00, 0x1800007, 0x12, r1, 0xffffc000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x4052, r0, 0x0) 03:40:35 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) 03:40:35 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x4, 0x0, 0x0) 03:40:35 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000ffffffea2c003480"], 0x60}}, 0x0) 03:40:35 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000000c0)={[{@rlog_wakeup_cnt}], [], 0x14}) 03:40:35 executing program 3: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) r1 = perf_event_open(&(0x7f00000002c0)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0xfffffff6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$BTRFS_IOC_QUOTA_RESCAN_STATUS(r2, 0x8040942d, &(0x7f0000000080)) write(r0, &(0x7f0000000040)="80", 0x1) ioctl$FAT_IOCTL_GET_ATTRIBUTES(r1, 0x80047210, &(0x7f00000000c0)) mmap(&(0x7f00002a4000/0x4000)=nil, 0x4000, 0x1800007, 0x12, r2, 0xffffc000) fstat(r0, &(0x7f0000000100)) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x4052, r0, 0x0) [ 842.974170][ T3021] incfs: Options parsing error. -22 03:40:35 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) 03:40:35 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000ffffffef2c003480"], 0x60}}, 0x0) [ 843.068765][ T3048] incfs: Options parsing error. -22 [ 843.078090][ T3050] ref_ctr increment failed for inode: 0x4fb offset: 0x0 ref_ctr_offset: 0xfffffff6 of mm: 0x0000000090033ab2 [ 843.096178][ T3051] ref_ctr increment failed for inode: 0x4d7 offset: 0x0 ref_ctr_offset: 0xfffffff6 of mm: 0x00000000f20725e2 [ 843.124995][ T3051] ref_ctr increment failed for inode: 0x4d7 offset: 0x0 ref_ctr_offset: 0xfffffff6 of mm: 0x00000000f20725e2 03:40:36 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) 03:40:36 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x8, 0x0, 0x0) 03:40:36 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000000c0)={[{@rlog_wakeup_cnt}], [], 0x16}) 03:40:36 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000fffffff02c003480"], 0x60}}, 0x0) 03:40:36 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540), &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r3 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r2, r1, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r3, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) 03:40:36 executing program 3: setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x41, &(0x7f0000000080)=0x400, 0x4) r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) r1 = perf_event_open(&(0x7f00000002c0)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0xfffffff6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = accept$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @multicast1}, &(0x7f0000000100)=0x10) sendfile(r1, r2, &(0x7f0000000140)=0x7fff, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', 0x0, 0x0) write(r0, &(0x7f0000000040)="80", 0x1) mmap(&(0x7f00002a4000/0x4000)=nil, 0x4000, 0x1800007, 0x12, r3, 0xffffc000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x4052, r0, 0x0) 03:40:36 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000fffffffe2c003480"], 0x60}}, 0x0) 03:40:36 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000000c0)={[{@rlog_wakeup_cnt}], [], 0x1c}) 03:40:36 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0xc, 0x0, 0x0) 03:40:36 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540), &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r3 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r2, r1, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r3, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) [ 843.777427][ T3066] incfs: Options parsing error. -22 [ 843.790070][ T3068] ref_ctr increment failed for inode: 0x4ec offset: 0x0 ref_ctr_offset: 0xfffffff6 of mm: 0x00000000c29deb7c 03:40:36 executing program 3: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) perf_event_open(&(0x7f00000002c0)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0xfffffff6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', 0x0, 0x0) r2 = getpgrp(0xffffffffffffffff) perf_event_open(&(0x7f0000000080)={0x3, 0x80, 0x9, 0x9, 0x9, 0x7f, 0x0, 0x6, 0x20004, 0x4, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x3, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x8000, 0x5}, 0x80, 0x4, 0x5, 0x1, 0x4, 0xebba, 0x3, 0x0, 0x2, 0x0, 0x8}, r2, 0x9, 0xffffffffffffffff, 0x8) write(r0, &(0x7f0000000040)="80", 0x1) r3 = accept4$unix(r0, &(0x7f0000000100)=@abs, &(0x7f0000000180)=0x6e, 0x0) epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r3) mmap(&(0x7f00002a4000/0x4000)=nil, 0x4000, 0x1800007, 0x12, r1, 0xffffc000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x4052, r0, 0x0) [ 843.821916][ T3083] ref_ctr increment failed for inode: 0x4ec offset: 0x0 ref_ctr_offset: 0xfffffff6 of mm: 0x00000000c29deb7c 03:40:36 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f000000000000000000007fffffff2c003480"], 0x60}}, 0x0) 03:40:36 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0xa0028000, 0x0, 0x0, 0x0) 03:40:36 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540), &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r3 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r2, r1, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r3, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) 03:40:36 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000000c0)={[{@rlog_wakeup_cnt}], [], 0x22}) [ 843.905818][ T3101] incfs: Options parsing error. -22 [ 843.912472][ T3101] incfs: Options parsing error. -22 [ 843.928016][ T3107] ref_ctr increment failed for inode: 0x4e1 offset: 0x0 ref_ctr_offset: 0xfffffff6 of mm: 0x00000000efcae56b 03:40:36 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f0000000000000000000081ffffff2c003480"], 0x60}}, 0x0) 03:40:36 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x38, 0x0, 0x0) 03:40:36 executing program 3: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) perf_event_open(&(0x7f00000002c0)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0xfffffff6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', 0x0, 0x0) write(r0, &(0x7f0000000040)="80", 0x1) mmap(&(0x7f00002a4000/0x4000)=nil, 0x4000, 0x1800007, 0x12, r1, 0xffffc000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x4052, r0, 0x0) open(&(0x7f0000000080)='./bus\x00', 0x82001, 0x4) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000340)=ANY=[@ANYBLOB="0700000000000000f70f00000000010004000000050000000600000000000000000000000000000000010000000000ae0000000000000000000000000000000000000000000000800000000000000000000000000000000300000000000000060000000000000000100000000000000000000000000000000000000000000000010000000000000000000000000000080000000000000004000000000000000000000000000000000000000000000000000000000000000b2000000000000000000000000000000600000000000000f3950000000000000000000000000000000000000000000000000000000000000024000000000000000000000000000013ab5801000000000000000200000000000000ff01000000000000080000000000000000000000000000008002000000000000000000000000000008000000000000000000000001000000755d00000000000000000000000000000000000000000000041400"/370]) [ 843.947483][ T3107] ref_ctr increment failed for inode: 0x4e1 offset: 0x0 ref_ctr_offset: 0xfffffff6 of mm: 0x00000000efcae56b 03:40:36 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x0, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) 03:40:36 executing program 2: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) perf_event_open(&(0x7f00000002c0)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0xfffffff6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', 0x0, 0x0) write(r0, &(0x7f0000000040)="80", 0x1) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) connect$inet6(r2, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c) getsockopt$inet6_mtu(r2, 0x29, 0x17, &(0x7f0000000080), &(0x7f00000000c0)=0x4) mmap(&(0x7f00002a4000/0x4000)=nil, 0x4000, 0x1800007, 0x12, r1, 0xffffc000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x4052, r0, 0x0) getsockopt$inet6_mtu(r2, 0x29, 0x17, &(0x7f0000000100), &(0x7f0000000140)=0x4) 03:40:36 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000000c0)={[{@rlog_wakeup_cnt}], [], 0x89}) [ 843.999537][ T3131] incfs: Options parsing error. -22 03:40:36 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f000000000000000000009effffff2c003480"], 0x60}}, 0x0) 03:40:36 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x118, 0x0, 0x0) 03:40:36 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x0, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) [ 844.081559][ T3148] ref_ctr increment failed for inode: 0x4f4 offset: 0x0 ref_ctr_offset: 0xfffffff6 of mm: 0x00000000010ffde1 [ 844.110154][ T3148] ref_ctr increment failed for inode: 0x4f4 offset: 0x0 ref_ctr_offset: 0xfffffff6 of mm: 0x00000000010ffde1 03:40:36 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000000c0)={[{@rlog_wakeup_cnt}], [], 0xa1}) 03:40:36 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000eaffffff2c003480"], 0x60}}, 0x0) [ 844.132805][ T3161] incfs: Options parsing error. -22 03:40:36 executing program 