000ffdbdf25030000000c00040002000000000000000800010000000000", @ANYRES64=r0, @ANYRESDEC, @ANYBLOB="7e1c7a00d0b302e411401ff7d6d60d3ab4c6b8c8d5a0be83a62077760a56f7b5a1e0d9aa18ce16c3efd773fedc85"], 0x28}, 0x1, 0x0, 0x0, 0x40400a1}, 0x2000001) (async) r3 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r3, 0x8955, &(0x7f0000000000)={{0x2, 0x1, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) (async) getsockopt$IPT_SO_GET_INFO(r3, 0x0, 0x40, &(0x7f00000001c0)={'filter\x00', 0x0, [0x1ff, 0x80, 0x6, 0x2, 0x17]}, &(0x7f0000000240)=0x54) (async) ioctl$SIOCGETSGCNT(0xffffffffffffffff, 0x89e1, &(0x7f0000000180)={@empty, @broadcast}) ioctl$SCSI_IOCTL_STOP_UNIT(0xffffffffffffffff, 0x6) getsockopt$EBT_SO_GET_INFO(r3, 0x0, 0x80, &(0x7f0000000280)={'nat\x00', 0x0, 0x0, 0x0, [0x6, 0x9, 0x6, 0x1b, 0x7fff, 0xe2]}, &(0x7f0000000300)=0x78) (async, rerun: 32) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) (async, rerun: 64) connect$inet(r3, &(0x7f0000000440)={0x2, 0x4e23, @broadcast}, 0x10) (async, rerun: 64) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NBD_CMD_STATUS(r5, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000001c0)=ANY=[], 0x34}, 0x1, 0x0, 0x0, 0x90}, 0x4000000) socket$inet_udp(0x2, 0x2, 0x0) (async, rerun: 64) getsockopt$inet_opts(r4, 0x0, 0x9, &(0x7f0000000080)=""/181, &(0x7f0000000140)=0xb5) (rerun: 64) [ 1428.777756] FAULT_INJECTION: forcing a failure. [ 1428.777756] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1428.787686] audit: type=1400 audit(1660285111.805:147): apparmor="DENIED" operation="change_hat" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=32556 comm="syz-executor.4" [ 1428.802278] CPU: 1 PID: 32534 Comm: syz-executor.3 Not tainted 4.14.290-syzkaller #0 [ 1428.814988] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1428.824342] Call Trace: [ 1428.826933] dump_stack+0x1b2/0x281 [ 1428.830569] should_fail.cold+0x10a/0x149 [ 1428.834720] __alloc_pages_nodemask+0x22c/0x2720 [ 1428.839488] ? trace_hardirqs_on+0x10/0x10 [ 1428.843728] ? pcpu_alloc+0xbe0/0xf50 [ 1428.847537] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1428.852481] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1428.857931] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1428.862979] alloc_pages_current+0x155/0x260 [ 1428.867386] ? __lockdep_init_map+0x100/0x560 [ 1428.871882] get_zeroed_page+0x19/0x50 [ 1428.875758] mount_fs+0x1c7/0x2a0 [ 1428.879203] vfs_kern_mount.part.0+0x5b/0x470 [ 1428.883681] do_mount+0xe65/0x2a30 [ 1428.887206] ? __do_page_fault+0x159/0xad0 [ 1428.891423] ? retint_kernel+0x2d/0x2d [ 1428.895308] ? copy_mount_string+0x40/0x40 [ 1428.899536] ? memset+0x20/0x40 [ 1428.902814] ? copy_mount_options+0x1fa/0x2f0 [ 1428.907299] ? copy_mnt_ns+0xa30/0xa30 [ 1428.911177] SyS_mount+0xa8/0x120 [ 1428.914612] ? copy_mnt_ns+0xa30/0xa30 [ 1428.918488] do_syscall_64+0x1d5/0x640 [ 1428.922366] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1428.927543] RIP: 0033:0x7f5ff741c7aa [ 1428.931761] RSP: 002b:00007f5ff5d8ff88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 1428.939457] RAX: ffffffffffffffda RBX: 0000000020000240 RCX: 00007f5ff741c7aa [ 1428.946731] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 00007f5ff5d8ffe0 [ 1428.953991] RBP: 00007f5ff5d90020 R08: 00007f5ff5d90020 R09: 0000000020000000 [ 1428.961242] R10: 0000000000008002 R11: 0000000000000202 R12: 0000000020000000 [ 1428.968498] R13: 0000000020000040 R14: 00007f5ff5d8ffe0 R15: 0000000020000280 [ 1428.976063] CPU: 0 PID: 32555 Comm: syz-executor.1 Not tainted 4.14.290-syzkaller #0 [ 1428.983949] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1428.993297] Call Trace: [ 1428.995878] dump_stack+0x1b2/0x281 [ 1428.999503] should_fail.cold+0x10a/0x149 [ 1429.003653] __alloc_pages_nodemask+0x22c/0x2720 [ 1429.008414] ? trace_hardirqs_on+0x10/0x10 [ 1429.012647] ? pcpu_alloc+0xbe0/0xf50 [ 1429.016447] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1429.021292] ? xfrm_lookup+0x898/0x1790 [ 1429.025267] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1429.030718] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1429.035747] alloc_pages_current+0x155/0x260 [ 1429.040159] ? __lockdep_init_map+0x100/0x560 [ 1429.044657] get_zeroed_page+0x19/0x50 [ 1429.048562] mount_fs+0x1c7/0x2a0 [ 1429.052019] vfs_kern_mount.part.0+0x5b/0x470 [ 1429.056516] do_mount+0xe65/0x2a30 [ 1429.060059] ? __do_page_fault+0x159/0xad0 [ 1429.064290] ? retint_kernel+0x2d/0x2d [ 1429.068178] ? copy_mount_string+0x40/0x40 [ 1429.072419] ? memset+0x20/0x40 [ 1429.075696] ? copy_mount_options+0x1fa/0x2f0 [ 1429.080188] ? copy_mnt_ns+0xa30/0xa30 [ 1429.084085] SyS_mount+0xa8/0x120 [ 1429.087533] ? copy_mnt_ns+0xa30/0xa30 [ 1429.091420] do_syscall_64+0x1d5/0x640 [ 1429.095311] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1429.100497] RIP: 0033:0x7f5650cfa7aa [ 1429.104198] RSP: 002b:00007f564f66df88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 1429.111906] RAX: ffffffffffffffda RBX: 0000000020000240 RCX: 00007f5650cfa7aa [ 1429.119168] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 00007f564f66dfe0 06:18:32 executing program 3: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 53) 06:18:32 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000080)={0x1, 'sit0\x00'}, 0x18) ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) 06:18:32 executing program 5: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x14, 0x0, 0x200, 0x70bd26}, 0x14}}, 0x40000045) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000bc0), r0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NBD_CMD_STATUS(r2, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0xfffffffffffffe50}, 0x14}}, 0x0) syz_genetlink_get_family_id$nbd(&(0x7f0000000bc0), r2) sendmsg$NBD_CMD_RECONFIGURE(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000003c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="0200061d", @ANYRESDEC=r1, @ANYBLOB="00022bbd7000ffdbdf25030000000c00040002000000000000000800010000000000", @ANYRES64=r0, @ANYRESDEC, @ANYBLOB="7e1c7a00d0b302e411401ff7d6d60d3ab4c6b8c8d5a0be83a62077760a56f7b5a1e0d9aa18ce16c3efd773fedc85"], 0x28}, 0x1, 0x0, 0x0, 0x40400a1}, 0x2000001) r3 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r3, 0x8955, &(0x7f0000000000)={{0x2, 0x1, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) getsockopt$IPT_SO_GET_INFO(r3, 0x0, 0x40, &(0x7f00000001c0)={'filter\x00', 0x0, [0x1ff, 0x80, 0x6, 0x2, 0x17]}, &(0x7f0000000240)=0x54) ioctl$SIOCGETSGCNT(0xffffffffffffffff, 0x89e1, &(0x7f0000000180)={@empty, @broadcast}) ioctl$SCSI_IOCTL_STOP_UNIT(0xffffffffffffffff, 0x6) getsockopt$EBT_SO_GET_INFO(r3, 0x0, 0x80, &(0x7f0000000280)={'nat\x00', 0x0, 0x0, 0x0, [0x6, 0x9, 0x6, 0x1b, 0x7fff, 0xe2]}, &(0x7f0000000300)=0x78) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) connect$inet(r3, &(0x7f0000000440)={0x2, 0x4e23, @broadcast}, 0x10) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NBD_CMD_STATUS(r5, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000001c0)=ANY=[], 0x34}, 0x1, 0x0, 0x0, 0x90}, 0x4000000) socket$inet_udp(0x2, 0x2, 0x0) getsockopt$inet_opts(r4, 0x0, 0x9, &(0x7f0000000080)=""/181, &(0x7f0000000140)=0xb5) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x14, 0x0, 0x200, 0x70bd26}, 0x14}}, 0x40000045) (async) syz_genetlink_get_family_id$nbd(&(0x7f0000000bc0), r0) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) sendmsg$NBD_CMD_STATUS(r2, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0xfffffffffffffe50}, 0x14}}, 0x0) (async) syz_genetlink_get_family_id$nbd(&(0x7f0000000bc0), r2) (async) sendmsg$NBD_CMD_RECONFIGURE(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000003c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="0200061d", @ANYRESDEC=r1, @ANYBLOB="00022bbd7000ffdbdf25030000000c00040002000000000000000800010000000000", @ANYRES64=r0, @ANYRESDEC, @ANYBLOB="7e1c7a00d0b302e411401ff7d6d60d3ab4c6b8c8d5a0be83a62077760a56f7b5a1e0d9aa18ce16c3efd773fedc85"], 0x28}, 0x1, 0x0, 0x0, 0x40400a1}, 0x2000001) (async) socket$inet_udp(0x2, 0x2, 0x0) (async) ioctl$sock_inet_SIOCSARP(r3, 0x8955, &(0x7f0000000000)={{0x2, 0x1, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) (async) getsockopt$IPT_SO_GET_INFO(r3, 0x0, 0x40, &(0x7f00000001c0)={'filter\x00', 0x0, [0x1ff, 0x80, 0x6, 0x2, 0x17]}, &(0x7f0000000240)=0x54) (async) ioctl$SIOCGETSGCNT(0xffffffffffffffff, 0x89e1, &(0x7f0000000180)={@empty, @broadcast}) (async) ioctl$SCSI_IOCTL_STOP_UNIT(0xffffffffffffffff, 0x6) (async) getsockopt$EBT_SO_GET_INFO(r3, 0x0, 0x80, &(0x7f0000000280)={'nat\x00', 0x0, 0x0, 0x0, [0x6, 0x9, 0x6, 0x1b, 0x7fff, 0xe2]}, &(0x7f0000000300)=0x78) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) (async) connect$inet(r3, &(0x7f0000000440)={0x2, 0x4e23, @broadcast}, 0x10) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) sendmsg$NBD_CMD_STATUS(r5, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000001c0)=ANY=[], 0x34}, 0x1, 0x0, 0x0, 0x90}, 0x4000000) (async) socket$inet_udp(0x2, 0x2, 0x0) (async) getsockopt$inet_opts(r4, 0x0, 0x9, &(0x7f0000000080)=""/181, &(0x7f0000000140)=0xb5) (async) 06:18:32 executing program 2: socket(0x18, 0x2, 0x4) r0 = syz_open_dev$sg(&(0x7f0000000040), 0x1, 0x101000) ioctl$SCSI_IOCTL_START_UNIT(r0, 0x5) r1 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r1, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) 06:18:32 executing program 4: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000080)=@hat={'changehat ', 0x0, 0x5e, ['*,*)\x00', '/dev/hwrng\x00', '/dev/hwrng\x00', '\x00', '--\\\x00', 'stack ', '$$)(\x00', '/dev/hwrng\x00', '/dev/hwrng\x00']}, 0x5e) [ 1429.126434] RBP: 00007f564f66e020 R08: 00007f564f66e020 R09: 0000000020000000 [ 1429.133691] R10: 0000000000008002 R11: 0000000000000202 R12: 0000000020000000 [ 1429.140968] R13: 0000000020000040 R14: 00007f564f66dfe0 R15: 0000000020000280 06:18:32 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 52) 06:18:32 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000080)={0x1, 'sit0\x00'}, 0x18) ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) 06:18:32 executing program 4: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000080)=@hat={'changehat ', 0x0, 0x5e, ['*,*)\x00', '/dev/hwrng\x00', '/dev/hwrng\x00', '\x00', '--\\\x00', 'stack ', '$$)(\x00', '/dev/hwrng\x00']}, 0x53) [ 1429.229372] audit: type=1400 audit(1660285112.245:148): apparmor="DENIED" operation="change_hat" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=32594 comm="syz-executor.4" [ 1429.235558] FAULT_INJECTION: forcing a failure. [ 1429.235558] name failslab, interval 1, probability 0, space 0, times 0 [ 1429.267574] FAULT_INJECTION: forcing a failure. [ 1429.267574] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1429.271797] CPU: 1 PID: 32606 Comm: syz-executor.1 Not tainted 4.14.290-syzkaller #0 [ 1429.287267] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1429.296603] Call Trace: [ 1429.299194] dump_stack+0x1b2/0x281 [ 1429.302807] should_fail.cold+0x10a/0x149 [ 1429.306939] should_failslab+0xd6/0x130 [ 1429.310898] __kmalloc_track_caller+0x2bc/0x400 [ 1429.315550] ? kstrdup_const+0x35/0x60 [ 1429.319419] ? lock_downgrade+0x740/0x740 [ 1429.323552] kstrdup+0x36/0x70 [ 1429.326740] kstrdup_const+0x35/0x60 [ 1429.330441] alloc_vfsmnt+0xe0/0x7f0 [ 1429.334139] ? _raw_read_unlock+0x29/0x40 [ 1429.338270] vfs_kern_mount.part.0+0x27/0x470 [ 1429.342747] do_mount+0xe65/0x2a30 [ 1429.346270] ? __do_page_fault+0x159/0xad0 [ 1429.350485] ? retint_kernel+0x2d/0x2d [ 1429.354354] ? copy_mount_string+0x40/0x40 [ 1429.358575] ? memset+0x20/0x40 [ 1429.361836] ? copy_mount_options+0x1fa/0x2f0 [ 1429.366314] ? copy_mnt_ns+0xa30/0xa30 [ 1429.370184] SyS_mount+0xa8/0x120 [ 1429.373616] ? copy_mnt_ns+0xa30/0xa30 [ 1429.377486] do_syscall_64+0x1d5/0x640 [ 1429.381360] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1429.386543] RIP: 0033:0x7f5650cfa7aa [ 1429.390235] RSP: 002b:00007f564f66df88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 1429.397926] RAX: ffffffffffffffda RBX: 0000000020000240 RCX: 00007f5650cfa7aa [ 1429.405178] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 00007f564f66dfe0 [ 1429.412428] RBP: 00007f564f66e020 R08: 00007f564f66e020 R09: 0000000020000000 [ 1429.419683] R10: 0000000000008002 R11: 0000000000000202 R12: 0000000020000000 [ 1429.426935] R13: 0000000020000040 R14: 00007f564f66dfe0 R15: 0000000020000280 [ 1429.434200] CPU: 0 PID: 32601 Comm: syz-executor.3 Not tainted 4.14.290-syzkaller #0 [ 