3: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) r1 = perf_event_open(&(0x7f00000002c0)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0xfffffff6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', 0x0, 0x0) write(r0, &(0x7f0000000040)="80", 0x1) ioctl$EXT4_IOC_PRECACHE_EXTENTS(r1, 0x6612) mmap(&(0x7f00002a4000/0x4000)=nil, 0x4000, 0x1800007, 0x12, r2, 0xffffc000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x4052, r0, 0x0) 03:40:36 executing program 2: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) perf_event_open(&(0x7f00000002c0)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0xfffffff6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', 0x0, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r2, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) listen(r2, 0x12) ioctl$EXT4_IOC_MIGRATE(r2, 0x6609) write(r0, &(0x7f0000000040)="80", 0x1) mmap(&(0x7f00002a4000/0x4000)=nil, 0x4000, 0x1800007, 0x12, r1, 0xffffc000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x4052, r0, 0x0) 03:40:36 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0xc00, 0x0, 0x0) 03:40:36 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x0, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) [ 844.153891][ T3157] ref_ctr increment failed for inode: 0x4f8 offset: 0x0 ref_ctr_offset: 0xfffffff6 of mm: 0x00000000698654e0 03:40:36 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000efffffff2c003480"], 0x60}}, 0x0) 03:40:36 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000000c0)={[{@rlog_wakeup_cnt}], [], 0xec}) [ 844.229466][ T3183] incfs: Options parsing error. -22 03:40:36 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x1801, 0x0, 0x0) 03:40:37 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0xc000000, 0x0, 0x0, 0x0) 03:40:37 executing program 3: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) r1 = perf_event_open(&(0x7f00000002c0)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0xfffffff6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', 0x0, 0x0) write(r0, &(0x7f0000000040)="80", 0x1) writev(r1, &(0x7f0000001440)=[{&(0x7f0000000180)="5ec1e23c24c1943b03b84bb5b4d8fe297cc4f4c1a7ae5b1459fdf5aab293d7c2706b65596bbf3a3e1ca71c6636dd92c1f4b27b32fb5e0abc5c598f71d2374419b792567896d5aa873a", 0x49}, {&(0x7f0000000340)="e1f776a6db780cc9e11e9b118bc4e27354c5bd2b033832654fb9d7b2beb2ab0d6f2f6d5fb6bd009b53285b0869213d5cd9787f19dc6c753200909d1aba528fc73e65eee8ebd14907fc54337d5f558ba26d6ef19a4cdcae737d1dfb119c079b7ce2edfc2c916441f93ae6a3c7daab9a6c302b4b92562bc6048f24f33001a25e1b6703f14a6817d5de68517e38cc26c86cad8580750e9c9368040d2152edcac29bd05975ff736cfa9f8e10ee94787e67c74295c5a154dd3f5d1a0d263788a1734fd9417b60582cf2bd615c26b6b9ae1346dc24ae445a15", 0xd6}, {&(0x7f0000000440)="cc0df8d4dd46ed9495f34e67561fc436345f86cb0c2f72372bdc82e0c65ab967a58a1ea261bc1da6c74340d30572f75e8d8948de917cbcf8df4cdd0937701957190110b57b3309e325370f08b86c4118a63cb82d6339320d0025a03a0c5620b1fd71beb4c71a8aa818305307be3e8f06c39e66c2f2bc73ab816e1244600f421c43ace64fb7afbb9a58b5f9b9ef630c6df855b7a49ee6d3e372ddbedfaebcc71cc96448fdd5d09cdda2a843040ff9dfb78cc7e344adfab3d082b3eb102e542caa5fa56b7746ca98481885feb08818f06d10e36190414f78e5c21b0182a9dc6dbaeeecffa4877b51e8d3c3c21670fad9fc266d9fb7d9737b88d1b8510b5994ee022f8e2d51887ca4d91e9f99f7447de90eb3c4f7c33853e4112c7e89e4e5ad2ba4084fc63ffe68ca0d48ff68b83c7ad3daea434570a39a1b964710a102b64197b9f2c88c012a473094f609c8a1fef818c7b32d5a0eab25e69dbbe8a87b6e11d80053e458604ac97010a0c11a52b53f517fbcbacd174439edc2ed32e7e55d37d464b14bd82cfdc99e6b22274a8a5029f161b85437ab312a04815784b932ec55b2c644aa136a4fab560350d2937ce04910f078d1cd693b32a9155dbc85b07942fa6f54a68135d4753818bf6b9ebd59355081dedd05c102e938073ab3d2db5efb950e692180682cbe3165e1eeac65c4a316545db6c7ab3ff4ab7d346619eddc758afeef566f4215f5da7e791b2169e138fc3f81685b5419f52a2a5a94ad358aad82f72f05b1c185d3233e872cf2f6df853b3c939dc844a6c5aa5fd2ea5445f89a95e00021cce6e3f3745c12a769cef473a3f3dfa9823b15712354433b63dd768075e4d4ac01385499ba7c900950fe9a32480d60daaf6490bc019ced23a2e0ac6fa7f709da5c2fd461e0b4052e05ed58549561edfa296aa9bac17eb7ff3182fb6a810a63c90ab2df3b0e2ab8678d719f2d6e5902fdd777a382b95628f10da0d300fb0e6136869484c5dac145b0c443ee0949be0dbb6874f24720ba87d1afffcd9c52942ec52dbd71be8391bd336cc13e6b688e6321c51e4fffa1a442a0ce5a228cbfdfb8a5b39d7bdbd14e26786a29e7bb2c16c6d39a1c3dc8c55d32652b50bd0de25ce5eddfa11eb23d42af5844354d7b1b92da9095f211fdb9e55988af9bd24d3f2a29934150bff8ad7e229400c540d297bb4da0d9a6595f7b451564b2c262e376d2820dfa0ab8b94a41f4dd32a85b5f8f28a9cc6f3a8b39abe7fa19ed36acc5d7505d2619adcc5ac94a9c56dcde5b7f49923a4f4b00caeff827c4a730bb2eef0d882a7afb54b2d94fb7877fa1307a13313537bed7b6d8c5d8c91260e2fb83782ec13e5a5d2241139359174243c3e02580b7c82f4ecace7188c8f32d95227bc36dfa09e6e8663d91b242e1d25b0029bffe0ae965705fe8763fda1676665816f131ad38768b15c9a502f276d61caea3337d37b1850feecf24f12e0aab28e46be22b81bc47096e9176e184c8d12385860e8fc139eaafe28a57b977f68233a231e38984b35af9c2b042639bd305ee733ee9a19ce0f03f80446a75e2e53c82dd3bcad08711bce2ee9b34def46137cd94fa5e22f73add6114ffe2e3a5d5a112bd56de56be2d5b8ef40eae783213ed0fcdbbe7026bee266bc07377ba9b34f09cd479f1604ab406352ef33e4c0bcf2d75252fd2e3ed31adb610c5d52e93f2eb5d17b1eff806e139f62c4f934169d2635f7c2ecb868e9bedbfeede43af807dba23ef32881c8a92245f232cae258ef6f91aed7710255bf433509121ff0f69421355576aaac961d3f3184f9af6a0f842a3e80586844a33aa10ee2f9783fb2be38477efaf9e42df6e371a93b4a9e636dfcfef16edb4a1383c25bcfbb6b230695677d0f121d8a2bd8666a720a00ee976aa6243720d9a71eca5787848c152e7a63ba25f1100fec95942948dbb5c16b89b5a5066699967e0965aacd91fb76191105a8d878aa2ddbb07e41a7f80c63c2593fd1ad760387170314fc34d9ff2c794d1bac289e21afa122bfe2f762ab821f6dd3035b6dca610acadeb8dac8f8e6e84626f82efd808a5a465fa2cb76eca101722702594b9774017a1d250748265fa7a3c83c0990c42051ce3b5b59b8b48a88d4bd759987f6f7c1a57d9dd25291225d6e93526b549dd85994fd6ef87026a70b697e9e443cf6a9cdf011fabaaf11573bfb259249f6c7db446888e07322f432adc136d264757152f560a0ebd02e9043c72da6474f26ad95bafaa1e248bfa8d68f5113cb178f9b020e38b23f7c68f96e0e9ffed10bb5a633e47a963318e42edc4445d7c585003457e367adf51835ce04d45c3478234d24cc4e89dde631b6a9599e559e17e120d99319ef4f293fc0ad87fb41b1531bc0943c1f5248c4885fee2556267d7a936c7ccbb97f31b3dafbb952e03db1ab213f2a77797be6ace7b48c36c63e5993c16ea372b9cdf435c40b750adb5edc482e2ea97cefe45fc60458231dd2d8d29938e54f344700a0a20750f030344c23c732d1270cfc7ce5d0f0c18685f30a517ab4ce41bc072cafc8c004dd89904a98346fcf4bf62a2c13b16d7f98456dd9216b9a1ce370343e2764df51072f3ab59cd911679df31bae82f6ee02e982acb68d47e62697afeb7a3de6fb5acf99dd238259208e2a37981b77f3c47618537d92ba3d51641dfae72f1b9516125c5e9ef27e1f34800a2875da5b2fae43706c684249336992287edfc25c29a5fd11dc6033cd1b16f34e53cef255b9ab49d18c1f65e7e59a4caa3b5ae9b9d05914750c9fb9e0937ba36c69515d987a8f80bd14eca5e2b801cac59880df26a43ee33a9557cbe7320c7b8c8f23381f9c3dc07f47541b3079ce31b5c08ff4e094aff374ac5afe850b276a84f06706f3a814b2e30f9e074f8f350d4221c7db25c0a9e9a86edc29f280784548ac0266df7b4faca5eefbc74cf17007334d7037411af983cf4ff936053afc5e4d354e7f89712d93eb8003f82b2661085f6fa8893c65497f3546e14008f8ac740ee134e8d936672201db034bb1c6861737e837ba162292e5cd445ea3350434194f6263700f9ec80a450a2fd5d4d294b5d30f8916b63b4e3e97478a1e89985a1737e36981b494e95ec3912d840ed4aab1f54c9c8131d21294b7e01c0e36f39b40708ea5f11cd2b477f0b952778f65a3affb4fc0ff52b0a05d858161212e1605369704225eb5685ae84cd8fae5e3c852d60ea66e72615f5cdb487a89157e5c3a526dd522d8c978f49e28dac2d8691867a4264e7f98bade93ce15c34d4fa270be5f74bbadae781d8526206ead35bdc3ef1bb80279f69c9386c4b7814dc81f7b2029841331d00d55631c91a218dbcf4e104b928445ff1190d21dc42fcc27bf6e0788055bdc9e6a2d26c005384142bacdb6ee30161de4b1993b34aba2159b802185d20d52144b6b83a23b3b3b2d800edf11179983908ad4deffcf398fcfccaee63a22a8eeae0c0d944e27b1440e17666fcee1b7135da768afffb8e8a0b4bfdd2f62c4e99d68147506482af82572c64b9867b93b57bdc19622f510d68fbbc086b3e5adc8612a2c2ef10420c9fdc3ba5487a82da566d68e886b556cc4ad0cb8010abba139cda8c43c0c993e6767e070fb0898d49db8bedca9128d79aab894b37be4bbd40d779c18034a6f50e2f2792007b43b73f7f58ac452b6f0bfbb783a8467ba3f6b9adb3a8982ca63f60c1b9c8e41edacd5ea14181264bd58e7b8fc90add6f6a8a53bf99b49973643b52d52271ba6f46b49b9cd27025f0416df2ed15243c333030f9a327cfd600145d123a769629cf038b92f7d9955665517717b247122cafb2d5e4ce7f32a0c0262eb5f4d77fae31fee99825167da714713737e9284070002e3cdd2fc0c26ddcfd20193ebec76766346aabd21478e3717ec157f56c8b7ca7fb1a72b9ec7bd605e3d3a1af66580932b69b8ad4187e0576d2fab78441c5d42ae9ed0011ef88b2371ba290df2211b8cabbca0edd65eda964ea1411e737617749649196343a9cbbf5d9a7e22fd2014191f84b713de76eec8b3a7f4e2541397460cfac2882a54403cbdaf3d88b66e2e4cca904e12095dabd8efa5bc7095210ada7c401abb0cecd19b694b71b28bc509b63e9acee3bb9256183af469887aa1d98c5553dff5677baf1fd43a474dcc071007b24ebb0204291990e6c60d52617f88edbd29bcdc514da6bac971b91394004060eb36cfe292d714cade20270b2b652758faa7f3f56eefc207980728bbbfe54ed4b6f123d3f0e0bdc009047da3b9876ca80c3543fcc17cb301e95327509ce6c786eb874b3acc29ac8c501d76b9eac31466dd4e12a74b5d85749594d0ef765b72cd019055f36eb6513b132aa2c9c2a1fe3aff70a64e55eac3e0ee79a9669149b1afdc4f847111054ffea47e610ddebdb6d80ecd5d284dfa95dfcce461f2a60e682eee2a90395ea8dcbb822a63ea956e6f28f86bca1bbadd89a8721e0d1451061c137350ddd369e985f418d2e63a573f30ee7202