1429.442079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1429.451424] Call Trace: [ 1429.454009] dump_stack+0x1b2/0x281 [ 1429.457636] should_fail.cold+0x10a/0x149 [ 1429.461779] ? get_page_from_freelist+0xaf6/0x25a0 [ 1429.466707] __alloc_pages_nodemask+0x22c/0x2720 [ 1429.471466] ? lock_downgrade+0x740/0x740 06:18:32 executing program 4: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000080)=@hat={'changehat ', 0x0, 0x5e, ['*,*)\x00', '/dev/hwrng\x00', '/dev/hwrng\x00', '\x00', '--\\\x00', 'stack ', '$$)(\x00']}, 0x48) 06:18:32 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000080)={0x1, 'sit0\x00'}, 0x18) ioctl$sock_inet_SIOCSARP(r0, 0x8955, 0x0) 06:18:32 executing program 4: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000080)=@hat={'changehat ', 0x0, 0x5e, ['*,*)\x00', '/dev/hwrng\x00', '/dev/hwrng\x00', '\x00', '--\\\x00', 'stack ']}, 0x43) 06:18:32 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000080)={0x1, 'sit0\x00'}, 0x18) ioctl$sock_inet_SIOCSARP(r0, 0x8955, 0x0) [ 1429.475612] ? page_outside_zone_boundaries+0x1db/0x310 [ 1429.480978] ? __lock_acquire+0x5fc/0x3f20 [ 1429.485215] ? preempt_count_add+0xaf/0x170 [ 1429.489536] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1429.494384] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1429.499833] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1429.504846] ? __alloc_pages_nodemask+0x1a6e/0x2720 [ 1429.509859] cache_grow_begin+0x91/0x700 [ 1429.513914] ? fs_reclaim_release+0xd0/0x110 [ 1429.518326] ? check_preemption_disabled+0x35/0x240 [ 1429.523342] cache_alloc_refill+0x273/0x350 [ 1429.527670] kmem_cache_alloc+0x333/0x3c0 [ 1429.530359] audit: type=1400 audit(1660285112.285:149): apparmor="DENIED" operation="change_hat" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=32630 comm="syz-executor.4" [ 1429.531820] getname_kernel+0x4e/0x340 [ 1429.531833] kern_path+0x1b/0x40 [ 1429.531846] lookup_bdev+0xc6/0x1c0 [ 1429.549910] audit: type=1400 audit(1660285112.285:150): apparmor="DENIED" operation="change_hat" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=32632 comm="syz-executor.4" [ 1429.553214] ? bd_acquire+0x440/0x440 [ 1429.553226] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1429.553237] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1429.553247] blkdev_get_by_path+0x1b/0xa0 [ 1429.553256] mount_bdev+0x4c/0x360 [ 1429.553264] ? qnx4_iget+0xa20/0xa20 [ 1429.553274] mount_fs+0x92/0x2a0 [ 1429.606577] vfs_kern_mount.part.0+0x5b/0x470 [ 1429.611053] do_mount+0xe65/0x2a30 [ 1429.614575] ? __do_page_fault+0x159/0xad0 [ 1429.618788] ? retint_kernel+0x2d/0x2d [ 1429.622653] ? copy_mount_string+0x40/0x40 [ 1429.626868] ? memset+0x20/0x40 [ 1429.630129] ? copy_mount_options+0x1fa/0x2f0 [ 1429.634602] ? copy_mnt_ns+0xa30/0xa30 [ 1429.638469] SyS_mount+0xa8/0x120 [ 1429.641901] ? copy_mnt_ns+0xa30/0xa30 [ 1429.645784] do_syscall_64+0x1d5/0x640 [ 1429.649669] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1429.654850] RIP: 0033:0x7f5ff741c7aa [ 1429.658544] RSP: 002b:00007f5ff5d8ff88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 1429.666229] RAX: ffffffffffffffda RBX: 0000000020000240 RCX: 00007f5ff741c7aa [ 1429.673479] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 00007f5ff5d8ffe0 [ 1429.680732] RBP: 00007f5ff5d90020 R08: 00007f5ff5d90020 R09: 0000000020000000 [ 1429.687990] R10: 0000000000008002 R11: 0000000000000202 R12: 0000000020000000 [ 1429.695243] R13: 0000000020000040 R14: 00007f5ff5d8ffe0 R15: 0000000020000280 06:18:32 executing program 3: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 54) 06:18:32 executing program 4: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000080)=@hat={'changehat ', 0x0, 0x5e, ['*,*)\x00', '/dev/hwrng\x00', '/dev/hwrng\x00', '\x00', '--\\\x00']}, 0x3d) 06:18:32 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000080)={0x1, 'sit0\x00'}, 0x18) ioctl$sock_inet_SIOCSARP(r0, 0x8955, 0x0) 06:18:32 executing program 2: socket(0x18, 0x2, 0x4) (async) r0 = syz_open_dev$sg(&(0x7f0000000040), 0x1, 0x101000) ioctl$SCSI_IOCTL_START_UNIT(r0, 0x5) (async) r1 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r1, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) 06:18:32 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$L2TP_CMD_SESSION_MODIFY(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x48, 0x0, 0x10, 0x70bd2b, 0x25dfdbfd, {}, [@L2TP_ATTR_RECV_TIMEOUT={0xc, 0x16, 0x97}, @L2TP_ATTR_IP_SADDR={0x8, 0x18, @multicast2}, @L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x2}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x1}, @L2TP_ATTR_MRU={0x6, 0x1d, 0xff}, @L2TP_ATTR_MTU={0x6, 0x1c, 0x5}]}, 0x48}, 0x1, 0x0, 0x0, 0x20040000}, 0x2000c081) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) 06:18:32 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 53) 06:18:32 executing program 4: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000080)=@hat={'changehat ', 0x0, 0x5e, ['*,*)\x00', '/dev/hwrng\x00', '/dev/hwrng\x00', '\x00']}, 0x39) 06:18:32 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000080)={0x1, 'sit0\x00'}, 0x18) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x0, {0x2, 0x0, @local}, 'veth0\x00'}) [ 1429.871554] FAULT_INJECTION: forcing a failure. [ 1429.871554] name failslab, interval 1, probability 0, space 0, times 0 [ 1429.884984] CPU: 0 PID: 32664 Comm: syz-executor.3 Not tainted 4.14.290-syzkaller #0 [ 1429.892876] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1429.902224] Call Trace: [ 1429.904817] dump_stack+0x1b2/0x281 [ 1429.908452] should_fail.cold+0x10a/0x149 [ 1429.912611] should_failslab+0xd6/0x130 [ 1429.916588] kmem_cache_alloc_trace+0x29a/0x3d0 [ 1429.921258] ? set_bdev_super+0x110/0x110 [ 1429.925402] sget_userns+0x102/0xc10 [ 1429.929115] ? set_bdev_super+0x110/0x110 [ 1429.933261] ? ns_test_super+0x50/0x50 [ 1429.937148] ? set_bdev_super+0x110/0x110 [ 1429.941292] ? ns_test_super+0x50/0x50 [ 1429.945181] sget+0xd1/0x110 [ 1429.948200] mount_bdev+0xcd/0x360 [ 1429.951737] ? qnx4_iget+0xa20/0xa20 [ 1429.955448] mount_fs+0x92/0x2a0 [ 1429.958827] vfs_kern_mount.part.0+0x5b/0x470 [ 1429.963321] do_mount+0xe65/0x2a30 [ 1429.966860] ? __do_page_fault+0x159/0xad0 06:18:33 executing program 4: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000080)=@hat={'changehat ', 0x0, 0x5e, ['*,*)\x00', '/dev/hwrng\x00', '/dev/hwrng\x00', '\x00']}, 0x39) 06:18:33 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000080)={0x1, 'sit0\x00'}, 0x18) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x0, {0x2, 0x0, @local}, 'veth0\x00'}) [ 1429.971091] ? retint_kernel+0x2d/0x2d [ 1429.974980] ? copy_mount_string+0x40/0x40 [ 1429.979218] ? memset+0x20/0x40 [ 1429.982495] ? copy_mount_options+0x1fa/0x2f0 [ 1429.986984] ? copy_mnt_ns+0xa30/0xa30 [ 1429.990869] SyS_mount+0xa8/0x120 [ 1429.994316] ? copy_mnt_ns+0xa30/0xa30 [ 1429.998205] do_syscall_64+0x1d5/0x640 [ 1430.002096] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1430.007281] RIP: 0033:0x7f5ff741c7aa [ 1430.010981] RSP: 002b:00007f5ff5d8ff88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 06:18:33 executing program 4: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000080)=@hat={'changehat ', 0x0, 0x5e, ['*,*)\x00', '/dev/hwrng\x00', '/dev/hwrng\x00']}, 0x38) 06:18:33 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$L2TP_CMD_SESSION_MODIFY(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x48, 0x0, 0x10, 0x70bd2b, 0x25dfdbfd, {}, [@L2TP_ATTR_RECV_TIMEOUT={0xc, 0x16, 0x97}, @L2TP_ATTR_IP_SADDR={0x8, 0x18, @multicast2}, @L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x2}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x1}, @L2TP_ATTR_MRU={0x6, 0x1d, 0xff}, @L2TP_ATTR_MTU={0x6, 0x1c, 0x5}]}, 0x48}, 0x1, 0x0, 0x0, 0x20040000}, 0x2000c081) (async) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) [ 1430.018684] RAX: ffffffffffffffda RBX: 0000000020000240 RCX: 00007f5ff741c7aa [ 1430.025953] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 00007f5ff5d8ffe0 [ 1430.033217] RBP: 00007f5ff5d90020 R08: 00007f5ff5d90020 R09: 0000000020000000 [ 1430.040485] R10: 0000000000008002 R11: 0000000000000202 R12: 0000000020000000 [ 1430.047759] R13: 0000000020000040 R14: 00007f5ff5d8ffe0 R15: 0000000020000280 [ 1430.081956] FAULT_INJECTION: forcing a failure. [ 1430.081956] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1430.093772] CPU: 0 PID: 32669 Comm: syz-executor.1 Not tainted 4.14.290-syzkaller #0 [ 1430.101649] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1430.110998] Call Trace: [ 1430.113585] dump_stack+0x1b2/0x281 [ 1430.117401] should_fail.cold+0x10a/0x149 [ 1430.121551] ? get_page_from_freelist+0xaf6/0x25a0 [ 1430.126481] __alloc_pages_nodemask+0x22c/0x2720 [ 1430.131236] ? lock_downgrade+0x740/0x740 [ 1430.135387] ? page_outside_zone_boundaries+0x1db/0x310 [ 1430.140764] ? __lock_acquire+0x5fc/0x3f20 [ 1430.145089] ? preempt_count_add+0xaf/0x170 [ 1430.149413] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1430.154275] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1430.159726] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1430.164739] ? __alloc_pages_nodemask+0x1a6e/0x2720 [ 1430.169758] cache_grow_begin+0x91/0x700 [ 1430.173814] ? fs_reclaim_release+0xd0/0x110 [ 1430.178211] ? check_preemption_disabled+0x35/0x240 [ 1430.183209] cache_alloc_refill+0x273/0x350 [ 1430.187538] kmem_cache_alloc+0x333/0x3c0 [ 1430.191672] getname_kernel+0x4e/0x340 [ 1430.195546] kern_path+0x1b/0x40 [ 1430.198911] lookup_bdev+0xc6/0x1c0 [ 1430.202520] ? bd_acquire+0x440/0x440 [ 1430.206302] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1430.211744] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1430.216770] blkdev_get_by_path+0x1b/0xa0 [ 1430.220904] mount_bdev+0x4c/0x360 [ 1430.224430] ? qnx4_iget+0xa20/0xa20 [ 1430.228125] mount_fs+0x92/0x2a0 [ 1430.231572] vfs_kern_mount.part.0+0x5b/0x470 [ 1430.236052] do_mount+0xe65/0x2a30 [ 1430.239584] ? __do_page_fault+0x159/0xad0 [ 1430.243911] ? retint_kernel+0x2d/0x2d [ 1430.247781] ? copy_mount_string+0x40/0x40 [ 1430.252003] ? memset+0x20/0x40 [ 1430.255275] ? copy_mount_options+0x1fa/0x2f0 [ 1430.259753] ? copy_mnt_ns+0xa30/0xa30 [ 1430.263621] SyS_mount+0xa8/0x120 [ 1430.267052] ? copy_mnt_ns+0xa30/0xa30 [ 1430.270930] do_syscall_64+0x1d5/0x640 [ 1430.274811] entry_SYSCALL_64_after_hwframe+0x46/0xbb 06:18:33 executing program 3: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 55) 06:18:33 executing program 2: socket(0x18, 0x2, 0x4) r0 = syz_open_dev$sg(&(0x7f0000000040), 0x1, 0x101000) ioctl$SCSI_IOCTL_START_UNIT(r0, 0x5) (async) r1 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r1, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) 06:18:33 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000080)={0x1, 'sit0\x00'}, 0x18) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x0, {0x2, 0x0, @local}, 'veth0\x00'}) 06:18:33 executing program 4: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000080)=@hat={'changehat ', 0x0, 0x5e, ['*,*)\x00', '/dev/hwrng\x00']}, 0x2d) 06:18:33 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) (async, rerun: 32) sendmsg$L2TP_CMD_SESSION_MODIFY(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x48, 0x0, 0x10, 0x70bd2b, 0x25dfdbfd, {}, [@L2TP_ATTR_RECV_TIMEOUT={0xc, 0x16, 0x97}, @L2TP_ATTR_IP_SADDR={0x8, 0x18, @multicast2}, @L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x2}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x1}, @L2TP_ATTR_MRU={0x6, 0x1d, 0xff}, @L2TP_ATTR_MTU={0x6, 0x1c, 0x5}]}, 0x48}, 0x1, 0x0, 0x0, 0x20040000}, 0x2000c081) (rerun: 32) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) [ 1430.279979] RIP: 0033:0x7f5650cfa7aa [ 1430.283682] RSP: 002b:00007f564f66df88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 1430.291370] RAX: ffffffffffffffda RBX: 0000000020000240 RCX: 00007f5650cfa7aa [ 1430.298623] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 00007f564f66dfe0 [ 1430.305894] RBP: 00007f564f66e020 R08: 00007f564f66e020 R09: 0000000020000000 [ 1430.313141] R10: 0000000000008002 R11: 0000000000000202 R12: 0000000020000000 [ 1430.320390] R13: 0000000020000040 R14: 00007f564f66dfe0 R15: 0000000020000280 06:18:33 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 54) 06:18:33 executing program 2: prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000040)) r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) 06:18:33 executing program 