a8467fc3a590778be75bf1aaa99dc7d94bd5803bde661093f5bf88406eca371de9964c9dbbd404ecc218eeffb1669a8303c0f473b25403a12aa5b431d737198072c97ddc7e4b0e834d8932371c2bc43451c12c613ed62e7735fa1df3a871e7c68b5640ee40bf15da38251d1c246cd0c554c19626d318195ace5bd1cfa1c2b439d4333de635beff4b7cb431d5b6245576d0640f25cecc98190373738d6b85a0df73520f8584210d24be9eb6391861719a2dd785d421ebdd03f8f03f49143161836b1348ce659e2bee9967636f50d241c77aaea02e52030f785cb60f035116cdce3bbf21e9dc4e75bb28560ba0fb1ae5a959a06a9573c849b32c809a788aa25c8cb4118d3598e38e9705e35a7b584073292686cd6e9c59487c6e3b7f98e0a6889a517629d0688c054e2cac2da69d296a853ff2e3e8769b89b16d6749f9ca3da6b53e10bdd60f1b9f7563b66acdf815d1d8642e5bc3f4a94f680bc82b0bc3717fa439c93cdb71130065b502012e0b6ac0a2c89f8f5a7f3785233ca9949609d1868d91b61f3cd19c89c26e625c12308cf9742c771a42a103df16469829693ea0cc597c3f43d12d66d3b0c4b358b2622276d4a36442bd559d358ad8682622e11496c596ff4448d60b3ef46485e6f6cfffb8bcce274ce55ac5ab92a8742a87d63e20546eb60c25a2e797d057d31181c062b713c19a658324ef791884faf809ebea8b9be7af8b3e766241f329bdca4c1866f1d10dd516cd244d61ffa4e4911143671dc0416481634e594daa6f1449e7b7ced128d3b02f068bfaa66938c20a9cdf85953490eac06d90e8a986d5be6d660d4d8e7488a7fa43ca27fe85afbaf59bac6a187a2ee3e201647c2526c40d62c4a99b4acb79b9f50b3181a706253d527fe83278ba39152d3b3e7414573c2b99560ca4549a5e8639d180d54db46822a433494a1d6c4d9a53889dbf972caf78df3584f2e52e1a989082a75bde19bad2b7013449e8f22af452937c7b676dbfe5844a9fb1d9fb973d261750ef560d40365598b974398ceffc1d72a44a012856da59d0ac3bb500c87debcaf23b009b53cb507d0771322a75c12ff9a4321437a73b34106b5d84b9637d73ad2a43663af35906ee7d79fa6cf446938c5b402bfb671843f1f3953e887ee182d3664dc1aa507e17aafe759d0cd7f5a9fb54f1a5decf4462f5a7b53eeed4fb703435eaabd6076026f81869da429605dd932748bef4690a265dec2f834ef0ec527e6aace893623396437b2225ac41a38a6d974", 0x1000}, {&(0x7f0000000200)="242d3ef9952c7a8ad2d0d93c6b83571be86255383a35992bb0c6c48fd205ab16ac2e09c491b12718aa96e4831ed27a2e4ca84a2b704971ee757741", 0x3b}, {&(0x7f0000000240)="1901bcc00b26c04ecb181ba5ec1caf19ea407548b9e1c264f7ba1a669f7b3daa1c47fac488625b2f00003fa4ece0bdae5a80e08314881688521301c5f0931d5fbd55ebc8dc29f7e45e58eb88e8586e9ccec9fcd6e153502232bb8a7b659a85947dac0da5fc6ee3626b894413bfe4206e2d46f81901a3013f9ad4e7", 0x7b}], 0x5) mmap(&(0x7f00002a4000/0x4000)=nil, 0x4000, 0x1800007, 0x12, r2, 0xffffc000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x4052, r0, 0x0) r3 = openat$cgroup_ro(r1, &(0x7f0000000080)='cpuset.memory_pressure_enabled\x00', 0x0, 0x0) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f00000000c0)={@empty, 0x7, 0x1, 0xff, 0x2, 0x3000, 0x3ff}, &(0x7f0000000100)=0x20) sendfile(0xffffffffffffffff, r0, &(0x7f0000000140)=0x1, 0x2) 03:40:37 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, 0x0, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) [ 844.255835][ T3186] ref_ctr increment failed for inode: 0x4f0 offset: 0x0 ref_ctr_offset: 0xfffffff6 of mm: 0x00000000199b7663 [ 844.255998][ T3188] ref_ctr increment failed for inode: 0x4fb offset: 0x0 ref_ctr_offset: 0xfffffff6 of mm: 0x00000000732779ec [ 844.279967][ T3186] ref_ctr increment failed for inode: 0x4f0 offset: 0x0 ref_ctr_offset: 0xfffffff6 of mm: 0x00000000199b7663 03:40:37 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000f0ffffff2c003480"], 0x60}}, 0x0) 03:40:37 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000000c0)={[{@rlog_wakeup_cnt}], [], 0xff}) 03:40:37 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x1f00, 0x0, 0x0) [ 844.356917][ T3212] incfs: Options parsing error. -22 03:40:37 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x8000000, 0x0, 0x0, 0x0) 03:40:37 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000feffffff2c003480"], 0x60}}, 0x0) 03:40:37 executing program 3: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) perf_event_open(&(0x7f00000002c0)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0xfffffff6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', 0x0, 0x0) write(r0, &(0x7f0000000040)="80", 0x1) mmap(&(0x7f00002a4000/0x4000)=nil, 0x4000, 0x1800007, 0x12, r1, 0xffffc000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000000)="fc0000001d000724ab09254ec100070007ab08001b000000f0ffff002100057e0000000000000e000039000000039815fad151ba0101099cecb94b46fe0000000a00020025", 0xffffff0c) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000010d00)=ANY=[@ANYBLOB="900601002d000105", @ANYBLOB], 0x10690}}, 0x0) splice(r3, 0x0, r2, 0x0, 0x1, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x10003, 0x2, 0x2, 0x1000, &(0x7f00002a5000/0x1000)=nil}) 03:40:37 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, 0x0, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) [ 844.390169][ T3225] ref_ctr increment failed for inode: 0x4f8 offset: 0x0 ref_ctr_offset: 0xfffffff6 of mm: 0x00000000cb928214 [ 844.411114][ T3225] ref_ctr increment failed for inode: 0x4f8 offset: 0x0 ref_ctr_offset: 0xfffffff6 of mm: 0x00000000cb928214 03:40:37 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) creat(&(0x7f0000000180)='./file0/file0\x00', 0xa8) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="726c67675f77616b656e741f30303030301030303032303030303030303030302c00"]) [ 844.471605][ T3249] incfs: Options parsing error. -22 03:40:37 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x3800, 0x0, 0x0) 03:40:37 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) 03:40:37 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f000000000000000000000000000004003480"], 0x60}}, 0x0) 03:40:37 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, 0x0, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) 03:40:37 executing program 3: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) perf_event_open(&(0x7f00000002c0)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0xfffffff6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', 0x0, 0x0) write(r0, &(0x7f0000000040)="80", 0x1) mmap(&(0x7f00002a4000/0x4000)=nil, 0x4000, 0x1800007, 0x12, r1, 0xffffc000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x4052, r0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(r0, 0x40082102, &(0x7f0000000080)) [ 844.523888][ T3271] netlink: 67180 bytes leftover after parsing attributes in process `syz-executor.3'. [ 844.540459][ T3274] netlink: 67180 bytes leftover after parsing attributes in process `syz-executor.3'. 03:40:37 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f000000000000000000000000000008003480"], 0x60}}, 0x0) 03:40:37 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x4000, 0x0, 0x0) 03:40:37 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x100) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000000c0)={[{@rlog_wakeup_cnt}]}) [ 844.596846][ T3279] incfs: Options parsing error. -22 [ 844.603051][ T3287] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.0'. 03:40:37 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140), 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) 03:40:37 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000feffffff2c003480"], 0x60}}, 0x0) [ 844.681729][ T3404] ref_ctr increment failed for inode: 0x4f1 offset: 0x0 ref_ctr_offset: 0xfffffff6 of mm: 0x000000000096866e [ 844.695030][ T3404] ref_ctr increment failed for inode: 0x4f1 offset: 0x0 ref_ctr_offset: 0xfffffff6 of mm: 0x000000000096866e [ 844.707423][ T3405] ref_ctr increment failed for inode: 0x4f1 offset: 0x0 ref_ctr_offset: 0xfffffff6 of mm: 0x000000000096866e 03:40:37 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) listen(r0, 0x12) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) listen(r1, 0x12) connect$inet(r1, &(0x7f0000000100)={0x2, 0x4e22, @rand_addr=0x64010101}, 0x10) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e23, @empty}, 0x10) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) perf_event_open(&(0x7f00000002c0)={0x6, 0x80, 0x0, 0x46, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x40b22, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', 0x0, 0x0) write(r2, &(0x7f0000000040)="80", 0x1) ioctl$F2FS_IOC_MOVE_RANGE(r3, 0xc020f509, &(0x7f0000000080)={r3, 0xfffffffffffffffe, 0x7, 0x5}) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) mmap(&(0x7f00002a4000/0x4000)=nil, 0x4000, 0x1800007, 0x12, r3, 0xffffc000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x4052, r2, 0x0) 03:40:37 executing program 2: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) r1 = perf_event_open(&(0x7f00000002c0)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0xfffffff6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', 0x0, 0x0) write(r0, &(0x7f0000000040)="80", 0x1) mmap(&(0x7f00002a4000/0x4000)=nil, 0x4000, 0x1800007, 0x12, r2, 0xffffc000) r3 = fcntl$dupfd(r2, 0x406, r1) read$FUSE(r3, &(0x7f0000000340)={0x2020}, 0x2020) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x4052, r0, 0x0) [ 844.738711][ T3410] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.0'. 