4: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000080)=@hat={'changehat ', 0x0, 0x5e, ['*,*)\x00']}, 0x22) 06:18:33 executing program 5: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r1}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) setsockopt$IPT_SO_SET_ADD_COUNTERS(r1, 0x0, 0x41, &(0x7f0000000180)={'filter\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) r2 = socket$inet_udp(0x2, 0x2, 0x0) getcwd(&(0x7f0000000280)=""/212, 0xd4) setsockopt$inet6_icmp_ICMP_FILTER(0xffffffffffffffff, 0x1, 0x1, &(0x7f0000000100)={0xfffd}, 0x4) ioctl$sock_inet_SIOCSARP(r2, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @rand_addr=0x64010100}, {0x0, @local}, 0x4, {0x2, 0x0, @local}, 'wlan0\x00'}) getsockopt$CAN_RAW_JOIN_FILTERS(0xffffffffffffffff, 0x65, 0x6, &(0x7f0000000080), &(0x7f0000000140)=0x4) [ 1430.384568] FAULT_INJECTION: forcing a failure. [ 1430.384568] name failslab, interval 1, probability 0, space 0, times 0 06:18:33 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000080)={0x1, 'sit0\x00'}, 0x18) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x0, {0x2, 0x0, @local}, 'veth0\x00'}) [ 1430.436607] FAULT_INJECTION: forcing a failure. [ 1430.436607] name failslab, interval 1, probability 0, space 0, times 0 [ 1430.449199] CPU: 1 PID: 32724 Comm: syz-executor.1 Not tainted 4.14.290-syzkaller #0 [ 1430.457098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1430.466453] Call Trace: [ 1430.469044] dump_stack+0x1b2/0x281 [ 1430.472677] should_fail.cold+0x10a/0x149 [ 1430.476823] should_failslab+0xd6/0x130 [ 1430.480793] kmem_cache_alloc_trace+0x29a/0x3d0 [ 1430.485464] ? set_bdev_super+0x110/0x110 [ 1430.489614] sget_userns+0x102/0xc10 [ 1430.493327] ? set_bdev_super+0x110/0x110 [ 1430.497497] ? ns_test_super+0x50/0x50 [ 1430.501392] ? set_bdev_super+0x110/0x110 [ 1430.505537] ? ns_test_super+0x50/0x50 [ 1430.509420] sget+0xd1/0x110 [ 1430.512433] mount_bdev+0xcd/0x360 [ 1430.515964] ? qnx4_iget+0xa20/0xa20 [ 1430.519683] mount_fs+0x92/0x2a0 [ 1430.523053] vfs_kern_mount.part.0+0x5b/0x470 [ 1430.527573] do_mount+0xe65/0x2a30 [ 1430.531110] ? __do_page_fault+0x159/0xad0 [ 1430.535338] ? retint_kernel+0x2d/0x2d [ 1430.539232] ? copy_mount_string+0x40/0x40 [ 1430.543470] ? memset+0x20/0x40 [ 1430.546743] ? copy_mount_options+0x1fa/0x2f0 [ 1430.547121] AppArmor: change_hat: Invalid input, NULL hat and NULL magic [ 1430.551232] ? copy_mnt_ns+0xa30/0xa30 [ 1430.551253] SyS_mount+0xa8/0x120 [ 1430.551262] ? copy_mnt_ns+0xa30/0xa30 [ 1430.551274] do_syscall_64+0x1d5/0x640 [ 1430.551288] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1430.551295] RIP: 0033:0x7f5650cfa7aa 06:18:33 executing program 4: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000080)=@hat={'changehat '}, 0x1d) 06:18:33 executing program 5: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r1}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) setsockopt$IPT_SO_SET_ADD_COUNTERS(r1, 0x0, 0x41, &(0x7f0000000180)={'filter\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) r2 = socket$inet_udp(0x2, 0x2, 0x0) getcwd(&(0x7f0000000280)=""/212, 0xd4) setsockopt$inet6_icmp_ICMP_FILTER(0xffffffffffffffff, 0x1, 0x1, &(0x7f0000000100)={0xfffd}, 0x4) ioctl$sock_inet_SIOCSARP(r2, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @rand_addr=0x64010100}, {0x0, @local}, 0x4, {0x2, 0x0, @local}, 'wlan0\x00'}) getsockopt$CAN_RAW_JOIN_FILTERS(0xffffffffffffffff, 0x65, 0x6, &(0x7f0000000080), &(0x7f0000000140)=0x4) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) (async) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r1}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) (async) setsockopt$IPT_SO_SET_ADD_COUNTERS(r1, 0x0, 0x41, &(0x7f0000000180)={'filter\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) (async) socket$inet_udp(0x2, 0x2, 0x0) (async) getcwd(&(0x7f0000000280)=""/212, 0xd4) (async) setsockopt$inet6_icmp_ICMP_FILTER(0xffffffffffffffff, 0x1, 0x1, &(0x7f0000000100)={0xfffd}, 0x4) (async) ioctl$sock_inet_SIOCSARP(r2, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @rand_addr=0x64010100}, {0x0, @local}, 0x4, {0x2, 0x0, @local}, 'wlan0\x00'}) (async) getsockopt$CAN_RAW_JOIN_FILTERS(0xffffffffffffffff, 0x65, 0x6, &(0x7f0000000080), &(0x7f0000000140)=0x4) (async) [ 1430.551303] RSP: 002b:00007f564f66df88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 1430.589892] RAX: ffffffffffffffda RBX: 0000000020000240 RCX: 00007f5650cfa7aa [ 1430.597233] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 00007f564f66dfe0 [ 1430.604493] RBP: 00007f564f66e020 R08: 00007f564f66e020 R09: 0000000020000000 [ 1430.611750] R10: 0000000000008002 R11: 0000000000000202 R12: 0000000020000000 [ 1430.619124] R13: 0000000020000040 R14: 00007f564f66dfe0 R15: 0000000020000280 [ 1430.626837] CPU: 0 PID: 32711 Comm: syz-executor.3 Not tainted 4.14.290-syzkaller #0 [ 1430.634727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1430.644081] Call Trace: [ 1430.646672] dump_stack+0x1b2/0x281 [ 1430.650303] should_fail.cold+0x10a/0x149 [ 1430.654546] should_failslab+0xd6/0x130 [ 1430.658522] kmem_cache_alloc_trace+0x29a/0x3d0 [ 1430.663193] ? set_bdev_super+0x110/0x110 [ 1430.667341] sget_userns+0x102/0xc10 [ 1430.671054] ? set_bdev_super+0x110/0x110 [ 1430.675207] ? ns_test_super+0x50/0x50 [ 1430.679091] ? set_bdev_super+0x110/0x110 [ 1430.683236] ? ns_test_super+0x50/0x50 [ 1430.687203] sget+0xd1/0x110 [ 1430.690219] mount_bdev+0xcd/0x360 [ 1430.693762] ? qnx4_iget+0xa20/0xa20 [ 1430.697473] mount_fs+0x92/0x2a0 [ 1430.700845] vfs_kern_mount.part.0+0x5b/0x470 [ 1430.705341] do_mount+0xe65/0x2a30 [ 1430.708883] ? __do_page_fault+0x159/0xad0 [ 1430.713114] ? retint_kernel+0x2d/0x2d [ 1430.716999] ? copy_mount_string+0x40/0x40 [ 1430.721267] ? memset+0x20/0x40 [ 1430.724543] ? copy_mount_options+0x1fa/0x2f0 [ 1430.729205] ? copy_mnt_ns+0xa30/0xa30 [ 1430.733093] SyS_mount+0xa8/0x120 [ 1430.736543] ? copy_mnt_ns+0xa30/0xa30 [ 1430.740427] do_syscall_64+0x1d5/0x640 [ 1430.744317] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1430.749502] RIP: 0033:0x7f5ff741c7aa [ 1430.753209] RSP: 002b:00007f5ff5d8ff88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 1430.760911] RAX: ffffffffffffffda RBX: 0000000020000240 RCX: 00007f5ff741c7aa [ 1430.768175] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 00007f5ff5d8ffe0 [ 1430.775438] RBP: 00007f5ff5d90020 R08: 00007f5ff5d90020 R09: 0000000020000000 06:18:33 executing program 3: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 56) [ 1430.782874] R10: 0000000000008002 R11: 0000000000000202 R12: 0000000020000000 [ 1430.790144] R13: 0000000020000040 R14: 00007f5ff5d8ffe0 R15: 0000000020000280 06:18:33 executing program 4: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000080)=@hat={'changehat '}, 0x1d) 06:18:33 executing program 2: prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000040)) r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000040)) (async) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) (async) 06:18:33 executing program 5: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r1}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) (async) setsockopt$IPT_SO_SET_ADD_COUNTERS(r1, 0x0, 0x41, &(0x7f0000000180)={'filter\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) (async) r2 = socket$inet_udp(0x2, 0x2, 0x0) (async) getcwd(&(0x7f0000000280)=""/212, 0xd4) setsockopt$inet6_icmp_ICMP_FILTER(0xffffffffffffffff, 0x1, 0x1, &(0x7f0000000100)={0xfffd}, 0x4) ioctl$sock_inet_SIOCSARP(r2, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @rand_addr=0x64010100}, {0x0, @local}, 0x4, {0x2, 0x0, @local}, 'wlan0\x00'}) getsockopt$CAN_RAW_JOIN_FILTERS(0xffffffffffffffff, 0x65, 0x6, &(0x7f0000000080), &(0x7f0000000140)=0x4) 06:18:33 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000080)={0x1, 'sit0\x00'}, 0x18) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x0, {0x2, 0x0, @local}, 'veth0\x00'}) 06:18:33 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 55) 06:18:33 executing program 4: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000080)=@hat={'changehat '}, 0x1d) 06:18:33 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x14, 0x0, 0x200, 0x70bd26}, 0x14}}, 0x40000045) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000bc0), r0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NBD_CMD_STATUS(r2, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0xfffffffffffffe50}, 0x14}}, 0x0) syz_genetlink_get_family_id$nbd(&(0x7f0000000bc0), r2) sendmsg$NBD_CMD_RECONFIGURE(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000003c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="0200061d", @ANYRESDEC=r1, @ANYBLOB="00022bbd7000ffdbdf25030000000c00040002000000000000000800010000000000", @ANYRES64=r0, @ANYRESDEC, @ANYBLOB="7e1c7a00d0b302e411401ff7d6d60d3ab4c6b8c8d5a0be83a62077760a56f7b5a1e0d9aa18ce16c3efd773fedc85"], 0x28}, 0x1, 0x0, 0x0, 0x40400a1}, 0x2000001) r3 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r3, 0x8955, &(0x7f0000000000)={{0x2, 0x1, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) getsockopt$IPT_SO_GET_INFO(r3, 0x0, 0x40, &(0x7f00000001c0)={'filter\x00', 0x0, [0x1ff, 0x80, 0x6, 0x2, 0x17]}, &(0x7f0000000240)=0x54) ioctl$SIOCGETSGCNT(0xffffffffffffffff, 0x89e1, &(0x7f0000000180)={@empty, @broadcast}) ioctl$SCSI_IOCTL_STOP_UNIT(0xffffffffffffffff, 0x6) getsockopt$EBT_SO_GET_INFO(r3, 0x0, 0x80, &(0x7f0000000280)={'nat\x00', 0x0, 0x0, 0x0, [0x6, 0x9, 0x6, 0x1b, 0x7fff, 0xe2]}, &(0x7f0000000300)=0x78) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) connect$inet(r3, &(0x7f0000000440)={0x2, 0x4e23, @broadcast}, 0x10) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NBD_CMD_STATUS(r5, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000001c0)=ANY=[], 0x34}, 0x1, 0x0, 0x0, 0x90}, 0x4000000) socket$inet_udp(0x2, 0x2, 0x0) getsockopt$inet_opts(r4, 0x0, 0x9, &(0x7f0000000080)=""/181, &(0x7f0000000140)=0xb5) 06:18:33 executing program 2: prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000040)) r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000040)) (async) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) (async) 06:18:33 executing program 5: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NBD_CMD_STATUS(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x2c, r1, 0x10, 0x70bd25, 0x25dfdbfd, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0xc4e}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x26}]}, 0x2c}, 0x1, 0x0, 0x0, 0x400c0}, 0x4040040) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, r1, 0x200, 0x70bd29, 0x25dfdbfb, {}, [@NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x8}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0xffffffff}]}, 0x2c}, 0x1, 0x0, 0x0, 0x10000000}, 0x4) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="00022cbd7000fcdbdf25010000000c00030002000000000000000c0008000008000010000000140007800800010046c5363448c40e99a03976cbbb49cca85e4cf6cdd06ffeda032cdf7a8fcd5c4d2c066d5e25dc5a93e75081dd434e8ab9d71f193aa9b91594330e9b3cd54e0b5f7eba80a46ef46ac8bfdc21135db7acfa96e4f0450af28d496c0aeddc58ec7782510a09f40b8ae1b6a5f9e50d236fd55e96ac12f920aa1a962610e960dc7b94449f0f9445a503282b8600c70d441fbc6ec65b9a25cba64eb3b2315ef0ba639dbda96ffd486182f6a879cc0fd0cff064abb94f200c9b82864fcff8debe2a99b9c9fc382f25bdd7c01da66f97cc6f93f7304f06400c5bb8e896338c1dbe0f7612c00bdc7474c3a11c483de390a4f96bb6b57f2416c578d438a59d339a0c8a18dcfec57a09ecbbcffbe0bce028609b626de1c40a7e46ee5f2afc74d0fcf612777c651c2232cc27360f53a7a44e19cf36053357d22c2b9c500ed7c51885e75d329014ea1b78aaef49e464e7", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="04000a000c0005000a00000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x4000}, 0x14) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32=r2, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08010000", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0800010000000000"], 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) getsockopt$inet_buf(r2, 0x0, 0x28, &(0x7f0000000080)=""/97, &(0x7f0000000100)=0x61) sendto$inet(0xffffffffffffffff, &(0x7f0000000140)="78f35400d6e4", 0x6, 0x4800, &(0x7f0000000180)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xe}}, 0x10) r3 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IP_VS_SO_SET_ADDDEST(r3, 0x0, 0x487, &(0x7f00000001c0)={{0x0, @rand_addr=0x64010100, 0x4e22, 0x0, 'sed\x00', 0x1, 0xcc2f, 0x3}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x4e20, 0x10000, 0x0, 0x0, 0x7f}}, 0x44) ioctl$sock_inet_SIOCSARP(r3, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @remote}, {0x1}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) 06:18:33 executing program 4: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000080)=@hat={'changehat '}, 0x1d) 06:18:33 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$IP_VS_SO_SET_STOPDAEMON(r1, 0x0, 0x48c, &(0x7f0000000040)={0x0, 'netdevsim0\x00'}, 0x18) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @empty}, {}, 0x4, {0x2, 0x0, @empty}, 'veth0\x00'}) [ 1430.874006] AppArmor: change_hat: Invalid input, NULL hat and NULL magic [ 1430.906660] FAULT_INJECTION: forcing a failure. [ 1430.906660] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1430.936907] FAULT_INJECTION: forcing a failure. [ 1430.936907] name failslab, interval 1, probability 0, space 0, times 0 [ 1430.947992] AppArmor: change_hat: Invalid input, NULL hat and NULL magic [ 1430.980550] CPU: 0 PID: 314 Comm: syz-executor.1 Not tainted 4.14.290-syzkaller #0 [ 1430.995094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1431.004440] Call Trace: [ 1431.007028] dump_stack+0x1b2/0x281 [ 1431.007232] AppArmor: change_hat: Invalid input, NULL hat and NULL magic [ 1431.010654] should_fail.cold+0x10a/0x149 [ 1431.021635] should_failslab+0xd6/0x130 [ 1431.025598] __kmalloc+0x2c1/0x400 [ 1431.029126] ? __list_lru_init+0x67/0x710 [ 1431.033271] __list_lru_init+0x67/0x710 [ 1431.037244] sget_userns+0x4e4/0xc10 [ 1431.040956] ? set_bdev_super+0x110/0x110 [ 1431.045101] ? ns_test_super+0x50/0x50 [ 1431.048990] ? set_bdev_super+0x110/0x110 [ 1431.053131] ? ns_test_super+0x50/0x50 [ 1431.057022] sget+0xd1/0x110 [ 1431.060035] mount_bdev+0xcd/0x360 [ 1431.063563] ? qnx4_iget+0xa20/0xa20 [ 1431.067262] mount_fs+0x92/0x2a0 [ 1431.070618] vfs_kern_mount.part.0+0x5b/0x470 [ 1431.075103] do_mount+0xe65/0x2a30 [ 1431.078632] ? __do_page_fault+0x159/0xad0 [ 1431.082861] ? retint_kernel+0x2d/0x2d [ 1431.086751] ? copy_mount_string+0x40/0x40 [ 1431.090726] IPVS: set_ctl: invalid protocol: 0 100.1.1.0:20002 [ 1431.090978] ? memset+0x20/0x40 [ 1431.100207] ? copy_mount_options+0x1fa/0x2f0 [ 1431.104718] ? copy_mnt_ns+0xa30/0xa30 [ 1431.108595] SyS_mount+0xa8/0x120 [ 1431.112051] ? copy_mnt_ns+0xa30/0xa30 [ 1431.115929] do_syscall_64+0x1d5/0x640 [ 1431.119816] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1431.124996] RIP: 0033:0x7f5650cfa7aa [ 1431.128692] RSP: 002b:00007f564f66df88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 1431.136402] RAX: ffffffffffffffda RBX: 0000000020000240 RCX: 00007f5650cfa7aa [ 1431.143667] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 00007f564f66dfe0 [ 1431.151016] RBP: 00007f564f66e020 R08: 00007f564f66e020 R09: 0000000020000000 [ 1431.158279] R10: 0000000000008002 R11: 0000000000000202 R12: 0000000020000000 [ 1431.165640] R13: 0000000020000040 R14: 00007f564f66dfe0 R15: 0000000020000280 [ 1431.172922] CPU: 1 PID: 313 Comm: syz-executor.3 Not tainted 4.14.290-syzkaller #0 [ 1431.180631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1431.189979] Call Trace: [ 1431.192569] dump_stack+0x1b2/0x281 [ 1431.196201] should_fail.cold+0x10a/0x149 [ 1431.200352] __alloc_pages_nodemask+0x22c/0x2720 [ 1431.205112] ? trace_hardirqs_on+0x10/0x10 [ 1431.209347] ? pcpu_alloc+0xbe0/0xf50 [ 1431.213151] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1431.217999] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1431.223447] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1431.228467] alloc_pages_current+0x155/0x260 [ 1431.232871] ? __lockdep_init_map+0x100/0x560 [ 1431.237366] get_zeroed_page+0x19/0x50 [ 1431.241251] mount_fs+0x1c7/0x2a0 [ 1431.244704] vfs_kern_mount.part.0+0x5b/0x470 [ 1431.249198] do_mount+0xe65/0x2a30 [ 1431.252739] ? __do_page_fault+0x159/0xad0 [ 1431.256966] ? retint_kernel+0x2d/0x2d [ 1431.260840] ? copy_mount_string+0x40/0x40 [ 1431.265053] ? memset+0x20/0x40 [ 1431.268309] ? copy_mount_options+0x1fa/0x2f0 [ 1431.272778] ? copy_mnt_ns+0xa30/0xa30 [ 1431.276653] SyS_mount+0xa8/0x120 [ 1431.280088] ? copy_mnt_ns+0xa30/0xa30 [ 1431.283954] do_syscall_64+0x1d5/0x640 [ 1431.287820] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1431.292986] RIP: 0033:0x7f5ff741c7aa [ 1431.296675] RSP: 002b:00007f5ff5d8ff88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 1431.304359] RAX: ffffffffffffffda RBX: 0000000020000240 RCX: 00007f5ff741c7aa [ 1431.311608] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 00007f5ff5d8ffe0 [ 1431.318858] RBP: 00007f5ff5d90020 R08: 00007f5ff5d90020 R09: 0000000020000000 06:18:34 executing program 3: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 57) 06:18:34 executing program 4: write$apparmor_current(0xffffffffffffffff, &(0x7f0000000080)=@hat={'changehat '}, 0x1d) 06:18:34 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYBLOB="010000000000ffdbdf2505", @ANYRES32], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:34 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.net/syz0\x00', 0x200002, 0x0) epoll_ctl$EPOLL_CTL_DEL(0xffffffffffffffff, 0x2, r1) write$apparmor_current(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6e472badd3f8df24c3042f72509955635d921ecb606007fc7e3f2b902ba9b8bba4a4f136b6f8f0b0f65f78fb0c6bb21e0d72350cb760c83b8f1d37b26a07004bf68c059c27c99665445050ed2f74ba99261cc2f69c9a9b27cd946a685cb02a5934b28523d9931da548ae000a85bfd7edbd51ac01bbeaa99cdf0335f744eda1884bdc25eb28be47fb3efe8613a8fa14a5a8aaf79b942a9fe250d3adc93ea7044a25eadbca3b6a0c8364b28fdfbf4789838c63ef80b841960d1dbd927871cf8dbbfd83bb0af78f88fe4d53c873afefb7b8cd13ac52de5a2dd045c523b0932750d9d3ae738f57d548", @ANYRESHEX=r0, @ANYRES8=r0], 0xfffffffffffffd95) 06:18:34 executing program 5: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NBD_CMD_STATUS(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x2c, r1, 0x10, 0x70bd25, 0x25dfdbfd, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0xc4e}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x26}]}, 0x2c}, 0x1, 0x0, 0x0, 0x400c0}, 0x4040040) (async) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, r1, 0x200, 0x70bd29, 0x25dfdbfb, {}, [@NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x8}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0xffffffff}]}, 0x2c}, 0x1, 0x0, 0x0, 0x10000000}, 0x4) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="00022cbd7000fcdbdf25010000000c00030002000000000000000c0008000008000010000000140007800800010046c5363448c40e99a03976cbbb49cca85e4cf6cdd06ffeda032cdf7a8fcd5c4d2c066d5e25dc5a93e75081dd434e8ab9d71f193aa9b91594330e9b3cd54e0b5f7eba80a46ef46ac8bfdc21135db7acfa96e4f0450af28d496c0aeddc58ec7782510a09f40b8ae1b6a5f9e50d236fd55e96ac12f920aa1a962610e960dc7b94449f0f9445a503282b8600c70d441fbc6ec65b9a25cba64eb3b2315ef0ba639dbda96ffd486182f6a879cc0fd0cff064abb94f200c9b82864fcff8debe2a99b9c9fc382f25bdd7c01da66f97cc6f93f7304f06400c5bb8e896338c1dbe0f7612c00bdc7474c3a11c483de390a4f96bb6b57f2416c578d438a59d339a0c8a18dcfec57a09ecbbcffbe0bce028609b626de1c40a7e46ee5f2afc74d0fcf612777c651c2232cc27360f53a7a44e19cf36053357d22c2b9c500ed7c51885e75d329014ea1b78aaef49e464e7", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="04000a000c0005000a00000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x4000}, 0x14) (async) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32=r2, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08010000", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0800010000000000"], 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) (async) getsockopt$inet_buf(r2, 0x0, 0x28, &(0x7f0000000080)=""/97, &(0x7f0000000100)=0x61) sendto$inet(0xffffffffffffffff, &(0x7f0000000140)="78f35400d6e4", 0x6, 0x4800, &(0x7f0000000180)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xe}}, 0x10) (async) r3 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IP_VS_SO_SET_ADDDEST(r3, 0x0, 0x487, &(0x7f00000001c0)={{0x0, @rand_addr=0x64010100, 0x4e22, 0x0, 'sed\x00', 0x1, 0xcc2f, 0x3}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x4e20, 0x10000, 0x0, 0x0, 0x7f}}, 0x44) ioctl$sock_inet_SIOCSARP(r3, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @remote}, {0x1}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) [ 1431.326198] R10: 0000000000008002 R11: 0000000000000202 R12: 0000000020000000 [ 1431.333469] R13: 0000000020000040 R14: 00007f5ff5d8ffe0 R15: 0000000020000280 06:18:34 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 56) 06:18:34 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.net/syz0\x00', 0x200002, 0x0) epoll_ctl$EPOLL_CTL_DEL(0xffffffffffffffff, 0x2, r1) write$apparmor_current(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6e472badd3f8df24c3042f72509955635d921ecb606007fc7e3f2b902ba9b8bba4a4f136b6f8f0b0f65f78fb0c6bb21e0d72350cb760c83b8f1d37b26a07004bf68c059c27c99665445050ed2f74ba99261cc2f69c9a9b27cd946a685cb02a5934b28523d9931da548ae000a85bfd7edbd51ac01bbeaa99cdf0335f744eda1884bdc25eb28be47fb3efe8613a8fa14a5a8aaf79b942a9fe250d3adc93ea7044a25eadbca3b6a0c8364b28fdfbf4789838c63ef80b841960d1dbd927871cf8dbbfd83bb0af78f88fe4d53c873afefb7b8cd13ac52de5a2dd045c523b0932750d9d3ae738f57d548", @ANYRESHEX=r0, @ANYRES8=r0], 0xfffffffffffffd95) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.net/syz0\x00', 0x200002, 0x0) (async) epoll_ctl$EPOLL_CTL_DEL(0xffffffffffffffff, 0x2, r1) (async) write$apparmor_current(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6e472badd3f8df24c3042f72509955635d921ecb606007fc7e3f2b902ba9b8bba4a4f136b6f8f0b0f65f78fb0c6bb21e0d72350cb760c83b8f1d37b26a07004bf68c059c27c99665445050ed2f74ba99261cc2f69c9a9b27cd946a685cb02a5934b28523d9931da548ae000a85bfd7edbd51ac01bbeaa99cdf0335f744eda1884bdc25eb28be47fb3efe8613a8fa14a5a8aaf79b942a9fe250d3adc93ea7044a25eadbca3b6a0c8364b28fdfbf4789838c63ef80b841960d1dbd927871cf8dbbfd83bb0af78f88fe4d53c873afefb7b8cd13ac52de5a2dd045c523b0932750d9d3ae738f57d548", @ANYRESHEX=r0, @ANYRES8=r0], 0xfffffffffffffd95) (async) 06:18:34 executing program 4: write$apparmor_current(0xffffffffffffffff, &(0x7f0000000080)=@hat={'changehat '}, 0x1d) 06:18:34 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NBD_CMD_STATUS(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x2c, r1, 0x10, 0x70bd25, 0x25dfdbfd, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0xc4e}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x26}]}, 0x2c}, 0x1, 0x0, 0x0, 0x400c0}, 0x4040040) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, r1, 0x200, 0x70bd29, 0x25dfdbfb, {}, [@NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x8}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0xffffffff}]}, 0x2c}, 0x1, 0x0, 0x0, 0x10000000}, 0x4) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="00022cbd7000fcdbdf25010000000c00030002000000000000000c0008000008000010000000140007800800010046c5363448c40e99a03976cbbb49cca85e4cf6cdd06ffeda032cdf7a8fcd5c4d2c066d5e25dc5a93e75081dd434e8ab9d71f193aa9b91594330e9b3cd54e0b5f7eba80a46ef46ac8bfdc21135db7acfa96e4f0450af28d496c0aeddc58ec7782510a09f40b8ae1b6a5f9e50d236fd55e96ac12f920aa1a962610e960dc7b94449f0f9445a503282b8600c70d441fbc6ec65b9a25cba64eb3b2315ef0ba639dbda96ffd486182f6a879cc0fd0cff064abb94f200c9b82864fcff8debe2a99b9c9fc382f25bdd7c01da66f97cc6f93f7304f06400c5bb8e896338c1dbe0f7612c00bdc7474c3a11c483de390a4f96bb6b57f2416c578d438a59d339a0c8a18dcfec57a09ecbbcffbe0bce028609b626de1c40a7e46ee5f2afc74d0fcf612777c651c2232cc27360f53a7a44e19cf36053357d22c2b9c500ed7c51885e75d329014ea1b78aaef49e464e7", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="04000a000c0005000a00000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x4000}, 0x14) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32=r2, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08010000", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0800010000000000"], 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) getsockopt$inet_buf(r2, 0x0, 0x28, &(0x7f0000000080)=""/97, &(0x7f0000000100)=0x61) sendto$inet(0xffffffffffffffff, &(0x7f0000000140)="78f35400d6e4", 0x6, 0x4800, &(0x7f0000000180)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xe}}, 0x10) r3 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IP_VS_SO_SET_ADDDEST(r3, 0x0, 0x487, &(0x7f00000001c0)={{0x0, @rand_addr=0x64010100, 0x4e22, 0x0, 'sed\x00', 0x1, 0xcc2f, 0x3}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x4e20, 0x10000, 0x0, 0x0, 0x7f}}, 0x44) ioctl$sock_inet_SIOCSARP(r3, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @remote}, {0x1}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) 06:18:34 executing program 