03:40:37 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x4041, 0x0, 0x0) 03:40:37 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140), 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) 03:40:37 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000200002c003480"], 0x60}}, 0x0) 03:40:37 executing program 1: r0 = syz_open_procfs$userns(0x0, &(0x7f0000000080)) io_cancel(0x0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x8, 0xff, r0, &(0x7f0000000180)="c26fe8b37aa8718a0f196b640790b0b13a1880c2311e1f2908b1f9b34c2466e80c65c8e7d28b56755c4dc3f98d52c62e3961d44cbf0e5fa91680c4d1ba71de0a5b150896b7323f492b2479135a550856f774ab71509c0b4769649fba08db86", 0x5f, 0x8, 0x0, 0x1}, &(0x7f0000000240)) syncfs(0xffffffffffffffff) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000000c0)={[{@rlog_wakeup_cnt}]}) 03:40:37 executing program 3: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', 0x0, 0x0) write(r0, &(0x7f0000000040)="80", 0x1) r2 = accept$inet6(r1, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, &(0x7f0000000180)=0x1c) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000200)=@raw={'raw\x00', 0x9, 0x3, 0x2f0, 0x110, 0xffffffff, 0xffffffff, 0x110, 0xffffffff, 0x220, 0xffffffff, 0xffffffff, 0x220, 0xffffffff, 0x3, &(0x7f00000001c0), {[{{@ipv6={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @dev={0xfe, 0x80, '\x00', 0x15}, [0x0, 0xffffff00, 0xff, 0xffffffff], [], 'lo\x00', 'veth0_to_bond\x00', {0xff}, {0xff}, 0x3a, 0x2, 0x2, 0x4}, 0x0, 0xa8, 0x110}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x10, 0x3ff, 0xfffffff8, 0x7, 'netbios-ns\x00', 'syz0\x00', {0x9fc}}}}, {{@uncond, 0x0, 0xa8, 0x110}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x2, 0x9, 0xffff, 0x0, 'syz1\x00', 'syz1\x00', {0x9}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x350) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000080), 0x10000, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000580)={[0x9, 0x5, 0xfffffffffffffff8, 0x3c, 0x3, 0x1f, 0x80000001, 0x8, 0x9, 0x800, 0x82d, 0xbaa, 0x0, 0x6, 0x9f, 0x3f], 0x4, 0x800}) mmap(&(0x7f00002a4000/0x4000)=nil, 0x4000, 0x1800007, 0x12, r1, 0xffffc000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x4052, r0, 0x0) dup3(r1, r1, 0x0) 03:40:37 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140), 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) 03:40:37 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000300002c003480"], 0x60}}, 0x0) [ 844.804365][ T3485] ref_ctr increment failed for inode: 0x500 offset: 0x0 ref_ctr_offset: 0xfffffff6 of mm: 0x0000000077e452e3 [ 844.820196][ T3521] ref_ctr increment failed for inode: 0x500 offset: 0x0 ref_ctr_offset: 0xfffffff6 of mm: 0x0000000077e452e3 03:40:37 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x4140, 0x0, 0x0) 03:40:37 executing program 2: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000180)=0x1, 0x9) perf_event_open(&(0x7f00000002c0)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0xfffffff6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', 0x0, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000280)='./file0\x00') creat(&(0x7f0000000080)='./bus\x00', 0x0) r2 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0) r3 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x2008002) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffbfffffffff, 0xffffffffffffffff, 0x0) lseek(0xffffffffffffffff, 0x8, 0x1) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r2, 0x0) r4 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r4, 0x11b, 0x4, &(0x7f00000001c0)={&(0x7f0000000000)=""/5, 0x300000, 0x1000}, 0x20) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write(r0, &(0x7f0000000040)="80", 0x1) mmap(&(0x7f00002a4000/0x4000)=nil, 0x4000, 0x3000007, 0x12, r1, 0xffffc000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x4052, r0, 0x0) [ 844.878876][ T3544] ref_ctr increment failed for inode: 0x4f8 offset: 0x0 ref_ctr_offset: 0xfffffff6 of mm: 0x00000000735d4d51 03:40:37 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) 03:40:37 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000400002c003480"], 0x60}}, 0x0) 03:40:37 executing program 3: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) sendfile(r1, r0, &(0x7f00000000c0)=0x1, 0x5) perf_event_open(&(0x7f00000002c0)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp, 0x10, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', 0x0, 0x0) write(r0, &(0x7f0000000040)="80", 0x1) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r0) mmap(&(0x7f00002a4000/0x4000)=nil, 0x4000, 0x1800007, 0x12, r2, 0xffffc000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x4052, r0, 0x0) r3 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000080), 0x800, 0x0) fcntl$getflags(r3, 0x1) 03:40:37 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x7e80, 0x0, 0x0) 03:40:37 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)=@gettaction={0x88, 0x32, 0x400, 0x70bd25, 0x25dfdbfc, {}, [@action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x101}, @action_gd=@TCA_ACT_TAB={0x6c, 0x1, [{0xc, 0xe, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x37940000}}, {0x10, 0x10, 0x0, 0x0, @TCA_ACT_KIND={0xc, 0x1, 'skbedit\x00'}}, {0xc, 0x15, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x9}}, {0x14, 0x0, 0x0, 0x0, @TCA_ACT_KIND={0xd, 0x1, 'connmark\x00'}}, {0x10, 0x15, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'csum\x00'}}, {0xc, 0x12, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x7ff}}, {0x10, 0x1f, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'sample\x00'}}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x8c0}, 0x10) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000000c0)={[{@rlog_wakeup_cnt}]}) 03:40:37 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000500002c003480"], 0x60}}, 0x0) 03:40:37 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) 03:40:37 executing program 2: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) perf_event_open(&(0x7f00000002c0)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0xfffffff6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', 0x0, 0x0) write(r0, &(0x7f0000000040)="80", 0x1) mmap(&(0x7f00002a4000/0x4000)=nil, 0x4000, 0x1800007, 0x12, r1, 0xffffc000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x4052, r0, 0x0) r2 = syz_open_dev$vcsa(&(0x7f0000000080), 0x6, 0x80001) r3 = gettid() ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x40) ptrace$setregs(0xd, r3, 0x0, &(0x7f0000000080)) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100)={0x0}, &(0x7f0000000140)=0xc) r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000008440), 0x0, 0x0) read$FUSE(r5, &(0x7f0000000040)={0x2020, 0x0, 0x0, 0x0}, 0x2020) setreuid(0xee00, r6) sendmsg$nl_generic(r2, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB="340400002600040026bd7000fcdbdf250a000000ec000580d8003500a1b7c11cb5246950e32a488b732977fc7d6cde7032f8aa408f4fbcb1de1db183bd7cbb77ff2092c8e34de6ac9272d02d613a52f1f5517187bb3f59109d00d7a9b48972d99b47270fb4aca7138256d0fb62d0cb04874c3bc0f6611523c4f85f1aaaeecaf5db2e06d32185a0039526c10188386c1482635733805ed01c91a94cb4543590a4f19b3418710fb0b508128cd0f106d3499cc568b57f1c5d58ddff7d81ee81512c3c2169d41522f3f86179983b2d4189f63d4f378c9d1659b390a71577ec99134c83a7f831a040920026fbb92567ee1ead08004400", @ANYRES32=r3, @ANYBLOB='o\x00X\x00', @ANYRES32=r4, @ANYBLOB="6d012780c3004300823df4bd39e3ce0948cfb3e3dd584a186b9ed718e0fad82a20b48b55b8cceb4cd1ae84b62914004b21eea0c3bc99fced67786a9418c589731a0f39b62eba945744fdc2383962fb80ce641f25af308deaeba28f06ae5ab3ba54ff829d35483078e9022ba267840ec77ef41e89f6487ceb0e387258adcf5278b6de4102083d8af83262bbdcc00d07e64c1591cd764f815a63efe02415d386b3ceb6867a952ddda42c88b85e87a2c2a0492caea71028ac1482f2400001101c4944de238986d6b900384514557ab7c8ee402933ba32328c7bee3de4c3626d836eaddc2acac1915fb9c4b5fb419bd88f8723440353e27f20a07dd7d45bfd1f4eb301b61e9ebe71ca30763bc0b4607356a44c4d7aacef608f040133b2a2e0eb22cc2adfa94d3a9118aa9f4c1f6854f5d0a1df4d74a99c64281d492707c74c91eda32938758a49e785bff599f7460f12e5ec14cdf031a21637ae679566ce9d892ae87b5c982bffc81997f6a0780810000000c2012680c4b6dd04da183afa1f8959ad95507727a18a41612ca3ff1b062b809f4b3b80ba598f404abc1e3dd1c978ccd95b5eac4e7a2c07819a7425cbbc6a8cc48ac7b65b00f8acabdcacfcd44e5846f2d1d814130e6989d2261f98cea94f1acc956a094310094fb4121d238514241d274be1a0cdc92e64932b6d538727f7267fdf696f22313efac21c1178f6a3489854c6b4528a98c7f16cab63111f40f68ec140e7660957f0ac3a085ffa04b172412ba362aef38060800797cb4eb089d6a3d7acd103b1b734585b8a1929609b0d105fa7f392a636e3545b73a9905c25178a6c489ae5b8a5ada3bd08004f00", @ANYRES32=r6, @ANYBLOB="767d3417bf4b9746ac3614c75a925d80023c07f3bdfb392d3ebb5192fd3411c4ce0a3779e6cbb6c4e60b7d4ff9ecffd3c6557333226d63a0d908a3d264eec89fe49daaf6b225a38b7921a8b51656794c6b376a4031294eb6b9b145e2e4660d29e970f645a8386c74df8d3b46107b01614549adae58e2bb893bdb0146c41aac20e0ec9761326dec31ab9e28dc302e5653aa386c10b85a48df43d643aff9b9bcd429a4a3c58abe07a634adb086f422100a2c3fffdc5ef6209f7206cabbf359d5910a811cf2dc66316da1ade06618dc26a2cba70000"], 0x434}}, 0x800) recvmmsg(r1, &(0x7f0000004540)=[{{&(0x7f0000002080)=@l2={0x1f, 0x0, @fixed}, 0x80, &(0x7f0000004400)=[{&(0x7f0000002100)=""/4096, 0x1000}, {&(0x7f0000003100)=""/12, 0xc}, {&(0x7f0000003140)=""/48, 0x30}, {&(0x7f0000003180)=""/152, 0x98}, {&(0x7f0000003240)=""/4096, 0x1000}, {&(0x7f0000004240)=""/15, 0xf}, {&(0x7f0000004280)=""/189, 0xbd}, {&(0x7f0000004340)=""/158, 0x9e}], 0x8, &(0x7f0000004480)=""/138, 0x8a}, 0x9}], 0x1, 0x0, &(0x7f0000004580)={0x0, 0x989680}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000010d00)=ANY=[@ANYBLOB="900601002d000105", @ANYBLOB], 0x10690}}, 0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000045c0), 0xffffffffffffffff) 03:40:37 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000600002c003480"], 0x60}}, 0x0) 03:40:37 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x807e, 0x0, 0x0) [ 845.060356][ T3701] ref_ctr increment failed for inode: 0x4ee offset: 0x0 ref_ctr_offset: 0xfffffff6 of mm: 0x00000000aea75827 [ 845.073806][ T3631] ref_ctr increment failed for inode: 0x4f2 offset: 0x0 ref_ctr_offset: 0xfffffff6 of mm: 0x0000000011094d52 03:40:37 executing program 3: ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) perf_event_open(&(0x7f00000002c0)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', 0x0, 0x0) write(r0, &(0x7f0000000040)="80", 0x1) mmap(&(0x7f00002a4000/0x4000)=nil, 0x4000, 0x1800007, 0x12, r1, 0xffffc000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x4052, r0, 0x0) 03:40:37 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200), 0x1010000, 0x0) chdir(&(0x7f0000000080)='./file0\x00') mount$incfs(&(0x7f0000000240)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="6e743d3030ffffff7f303030b4fbc23b2781745b302f302c00"/35]) 03:40:37 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) 03:40:37 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000700002c003480"], 0x60}}, 0x0) 03:40:37 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x20000, 0x0, 0x0) 03:40:37 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c100800080001400400", 0x22}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) 03:40:37 executing program 3: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) r1 = perf_event_open(&(0x7f00000002c0)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0xfffffff6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r0, &(0x7f0000000080), 0x7) write$cgroup_int(r0, &(0x7f00000000c0), 0x12) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', 0x0, 0x0) write(r0, &(0x7f0000000040)="80", 0x1) mmap(&(0x7f00002a4000/0x4000)=nil, 0x4000, 0x1800007, 0x12, r2, 0xffffc000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x4052, r0, 0x0) 03:40:37 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000900002c003480"], 0x60}}, 0x0) 03:40:37 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) [ 845.203783][ T3838] ref_ctr increment failed for inode: 0x4eb offset: 0x0 ref_ctr_offset: 0xfffffff6 of mm: 0x0000000074ba6f35 [ 845.222219][ T3836] ref_ctr increment failed for inode: 0x4ea offset: 0x0 ref_ctr_offset: 0xfffffff6 of mm: 0x00000000f3b3306d 03:40:37 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x40000, 0x0, 0x0) 03:40:38 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, &(0x7f0000000000)="fc0000001d000724ab09254ec100070007ab08001b000000f0ffff002100057e0000000000000e000039000000039815fad151ba0101099cecb94b46fe0000000a00020025", 0xffffff0c) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000010d00)=ANY=[@ANYBLOB="900601002d000105", @ANYBLOB], 0x10690}}, 0x0) splice(r1, 0x0, r0, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000006f80)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000006f40)={&(0x7f0000000180)=@delchain={0x6d90, 0x65, 0x8, 0x70bd2a, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0xfff7, 0x8}, {0x5, 0x19}, {0x6, 0x5}}, [@filter_kind_options=@f_fw={{0x7}, {0x6c3c, 0x2, [@TCA_FW_ACT={0x6c14, 0x4, [@m_skbmod={0xfc, 0xf, 0x0, 0x0, {{0xb}, {0x6c, 0x2, 0x0, 0x1, [@TCA_SKBMOD_DMAC={0xa, 0x3, @random="2bab035f3e1b"}, @TCA_SKBMOD_SMAC={0xa}, @TCA_SKBMOD_DMAC={0xa, 0x3, @multicast}, @TCA_SKBMOD_ETYPE={0x6, 0x5, 0xfff}, @TCA_SKBMOD_PARMS={0x24, 0x2, {{0xffffffff, 0x9, 0x10000003, 0x1, 0x1d}, 0xb}}, @TCA_SKBMOD_SMAC={0xa, 0x4, @remote}, @TCA_SKBMOD_SMAC={0xa, 0x4, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x44}}]}, {0x66, 0x6, "b09c8c038f4aaa1ce665ac6b75f7e462d03a5d30469863b2ecae8f36cbb65d615fb4869e57ea8fd7501bdebbba7e8c57e3707eb9ff38d617dba33c0dcb51ab27bf75c0bb0a466691f98480a99d4e5ae28ab1572cbe9a2ee8360051212f6a9dfddc27"}, {0xc}, {0xc, 0x8, {0x1, 0x2}}}}, @m_mpls={0x98, 0x1f, 0x0, 0x0, {{0x9}, {0xc, 0x2, 0x0, 0x1, [@TCA_MPLS_PROTO={0x6, 0x4, 0x8884}]}, {0x64, 0x6, "accc86a05693fde3eaa00c365d5c721e13fb221c4c63f7f61fbb95788beba11a018292a487f1a6be9e6d2a3bc0f8619268542d18db42be3cf3da4d8ab4fae57bba8808005e07d93b9d00a4d6c22387ec6cb001064c84b9b6706b76ccded2bb3c"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x5}}}}, @m_gact={0x160, 0x9, 0x0, 0x0, {{0x9}, {0x4c, 0x2, 0x0, 0x1, [@TCA_GACT_PROB={0xc, 0x3, {0x0, 0x1e8f, 0x3}}, @TCA_GACT_PROB={0xc, 0x3, {0x2, 0xb47, 0x8}}, @TCA_GACT_PARMS={0x18, 0x2, {0x101, 0x6, 0x8, 0x401}}, @TCA_GACT_PARMS={0x18, 0x2, {0x7, 0x5f3d, 0x1, 0x20}}]}, {0xea, 0x6, "f7aa1d4cbe425e98423f8444ed2dce68b0a5ba4cb7b24350198f265c7f84bafa9b83fff1e9bfb7105926449996f2c2bf1cee571dbb1d31b7a20ed20b87037bb6340c4b5fbed6e25719a646a02dd6b20e309a0f3254a0a87e94cf81c583c607152e09955553361547f13418bb8ea84b064c63937c1ec7c1143ac3994571ca55afe6d72ff89af905e225086397e7bf9bc8ae84872e98ddc087ad8978bc8d3a949c37ed6d0cbbf1de866f59ce20ab76421ccb7753843fba5f1f2140008dad724cccb6754807741fce7730e9ca1b1cc0d95d6b43e01f5f64a9f77fbafdc806c8f7e4ce89b2cd4021"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_police={0x1eb8, 0x2, 0x0, 0x0, {{0xb}, {0x1e88, 0x2, 0x0, 0x1, [[@TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x100000000}, @TCA_POLICE_RATE={0x404, 0x2, [0xffffffff, 0x1, 0x10001, 0x3, 0x8, 0x8, 0x1ff, 0x3f, 0xdaa8, 0x7, 0x1, 0x80000000, 0x1, 0x4, 0x0, 0xfffffc00, 0x3, 0x200, 0x7f, 0x0, 0x3f, 0x10000, 0x2, 0x2, 0x3, 0x8, 0x8, 0x761, 0x1, 0x9, 0x6f6, 0x8, 0x4, 0x4, 0x2, 0x3, 0xffff, 0x8, 0x0, 0x1, 0x0, 0x1c9, 0x5, 0x5, 0x4, 0xaf, 0x9, 0x1, 0xdea, 0xe2f, 0xa57, 0x1, 0x3, 0x3, 0x1, 0x5, 0x2, 0x8001, 0x672c6f4a, 0x9, 0x0, 0x9, 0x0, 0x6, 0x1, 0x0, 0x6, 0x40000000, 0x7, 0x2, 0x6, 0xffffe205, 0xfc, 0x200, 0xfff, 0x4, 0x5, 0x5, 0xfffffffd, 0x2, 0xc368, 0x4, 0x1, 0x7fffffff, 0x8, 0x8, 0x8, 0x3, 0x10001, 0x2, 0x1, 0x7dfa, 0x734, 0x2, 0x9ab, 0x0, 0x4, 0x6, 0x80, 0x4, 0x0, 0xfffffffa, 0x0, 0x1, 0x80000000, 0x393, 0x3, 0x7, 0x2, 0x8, 0x2, 0x1, 0x5, 0x3, 0x9, 0x5, 0xffff, 0x6, 0x1fc0000, 0x0, 0x1f, 0xe20, 0x4e6, 0xffffff80, 0xffff, 0x2540000, 0x8, 0x0, 0x20, 0x0, 0xfc, 0x2, 0x80000001, 0x4, 0x81, 0x7, 0x8, 0x2, 0x0, 0x5, 0x6, 0x5, 0x2762, 0x4, 0x7fffffff, 0xfffffffa, 0x4, 0x4, 0x3, 0xffffffff, 0x10000, 0x9, 0x81, 0x5, 0x65ef, 0x0, 0x4, 0xfffffffb, 0xffffff7f, 0x8, 0x1, 0x3, 0x3, 0x9, 0x6, 0x0, 0x3ff, 0xffff, 0xe5e6, 0x400, 0x79, 0x1c7, 0x0, 0x4, 0x0, 0x3, 0x31, 0x5, 0x10001, 0x1, 0x100, 0x6, 0xfffffffd, 0x80, 0xc22, 0x1, 0x0, 0x3, 0x7, 0x100, 0x2, 0x0, 0x9c, 0x6, 0x3, 0x2, 0x7fffffff, 0xfffffff8, 0x3, 0xc2, 0x9, 0xd8c, 0x6, 0x78, 0x0, 0x4, 0x7, 0x2558, 0x7, 0x8, 0x8, 0x7f, 0x5, 0x4, 0x84, 0xfa93, 0x4, 0x800, 0x2, 0x3, 0x7, 0x1, 0x80000001, 0x1f, 0x7f, 0x6, 0xdfa2, 0x6, 0xfff, 0x2, 0x1, 0x6, 0xffff0000, 0xfffffffa, 0xff, 0x400, 0x9, 0x8, 0x8, 0x0, 0x2bd91b86, 0x0, 0x8, 0x0, 0x80000000, 0x5, 0x1ff, 0xd4e, 0x3df, 0x1, 0x4, 0x800, 0x0, 0xb6df, 0xb4, 0x7]}, @TCA_POLICE_AVRATE={0x8, 0x4, 0xcfe}, @TCA_POLICE_RESULT={0x8, 0x5, 0x8}], [@TCA_POLICE_RATE={0x404, 0x2, [0x4, 0x8, 0x42, 0x8, 0x7, 0x101, 0x3, 0x3, 0x3ff, 0x67, 0x9, 0x1, 0x1ff, 0x1, 0x0, 0xa0, 0x1, 0x6, 0x8000, 0x7, 0x3f, 0x8, 0x7, 0x9, 0x1, 0xf72, 0x3ff, 0x80, 0x4, 0x4, 0x8, 0x7b, 0x8, 0x1000, 0x5, 0x1, 0x1e43, 0xfffffff7, 0x800, 0x2, 0x0, 0x20, 0x6, 0x9, 0x7fffffff, 0x3, 0x100, 0x3, 0x8, 0xffffff80, 0x8, 0x3ff, 0x7, 0x7, 0xfffffffb, 0x4, 0x7fffffff, 0x4, 0x9d6b, 0x40, 0x7fff, 0x3, 0x1ff, 0xfffffffd, 0x3, 0x5d21abe8, 0x1, 0x0, 0x2, 0x5, 0x6, 0x1f, 0x7, 0x6, 0x7, 0x3, 0x3, 0xf2c, 0x7, 0x1000, 0x7, 0x731b, 0x8001, 0x2b, 0x2, 0x7fffffff, 0x8, 0xfffffffa, 0x3, 0x5, 0x200, 0x6ae, 0x6, 0x8681, 0x7a01, 0x144, 0x9, 0x8, 0x8, 0x4, 0x1, 0x3ff, 0x1, 0x8, 0x4, 0x6af, 0x8d, 0x6, 0x101, 0x1ff, 0x0, 0x8000, 0x5, 0xff, 0x10000000, 0x3, 0x7, 0xc9, 0x5, 0x5, 0x4, 0x6, 0x1025, 0xfffffffa, 0x7f, 0xfffffffb, 0x9, 0x9, 0x8, 0x7fffffff, 0x0, 0x1, 0x9, 0x8d7, 0x1, 0x0, 0x2, 0x8214, 0xa1b2, 0x1, 0x140, 0x8, 0x5, 0x9, 0x0, 0x4, 0x10001, 0x576, 0x60b, 0xffff, 0xffff55b1, 0xddf4, 0x7, 0x1, 0x400, 0x5, 0x49, 0x2, 0x8000, 0x1, 0x5e, 0x9, 0x3, 0x4, 0x5, 0x2d781514, 0x2, 0xe2, 0xb3, 0x3, 0x6, 0x9, 0x6, 0x80000001, 0x9, 0x6, 0x9, 0x7fffffff, 0x3, 0x6, 0xff, 0x6b4, 0xfffffffe, 0x34b, 0x0, 0x5, 0x5, 0x7f, 0xb8d, 0x5, 0x1, 0x5, 0x12, 0x6d3, 0x2e9, 0x80, 0x7fff, 0x7, 0x4, 0xa9, 0x1893, 0xfffffe01, 0x80, 0x3d233b66, 0x9, 0x3, 0x2, 0x8, 0xffff0fb5, 0x7fffffff, 0x2, 0x2, 0x0, 0x200, 0x401, 0xc0d, 0x5e8b, 0x1, 0x6, 0x6f, 0x7, 0x3f, 0x9, 0x1, 0x7, 0x88, 0x6, 0x7fff, 0x6f0a, 0x2ec0062e, 0x4, 0x80, 0x3, 0x0, 0x400, 0x0, 0x4, 0x1f, 0xfffffffd, 0x7fff, 0x7f, 0xa7, 0x1, 0x3, 0x2, 0x7, 0x73c800, 0x6, 0x8001, 0x2, 0x80000000, 0x10000, 0xc2a, 0x1, 0x3, 0x7]}], [@TCA_POLICE_RESULT={0x8, 0x5, 0x4}, @TCA_POLICE_AVRATE={0x8, 0x4, 0x53b}, @TCA_POLICE_RATE64={0xc, 0x8, 0x7}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x8001, 0xfffff0e7, 0xcaf, 0x401, 0x81, 0x9, 0x6, 0x6f58, 0xfffff001, 0xae9, 0x7f, 