4: write$apparmor_current(0xffffffffffffffff, &(0x7f0000000080)=@hat={'changehat '}, 0x1d) [ 1431.434134] FAULT_INJECTION: forcing a failure. [ 1431.434134] name failslab, interval 1, probability 0, space 0, times 0 [ 1431.447340] FAULT_INJECTION: forcing a failure. [ 1431.447340] name failslab, interval 1, probability 0, space 0, times 0 [ 1431.469774] CPU: 1 PID: 367 Comm: syz-executor.1 Not tainted 4.14.290-syzkaller #0 06:18:34 executing program 4: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000080)=@hat={'changehat '}, 0x1d) 06:18:34 executing program 5: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NBD_CMD_STATUS(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x2c, r1, 0x10, 0x70bd25, 0x25dfdbfd, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0xc4e}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x26}]}, 0x2c}, 0x1, 0x0, 0x0, 0x400c0}, 0x4040040) (async) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, r1, 0x200, 0x70bd29, 0x25dfdbfb, {}, [@NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x8}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0xffffffff}]}, 0x2c}, 0x1, 0x0, 0x0, 0x10000000}, 0x4) (async) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="00022cbd7000fcdbdf25010000000c00030002000000000000000c0008000008000010000000140007800800010046c5363448c40e99a03976cbbb49cca85e4cf6cdd06ffeda032cdf7a8fcd5c4d2c066d5e25dc5a93e75081dd434e8ab9d71f193aa9b91594330e9b3cd54e0b5f7eba80a46ef46ac8bfdc21135db7acfa96e4f0450af28d496c0aeddc58ec7782510a09f40b8ae1b6a5f9e50d236fd55e96ac12f920aa1a962610e960dc7b94449f0f9445a503282b8600c70d441fbc6ec65b9a25cba64eb3b2315ef0ba639dbda96ffd486182f6a879cc0fd0cff064abb94f200c9b82864fcff8debe2a99b9c9fc382f25bdd7c01da66f97cc6f93f7304f06400c5bb8e896338c1dbe0f7612c00bdc7474c3a11c483de390a4f96bb6b57f2416c578d438a59d339a0c8a18dcfec57a09ecbbcffbe0bce028609b626de1c40a7e46ee5f2afc74d0fcf612777c651c2232cc27360f53a7a44e19cf36053357d22c2b9c500ed7c51885e75d329014ea1b78aaef49e464e7", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="04000a000c0005000a00000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x4000}, 0x14) (async) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32=r2, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08010000", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0800010000000000"], 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) getsockopt$inet_buf(r2, 0x0, 0x28, &(0x7f0000000080)=""/97, &(0x7f0000000100)=0x61) (async) sendto$inet(0xffffffffffffffff, &(0x7f0000000140)="78f35400d6e4", 0x6, 0x4800, &(0x7f0000000180)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xe}}, 0x10) (async) r3 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IP_VS_SO_SET_ADDDEST(r3, 0x0, 0x487, &(0x7f00000001c0)={{0x0, @rand_addr=0x64010100, 0x4e22, 0x0, 'sed\x00', 0x1, 0xcc2f, 0x3}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x4e20, 0x10000, 0x0, 0x0, 0x7f}}, 0x44) (async) ioctl$sock_inet_SIOCSARP(r3, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @remote}, {0x1}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) [ 1431.477500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1431.480306] IPVS: set_ctl: invalid protocol: 0 100.1.1.0:20002 [ 1431.486843] Call Trace: [ 1431.486859] dump_stack+0x1b2/0x281 [ 1431.486874] should_fail.cold+0x10a/0x149 [ 1431.486886] should_failslab+0xd6/0x130 [ 1431.486897] __kmalloc+0x2c1/0x400 [ 1431.486906] ? __list_lru_init+0x67/0x710 [ 1431.486916] __list_lru_init+0x67/0x710 [ 1431.486928] sget_userns+0x4e4/0xc10 [ 1431.523062] ? set_bdev_super+0x110/0x110 [ 1431.527207] ? ns_test_super+0x50/0x50 [ 1431.531093] ? set_bdev_super+0x110/0x110 [ 1431.535242] ? ns_test_super+0x50/0x50 [ 1431.539134] sget+0xd1/0x110 [ 1431.542176] mount_bdev+0xcd/0x360 [ 1431.545708] ? qnx4_iget+0xa20/0xa20 [ 1431.549417] mount_fs+0x92/0x2a0 [ 1431.552787] vfs_kern_mount.part.0+0x5b/0x470 [ 1431.557367] do_mount+0xe65/0x2a30 [ 1431.560905] ? __do_page_fault+0x159/0xad0 [ 1431.565133] ? retint_kernel+0x2d/0x2d [ 1431.569021] ? copy_mount_string+0x40/0x40 [ 1431.573256] ? memset+0x20/0x40 [ 1431.576531] ? copy_mount_options+0x1fa/0x2f0 [ 1431.581025] ? copy_mnt_ns+0xa30/0xa30 [ 1431.583431] IPVS: set_ctl: invalid protocol: 0 100.1.1.0:20002 [ 1431.584912] SyS_mount+0xa8/0x120 [ 1431.584922] ? copy_mnt_ns+0xa30/0xa30 [ 1431.584934] do_syscall_64+0x1d5/0x640 [ 1431.584952] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1431.607438] RIP: 0033:0x7f5650cfa7aa [ 1431.611133] RSP: 002b:00007f564f66df88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 1431.618834] RAX: ffffffffffffffda RBX: 0000000020000240 RCX: 00007f5650cfa7aa [ 1431.626176] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 00007f564f66dfe0 [ 1431.633453] RBP: 00007f564f66e020 R08: 00007f564f66e020 R09: 0000000020000000 [ 1431.640738] R10: 0000000000008002 R11: 0000000000000202 R12: 0000000020000000 [ 1431.648001] R13: 0000000020000040 R14: 00007f564f66dfe0 R15: 0000000020000280 [ 1431.655266] CPU: 0 PID: 364 Comm: syz-executor.3 Not tainted 4.14.290-syzkaller #0 [ 1431.662974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1431.672498] Call Trace: [ 1431.675087] dump_stack+0x1b2/0x281 [ 1431.678715] should_fail.cold+0x10a/0x149 [ 1431.682861] should_failslab+0xd6/0x130 [ 1431.686830] __kmalloc+0x2c1/0x400 [ 1431.690369] ? __list_lru_init+0x67/0x710 [ 1431.694518] __list_lru_init+0x67/0x710 [ 1431.698490] sget_userns+0x504/0xc10 [ 1431.702199] ? set_bdev_super+0x110/0x110 [ 1431.706436] ? ns_test_super+0x50/0x50 [ 1431.710495] ? set_bdev_super+0x110/0x110 [ 1431.714642] ? ns_test_super+0x50/0x50 [ 1431.718643] sget+0xd1/0x110 [ 1431.721673] mount_bdev+0xcd/0x360 [ 1431.722247] IPVS: set_ctl: invalid protocol: 0 100.1.1.0:20002 [ 1431.725227] ? qnx4_iget+0xa20/0xa20 [ 1431.725240] mount_fs+0x92/0x2a0 [ 1431.725254] vfs_kern_mount.part.0+0x5b/0x470 [ 1431.725265] do_mount+0xe65/0x2a30 [ 1431.746280] ? __do_page_fault+0x159/0xad0 [ 1431.750514] ? retint_kernel+0x2d/0x2d [ 1431.754403] ? copy_mount_string+0x40/0x40 [ 1431.758645] ? memset+0x20/0x40 [ 1431.761927] ? copy_mount_options+0x1fa/0x2f0 [ 1431.766418] ? copy_mnt_ns+0xa30/0xa30 [ 1431.770307] SyS_mount+0xa8/0x120 [ 1431.773761] ? copy_mnt_ns+0xa30/0xa30 [ 1431.777658] do_syscall_64+0x1d5/0x640 [ 1431.781552] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1431.786735] RIP: 0033:0x7f5ff741c7aa [ 1431.790438] RSP: 002b:00007f5ff5d8ff88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 1431.798268] RAX: ffffffffffffffda RBX: 0000000020000240 RCX: 00007f5ff741c7aa [ 1431.805551] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 00007f5ff5d8ffe0 [ 1431.812819] RBP: 00007f5ff5d90020 R08: 00007f5ff5d90020 R09: 0000000020000000 [ 1431.820212] R10: 0000000000008002 R11: 0000000000000202 R12: 0000000020000000 [ 1431.827479] R13: 0000000020000040 R14: 00007f5ff5d8ffe0 R15: 0000000020000280 06:18:34 executing program 3: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 58) 06:18:34 executing program 4: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000080)=@hat={'changehat '}, 0x1d) 06:18:34 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCRTMSG(r0, 0x890d, &(0x7f0000000200)={0x0, {0x2, 0x4e22, @remote}, {0x2, 0x4e22, @empty}, {0x2, 0x4e21, @empty}, 0x10, 0x0, 0x0, 0x0, 0x2, &(0x7f00000001c0)='dummy0\x00', 0x1ff, 0x8, 0x3}) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) sendmsg$L2TP_CMD_SESSION_DELETE(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x64, 0x0, 0x10, 0x70bd2a, 0x25dfdbfd, {}, [@L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x3}, @L2TP_ATTR_L2SPEC_LEN={0x5, 0x6, 0x3}, @L2TP_ATTR_UDP_CSUM={0x5, 0xd, 0x1}, @L2TP_ATTR_L2SPEC_TYPE={0x5, 0x5, 0x1}, @L2TP_ATTR_IP_SADDR={0x8, 0x18, @multicast1}, @L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x3}, @L2TP_ATTR_UDP_ZERO_CSUM6_TX={0x5}, @L2TP_ATTR_L2SPEC_TYPE={0x5}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_L2SPEC_LEN={0x5, 0x6, 0x6}]}, 0x64}, 0x1, 0x0, 0x0, 0x20008010}, 0x8001) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r2}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x26040800) setsockopt$IP_VS_SO_SET_ADDDEST(r2, 0x0, 0x487, &(0x7f0000000400)={{0x88, @multicast1, 0x4e20, 0x0, 'sed\x00', 0x12, 0x1, 0x2f}, {@dev={0xac, 0x14, 0x14, 0x2e}, 0x4e20, 0x1, 0x1, 0x7fff, 0x8000}}, 0x44) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NBD_CMD_STATUS(r3, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x14}, 0x14}}, 0x0) syz_genetlink_get_family_id$nbd(&(0x7f0000000bc0), r3) sendmsg$NBD_CMD_STATUS(r3, &(0x7f00000005c0)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000580)={&(0x7f0000000500)={0x4c, 0x0, 0x300, 0x70bd28, 0x25dfdbfc, {}, [@NBD_ATTR_DEAD_CONN_TIMEOUT={0xc}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x1}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x4f3}]}, 0x4c}, 0x1, 0x0, 0x0, 0x80}, 0x20009045) ioctl$RNDCLEARPOOL(r2, 0x5206, &(0x7f0000000480)=0xfffffff8) getsockopt$ARPT_SO_GET_ENTRIES(r0, 0x0, 0x61, &(0x7f0000000280)={'filter\x00', 0xea, "1edbb307d467da7240bb979d6372d26bea1ddfd9718fa77a75dbb0ba6319e3c4fb0c8d820c52b2ac583624e0eae6945ed4e833660c3fe1e5aff1212d22e1bf0d0041b8165f9134bb9f136324658bef8ba6880272f1428b36c602defef59131037d37d4109730c0ab8632ca83b28d04b64352515821f776d0c7d8f1de61069d24dfdc0049f9dc23f077982f1407055fbc4935bdf1421c16e77773a184f372df96bdb5722dda656f9db3bd6d097ab1aaeee129ad358b916cc2b722e432392f3cecee22877499e87afdb0380eed73ea948a788705bab31c662bb791f082013cebdfc7325fe558a427ce038b"}, &(0x7f00000003c0)=0x10e) 06:18:34 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NBD_CMD_STATUS(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x2c, r1, 0x10, 0x70bd25, 0x25dfdbfd, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0xc4e}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x26}]}, 0x2c}, 0x1, 0x0, 0x0, 0x400c0}, 0x4040040) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, r1, 0x200, 0x70bd29, 0x25dfdbfb, {}, [@NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x8}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0xffffffff}]}, 0x2c}, 0x1, 0x0, 0x0, 0x10000000}, 0x4) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="00022cbd7000fcdbdf25010000000c00030002000000000000000c0008000008000010000000140007800800010046c5363448c40e99a03976cbbb49cca85e4cf6cdd06ffeda032cdf7a8fcd5c4d2c066d5e25dc5a93e75081dd434e8ab9d71f193aa9b91594330e9b3cd54e0b5f7eba80a46ef46ac8bfdc21135db7acfa96e4f0450af28d496c0aeddc58ec7782510a09f40b8ae1b6a5f9e50d236fd55e96ac12f920aa1a962610e960dc7b94449f0f9445a503282b8600c70d441fbc6ec65b9a25cba64eb3b2315ef0ba639dbda96ffd486182f6a879cc0fd0cff064abb94f200c9b82864fcff8debe2a99b9c9fc382f25bdd7c01da66f97cc6f93f7304f06400c5bb8e896338c1dbe0f7612c00bdc7474c3a11c483de390a4f96bb6b57f2416c578d438a59d339a0c8a18dcfec57a09ecbbcffbe0bce028609b626de1c40a7e46ee5f2afc74d0fcf612777c651c2232cc27360f53a7a44e19cf36053357d22c2b9c500ed7c51885e75d329014ea1b78aaef49e464e7", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="04000a000c0005000a00000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x4000}, 0x14) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32=r2, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08010000", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0800010000000000"], 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) getsockopt$inet_buf(r2, 0x0, 0x28, &(0x7f0000000080)=""/97, &(0x7f0000000100)=0x61) sendto$inet(0xffffffffffffffff, &(0x7f0000000140)="78f35400d6e4", 0x6, 0x4800, &(0x7f0000000180)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xe}}, 0x10) r3 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IP_VS_SO_SET_ADDDEST(r3, 0x0, 0x487, &(0x7f00000001c0)={{0x0, @rand_addr=0x64010100, 0x4e22, 0x0, 'sed\x00', 0x1, 0xcc2f, 0x3}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x4e20, 0x10000, 0x0, 0x0, 0x7f}}, 0x44) ioctl$sock_inet_SIOCSARP(r3, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @remote}, {0x1}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) 06:18:34 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.net/syz0\x00', 0x200002, 0x0) epoll_ctl$EPOLL_CTL_DEL(0xffffffffffffffff, 0x2, r1) write$apparmor_current(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6e472badd3f8df24c3042f72509955635d921ecb606007fc7e3f2b902ba9b8bba4a4f136b6f8f0b0f65f78fb0c6bb21e0d72350cb760c83b8f1d37b26a07004bf68c059c27c99665445050ed2f74ba99261cc2f69c9a9b27cd946a685cb02a5934b28523d9931da548ae000a85bfd7edbd51ac01bbeaa99cdf0335f744eda1884bdc25eb28be47fb3efe8613a8fa14a5a8aaf79b942a9fe250d3adc93ea7044a25eadbca3b6a0c8364b28fdfbf4789838c63ef80b841960d1dbd927871cf8dbbfd83bb0af78f88fe4d53c873afefb7b8cd13ac52de5a2dd045c523b0932750d9d3ae738f57d548", @ANYRESHEX=r0, @ANYRES8=r0], 