0x3, 0x1, 0x6, 0x9, 0x2, 0x5, 0x2, 0x73, 0x3, 0xff, 0xfe37, 0xf59b15a9, 0x9, 0xbc0, 0x7982, 0x9, 0x1ff, 0xa5961a56, 0xb0, 0x400, 0x401, 0x401, 0xdbd8, 0xfffffff8, 0x33a5, 0x2, 0xffffffff, 0x0, 0x0, 0x4, 0xb44a, 0x80000000, 0x401, 0x1, 0xffffffe1, 0x8, 0x80000001, 0x8, 0x2, 0x3, 0x5, 0x3, 0x6, 0x3, 0x8, 0x4, 0x4, 0x7, 0x7, 0x0, 0x3, 0x1, 0x1182dac5, 0x4, 0x8, 0x97, 0x7, 0x9, 0x8000, 0x2, 0x10001, 0x6, 0x0, 0x2, 0x4, 0x9, 0x0, 0x9bc4, 0x7fff, 0x200, 0x0, 0x38, 0x4, 0x1, 0x6e, 0x81, 0xfffffffd, 0x4, 0x19400, 0x4, 0x101, 0x107e, 0x2, 0xd78, 0x9, 0x5, 0x401, 0x0, 0x0, 0x6, 0x5670, 0x7, 0x80, 0x6, 0x1, 0x6, 0x6705623e, 0xfff, 0x1, 0x3, 0x4, 0xe9, 0x400, 0xffff39b8, 0x5, 0x0, 0x8, 0xfac6, 0x101, 0x3e00, 0x9, 0x5, 0x5, 0x5, 0xc1, 0x901, 0x5, 0x800, 0x7ff, 0x6, 0x1, 0x4, 0xdb9a, 0x8, 0x6, 0x9, 0x0, 0x0, 0x0, 0x9, 0x3, 0x80000000, 0x3f, 0x0, 0x7, 0x8, 0xffff, 0xb, 0x10000, 0x7, 0x0, 0x3ff, 0xe293, 0x2, 0x733, 0xd348, 0x100, 0x1, 0x2, 0x6, 0x5, 0xffffff7f, 0x0, 0x8001, 0x1e, 0x7fffffff, 0x7ff, 0x8, 0x53d, 0xc7eb, 0x100, 0x7, 0x2, 0x3, 0xb05, 0x9, 0x800, 0x6, 0x1, 0x9, 0x1, 0x6, 0xffff, 0x5, 0x10000, 0xb4f, 0xd5, 0x4, 0xfc, 0x8, 0x7fff, 0x0, 0x5, 0x0, 0x2, 0x1f, 0xd7a1, 0x6, 0x46c, 0x1, 0xd0f2, 0x401, 0x400, 0x4, 0x5, 0x960a, 0x0, 0x308, 0x8, 0x4, 0xb87, 0x2, 0x3ff, 0x1, 0x2548, 0x4, 0x1, 0x7fff, 0x8f4, 0x1ff, 0x8, 0x8, 0x8000000, 0x0, 0x0, 0x35af, 0x28e8, 0x10001, 0x9dca, 0x8, 0x8, 0x48, 0x7af, 0x3, 0xfffffff9, 0x3, 0x7, 0x2, 0x7, 0x1, 0x100, 0x3, 0x5, 0x40, 0x8, 0x1ff, 0x81, 0x9, 0x9, 0x9, 0x1, 0x1000, 0x80, 0xfffffffa, 0x80000001]}, @TCA_POLICE_AVRATE={0x8, 0x4, 0xfffffc01}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x78, 0x200, 0x9, 0x6, 0x98f, 0x29c, 0xff, 0x4924, 0x80000001, 0x0, 0x56, 0x7a37, 0xff, 0x0, 0x6, 0x4e7, 0x4, 0x0, 0xff, 0x8, 0xff, 0x9, 0x2, 0x2, 0x0, 0x36, 0x6, 0x376, 0x4, 0x401, 0x7, 0x4, 0x7fff, 0x4, 0x3c4a, 0x800, 0x4, 0x81, 0x0, 0x5, 0x5c88, 0x400, 0x6, 0x8, 0x7ff, 0x7, 0x0, 0x65, 0x3, 0x200, 0x5, 0x5, 0xffff8000, 0x0, 0x10001, 0x800, 0x3, 0x0, 0x7fffffff, 0x3ff, 0x8, 0x0, 0xffffffe1, 0x1, 0x0, 0x2f, 0x8, 0x0, 0x0, 0x0, 0xe98, 0x1, 0x7fff, 0x5, 0xa6, 0xffff0b1a, 0xe336, 0x9, 0x2, 0xfffffffa, 0x5, 0x8, 0x40, 0x80000001, 0xfffffffa, 0xc30, 0x101, 0x7, 0x0, 0x80, 0x80000000, 0x40, 0x0, 0x1000, 0x0, 0x2, 0xfff, 0xff, 0xfffff800, 0x7fff, 0x80, 0x2, 0x7e, 0x2, 0x7, 0x4, 0x0, 0x5, 0x27cf, 0x20, 0x8, 0x7ff, 0x2, 0x200, 0x400, 0x19, 0x30440000, 0x0, 0x8, 0x20, 0x3, 0x200, 0x3, 0x4, 0x10001, 0x1, 0x6, 0x73fa, 0x3, 0x80, 0xd5, 0x10000000, 0x200, 0x8001, 0x6, 0x81, 0x6, 0x9, 0x0, 0x20, 0x4, 0xfff, 0x0, 0xa44, 0x3, 0x157a51b4, 0x9, 0x7, 0x7, 0x9, 0x9, 0x5cf78400, 0x1f3, 0x7fffffff, 0xffffffff, 0x3, 0x800, 0x2, 0x2a, 0x76364775, 0x140, 0x1, 0x10000, 0x2, 0xbb549329, 0x4, 0x400, 0x3, 0x7, 0x8001, 0x1, 0xffffff0b, 0x3, 0x400, 0x2, 0x2558, 0x5, 0x7fffffff, 0x6a, 0x7fff, 0x1, 0x40, 0x6, 0x8, 0x6, 0xffffff0e, 0x5, 0x800, 0x8, 0xcdb, 0x81, 0x81, 0x7fffffff, 0x2, 0x5, 0x5, 0x20, 0x0, 0x1539, 0x7, 0x0, 0x2, 0xfffffff9, 0x6, 0x3, 0x1, 0x2, 0x0, 0x20, 0x3, 0x1, 0x5a4, 0x1, 0x8, 0xff800000, 0x4, 0x6, 0x8, 0x8001, 0x2, 0x81, 0x6, 0x9, 0x0, 0x0, 0x5, 0x4, 0x7fff, 0x4, 0x4, 0x2, 0x9, 0x6, 0x7f, 0x6, 0xc257cd50, 0x1000, 0x49, 0x2, 0x3, 0x8001, 0x100, 0x3ecc8001, 0x7, 0x1, 0xcef7, 0xffffff01, 0x8, 0x2, 0x9, 0xfff, 0x1, 0x3, 0x7, 0x7ff, 0xdbb]}, @TCA_POLICE_RATE64={0xc, 0x8, 0x208e}, @TCA_POLICE_TBF={0x3c, 0x1, {0x6, 0xf, 0x5, 0x3, 0x4, {0x7f, 0x2, 0x1000, 0x0, 0x0, 0xce9e}, {0x40, 0x1, 0x101, 0x400, 0x6, 0x2}, 0x4, 0x1000, 0xe9}}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x7, 0xe36, 0x72, 0x7, 0x1, 0x6, 0x7, 0x4, 0xffffff81, 0x1, 0xdce, 0x6, 0xf2, 0x1, 0x1, 0x5, 0x8, 0x6, 0x10001, 0xb3, 0x1, 0x9, 0x2, 0x590, 0x0, 0x7fffffff, 0x7, 0xffffff7f, 0x4, 0x80, 0x1ff, 0x9, 0x7, 0x7fff, 0xc3, 0x101, 0x5, 0x5, 0xb75, 0x1, 0x0, 0x2, 0x81, 0x5, 0x8, 0x1, 0x8, 0x200, 0x8e3, 0x80000001, 0x7, 0xfff, 0x401, 0x5, 0x9, 0x5, 0x0, 0x3, 0x5f5, 0x4, 0x2, 0x8, 0xfffffff8, 0x7, 0x0, 0x1, 0x5, 0x9, 0x3ff, 0x1f, 0x7, 0x3e42, 0x3, 0x3f, 0x4, 0x4, 0xfffffffe, 0x7, 0x8, 0x8, 0x1f, 0x1, 0x7ac, 0x3, 0xfffffffc, 0x9, 0xffff8001, 0x1, 0x1, 0x2, 0x1, 0x25, 0x0, 0x1, 0x7, 0x1, 0x6fee, 0x4, 0x80000001, 0x8, 0x101, 0x4, 0xff, 0x0, 0x9, 0x101, 0x7fffffff, 0xffffda89, 0x7, 0x8, 0x1, 0x5, 0x9, 0x0, 0x0, 0xec, 0x1, 0xf2f0, 0x7f, 0x9, 0x7fff, 0x8, 0x5, 0x39e, 0x1ff, 0x4, 0x9, 0x1, 0x1, 0x0, 0x5, 0x1, 0x3, 0x5821, 0x6, 0x4, 0x9, 0x3, 0x8001, 0x3, 0x1, 0x5, 0x80, 0x6, 0x5, 0x8000, 0x7ff, 0x5, 0x1, 0x9, 0x4, 0x4, 0x1, 0x81, 0x7, 0x3, 0x1, 0x3, 0x80, 0x3f, 0x3, 0x1, 0x5, 0x3, 0x1, 0x6, 0x9bc1, 0x7, 0x0, 0xffff1cb2, 0x1, 0x4, 0x17c, 0x7fffffff, 0xcfb7, 0xfffffe01, 0x3, 0x9, 0xf7, 0x4, 0x9, 0x6, 0x9, 0x77e3, 0x1, 0x6, 0x3, 0x6, 0xffff0001, 0x7, 0xe238, 0x7ff, 0x4, 0x3, 0x3f, 0x4, 0x3f, 0x9, 0xf8, 0x1, 0x5, 0x9, 0x3f, 0xaa, 0x80000001, 0x1, 0x4, 0x100, 0x1, 0x0, 0x1, 0x1, 0x40, 0x9, 0xfffffffe, 0x1000, 0x9, 0x1, 0x3, 0x3, 0x3, 0x7, 0xa5, 0x1, 0x9, 0x3, 0x4, 0x80, 0xfff, 0xffffffff, 0x10001, 0x7ff, 0xe583, 0x7f, 0x6, 0x8, 0x7, 0x3, 0x8, 0x80000001, 0x3, 0x0, 0x2, 0x7, 0x4dd61467, 0x200, 0x7, 0x6, 0x1ff, 0x101, 0xfffffff7, 0x10001, 0x95, 0x3, 0x4, 0x1000]}], [@TCA_POLICE_TBF={0x3c, 0x1, {0x3, 0x3, 0xffffffff, 0xfffff998, 0x9, {0x0, 0x1, 0x9f5, 0x6, 0x9, 0x5}, {0x0, 0x0, 0x1, 0x2, 0x8001, 0x8}, 0x1, 0x5, 0x308}}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x10001, 0x5, 0x1, 0xa54, 0xff, 0x1, 0x0, 0x7c7, 0x4, 0x1f, 0x509, 0x0, 0x1, 0x10000, 0x9, 0x6, 0xeb1, 0x16af, 0x4, 0x1, 0x6, 0xf7b, 0x8100, 0x7cd, 0x7, 0x3, 0x92, 0x52, 0x7fff, 0x1, 0x0, 0x5, 0x5, 0x6000, 0x20, 0x7ff, 0x3, 0xffffffff, 0x7, 0x7, 0x8, 0x9b, 0x6, 0x0, 0x80000001, 0x101, 0xc7, 0x0, 0x3, 0x7fff, 0x8, 0x39, 0x101, 0xff, 0x8, 0x1, 0x9, 0x2, 0x4, 0x3, 0x7, 0x5, 0x0, 0x8, 0x3, 0xfff, 0x3, 0xa0000, 0x0, 0xffffff80, 0x9, 0x2, 0xfffffff8, 0xfffffff9, 0x0, 0x5, 0x9, 0x0, 0x10000, 0xf1a, 0x0, 0x8, 0x20, 0x7, 0x7fffffff, 0x1, 0x10001, 0x3, 0xff, 0x1, 0x9, 0x9, 0x0, 0xfffffbff, 0x10000, 0x3f, 0x9d, 0x6, 0x5, 0x3de, 0x84, 0x8, 0x9, 0x4, 0x80000001, 0x6, 0x7, 0x7fff, 0x8, 0xae, 0x3, 0x3, 0x20, 0x80000000, 0x2, 0x8c2, 0x5, 0xe005, 0x4, 0x0, 0x1, 0x8, 0x8, 0x5, 0x8, 0x800, 0x6b3c, 0x9, 0x80000001, 0x7f, 0xff, 0x3d, 0x5, 0x6, 0x1ff, 0x7fff, 0xcf, 0x5, 0x2, 0x1, 0x1ff, 0x1ff, 0x8001, 0x9, 0x3, 0xffffff1a, 0x800, 0xdc64, 0x7f, 0x80, 0x6, 0x18000000, 0xfffffff8, 0xe092, 0x3, 0xb6c2, 0x80000001, 0x6, 0x8, 0x0, 0x101, 0x3, 0xeed, 0x3, 0x1f, 0x1, 0x5, 0xbd33, 0x10001, 0x7, 0x948, 0x70, 0x98, 0x2499, 0x0, 0x9, 0x2, 0x7, 0xb22, 0x10001, 0x6, 0x7, 0x5, 0x0, 0x8000, 0x1, 0x1, 0x6f8, 0x5, 0x898, 0x20, 0x0, 0x9, 0x1, 0x3, 0xffffff80, 0x8000, 0x6, 0x9, 0x401, 0x80, 0x7, 0x5, 0x32fa, 0x81, 0x401, 0x9, 0x9, 0x8, 0x5, 0x1, 0x63, 0x70f, 0xa59, 0x0, 0x1, 0x5, 0x20, 0xffffff80, 0x3, 0x0, 0x288, 0x7, 0x8, 0x0, 0x6, 0x800, 0x1, 0x80000000, 0x1, 0x1, 0x3, 0x480, 0x8, 0x0, 0x7, 0x3ff, 0x8001, 0x4, 0xf362, 0x1, 0x4, 0x8, 0x7, 0x7ff, 0x8, 0x1, 0x7ff, 0x5, 0x5, 0x1f, 0x4, 0x6, 0x7, 0x8, 0x1]}], [@TCA_POLICE_RESULT={0x8, 0x5, 0x80000000}, @TCA_POLICE_RESULT={0x8, 0x5, 0xdfe1}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x6}, @TCA_POLICE_TBF={0x3c, 0x1, {0x1, 0x7, 0x6, 0x8, 0x8, {0x3, 0x2, 0x400, 0xff, 0x4, 0x20}, {0x4e, 0x2, 0x7ff, 0x6, 0x1, 0xfff}, 0x7fff, 0xfff, 0x9f}}, @TCA_POLICE_RESULT={0x8, 0x5, 0x200000}, @TCA_POLICE_RESULT={0x8, 0x5, 0xc67f}], [@TCA_POLICE_TBF={0x3c, 0x1, {0x5, 0x10000000, 0x6, 0x0, 0x1000, {0x4, 0x1, 0x81, 0x4, 0x3ff, 0x401}, {0x1, 0x0, 0x2, 0x1, 0x1, 0x296e}, 0x81, 0x100, 0x41}}], [@TCA_POLICE_RESULT={0x8, 0x5, 0x9}, @TCA_POLICE_AVRATE={0x8, 0x4, 0x1}, @TCA_POLICE_RESULT={0x8, 0x5, 0x3}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x8}, @TCA_POLICE_RESULT={0x8, 0x5, 0xfffffffd}, @TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x8, 0x400, 0x9, 0x8001, {0x20, 0x1, 0x5e, 0x7fff, 0x5, 0x7f}, {0x3, 0x0, 0xffff, 0x800, 0x7fff, 0x2}, 0x8, 0xd53a, 0x1}}, @TCA_POLICE_RATE64={0xc, 0x8, 0x3436}, @TCA_POLICE_TBF={0x3c, 0x1, {0x8, 0x4, 0x10000, 0x193f, 0xfffffffd, {0x5c, 0x1, 0x3, 0x1, 0x8c22}, {0x1, 0x2, 0x1, 0x1000, 0xcb90, 0x40}, 0x43, 0x200, 0x5}}, @TCA_POLICE_TBF={0x3c, 0x1, {0x6, 0x10000000, 0x80000001, 0x20, 0x0, {0x6, 0x0, 0x1000, 0x3, 0x5, 0xd9d6}, {0xf4, 0x2, 0x5, 0x6, 0x2, 0x7f}, 0x6, 0xfd, 0x1f}}], [@TCA_POLICE_RATE64={0xc, 0x8, 0xfffffffffffffff9}, @TCA_POLICE_AVRATE={0x8, 0x4, 0x6}, @TCA_POLICE_RATE={0x404, 0x2, [0x4000, 0x661e, 0x2, 0x7, 0x5, 0x81, 0x0, 0x7fffffff, 0x2, 0xe4, 0x9, 0x2, 0x80, 0x7ff, 0x6e8, 0x6, 0x57a9, 0xdd, 0x1, 0x3, 0xd3, 0xff, 0x9, 0x7, 0x9, 0x5, 0x6, 0xfdeb, 0xfffffffb, 0xfffffffd, 0x3, 0x227, 0x1, 0x0, 0x9, 0x6, 0x3, 0x800, 0x7, 0xfffffff8, 0x3ff, 0x800, 0x3, 0x2, 0x100, 0x0, 0x9, 0x0, 0x400000, 0x2, 0x2, 0x1000, 0x3ff, 0x4, 0x6, 0x1f, 0x4, 0x9, 0x0, 0x8, 0x0, 0x4, 0xfffffffb, 0x1f49, 0x0, 0x7, 0xdabd, 0x251, 0x80, 0xd11, 0x9, 0x6, 0x3, 0x8, 0x6, 0x68, 0x1c00000, 0x2, 0x7fff, 0xffffffff, 0x5, 0x8, 0x80, 0x1, 0x339, 0x4, 0x3, 0x8000, 0x9, 0x4, 0x3, 0x1, 0x1f, 0x1e00000, 0x0, 0x1, 0x6, 0x8000, 0x5, 0x8001, 0x0, 0x9, 0x45fac49, 0x7, 0x0, 0xb0, 0x9baa, 0x10001, 0x1, 0x10000, 0x0, 0x8, 0x6de9, 0x400, 0x0, 0xfffff000, 0x8, 0x9c, 0x800, 0x0, 0xffff, 0x1, 0x7, 0x3, 0x20, 0xffffffff, 0xffffffc0, 0x1, 0x401, 0x200, 0x400, 0x3ff, 0x9, 0x4, 