0xfffffffffffffd95) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.net/syz0\x00', 0x200002, 0x0) (async) epoll_ctl$EPOLL_CTL_DEL(0xffffffffffffffff, 0x2, r1) (async) write$apparmor_current(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6e472badd3f8df24c3042f72509955635d921ecb606007fc7e3f2b902ba9b8bba4a4f136b6f8f0b0f65f78fb0c6bb21e0d72350cb760c83b8f1d37b26a07004bf68c059c27c99665445050ed2f74ba99261cc2f69c9a9b27cd946a685cb02a5934b28523d9931da548ae000a85bfd7edbd51ac01bbeaa99cdf0335f744eda1884bdc25eb28be47fb3efe8613a8fa14a5a8aaf79b942a9fe250d3adc93ea7044a25eadbca3b6a0c8364b28fdfbf4789838c63ef80b841960d1dbd927871cf8dbbfd83bb0af78f88fe4d53c873afefb7b8cd13ac52de5a2dd045c523b0932750d9d3ae738f57d548", @ANYRESHEX=r0, @ANYRES8=r0], 0xfffffffffffffd95) (async) 06:18:34 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 57) 06:18:34 executing program 4: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000080)=@hat={'changehat '}, 0x1d) 06:18:34 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCRTMSG(r0, 0x890d, &(0x7f0000000200)={0x0, {0x2, 0x4e22, @remote}, {0x2, 0x4e22, @empty}, {0x2, 0x4e21, @empty}, 0x10, 0x0, 0x0, 0x0, 0x2, &(0x7f00000001c0)='dummy0\x00', 0x1ff, 0x8, 0x3}) (async) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) (async) sendmsg$L2TP_CMD_SESSION_DELETE(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x64, 0x0, 0x10, 0x70bd2a, 0x25dfdbfd, {}, [@L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x3}, @L2TP_ATTR_L2SPEC_LEN={0x5, 0x6, 0x3}, @L2TP_ATTR_UDP_CSUM={0x5, 0xd, 0x1}, @L2TP_ATTR_L2SPEC_TYPE={0x5, 0x5, 0x1}, @L2TP_ATTR_IP_SADDR={0x8, 0x18, @multicast1}, @L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x3}, @L2TP_ATTR_UDP_ZERO_CSUM6_TX={0x5}, @L2TP_ATTR_L2SPEC_TYPE={0x5}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_L2SPEC_LEN={0x5, 0x6, 0x6}]}, 0x64}, 0x1, 0x0, 0x0, 0x20008010}, 0x8001) (async) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r2}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x26040800) setsockopt$IP_VS_SO_SET_ADDDEST(r2, 0x0, 0x487, &(0x7f0000000400)={{0x88, @multicast1, 0x4e20, 0x0, 'sed\x00', 0x12, 0x1, 0x2f}, {@dev={0xac, 0x14, 0x14, 0x2e}, 0x4e20, 0x1, 0x1, 0x7fff, 0x8000}}, 0x44) (async) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NBD_CMD_STATUS(r3, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x14}, 0x14}}, 0x0) syz_genetlink_get_family_id$nbd(&(0x7f0000000bc0), r3) (async) sendmsg$NBD_CMD_STATUS(r3, &(0x7f00000005c0)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000580)={&(0x7f0000000500)={0x4c, 0x0, 0x300, 0x70bd28, 0x25dfdbfc, {}, [@NBD_ATTR_DEAD_CONN_TIMEOUT={0xc}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x1}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x4f3}]}, 0x4c}, 0x1, 0x0, 0x0, 0x80}, 0x20009045) (async) ioctl$RNDCLEARPOOL(r2, 0x5206, &(0x7f0000000480)=0xfffffff8) (async) getsockopt$ARPT_SO_GET_ENTRIES(r0, 0x0, 0x61, &(0x7f0000000280)={'filter\x00', 0xea, "1edbb307d467da7240bb979d6372d26bea1ddfd9718fa77a75dbb0ba6319e3c4fb0c8d820c52b2ac583624e0eae6945ed4e833660c3fe1e5aff1212d22e1bf0d0041b8165f9134bb9f136324658bef8ba6880272f1428b36c602defef59131037d37d4109730c0ab8632ca83b28d04b64352515821f776d0c7d8f1de61069d24dfdc0049f9dc23f077982f1407055fbc4935bdf1421c16e77773a184f372df96bdb5722dda656f9db3bd6d097ab1aaeee129ad358b916cc2b722e432392f3cecee22877499e87afdb0380eed73ea948a788705bab31c662bb791f082013cebdfc7325fe558a427ce038b"}, &(0x7f00000003c0)=0x10e) 06:18:35 executing program 4: openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(0xffffffffffffffff, &(0x7f0000000080)=@hat={'changehat '}, 0x1d) [ 1431.934726] IPVS: set_ctl: invalid protocol: 0 100.1.1.0:20002 [ 1431.957756] FAULT_INJECTION: forcing a failure. [ 1431.957756] name failslab, interval 1, probability 0, space 0, times 0 [ 1431.964069] FAULT_INJECTION: forcing a failure. [ 1431.964069] name failslab, interval 1, probability 0, space 0, times 0 [ 1431.997437] CPU: 1 PID: 427 Comm: syz-executor.3 Not tainted 4.14.290-syzkaller #0 [ 1432.005165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1432.014508] Call Trace: [ 1432.017089] dump_stack+0x1b2/0x281 [ 1432.020715] should_fail.cold+0x10a/0x149 [ 1432.024858] should_failslab+0xd6/0x130 [ 1432.028828] kmem_cache_alloc+0x28e/0x3c0 [ 1432.032986] alloc_buffer_head+0x20/0x110 [ 1432.037128] alloc_page_buffers+0xb3/0x1f0 [ 1432.041359] __getblk_slow+0x2d6/0x7a0 [ 1432.045250] __bread_gfp+0x206/0x2e0 [ 1432.048966] qnx4_fill_super+0x16c/0x600 [ 1432.053023] mount_bdev+0x2b3/0x360 [ 1432.056644] ? qnx4_iget+0xa20/0xa20 [ 1432.060355] mount_fs+0x92/0x2a0 [ 1432.063726] vfs_kern_mount.part.0+0x5b/0x470 [ 1432.068223] do_mount+0xe65/0x2a30 [ 1432.071763] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1432.076513] ? copy_mount_string+0x40/0x40 [ 1432.080742] ? retint_kernel+0x2d/0x2d [ 1432.084637] ? copy_mnt_ns+0xa30/0xa30 [ 1432.088526] ? copy_mount_options+0x1fa/0x2f0 [ 1432.093015] ? copy_mnt_ns+0xa30/0xa30 [ 1432.096895] SyS_mount+0xa8/0x120 [ 1432.100339] ? copy_mnt_ns+0xa30/0xa30 [ 1432.104227] do_syscall_64+0x1d5/0x640 [ 1432.108115] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1432.113299] RIP: 0033:0x7f5ff741c7aa [ 1432.117002] RSP: 002b:00007f5ff5d8ff88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 1432.124703] RAX: ffffffffffffffda RBX: 0000000020000240 RCX: 00007f5ff741c7aa [ 1432.131956] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 00007f5ff5d8ffe0 [ 1432.139216] RBP: 00007f5ff5d90020 R08: 00007f5ff5d90020 R09: 0000000020000000 [ 1432.146493] R10: 0000000000008002 R11: 0000000000000202 R12: 0000000020000000 [ 1432.153746] R13: 0000000020000040 R14: 00007f5ff5d8ffe0 R15: 0000000020000280 [ 1432.161359] CPU: 0 PID: 426 Comm: syz-executor.1 Not tainted 4.14.290-syzkaller #0 [ 1432.169066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1432.178416] Call Trace: [ 1432.180999] dump_stack+0x1b2/0x281 [ 1432.184630] should_fail.cold+0x10a/0x149 [ 1432.188790] should_failslab+0xd6/0x130 [ 1432.192767] kmem_cache_alloc_trace+0x29a/0x3d0 [ 1432.197440] qnx4_fill_super+0x4f/0x600 [ 1432.201416] ? set_blocksize+0x125/0x380 [ 1432.205481] mount_bdev+0x2b3/0x360 [ 1432.209104] ? qnx4_iget+0xa20/0xa20 [ 1432.212814] mount_fs+0x92/0x2a0 [ 1432.216199] vfs_kern_mount.part.0+0x5b/0x470 [ 1432.220702] do_mount+0xe65/0x2a30 [ 1432.224244] ? __do_page_fault+0x159/0xad0 [ 1432.228477] ? retint_kernel+0x2d/0x2d [ 1432.232361] ? copy_mount_string+0x40/0x40 [ 1432.236610] ? memset+0x20/0x40 [ 1432.239888] ? copy_mount_options+0x1fa/0x2f0 06:18:35 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$IP_VS_SO_SET_STOPDAEMON(r1, 0x0, 0x48c, 0x0, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @empty}, {}, 0x4, {0x2, 0x0, @empty}, 'veth0\x00'}) 06:18:35 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="7065726d686174203078303030303030303030303030303030305e716e783400716e05340079f11a017dc13814dc9cab696aa2e76efadf6ce924252e2ceb278a3a2500c4c9b25a47765256b06a47e4183380ec41a6e5376aa073e85af66c3eb5602e5ead797f244a3775ecc41b5db3d0a5c02b30caa57a63c861bc2cb97abc58c50a3a9accdbf35646c5cd307a7a03d18a91801f46edf7b852545d55833962bf6c159a07aeb2f8d39672693343bec9ba023a07b81036b808362e1b02bdb7f1f5df6fc00b55d55f4038bbfeb9dcd403c954945354d5dd89f7ae81dce7007fa32758fa88e4be5c0577e5aa9e764fae2f5dacb1b342d2f9352e163532ac8f1d5d62d687f8b3435c7171e5b3af99ce24b8921ef8ab63c3d796af66d4fbe1909396c9dcf80dae334d6acacf53178f639bfa81825bfb13ba506547963d00d75a699855c44e798e91f460a06655098beb0ac0dc487b6767d0c053360e40ff38a2ff834331926a635b456d1b8f67bd1638ac81de0656dd866d8fdc5c2c538e26c7b2efd7a90797865db97a17dbc03b0e002757934a6f97ed7b61acde1c2beb77aea34011a0c04924b89535a86e64a0bbd1e059df8cf8aa28688d2f76a9350c6d807c891dac888dc6e62dadcc0b43cf3170f1cacdc0b7afc717ee6c91b2c35d046c77db809d597b086861fbd3db6eab74faa8d21bf7ce6316150000000000"], 0xfffffffffffffd95) 06:18:35 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCRTMSG(r0, 0x890d, &(0x7f0000000200)={0x0, {0x2, 0x4e22, @remote}, {0x2, 0x4e22, @empty}, {0x2, 0x4e21, @empty}, 0x10, 0x0, 0x0, 0x0, 0x2, &(0x7f00000001c0)='dummy0\x00', 0x1ff, 0x8, 0x3}) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) sendmsg$L2TP_CMD_SESSION_DELETE(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x64, 0x0, 0x10, 0x70bd2a, 0x25dfdbfd, {}, [@L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x3}, @L2TP_ATTR_L2SPEC_LEN={0x5, 0x6, 0x3}, @L2TP_ATTR_UDP_CSUM={0x5, 0xd, 0x1}, @L2TP_ATTR_L2SPEC_TYPE={0x5, 0x5, 0x1}, @L2TP_ATTR_IP_SADDR={0x8, 0x18, @multicast1}, @L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x3}, @L2TP_ATTR_UDP_ZERO_CSUM6_TX={0x5}, @L2TP_ATTR_L2SPEC_TYPE={0x5}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_L2SPEC_LEN={0x5, 0x6, 0x6}]}, 0x64}, 0x1, 0x0, 0x0, 0x20008010}, 0x8001) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r2}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x26040800) setsockopt$IP_VS_SO_SET_ADDDEST(r2, 0x0, 0x487, &(0x7f0000000400)={{0x88, @multicast1, 0x4e20, 0x0, 'sed\x00', 0x12, 0x1, 0x2f}, {@dev={0xac, 0x14, 0x14, 0x2e}, 0x4e20, 0x1, 0x1, 0x7fff, 0x8000}}, 0x44) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NBD_CMD_STATUS(r3, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x14}, 0x14}}, 0x0) syz_genetlink_get_family_id$nbd(&(0x7f0000000bc0), r3) sendmsg$NBD_CMD_STATUS(r3, &(0x7f00000005c0)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000580)={&(0x7f0000000500)={0x4c, 0x0, 0x300, 0x70bd28, 0x25dfdbfc, {}, [@NBD_ATTR_DEAD_CONN_TIMEOUT={0xc}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x1}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x4f3}]}, 0x4c}, 0x1, 0x0, 0x0, 0x80}, 0x20009045) ioctl$RNDCLEARPOOL(r2, 0x5206, &(0x7f0000000480)=0xfffffff8) getsockopt$ARPT_SO_GET_ENTRIES(r0, 0x0, 0x61, &(0x7f0000000280)={'filter\x00', 0xea, "1edbb307d467da7240bb979d6372d26bea1ddfd9718fa77a75dbb0ba6319e3c4fb0c8d820c52b2ac583624e0eae6945ed4e833660c3fe1e5aff1212d22e1bf0d0041b8165f9134bb9f136324658bef8ba6880272f1428b36c602defef59131037d37d4109730c0ab8632ca83b28d04b64352515821f776d0c7d8f1de61069d24dfdc0049f9dc23f077982f1407055fbc4935bdf1421c16e77773a184f372df96bdb5722dda656f9db3bd6d097ab1aaeee129ad358b916cc2b722e432392f3cecee22877499e87afdb0380eed73ea948a788705bab31c662bb791f082013cebdfc7325fe558a427ce038b"}, &(0x7f00000003c0)=0x10e) socket$inet_udp(0x2, 0x2, 0x0) (async) ioctl$sock_inet_SIOCRTMSG(r0, 0x890d, &(0x7f0000000200)={0x0, {0x2, 0x4e22, @remote}, {0x2, 0x4e22, @empty}, {0x2, 0x4e21, @empty}, 0x10, 0x0, 0x0, 0x0, 0x2, &(0x7f00000001c0)='dummy0\x00', 0x1ff, 0x8, 0x3}) (async) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) (async) sendmsg$L2TP_CMD_SESSION_DELETE(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x64, 0x0, 0x10, 0x70bd2a, 0x25dfdbfd, {}, [@L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x3}, @L2TP_ATTR_L2SPEC_LEN={0x5, 0x6, 0x3}, @L2TP_ATTR_UDP_CSUM={0x5, 0xd, 0x1}, @L2TP_ATTR_L2SPEC_TYPE={0x5, 0x5, 0x1}, @L2TP_ATTR_IP_SADDR={0x8, 0x18, @multicast1}, @L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x3}, @L2TP_ATTR_UDP_ZERO_CSUM6_TX={0x5}, @L2TP_ATTR_L2SPEC_TYPE={0x5}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_L2SPEC_LEN={0x5, 0x6, 0x6}]}, 0x64}, 0x1, 0x0, 0x0, 0x20008010}, 0x8001) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) (async) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r2}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x26040800) (async) setsockopt$IP_VS_SO_SET_ADDDEST(r2, 0x0, 0x487, &(0x7f0000000400)={{0x88, @multicast1, 0x4e20, 0x0, 'sed\x00', 0x12, 0x1, 0x2f}, {@dev={0xac, 0x14, 0x14, 0x2e}, 0x4e20, 0x1, 0x1, 0x7fff, 0x8000}}, 0x44) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) sendmsg$NBD_CMD_STATUS(r3, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x14}, 0x14}}, 0x0) (async) syz_genetlink_get_family_id$nbd(&(0x7f0000000bc0), r3) (async) sendmsg$NBD_CMD_STATUS(r3, &(0x7f00000005c0)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000580)={&(0x7f0000000500)={0x4c, 0x0, 0x300, 0x70bd28, 0x25dfdbfc, {}, [@NBD_ATTR_DEAD_CONN_TIMEOUT={0xc}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x1}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x4f3}]}, 0x4c}, 0x1, 0x0, 0x0, 0x80}, 0x20009045) (async) ioctl$RNDCLEARPOOL(r2, 0x5206, &(0x7f0000000480)=0xfffffff8) (async) getsockopt$ARPT_SO_GET_ENTRIES(r0, 0x0, 0x61, &(0x7f0000000280)={'filter\x00', 0xea, "1edbb307d467da7240bb979d6372d26bea1ddfd9718fa77a75dbb0ba6319e3c4fb0c8d820c52b2ac583624e0eae6945ed4e833660c3fe1e5aff1212d22e1bf0d0041b8165f9134bb9f136324658bef8ba6880272f1428b36c602defef59131037d37d4109730c0ab8632ca83b28d04b64352515821f776d0c7d8f1de61069d24dfdc0049f9dc23f077982f1407055fbc4935bdf1421c16e77773a184f372df96bdb5722dda656f9db3bd6d097ab1aaeee129ad358b916cc2b722e432392f3cecee22877499e87afdb0380eed73ea948a788705bab31c662bb791f082013cebdfc7325fe558a427ce038b"}, &(0x7f00000003c0)=0x10e) (async) [ 1432.245078] ? copy_mnt_ns+0xa30/0xa30 [ 1432.248963] SyS_mount+0xa8/0x120 [ 1432.252412] ? copy_mnt_ns+0xa30/0xa30 [ 1432.256298] do_syscall_64+0x1d5/0x640 [ 1432.260188] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1432.265372] RIP: 0033:0x7f5650cfa7aa [ 1432.269078] RSP: 002b:00007f564f66df88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 1432.276787] RAX: ffffffffffffffda RBX: 0000000020000240 RCX: 00007f5650cfa7aa [ 1432.284053] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 00007f564f66dfe0 [ 1432.291319] RBP: 00007f564f66e020 R08: 00007f564f66e020 R09: 0000000020000000 06:18:35 executing program 3: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 59) 06:18:35 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) socket(0xb, 0xa, 0x80000000) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) 06:18:35 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="7065726d686174203078303030303030303030303030303030305e716e783400716e05340079f11a017dc13814dc9cab696aa2e76efadf6ce924252e2ceb278a3a2500c4c9b25a47765256b06a47e4183380ec41a6e5376aa073e85af66c3eb5602e5ead797f244a3775ecc41b5db3d0a5c02b30caa57a63c861bc2cb97abc58c50a3a9accdbf35646c5cd307a7a03d18a91801f46edf7b852545d55833962bf6c159a07aeb2f8d39672693343bec9ba023a07b81036b808362e1b02bdb7f1f5df6fc00b55d55f4038bbfeb9dcd403c954945354d5dd89f7ae81dce7007fa32758fa88e4be5c0577e5aa9e764fae2f5dacb1b342d2f9352e163532ac8f1d5d62d687f8b3435c7171e5b3af99ce24b8921ef8ab63c3d796af66d4fbe1909396c9dcf80dae334d6acacf53178f639bfa81825bfb13ba506547963d00d75a699855c44e798e91f460a06655098beb0ac0dc487b6767d0c053360e40ff38a2ff834331926a635b456d1b8f67bd1638ac81de0656dd866d8fdc5c2c538e26c7b2efd7a90797865db97a17dbc03b0e002757934a6f97ed7b61acde1c2beb77aea34011a0c04924b89535a86e64a0bbd1e059df8cf8aa28688d2f76a9350c6d807c891dac888dc6e62dadcc0b43cf3170f1cacdc0b7afc717ee6c91b2c35d046c77db809d597b086861fbd3db6eab74faa8d21bf7ce6316150000000000"], 0xfffffffffffffd95) 06:18:35 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r0) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000ffdbdf25", @ANYRES32], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) 06:18:35 executing program 4: openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(0xffffffffffffffff, &(0x7f0000000080)=@hat={'changehat '}, 0x1d) [ 1432.298584] R10: 0000000000008002 R11: 0000000000000202 R12: 0000000020000000 [ 1432.305847] R13: 0000000020000040 R14: 00007f564f66dfe0 R15: 0000000020000280 06:18:35 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 58) 06:18:35 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="7065726d686174203078303030303030303030303030303030305e716e783400716e05340079f11a017dc13814dc9cab696aa2e76efadf6ce924252e2ceb278a3a2500c4c9b25a47765256b06a47e4183380ec41a6e5376aa073e85af66c3eb5602e5ead797f244a3775ecc41b5db3d0a5c02b30caa57a63c861bc2cb97abc58c50a3a9accdbf35646c5cd307a7a03d18a91801f46edf7b852545d55833962bf6c159a07aeb2f8d39672693343bec9ba023a07b81036b808362e1b02bdb7f1f5df6fc00b55d55f4038bbfeb9dcd403c954945354d5dd89f7ae81dce7007fa32758fa88e4be5c0577e5aa9e764fae2f5dacb1b342d2f9352e163532ac8f1d5d62d687f8b3435c7171e5b3af99ce24b8921ef8ab63c3d796af66d4fbe1909396c9dcf80dae334d6acacf53178f639bfa81825bfb13ba506547963d00d75a699855c44e798e91f460a06655098beb0ac0dc487b6767d0c053360e40ff38a2ff834331926a635b456d1b8f67bd1638ac81de0656dd866d8fdc5c2c538e26c7b2efd7a90797865db97a17dbc03b0e002757934a6f97ed7b61acde1c2beb77aea34011a0c04924b89535a86e64a0bbd1e059df8cf8aa28688d2f76a9350c6d807c891dac888dc6e62dadcc0b43cf3170f1cacdc0b7afc717ee6c91b2c35d046c77db809d597b086861fbd3db6eab74faa8d21bf7ce6316150000000000"], 0xfffffffffffffd95) 06:18:35 executing program 0: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) r1 = epoll_create(0x8001) r2 = socket(0x18, 0x800, 0x7) epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r2) setsockopt$inet_sctp6_SCTP_HMAC_IDENT(0xffffffffffffffff, 0x84, 0x16, &(0x7f0000000100)={0x8000000000000008, [0x6, 0x4, 0x3, 0x7ff, 0x9, 0x645]}, 0x10) r3 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r3, &(0x7f0000000080)={0x2000}) write$apparmor_current(r0, &(0x7f00000000c0)=@profile={'changeprofile ', ']-$%\'.\x00'}, 0x15) ioctl$SCSI_IOCTL_START_UNIT(0xffffffffffffffff, 0x5) 06:18:35 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) socket(0xb, 0xa, 0x80000000) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) socket$inet_udp(0x2, 0x2, 0x0) (async) socket(0xb, 0xa, 0x80000000) (async) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) (async) 06:18:35 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000040)={0x42fd, "3ca2d2e544aeb3c10edd3039d6165e829453ab882c720d9bdca86a05ecf40a84"}) 06:18:35 executing program 4: openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(0xffffffffffffffff, &(0x7f0000000080)=@hat={'changehat '}, 0x1d) [ 1432.388832] FAULT_INJECTION: forcing a failure. [ 1432.388832] name failslab, interval 1, probability 0, space 0, times 0 06:18:35 executing program 0: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) r1 = epoll_create(0x8001) r2 = socket(0x18, 0x800, 0x7) epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r2) setsockopt$inet_sctp6_SCTP_HMAC_IDENT(0xffffffffffffffff, 0x84, 0x16, &(0x7f0000000100)={0x8000000000000008, [0x6, 0x4, 0x3, 0x7ff, 0x9, 0x645]}, 0x10) r3 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r3, &(0x7f0000000080)={0x2000}) write$apparmor_current(r0, &(0x7f00000000c0)=@profile={'changeprofile ', ']-$%\'.\x00'}, 0x15) ioctl$SCSI_IOCTL_START_UNIT(0xffffffffffffffff, 0x5) [ 1432.435534] FAULT_INJECTION: forcing a failure. [ 1432.435534] name failslab, interval 1, probability 0, space 0, times 0 [ 1432.447161] kauditd_printk_skb: 6 callbacks suppressed [ 1432.447175] audit: type=1400 audit(1660285115.465:157): apparmor="DENIED" operation="change_profile" info="label not found" error=-2 profile="unconfined" name="]-$%'." pid=501 comm="syz-executor.0" [ 1432.492714] CPU: 1 PID: 490 Comm: syz-executor.3 Not tainted 4.14.290-syzkaller #0 [ 1432.500535] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1432.509889] Call Trace: [ 1432.512511] dump_stack+0x1b2/0x281 [ 1432.516144] should_fail.cold+0x10a/0x149 [ 1432.520301] should_failslab+0xd6/0x130 [ 1432.524280] kmem_cache_alloc_trace+0x29a/0x3d0 [ 1432.528953] qnx4_fill_super+0x4f/0x600 [ 1432.532924] ? set_blocksize+0x125/0x380 [ 1432.536984] mount_bdev+0x2b3/0x360 [ 1432.540609] ? qnx4_iget+0xa20/0xa20 [ 1432.544322] mount_fs+0x92/0x2a0 [ 1432.547693] vfs_kern_mount.part.0+0x5b/0x470 [ 1432.552192] do_mount+0xe65/0x2a30 [ 1432.555737] ? __do_page_fault+0x159/0xad0 [ 1432.559969] ? retint_kernel+0x2d/0x2d [ 1432.563855] ? copy_mount_string+0x40/0x40 [ 1432.566001] audit: type=1400 audit(1660285115.525:158): apparmor="DENIED" operation="change_profile" info="label not found" error=-2 profile="unconfined" name="]-$%'." pid=515 comm="syz-executor.0" [ 1432.568086] ? memset+0x20/0x40 [ 1432.589122] ? copy_mount_options+0x1fa/0x2f0 [ 1432.593614] ? copy_mnt_ns+0xa30/0xa30 [ 1432.597499] SyS_mount+0xa8/0x120 [ 1432.600942] ? copy_mnt_ns+0xa30/0xa30 [ 1432.604813] do_syscall_64+0x1d5/0x640 [ 1432.608687] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1432.613863] RIP: 0033:0x7f5ff741c7aa [ 1432.617556] RSP: 002b:00007f5ff5d8ff88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 1432.625250] RAX: ffffffffffffffda RBX: 0000000020000240 RCX: 00007f5ff741c7aa [ 1432.632517] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 00007f5ff5d8ffe0 [ 1432.639768] RBP: 00007f5ff5d90020 R08: 00007f5ff5d90020 R09: 0000000020000000 [ 1432.647019] R10: 0000000000008002 R11: 0000000000000202 R12: 0000000020000000 [ 1432.654271] R13: 0000000020000040 R14: 00007f5ff5d8ffe0 R15: 0000000020000280 [ 1432.661534] CPU: 0 PID: 497 Comm: syz-executor.1 Not tainted 4.14.290-syzkaller #0 [ 1432.669244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1432.678590] Call Trace: [ 1432.681176] dump_stack+0x1b2/0x281 [ 1432.684806] should_fail.cold+0x10a/0x149 [ 1432.688956] should_failslab+0xd6/0x130 [ 1432.692933] kmem_cache_alloc+0x28e/0x3c0 [ 1432.697084] alloc_buffer_head+0x20/0x110 [ 1432.701234] alloc_page_buffers+0xb3/0x1f0 [ 1432.705469] __getblk_slow+0x2d6/0x7a0 [ 1432.709365] __bread_gfp+0x206/0x2e0 [ 1432.713082] qnx4_fill_super+0x16c/0x600 [ 1432.717146] mount_bdev+0x2b3/0x360 [ 1432.720768] ? qnx4_iget+0xa20/0xa20 [ 1432.724479] mount_fs+0x92/0x2a0 [ 1432.727837] vfs_kern_mount.part.0+0x5b/0x470 [ 1432.732322] do_mount+0xe65/0x2a30 [ 1432.735873] ? __do_page_fault+0x159/0xad0 [ 1432.740093] ? retint_kernel+0x2d/0x2d [ 1432.743958] ? copy_mount_string+0x40/0x40 [ 1432.748293] ? memset+0x20/0x40 [ 1432.751553] ? copy_mount_options+0x1fa/0x2f0 [ 1432.756029] ? copy_mnt_ns+0xa30/0xa30 [ 1432.759911] SyS_mount+0xa8/0x120 [ 1432.763340] ? copy_mnt_ns+0xa30/0xa30 [ 1432.767212] do_syscall_64+0x1d5/0x640 [ 1432.771083] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1432.776251] RIP: 0033:0x7f5650cfa7aa [ 1432.779940] RSP: 002b:00007f564f66df88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 06:18:35 executing program 3: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 60) 06:18:35 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) socket(0xb, 0xa, 0x80000000) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) socket$inet_udp(0x2, 0x2, 0x0) (async) socket(0xb, 0xa, 0x80000000) (async) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private}, {}, 0x4, {0x2, 0x0, @local}, 'veth0\x00'}) (async) 06:18:35 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000040)={0x42fd, "3ca2d2e544aeb3c10edd3039d6165e829453ab882c720d9bdca86a05ecf40a84"}) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) (async) ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000040)={0x42fd, "3ca2d2e544aeb3c10edd3039d6165e829453ab882c720d9bdca86a05ecf40a84"}) (async) 06:18:35 executing program 0: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) r1 = epoll_create(0x8001) r2 = socket(0x18, 0x800, 0x7) epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r2) setsockopt$inet_sctp6_SCTP_HMAC_IDENT(0xffffffffffffffff, 0x84, 0x16, &(0x7f0000000100)={0x8000000000000008, [0x6, 0x4, 0x3, 0x7ff, 0x9, 0x645]}, 0x10) r3 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r3, &(0x7f0000000080)={0x2000}) write$apparmor_current(r0, &(0x7f00000000c0)=@profile={'changeprofile ', ']-$%\'.\x00'}, 0x15) ioctl$SCSI_IOCTL_START_UNIT(0xffffffffffffffff, 0x5) 06:18:35 executing program 4: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, 0x0, 0x0) [ 1432.787627] RAX: ffffffffffffffda RBX: 0000000020000240 RCX: 00007f5650cfa7aa [ 1432.794891] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 00007f564f66dfe0 [ 1432.802139] RBP: 00007f564f66e020 R08: 00007f564f66e020 R09: 0000000020000000 [ 1432.809387] R10: 0000000000008002 R11: 0000000000000202 R12: 0000000020000000 [ 1432.816635] R13: 0000000020000040 R14: 00007f564f66dfe0 R15: 0000000020000280 06:18:35 executing program 1: syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x8002, &(0x7f0000000280)) (fail_nth: 59) 06:18:35 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private=0xa010100}, {0x1}, 0x4, {0x2, 0x0, @remote}, 'veth0\x00'}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) setsockopt$IP_VS_SO_SET_ADDDEST(r2, 0x0, 0x487, &(0x7f0000000280)={{0x6c, @multicast1, 0x4e20, 0x0, 'ovf\x00', 0x3, 0x7f, 0x47}, {@loopback, 0x4e20, 0x1, 0x9, 0x0, 0x7}}, 0x44) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000300)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32=r2, @ANYBLOB="080001000eeb3c855225f92f9700834fa576bae80ac46e429c51d9545044410000000047c92c2cab4c93401a1b871f014844766c5d7afd9e09a754a7dcc1ebf9c12b73af269ea03d2edac04165fd8736b27d1bdfe196e44a25764139d0efa796948ebdf344bf5de801ffb99954c4a6effb70bd75c37ed5cb4b96aa6b9d9588a79281a9b4d657346d06e8cd84832311866db8822132289f8a0da559ca04b8cb0825adc72b8cc6a5b0a713746195405750ad544730bbae6062376bf083f3788c18692fda79ec7f493e6dff799077a94be75c638019b4c3022c2f432e", @ANYRES32, @ANYBLOB="08000100", @ANYRES32=r2, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="080001005e00d1eba08b87aabb369fbdc945bc0900c15b8687d7f411082d3a06b6412e251d0597fc4dc2fe95bfa5fd4c04848fb6fb17c9dbb97990cad4de131529edd36deb8e7fa8b531a589a0c99fd36374840f83e2a37fa936c60c31ade36c9603620570190afbc0bfa18567f400", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0800010000000000"], 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) getsockopt$inet_pktinfo(r2, 0x0, 0x8, &(0x7f0000000080)={0x0, @local, @initdev}, &(0x7f00000000c0)=0xc) 06:18:35 executing program 4: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, 0x0, 0x0) 06:18:35 executing program 2: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) (async) ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000040)={0x42fd, "3ca2d2e544aeb3c10edd3039d6165e829453ab882c720d9bdca86a05ecf40a84"}) 06:18:35 executing program 0: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) r1 = epoll_create(0x8001) r2 = socket(0x18, 0x800, 0x7) epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r2) setsockopt$inet_sctp6_SCTP_HMAC_IDENT(0xffffffffffffffff, 0x84, 0x16, &(0x7f0000000100)={0x8000000000000008, [0x6, 0x4, 0x3, 0x7ff, 0x9, 0x645]}, 0x10) r3 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r3, &(0x7f0000000080)={0x2000}) write$apparmor_current(r0, &(0x7f00000000c0)=@profile={'changeprofile ', ']-$%\'.