0x2, 0xfffffff8, 0xc31, 0x2, 0x5, 0x81, 0x9, 0x5, 0x0, 0x8e, 0x2, 0x5, 0x3, 0x5, 0x2, 0x0, 0x3ff, 0x845a, 0x6, 0x0, 0xfffffe00, 0x0, 0x7fffffff, 0x7, 0x200000, 0x79, 0x600, 0x400, 0x0, 0x8, 0x400, 0x9, 0x7, 0xda, 0x3f, 0x7, 0x7, 0xfffffffc, 0x0, 0x3, 0x3, 0x9, 0x7, 0x80, 0x7, 0x7, 0x3, 0x1, 0x4, 0xe0, 0x7, 0x1, 0x5, 0x1f, 0x53038, 0x4f, 0x8de4, 0x20, 0x1ff, 0x5, 0x800, 0x80000000, 0x1c18c32, 0x9, 0x4, 0x800, 0x1, 0x81, 0x400, 0xff, 0x8, 0x10000, 0x6, 0x7, 0x4, 0x7f, 0x1f, 0x1, 0x71e, 0x5, 0x6, 0xba5, 0x8, 0x9, 0x3f, 0x20, 0x7, 0xffff223e, 0x7fffffff, 0x3, 0x6, 0x4, 0xfffffd0f, 0x1, 0xb8, 0x0, 0x80000001, 0x2, 0x1, 0x9, 0x7441, 0xe798, 0x3, 0x5, 0x101, 0x7, 0x1, 0x4, 0xfffffffc, 0x613c, 0x7f, 0x2000, 0x2, 0x7ff, 0x3, 0x8, 0xe102, 0x7, 0x7f, 0x2, 0x1, 0x2]}]]}, {0x7, 0x6, "acda8d"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_vlan={0xd8, 0xc, 0x0, 0x0, {{0x9}, {0x40, 0x2, 0x0, 0x1, [@TCA_VLAN_PARMS={0x1c, 0x2, {{0x2, 0x29, 0x30000007, 0xff, 0x1}, 0x2}}, @TCA_VLAN_PUSH_VLAN_PROTOCOL={0x6}, @TCA_VLAN_PUSH_VLAN_ID={0x6, 0x3, 0xe5a}, @TCA_VLAN_PUSH_VLAN_PRIORITY={0x5, 0x6, 0x4}, @TCA_VLAN_PUSH_VLAN_PROTOCOL={0x6, 0x4, 0x8100}]}, {0x70, 0x6, "41871796cb1fd1abebc8b6a2b73d0e2d200da0e9de29c99dcda6c811ab1a0a4ef735f319e0a0e25a02596b6ed072fbf222a6d3552fc65b51797928d34dc1f96755af3d66d58d2ff55500a95aef2661244048f36e0c09119e61fee6a5d80c7ad16eac1d8a0166d79d2dd96c87"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x4}}}}, @m_pedit={0x498c, 0x10, 0x0, 0x0, {{0xa}, {0x4880, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS_EX={0xe68, 0x4, {{{0x2, 0xff, 0x20000000, 0x800, 0xfffffff9}, 0x52, 0x28, [{0x85, 0x0, 0xff, 0xa3, 0x7, 0xc53}, {0x3ff, 0x8, 0x81, 0x6, 0x100, 0x6}, {0x10001, 0x2, 0xfff, 0x1, 0x400, 0x1}]}, [{0x8, 0x5c4f, 0x6a4, 0xfff, 0x100, 0x6}, {0xfffff801, 0xffff, 0x9, 0xb7, 0x8, 0x4}, {0x7fffffff, 0x1, 0x7, 0x0, 0x8fd1, 0x10001}, {0xfd2, 0xedb3, 0x7, 0x7fff, 0x8, 0xbdb}, {0x4, 0x8, 0x8, 0x1, 0x4, 0x6}, {0x401, 0x7f, 0x1, 0x38, 0x1, 0x6}, {0x7, 0x0, 0xae, 0xffffffa7, 0x3, 0x10001}, {0x3, 0x1f, 0x8, 0x5811, 0x1000, 0x1263}, {0x7fff, 0x0, 0xffffffe1, 0x8000, 0x1, 0x3}, {0xffffff50, 0x3ff, 0xffffffff, 0x1800000, 0x2, 0x4}, {0x1, 0x595, 0xff, 0x8d, 0x5, 0x8}, {0xffff, 0x6, 0x57b1f121, 0xd4, 0x80000001, 0x9}, {0x4, 0x7, 0x5, 0x8, 0x8000, 0x7}, {0x1, 0x0, 0x5151, 0x8, 0x800, 0x400}, {0x2, 0x80, 0x1, 0x5, 0x80000001, 0x5}, {0x2, 0x4, 0x3, 0x6, 0xca, 0x7fffffff}, {0x40, 0x4, 0x9, 0x9, 0x9, 0x5}, {0x10000, 0x6, 0x1000, 0x200, 0x5, 0xec}, {0xff, 0x8, 0x1, 0x3, 0x6, 0x6}, {0xfffffff8, 0x9, 0x3, 0x3f, 0x10001, 0x1}, {0x7547, 0x1, 0x7, 0xe1e, 0x1, 0x33b}, {0x7, 0x100, 0x3, 0x5, 0x2a, 0x1ff}, {0xff, 0x5e48, 0x2, 0x8, 0x200, 0x7}, {0x0, 0xe61c, 0x2, 0xea3, 0x2, 0xfffff800}, {0x2, 0x0, 0x3, 0x4b00, 0x200, 0x1}, {0x7ff, 0x9, 0xfff, 0x5, 0x7, 0x6}, {0x2, 0x1, 0xe5d6, 0x4, 0xffffffff}, {0x2, 0x1000, 0x8, 0xbe9, 0x4, 0x2}, {0x7f, 0x5, 0x0, 0xf3e1, 0x1f, 0x4}, {0x67, 0x100, 0x2, 0x1, 0x9}, {0xff7, 0x37, 0x3, 0x3, 0x3, 0x7}, {0x0, 0x400, 0x4, 0x9, 0x5, 0x20}, {0x9, 0x7, 0xfffffb9e, 0x8, 0xfff, 0x7f}, {0x3, 0x8000, 0x10000, 0x8, 0xffffffff}, {0xaf, 0x3, 0x7e0000, 0x7ff, 0x1, 0x2fec}, {0x9, 0x8, 0x40, 0x30e, 0x7, 0xfff}, {0x1, 0x3, 0x1cce, 0xff, 0x6}, {0x1, 0x2, 0xffff, 0x300, 0x7ab, 0xffffffff}, {0x7fff, 0x1000, 0xa8, 0x197, 0xaa0, 0xffff7b26}, {0xfffff5bc, 0x8000, 0x75aedf08, 0x77, 0x0, 0x8}, {0x8, 0x90c, 0x6, 0x7fff, 0x566, 0x7}, {0xfffff801, 0x7, 0x0, 0xa838, 0x2, 0x8}, {0x9, 0x7fffffff, 0x200, 0x5, 0x0, 0x5}, {0x0, 0x4, 0xffff0001, 0x0, 0xca2f, 0x81}, {0x800, 0xfffffffe, 0x3f, 0x3c8f, 0xfffffbff, 0x4}, {0x2, 0x6f3, 0x80000001, 0x4, 0x10001, 0x4}, {0x401, 0x28, 0x7, 0x9, 0x80, 0x8d4d}, {0x1, 0x35e, 0x9, 0x3f, 0x0, 0x20}, {0x3, 0x8, 0x8, 0xfff, 0x9, 0x7}, {0xf3, 0xffffff94, 0x9, 0x8, 0x8001, 0x7}, {0x2, 0x2, 0x800, 0x6, 0x0, 0x8}, {0x40, 0x6, 0x7, 0x1, 0x5, 0x7}, {0x5, 0xffffffff, 0x8c, 0x5, 0x4, 0x6}, {0x101, 0x2243, 0x80, 0x1, 0x8, 0x6}, {0x6, 0x80000000, 0x5, 0x7, 0x64, 0x6}, {0x1ff, 0x9d, 0x6, 0x9, 0x7fff, 0x10001}, {0x20000000, 0x0, 0x400, 0x3f, 0xff, 0x2}, {0x0, 0x10001, 0x101, 0x0, 0x4}, {0xbf, 0x8, 0x4, 0x1ff, 0x8, 0x1}, {0x5, 0x2, 0x1, 0x4, 0x2210, 0x9}, {0x82, 0xffff, 0x200, 0x9, 0x1f}, {0x1, 0x1f, 0x4, 0x3db, 0x9, 0x8}, {0x100, 0xc8b7, 0x2, 0xffffffff, 0x8, 0x5}, {0x200000, 0x3, 0x14, 0xac, 0x40, 0x8}, {0x3, 0x3af0, 0x157, 0x9, 0x9, 0x200}, {0x1000, 0x40, 0x14000, 0x401, 0x1, 0x1ff}, {0x1, 0x2, 0x8, 0x0, 0x1f}, {0x10001, 0x3, 0x4, 0x10001, 0x7fff, 0xf5a}, {0x5, 0x2, 0x9, 0xf602, 0x0, 0x4}, {0x8001, 0x80000000, 0xbb, 0xddda, 0xfffffbff}, {0x6, 0x7, 0x81, 0x7, 0x101, 0x6}, {0x7fffffff, 0x80000001, 0x7, 0x3, 0x2b8, 0xff}, {0x7fff, 0xffff, 0x1, 0x8, 0x40}, {0x8, 0x20, 0x3f, 0x81, 0x81, 0x3}, {0x3, 0x9, 0x76, 0x8, 0x1, 0x2}, {0x6c0, 0x0, 0xff, 0x2, 0x8, 0x5}, {0x3, 0x9, 0x2, 0x8, 0x3, 0x6}, {0x4639, 0x5, 0x5, 0xffff0000, 0x8, 0x40a11bc9}, {0x1ff, 0x9, 0x3, 0xffff, 0x6, 0x1}, {0x41, 0x9, 0x4, 0x10001, 0x9, 0x7}, {0x6, 0x4, 0x8, 0xff, 0x6, 0x1}, {0x396b, 0x4, 0x8, 0x5, 0x401, 0x2f9c}, {0x6, 0x0, 0x1000, 0xfffffff9, 0x7, 0x1}, {0x1000, 0x100, 0x4, 0x1f, 0x430b661a, 0x2}, {0x0, 0x1, 0xffffffff, 0x20, 0x36c7c98f, 0x1ff}, {0x10001, 0x5, 0xfffffffd, 0x1f, 0x8000, 0xdd}, {0x2, 0xffffffff, 0x504, 0x81, 0xbc, 0x1}, {0x4, 0x4, 0xa11, 0x6, 0x401, 0x86}, {0x401, 0x3d88d9e5, 0x5, 0x3, 0x7f, 0x7fffffff}, {0x20d, 0x7, 0x5664, 0x3, 0x2, 0x2}, {0xffffffff, 0x101, 0x6, 0xec, 0xfffffffd, 0x7}, {0x401, 0x7fffffff, 0x8e89, 0x5, 0x5a0e224d, 0xffffffff}, {0x8, 0x8d, 0x401, 0x9, 0x0, 0x1ff}, {0x0, 0xf0, 0x800, 0x7fffffff, 0x0, 0x8}, {0x4, 0xffffffff, 0x400, 0x8, 0xffffffff, 0x400}, {0x80000000, 0x0, 0xffffffff, 0x1ff, 0x4, 0x9}, {0x0, 0xfffffff7, 0xd189, 0x4, 0x6, 0x7}, {0x100, 0x4, 0xffffffff, 0x65, 0x0, 0xb9703a2d}, {0x3, 0x80000001, 0x7, 0x9, 0x67dd, 0x100}, {0x1, 0x1000, 0x2, 0x401, 0x0, 0x4}, {0xe21, 0x6, 0x1ff, 0x8, 0x8, 0xcb8a}, {0xa25, 0x2, 0x1, 0x3, 0x6, 0x1f}, {0x4, 0x10000, 0x6, 0xffff, 0x3, 0x9}, {0x0, 0x0, 0x2, 0x8, 0x400, 0x10000}, {0xff, 0x6f7e, 0x200, 0x3, 0x7f1c, 0x20}, {0xff, 0x8, 0x4, 0x0, 0x101, 0x20}, {0x101, 0xe56, 0x3, 0x8, 0x0, 0x3}, {0xe86c0000, 0x8001, 0x4, 0x1, 0x8, 0x1}, {0x5, 0x9, 0x4, 0x0, 0x737, 0x6d4}, {0x4, 0xf9, 0x7fffffff, 0x7, 0x8, 0xcb}, {0x7ff, 0x80, 0x80000000, 0xc8aa, 0x0, 0x9}, {0x2, 0x3, 0x3, 0x20, 0xfff, 0x5}, {0xffff, 0x1, 0x9, 0x1, 0xfffffffe, 0x7f}, {0xb63f, 0x5, 0x7fffffff, 0x5, 0x80, 0x8}, {0x7, 0xf33, 0x7e, 0xfff, 0x5f, 0x6}, {0x16, 0x1, 0x800, 0x2, 0x9}, {0x2, 0x0, 0x7, 0x4, 0x7ff, 0x4}, {0x5, 0x6, 0x8, 0xbd5, 0x6, 0x4}, {0x1, 0x9, 0xc02, 0x81, 0x9, 0x4}, {0xfffffffa, 0x1, 0xffffff7f, 0x1, 0x6, 0xdd6}, {0x3, 0xab, 0x7, 0x5, 0x0, 0x4}, {0x3, 0xf4ab, 0x4273, 0x6, 0x1, 0x6}, {0x7fffffff, 0x3, 0x7fffffff, 0x5, 0xe4, 0x10000}, {0x0, 0x1f, 0x7, 0x9, 0x1000, 0x3f7a}, {0x9, 0x7, 0x6, 0x80000000, 0x8c40, 0x7}, {0x52872b04, 0x40, 0x9, 0xbc, 0x9, 0x10001}, {0x101, 0xfff, 0x0, 0x9, 0x20, 0x800}, {0x1000, 0x3, 0x2, 0x4, 0x347, 0x6}], [{0x2, 0x1}, {0x0, 0x1}, {}, {0x1, 0x1}, {0x2, 0x1}, {0x2, 0x1}, {0x5}, {0x5, 0x1}, {0x2, 0x1}, {0x4, 0x1}, {0x4, 0x1}, {0x1, 0x1}, {0x4, 0x1}, {0x0, 0x1}, {0x3}, {0x5}, {0x3}, {0x3, 0x1}, {0x1, 0x1}, {0x5}, {0x1, 0x1}, {0x4, 0x1}, {0x3, 0x1}, {0x3}, {0x4}, {0x2, 0x1}, {0x2, 0x1}, {0x5, 0x1}, {0x4}, {0x5, 0x1}, {0x4, 0x1}, {}, {0x1, 0x1}, {0x7, 0x1}, {0x3}, {0x5}, {0x3, 0x1}, {0x3}, {0x5}, {0x4, 0x1}, {0x2, 0x1}, {0x3}, {0x5, 0x1}, {0x4}, {0x4}, {0x0, 0x1}, {0x0, 0x1}, {0x2, 0x1}, {0x1}, {0x5}, {0x2}, {0x3}, {0x3}, {0x4, 0x1}, {0x0, 0x1}, {0x2}, {0x3}, {0x0, 0x1}, {0x0, 0x1}, {0x2}, {0x3}, {0x4, 0x1}, {0x2, 0x1}, {0x4}, {0x4}, {0x2}, {0x4, 0x1}, {0x1}, {0x1}, {0x1}, {0x0, 0x1}, {0x2}, {0x31fc5cf91a5a7361, 0x1}, {}, {0x1, 0x1}, {0x5, 0x1}, {0x1}, {0x4, 0x1}, {0x1, 0x1}, {0x3}, {0x3, 0x1}, {0x1, 0x2}, {0x0, 0x1}, {0x4}, {0x5, 0x1}, {0x3}, {0x4, 0x1}, {0x4}, {0x3}, {0x3}, {0x3, 0x1}, {0x4, 0x1}, {0x4, 0x1}, {0x5, 0x1}, {0x1, 0x1}, {0x1}, {0x1, 0x1}, {0x3}, {0xf}, {0x5, 0x1}, {0x1}, {}, {0x3, 0x8afc5d6341821406}, {0x1, 0x1}, {0x1}, {0x2, 0x1}, {0x0, 0x1}, {0x2, 0x1}, {0x5, 0x1}, {0x2, 0x1}, {0x7}, {0x5, 0x1}, {0x3, 0x1}, {0xb3d5ed874ff21b99, 0x1}, {0x2}, {0x4}, {0x3}, {0x1}, {0x1}, {0x5, 0x2fa29d8dd405a72d}, {0x3, 0x1}, {0x4, 0x1}, {0x2, 0x1}, {0x1, 0x1}, {}, {0x1}, {0x2, 0x1}, {0x2, 0x1}]}}, @TCA_PEDIT_KEYS_EX={0x4}, @TCA_PEDIT_KEYS_EX={0x10, 0x5, 0x0, 0x1, [{0xc, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}]}]}, @TCA_PEDIT_PARMS={0xe50, 0x2, {{{0x9, 0x401, 0x8, 0x8, 0x9}, 0x4, 0x80, [{0x3, 0xff, 0x1, 0x7fffffff, 0x0, 0xfd1}, {0x5, 0x97, 0xa49, 0x4, 0x3ff, 0x5}]}, [{0x4, 0x8a, 0x6, 0x9, 0x0, 0x7}, {0x10000, 0x1000, 0x1, 0x1, 0x0, 0xe71}, {0x895, 0x24a, 0x4, 0x2, 0x7, 0x3}, {0xffffffe1, 0x3f, 0x1400000, 0x1, 0x5, 0x3}, {0x10000, 0x7f, 0x3, 0x80, 0xe1f}, {0x3398, 0x1, 0x4714, 0x400, 0x9, 0x1}, {0x6, 0x829d, 0x1, 0xfff, 0xec, 0x6be}, {0x6, 0x7f, 0x1, 0x1000, 0x5e6, 0x1e114859}, {0x3f, 0x1, 0x1, 0x81, 0x800, 0x9}, {0x0, 0x1, 0x2, 0x3, 0x37, 0x3}, {0x7fff, 0x1ff, 0x3ff, 0x37c9, 0xfffffffc, 0x1}, {0xffffeab8, 0xed9, 0x5, 0x6, 0x3ff, 0x20}, {0xed, 0xc39, 0x315, 0x8001, 0x81, 0x3}, {0x4eff, 0x401, 0x513f, 0x7ff, 0x3, 0x5}, {0x8a, 0x4, 0x10000, 0x80000001, 0x9, 0x8}, {0x7, 0xe91, 0x7ff, 0x9901, 0x3, 0xc6}, {0x81, 0x5, 0x4, 0x6, 0x8, 0x12}, {0xfffffff8, 