\x00'}, 0x15) 06:18:35 executing program 0: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000440)=@hat={'permhat ', 0x0, 0x5e, ['qnx4\x00', 'qn\x054\x00y\xf1\x1a\x01}\xc18\x14\xdc\x9c\xabij\xa2\xe7n\xfa\xdfl\xe9', '$-.,\xeb\'\x8a:%\x00', '\xc4\xc9\xb2ZGvRV\xb0jG\xe4\x183\x80\xecA\xa6\xe57j\xa0s\xe8Z\xf6l>\xb5p.^\xady\x7f$J7u\xec\xc4\x1b]\xb3\xd0\xa5\xc0+0\xca\xa5zc\xc8a\xbc;\xb9z\xbcX\xc5\n:\x9a\xcc\xdb\xf3VF\xc5\xcd0zz\x03\xd1\x8a\x91\x80\x1fF\xec\xf7\xb8RT]U\x839b\xbfl\x15\x9a\a\xae\xb2\xf8\xd3\x96ri3C\xbe\xc9\xba\x02:\a\xb8\x106.\x1b\x02\xbd\xb7\xf1\xf5\xdfo\xc0\vU\xd5_@8\xbb\xfe\xb9\xdc\xae\x81\xdc\xe7\x00\x7f\xa3\'X\xfa\x88\xe4\xbe\\\x05w\xe5\xaa\x9evO\xae ]\xac\xb1\xb3B\xd2\xf95.\x1652\xac\x8f\x1d]b\xd6\x87\xf8\xb3C\\qq\xe5\xb3\xaf\x99\xce$\xb8\x92\x1e\xf8\xabc\xc3\xd7\x96\xaff\xd4\xfb\xe1\x90\x93\x96\xc9\xdc\xf8\r\xae3Mj\xca\xcfS\x17\x8fc\x9b\xfa\x81\x82[\xfb\x13\xbaPeG\x96=\x00\xd7Zi\x98U', '\xc4Ny\x8e\x91\xf4`\xa0fU\t\x8b\xeb\n\xc0\xdcH{gg\xd0\xc0S6\x0e@\xff8\xa2\xff\x83L1\x92jc[Em\x1b\x8fg\xbd\x168\xac\x81\xde\x06V\xdd\x86m\x8f\xdc\\9M\xea~\xdc,S\x8e&\xc7\xb2\xef\xd7\xa9\a\x97\x86]\xb9z\x17\xdb\xc0;\x0e\x00\'W\xebw\xae\xa3@\x11\xa0\xc0I$\xb8\x955\xa8nd\xa0\xbb\xd1\xe0Y\xdf\x8c\xf8\xaa(h\x8d/v\xa95\fm\x80|\x89\x1d\xac\x88\x8d\xc6\xe6-\xad\xcc\vC\xcf1p\xf1\xca\xcd\xc0\xb7\xaf\xc7\x17\xeel\x91\xb2\xc3]\x04lw\xdb\x80\x9dY{\bha\xfb\xd3\xdbn\xabt\xfa\xa8\xd2\x1b\xf7\xcec\x16\x15\x9c\x06\xd9', 'qnx4\x00', ':\x18\x12:\xdc\x93\xdc\xa9\x88\x01\x80\x00\b\x00']}, 0xfffffffffffffd95) r1 = epoll_create(0x8001) r2 = socket(0x18, 0x800, 0x7) epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r2) setsockopt$inet_sctp6_SCTP_HMAC_IDENT(0xffffffffffffffff, 0x84, 0x16, &(0x7f0000000100)={0x8000000000000008, [0x6, 0x4, 0x3, 0x7ff, 0x9, 0x645]}, 0x10) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$apparmor_current(r0, &(0x7f00000000c0)=@profile={'changeprofile ', ']-$%\'.\x00'}, 0x15) [ 1432.889306] audit: type=1400 audit(1660285115.905:159): apparmor="DENIED" operation="change_profile" info="label not found" error=-2 profile="unconfined" name="]-$%'." pid=532 comm="syz-executor.0" 06:18:35 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @private=0xa010100}, {0x1}, 0x4, {0x2, 0x0, @remote}, 'veth0\x00'}) (async) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000800), 0x24000, 0x0) setsockopt$IP_VS_SO_SET_ADDDEST(r2, 0x0, 0x487, &(0x7f0000000280)={{0x6c, @multicast1, 0x4e20, 0x0, 'ovf\x00', 0x3, 0x7f, 0x47}, {@loopback, 0x4e20, 0x1, 0x9, 0x0, 0x7}}, 0x44) (async) sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000300)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="010000000000ffdbdf250500000008000100000000000c00030002000000000000003c00078008000100", @ANYRES32=r2, @ANYBLOB="080001000eeb3c855225f92f9700834fa576bae80ac46e429c51d9545044410000000047c92c2cab4c93401a1b871f014844766c5d7afd9e09a754a7dcc1ebf9c12b73af269ea03d2edac04165fd8736b27d1bdfe196e44a25764139d0efa796948ebdf344bf5de801ffb99954c4a6effb70bd75c37ed5cb4b96aa6b9d9588a79281a9b4d657346d06e8cd84832311866db8822132289f8a0da559ca04b8cb0825adc72b8cc6a5b0a713746195405750ad544730bbae6062376bf083f3788c18692fda79ec7f493e6dff799077a94be75c638019b4c3022c2f432e", @ANYRES32, @ANYBLOB="08000100", @ANYRES32=r2, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="080001005e00d1eba08b87aabb369fbdc945bc0900c15b8687d7f411082d3a06b6412e251d0597fc4dc2fe95bfa5fd4c04848fb6fb17c9dbb97990cad4de131529edd36deb8e7fa8b531a589a0c99fd36374840f83e2a37fa936c60c31ade36c9603620570190afbc0bfa18567f400", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0800010000000000"], 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) getsockopt$inet_pktinfo(r2, 0x0, 0x8, &(0x7f0000000080)={0x0, @local, @initdev}, &(0x7f00000000c0)=0xc) [ 1432.942018] FAULT_INJECTION: forcing a failure. [ 1432.942018] name failslab, interval 1, probability 0, space 0, times 0 [ 1432.954364] FAULT_INJECTION: forcing a failure. [ 1432.954364] name failslab, interval 1, probability 0, space 0, times 0 [ 1432.978771] CPU: 0 PID: 551 Comm: syz-executor.1 Not tainted 4.14.290-syzkaller #0 [ 1432.979359] audit: type=1400 audit(1660285115.955:160): apparmor="DENIED" operation="change_profile" info="label not found" error=-2 profile="unconfined" name="]-$%'." pid=552 comm="syz-executor.0" [ 1432.986498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1432.986507] Call Trace: [ 1432.986528] dump_stack+0x1b2/0x281 [ 1432.986544] should_fail.cold+0x10a/0x149 [ 1432.986557] should_failslab+0xd6/0x130 [ 1432.986570] __kmalloc+0x2c1/0x400 [ 1432.986579] ? register_shrinker+0x1ab/0x220 [ 1432.986590] register_shrinker+0x1ab/0x220 [ 1432.986601] sget_userns+0x9aa/0xc10 [ 1432.986610] ? set_bdev_super+0x110/0x110 [ 1432.986622] ? ns_test_super+0x50/0x50 [ 1432.986633] ? set_bdev_super+0x110/0x110 [ 1432.986642] ? ns_test_super+0x50/0x50 [ 1432.986649] sget+0xd1/0x110 [ 1432.986659] mount_bdev+0xcd/0x360 [ 1432.986668] ? qnx4_iget+0xa20/0xa20 [ 1432.986678] mount_fs+0x92/0x2a0 [ 1432.986691] vfs_kern_mount.part.0+0x5b/0x470 [ 1432.986704] do_mount+0xe65/0x2a30 [ 1433.015221] audit: type=1400 audit(1660285115.995:161): apparmor="DENIED" operation="change_profile" info="label not found" error=-2 profile="unconfined" name="]-$%'." pid=558 comm="syz-executor.0" [ 1433.016314] ? __do_page_fault+0x159/0xad0 [ 1433.016325] ? retint_kernel+0x2d/0x2d [ 1433.016337] ? copy_mount_string+0x40/0x40 [ 1433.016349] ? memset+0x20/0x40 [ 1433.114655] ? copy_mount_options+0x1fa/0x2f0 [ 1433.119139] ? copy_mnt_ns+0xa30/0xa30 [ 1433.123032] SyS_mount+0xa8/0x120 [ 1433.126487] ? copy_mnt_ns+0xa30/0xa30 [ 1433.130358] do_syscall_64+0x1d5/0x640 [ 1433.134233] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1433.139404] RIP: 0033:0x7f5650cfa7aa [ 1433.143101] RSP: 002b:00007f564f66df88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 1433.150805] RAX: ffffffffffffffda RBX: 0000000020000240 RCX: 00007f5650cfa7aa [ 1433.158071] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 00007f564f66dfe0 [ 1433.165326] RBP: 00007f564f66e020 R08: 00007f564f66e020 R09: 0000000020000000 [ 1433.172594] R10: 0000000000008002 R11: 0000000000000202 R12: 0000000020000000 [ 1433.179846] R13: 0000000020000040 R14: 00007f564f66dfe0 R15: 0000000020000280 [ 1433.187116] CPU: 1 PID: 544 Comm: syz-executor.3 Not tainted 4.14.290-syzkaller #0 [ 1433.194824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1433.204170] Call Trace: [ 1433.206759] dump_stack+0x1b2/0x281 [ 1433.210390] should_fail.cold+0x10a/0x149 [ 1433.214541] should_failslab+0xd6/0x130 [ 1433.218518] kmem_cache_alloc_trace+0x29a/0x3d0 [ 1433.223302] qnx4_fill_super+0x4f/0x600 [ 1433.227276] ? set_blocksize+0x125/0x380 [ 1433.231426] mount_bdev+0x2b3/0x360 [ 1433.235051] ? qnx4_iget+0xa20/0xa20 [ 1433.238764] mount_fs+0x92/0x2a0 [ 1433.242131] vfs_kern_mount.part.0+0x5b/0x470 [ 1433.246627] do_mount+0xe65/0x2a30 [ 1433.250164] ? __do_page_fault+0x159/0xad0 [ 1433.254395] ? retint_kernel+0x2d/0x2d [ 1433.258277] ? copy_mount_string+0x40/0x40 [ 1433.262518] ? memset+0x20/0x40 [ 1433.265795] ? copy_mount_options+0x1fa/0x2f0 [ 1433.270281] ? copy_mnt_ns+0xa30/0xa30 [ 1433.274164] SyS_mount+0xa8/0x120 [ 1433.277615] ? copy_mnt_ns+0xa30/0xa30 [ 1433.278864] ------------[ cut here ]------------ [ 1433.281494] do_syscall_64+0x1d5/0x640 [ 1433.286236] WARNING: CPU: 0 PID: 551 at fs/super.c:1163 kill_block_super+0xbe/0xe0 [ 1433.290103] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1433.297777] Kernel panic - not syncing: panic_on_warn set ... [ 1433.297777] [ 1433.302951] RIP: 0033:0x7f5ff741c7aa [ 1433.313982] RSP: 002b:00007f5ff5d8ff88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 1433.321672] RAX: ffffffffffffffda RBX: 0000000020000240 RCX: 00007f5ff741c7aa [ 1433.328926] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 00007f5ff5d8ffe0 [ 1433.336177] RBP: 00007f5ff5d90020 R08: 00007f5ff5d90020 R09: 0000000020000000 [ 1433.343427] R10: 0000000000008002 R11: 0000000000000202 R12: 0000000020000000 [ 1433.350678] R13: 0000000020000040 R14: 00007f5ff5d8ffe0 R15: 0000000020000280 [ 1433.357957] CPU: 0 PID: 551 Comm: syz-executor.1 Not tainted 4.14.290-syzkaller #0 [ 1433.365658] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 1433.375012] Call Trace: [ 1433.377601] dump_stack+0x1b2/0x281 [ 1433.381250] panic+0x1f9/0x42d [ 1433.384451] ? add_taint.cold+0x16/0x16 [ 1433.388430] ? kill_block_super+0xbe/0xe0 [ 1433.392575] ? __warn.cold+0x5/0x44 [ 1433.396203] ? kill_block_super+0xbe/0xe0 [ 1433.400354] __warn.cold+0x20/0x44 [ 1433.403893] ? ist_end_non_atomic+0x10/0x10 [ 1433.408213] ? kill_block_super+0xbe/0xe0 [ 1433.412360] report_bug+0x208/0x250 [ 1433.415986] do_error_trap+0x195/0x2d0 [ 1433.419874] ? math_error+0x2d0/0x2d0 [ 1433.423673] ? retint_kernel+0x2d/0x2d [ 1433.427591] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1433.432465] invalid_op+0x1b/0x40 [ 1433.435914] RIP: 0010:kill_block_super+0xbe/0xe0 [ 1433.440654] RSP: 0018:ffff88807dde7bb0 EFLAGS: 00010246 [ 1433.445996] RAX: 0000000000040000 RBX: 0000000000000000 RCX: ffffc90005fb4000 [ 1433.453295] RDX: 0000000000040000 RSI: ffffffff81875ece RDI: ffff8880a400bcb0 [ 1433.460543] RBP: ffff888097fc6e80 R08: ffffffff8b9b4650 R09: 0000000000000001 [ 1433.467792] R10: 0000000000000000 R11: ffff8880a19da580 R12: ffff8880a400b800 [ 1433.475044] R13: ffffffff891e3430 R14: ffffffff88f45760 R15: dffffc0000000000 [ 1433.482333] ? kill_block_super+0xbe/0xe0 [ 1433.486465] qnx4_kill_sb+0x38/0x90 [ 1433.490074] deactivate_locked_super+0x6c/0xd0 [ 1433.494633] sget_userns+0x9c4/0xc10 [ 1433.498325] ? set_bdev_super+0x110/0x110 [ 1433.502451] ? ns_test_super+0x50/0x50 [ 1433.506314] ? set_bdev_super+0x110/0x110 [ 1433.510444] ? ns_test_super+0x50/0x50 [ 1433.514369] sget+0xd1/0x110 [ 1433.517367] mount_bdev+0xcd/0x360 [ 1433.520890] ? qnx4_iget+0xa20/0xa20 [ 1433.524583] mount_fs+0x92/0x2a0 [ 1433.527947] vfs_kern_mount.part.0+0x5b/0x470 [ 1433.532422] do_mount+0xe65/0x2a30 [ 1433.536051] ? __do_page_fault+0x159/0xad0 [ 1433.540268] ? retint_kernel+0x2d/0x2d [ 1433.544145] ? copy_mount_string+0x40/0x40 [ 1433.548366] ? memset+0x20/0x40 [ 1433.551628] ? copy_mount_options+0x1fa/0x2f0 [ 1433.556103] ? copy_mnt_ns+0xa30/0xa30 [ 1433.559970] SyS_mount+0xa8/0x120 [ 1433.563402] ? copy_mnt_ns+0xa30/0xa30 [ 1433.567273] do_syscall_64+0x1d5/0x640 [ 1433.571145] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1433.576313] RIP: 0033:0x7f5650cfa7aa [ 1433.580003] RSP: 002b:00007f564f66df88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 1433.587690] RAX: ffffffffffffffda RBX: 0000000020000240 RCX: 00007f5650cfa7aa [ 1433.594937] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 00007f564f66dfe0 [ 1433.602205] RBP: 00007f564f66e020 R08: 00007f564f66e020 R09: 0000000020000000 [ 1433.609460] R10: 0000000000008002 R11: 0000000000000202 R12: 0000000020000000 [ 1433.616710] R13: 0000000020000040 R14: 00007f564f66dfe0 R15: 0000000020000280 [ 1433.624220] Kernel Offset: disabled [ 1433.627909] Rebooting in 86400 seconds..