0xa37, 0x1, 0x80000000, 0x2, 0xffff}, {0x1, 0xfffff7b2, 0x6, 0x13d3, 0x5, 0x8e6}, {0x748, 0x8, 0x2, 0x6, 0xa562, 0x854f}, {0x8000, 0x2, 0x5, 0x4, 0x6, 0x2}, {0x2, 0x5, 0x4, 0x7fff, 0x401}, {0x8, 0x7, 0x101, 0x4, 0x6, 0x4}, {0x0, 0x2, 0x6, 0x0, 0x5c8, 0x6}, {0x70, 0x8, 0x101, 0x5, 0x9, 0x101}, {0x200, 0xcb, 0x7, 0x3, 0x4, 0x3}, {0xa0, 0x1, 0x3, 0x3f, 0x3, 0x1}, {0x7, 0x8, 0x3f, 0x100, 0x3, 0x2202}, {0x3f, 0x5, 0x200, 0x3, 0x8, 0xe5}, {0x2, 0x4, 0x80000000, 0x1, 0x7ff, 0x7}, {0x3f, 0x181, 0x0, 0xc2, 0x80000001, 0x18c6}, {0x7, 0x80000000, 0x401, 0x7ff, 0x3, 0x7f}, {0x4, 0x79accef8, 0x3, 0x1, 0x2, 0x80}, {0x7, 0x1000, 0xc760, 0x1, 0x1000, 0x8}, {0x100, 0x7a3, 0x5, 0x10000, 0xd, 0x7}, {0x3, 0x1, 0x5, 0x6, 0x5, 0x8}, {0x3f, 0xeb, 0x7f, 0x6, 0x54, 0x7f}, {0x1, 0x6, 0x1, 0x9, 0x9, 0xffffffff}, {0x0, 0x3, 0x7fffffff, 0x5, 0x20, 0x1}, {0x4, 0x496, 0x401, 0xfff, 0x0, 0x5}, {0x5, 0x1ff, 0x2, 0x4, 0x1, 0x1}, {0x5, 0x40, 0xe965, 0x7f, 0x80000001, 0xffffffff}, {0x1000, 0x3e, 0x40, 0xffff1b12, 0x7fff, 0x679}, {0xffffffff, 0x7f, 0x6, 0x7fff, 0x1, 0x9}, {0x7fffffff, 0x5a, 0x5, 0x5, 0x3, 0x7fffffff}, {0x8, 0xc77b, 0xff, 0x3f, 0x401, 0x3}, {0x20, 0x3, 0x9, 0x8, 0x3e, 0x7fffffff}, {0x1, 0x81, 0x401, 0x0, 0x1, 0x3}, {0x81, 0x80, 0x7, 0xffffffff, 0x6, 0x3dc}, {0x5, 0x3, 0xfffff800, 0x7ff, 0x6, 0x10000}, {0xffffff5c, 0x179db18a, 0x0, 0x3, 0x1a, 0x5}, {0x6e4, 0x7, 0x9, 0x7, 0x1, 0x3}, {0x101, 0xc2, 0x800, 0x8, 0x8, 0x80000000}, {0xf4, 0x5, 0x2, 0x200, 0x8000, 0x2}, {0x9, 0x3, 0x6, 0x8, 0x8, 0x7}, {0x105, 0x7, 0x200, 0x1, 0x40f5800, 0xffff8001}, {0x900000, 0x9, 0x6, 0xe8, 0x4551}, {0x56d6, 0x8, 0xfffffff9, 0xd6, 0xfffffffe, 0x6}, {0x5, 0x20, 0x1f, 0x3d7ca698, 0x8, 0x708}, {0x6, 0x10000, 0x8000, 0x5, 0x8, 0x5}, {0xe04, 0x9, 0x7fffffff, 0x8, 0xffff, 0x885}, {0x3f, 0xb8, 0x5, 0x101, 0x2, 0x6}, {0x4, 0x0, 0xa99d, 0x8000, 0x6345, 0x7ff}, {0x5, 0x3, 0xffffffff, 0x6c, 0x8, 0x200}, {0x20, 0x100, 0x0, 0x3, 0x9, 0x7}, {0x400, 0x7ff, 0x2372111a, 0x7e, 0x800, 0x3}, {0x6, 0x7a, 0x4d, 0x5, 0x7, 0x401}, {0x8, 0x2, 0xa8, 0x1, 0x6, 0x9}, {0x3, 0xb5c4, 0x0, 0x870e, 0x800, 0x401}, {0x8, 0x80, 0x7, 0x3, 0x7, 0x6}, {0x100, 0x100, 0x1ff, 0x5, 0xc000000, 0x3}, {0x7e4, 0x3f, 0x3, 0x5, 0x3, 0x9}, {0x65, 0xfff, 0x20, 0x3, 0x3ff, 0x6}, {0x6, 0x3, 0x5, 0x9932, 0x4, 0x6}, {0xb89, 0x7, 0xfffffff8, 0x8000, 0x1, 0x81}, {0x4, 0xff, 0x7fff, 0x6, 0x9, 0x80000000}, {0x2, 0x9, 0x1, 0x6, 0x9, 0xff7}, {0x4642c513, 0x4, 0x2, 0x3e7, 0x97, 0x378}, {0x9ef2, 0x8000, 0x20, 0xc0e, 0x40, 0x100}, {0x8, 0x20, 0x1f, 0x40, 0x3, 0x3ff}, {0x7ff, 0x100, 0x6, 0x22e, 0x8000, 0x8}, {0x21ee9e34, 0xfffffffd, 0x3, 0x401, 0x3, 0x3}, {0x9, 0x5, 0x7, 0xffff, 0x46c0, 0x3}, {0x9, 0x8000, 0x5, 0x3f, 0x2, 0x5}, {0x100, 0x1, 0x6, 0x4, 0x7fff, 0x80}, {0x2, 0x0, 0x52, 0x8001, 0x9, 0x214e}, {0x6, 0x6, 0xbba, 0x0, 0xfffffffc, 0x1}, {0x1, 0x4e7, 0xfff, 0x6, 0x2640ab5}, {0x4, 0x2, 0x380000, 0x7, 0x3, 0x1}, {0x7, 0x3032, 0x55, 0xfffffffc, 0x6, 0x8000}, {0x10001, 0x5, 0x9, 0x7, 0x6bdd, 0x6a5}, {0xff, 0x0, 0x8a8, 0x80000000, 0x7fff, 0xfff}, {0x5, 0x20, 0xffff, 0x7f, 0x1, 0x800}, {0x9a, 0x3, 0x7, 0x835, 0x8000, 0x2}, {0x8, 0x1, 0x1, 0x8, 0x7fffffff, 0xffff}, {0x9, 0x1, 0xff, 0x8, 0x9, 0x7cc}, {0x4, 0xfffffbff, 0x1, 0xffffffff, 0x6, 0x6}, {0x800, 0x2e, 0x10000, 0x7, 0x8, 0x7}, {0x3, 0x9, 0x1ff, 0x2fd08cc6, 0x401, 0xc507}, {0x20, 0x1, 0x7, 0x8, 0x73, 0xff}, {0x40, 0x3, 0x7fff, 0xe3, 0x8}, {0x0, 0x9, 0xd49, 0x6, 0x5, 0x1}, {0x5, 0xe3b, 0x8, 0x8000, 0xfffffc01, 0x800}, {0xb2b7, 0x7, 0xffffffc0, 0x6, 0x10001, 0x8000}, {0x1, 0x3, 0x7, 0x400, 0x7fffffff, 0x5}, {0x5, 0x0, 0x3, 0x8a2, 0x3f, 0x7}, {0xd76, 0x200, 0x3f, 0x6, 0x8, 0x4}, {0x3, 0xfffffff9, 0x4, 0x8b, 0x5201}, {0x8001, 0x5, 0x2, 0xffff, 0x2, 0x4}, {0x3fd, 0x80000000, 0x1c0000, 0x7, 0xfffffffa, 0x4}, {0x8, 0x3, 0x0, 0x87b3, 0x0, 0x6}, {0x1, 0x5bbe, 0xb0b, 0x80, 0x1, 0x100}, {0x10000, 0x5, 0xff, 0x6, 0x0, 0x42aa}, {0x8, 0x0, 0x7, 0x10001, 0x200, 0x3}, {0x883, 0x9, 0x7e28, 0x7fffffff, 0x2, 0x7}, {0x1, 0x2, 0x7, 0x4101, 0xfffffb71}, {0x8, 0x0, 0x6, 0x1, 0xfffffffc, 0x7fff}, {0x1000, 0x6, 0x6, 0x40, 0xb4, 0x401}, {0x578, 0x3, 0x80000001, 0x1, 0x10000, 0x401}, {0xe0c, 0x2, 0x401, 0x10001, 0xffffd588, 0x21a}, {0x0, 0x9, 0x20, 0x9, 0x800, 0x8000}, {0x0, 0x7, 0x8b, 0x8, 0x8, 0xfffffffc}, {0x8000, 0x100, 0x8001, 0x7fffffff, 0xf56a, 0x4a5}, {0x1, 0xffffffdf, 0x3ff, 0x1c0e, 0x0, 0xffffffff}, {0x5db8, 0x3, 0x1, 0x9, 0x7, 0x401}, {0x80000000, 0x7833, 0x1, 0x20, 0x80000001, 0x3}, {0x7, 0x40f6, 0x2, 0x8, 0x4c50a9f1, 0x7}, {0x1, 0x3f, 0xffffffe1, 0x10001, 0x7f, 0x1000}], [{0x4, 0x1}, {0x2}, {0x4, 0x1}, {0x5}, {0x3, 0x1}, {0x4}, {0x5, 0x1}, {0x3}, {0x4}, {0x5, 0x1}, {0x2}, {0x3, 0x1}, {0x3}, {0x3, 0x1}, {0x3, 0x1}, {0x4, 0x1}, {0x2, 0x1}, {0x5, 0x1}, {0x0, 0x1}, {0x3, 0x1}, {0x3, 0x1}, {}, {0x1}, {0x1, 0x1}, {0x2}, {0x3, 0x1}, {0x5, 0x1}, {0x1, 0x1}, {}, {0x2, 0x1}, {0x2}, {0x4, 0x1}, {0x2, 0x1}, {0x2, 0x1}, {0x1}, {0x0, 0x1}, {0x3, 0x1}, {0x1, 0x1}, {0x2, 0x1}, {0x4, 0x1}, {0x2, 0x1}, {0x3, 0x1}, {0x5}, {0x4, 0x1}, {0x1}, {0x1}, {0x0, 0xd0152d182d8b7a07}, {0x5}, {0x0, 0x1}, {0x0, 0x1}, {0x3, 0x1}, {0x1}, {0x5}, {0x1, 0x1}, {0x5}, {0x3}, {0x4}, {0x1}, {0x2, 0x1}, {0x4, 0x1}, {0x1, 0x1}, {0x7, 0x1}, {0x1, 0x1}, {0x1, 0x1}, {0x5, 0x1}, {0x2, 0x1}, {0x3, 0x1}, {0x5, 0x1}, {0x3}, {0x4}, {0x5}, {0x4, 0x1}, {0x5}, {0x2, 0x1}, {0x4}, {0x3, 0x1}, {0x4}, {0x1, 0x1}, {0x3}, {0x1, 0x1}, {0x4, 0x1}, {0x4, 0x1}, {0x3, 0x1}, {}, {}, {0x4, 0x1}, {0x2}, {0x3, 0x1}, {0x5}, {}, {0x5, 0x1}, {}, {}, {0x5}, {}, {0x2}, {0x2}, {0x3, 0x1}, {0x2, 0x1}, {0x0, 0x1}, {0x4}, {0x0, 0x1}, {0x4, 0x1}, {0x1}, {0x2}, {0x1}, {0x0, 0x1}, {0x0, 0x1}, {0x0, 0x1}, {0x4}, {0x1}, {0x2}, {0x4}, {0x4}, {0x2, 0x1}, {0x1}, {0x3, 0x1}, {0x3, 0x1}, {0x1}, {0x0, 0x1}, {0x2, 0x1}, {0x1, 0x1}, {0x5, 0x1}, {0x2}, {0x1, 0x1}, {0x2, 0x1}, {0x0, 0x1}, {0x1, 0x1}], 0x1}}, @TCA_PEDIT_PARMS_EX={0xe80, 0x4, {{{0x4, 0x6, 0x1, 0xff, 0x20}, 0x2, 0x40, [{0xfffffff9, 0x80, 0x1, 0x100, 0xfffffe01, 0x6}, {0x5, 0x7, 0x229d, 0x20, 0xab, 0x6}, {0x38, 0xe90, 0x81, 0x200, 0x55, 0x8a2}, {0x7fff, 0x7, 0x4, 0xfffffffe, 0x0, 0x2}]}, [{0x400, 0x3, 0x7ff, 0x9, 0xd6, 0x22}, {0x4, 0x80000001, 0x917, 0x2, 0x42c, 0xfffffff7}, {0xd1e, 0x7, 0x3ff8, 0xfffffffa, 0x1, 0x7}, {0x5, 0x401, 0x4, 0xb231, 0x101}, {0x3, 0x7fffffff, 0x3, 0x7f, 0xa211, 0x8861}, {0x5c50, 0x100, 0x101, 0x0, 0x9, 0x3}, {0x1f, 0x9, 0x9, 0x9, 0x8, 0x7}, {0xfffffffb, 0x87a, 0x7ff, 0x200, 0x12c3481c, 0x7fff}, {0x193, 0x0, 0xbbb, 0x6, 0x5, 0xfffff800}, {0xff, 0x200, 0x1, 0x9, 0x9, 0x1}, {0x3, 0x6ea6, 0x7, 0x6, 0x4, 0x7}, {0xffff1906, 0x1, 0x6, 0x8, 0x5, 0xa25d}, {0xb8, 0x18, 0xe66, 0x101, 0x3f, 0x20000000}, {0xe5b, 0x5, 0x0, 0x6, 0x9, 0x7ff}, {0x3, 0x1, 0x1, 0x400, 0x7fff, 0x1}, {0x2, 0x1, 0xfff, 0x7, 0x7, 0x1800000}, {0x6, 0x200, 0xba, 0x4, 0x3, 0xfffffffe}, {0x2, 0x3, 0x6, 0x3, 0x3, 0x20}, {0x9, 0x1f, 0x3dc0, 0x1f, 0xfffffff8, 0x7fff}, {0x1, 0x9, 0xffffffe0, 0x1, 0x3, 0xc43}, {0x0, 0x0, 0x8, 0x0, 0x10000, 0x8}, {0x1, 0xfffffff9, 0x28, 0x3, 0x0, 0x52a}, {0x4, 0x1, 0xfffffff7, 0x10000, 0x80, 0x20}, {0x2, 0x0, 0x0, 0xdac, 0x48d, 0x1}, {0x2, 0x10002000, 0x6, 0x5, 0xffffffff, 0x4}, {0xffffffff, 0xffffffff, 0x0, 0x1, 0x3}, {0x43f7, 0x1, 0x86, 0x678b, 0x7, 0x3ff}, {0x6, 0x8, 0x8, 0x9, 0x6, 0x7}, {0x8, 0x1, 0x9, 0x7f, 0xfffffffe, 0x7ff}, {0x3, 0x7f, 0x9, 0x4, 0x9}, {0x7fffffff, 0xd7, 0x8, 0x4, 0x5, 0x3}, {0x6, 0x2b825e67, 0x1, 0x10001, 0xfffffffa, 0x8}, {0xffff8000, 0x2, 0x6, 0x8, 0xffffffff, 0x4}, {0x4, 0x9, 0xffffff01, 0x9, 0x6, 0x5}, {0xfffff800, 0x2, 0x10000, 0x9, 0x0, 0x5}, {0x2, 0x3, 0x7356, 0x200, 0x9, 0x7f}, {0x8001, 0x8000, 0xff, 0x4, 0x6, 0x2}, {0x0, 0x0, 0xe8a2, 0x400, 0x4, 0x7}, {0xb1e, 0x0, 0x17c, 0x0, 0x401, 0x80000001}, {0x8001, 0x80000001, 0x1ff, 0x3ff, 0xa20e, 0x80000000}, {0x4, 0x2, 0x1, 0x6, 0x2, 0x5}, {0x88, 0x7, 0x8, 0x6, 0xfffffff9, 0x1f}, {0x93, 0xf6ce, 0x9, 0x39f, 0x8000, 0x3}, {0x5, 0x10001, 0xa7, 0x8000, 0x1, 0x29bc}, {0x5, 0x5, 0x7, 0x6, 0x101, 0x5}, {0x8, 0xfffffeff, 0x3, 0x2, 0x4b, 0x101}, {0x400, 0x5aac, 0x0, 0x4, 0x6, 0x7fff}, {0x200, 0x7, 0x4, 0x1ff, 0x4, 0x1346a88c}, {0xffffff91, 0x30dc, 0xfffffff9, 0x8, 0x8, 0x8}, {0x5, 0xdd, 0x3ff, 0x0, 0xad, 0x7fffffff}, {0x3, 0x7f, 0x7fffffff, 0x100, 0x1, 0x1d}, {0x0, 0x6, 0x8, 0x0, 0x100, 0x3}, {0x3, 0xc9, 0x8, 0x8, 0x6, 0x63}, {0x1d01, 0x50, 0xffff, 0xbd76, 0x1, 0x7f}, {0xda9, 0x800, 0x1000, 0x4ded, 0x401, 0x918}, {0xfffffff7, 0x0, 0x527, 0x7f, 0x2, 0x1e6f}, {0x6, 0x4, 0x800, 0x8, 0xa166, 0x7ff}, {0x5, 0xdd7, 0x5, 0x0, 0x5, 0x5}, {0x10001, 0x60318349, 0x8f, 0x80000, 0x7fffffff, 0xffffffff}, {0x5, 0x1, 0x3bb, 0x7f, 0x3, 0xffffffff}, {0x2, 0x3ff, 0x400, 0x1, 0x1ff, 0x6}, {0x6, 0x1, 0x1ff, 0xfffffff9, 0x7, 0x1}, {0x4, 0x7, 0x7fffffff, 0x3, 0x3, 0x7}, {0x3, 0x6, 0xa6, 0xfffffffd, 0x0, 0xab}, {0x7, 0x5, 0xfff, 0x2, 0x4}, {0x8, 0x7, 0x6, 0xde0, 0x7, 0x1f}, {0x8, 0x1000, 0x7, 0x1, 0x434, 0x10000}, {0x80000001, 0x2, 0xfffffffe, 0x2, 0x9, 0x3f}, {0x9, 0x4, 0xfffffffe, 0x9, 0x0, 0x7}, {0x2, 0x4, 0x3f, 0x1, 0x5, 0x4}, {0x6, 0x3, 0x10000, 0x800, 0x2, 0x80000001}, {0x5, 0xe0000000, 0x7, 0x4, 0x6, 0x8}, {0x9, 0x2, 0x4, 0x7, 0x3, 0x4}, {0xffff0000, 0x607, 0x5, 0x0, 0x7b, 0x200}, {0x7ff, 0x7, 0xffffffff, 0x5, 0x5, 0x2}, {0x2, 0xf1, 0x80000000, 0xffffff80, 0x7, 0xd}, {0x96b, 0xffff, 0x6, 0x9, 0xffffffff, 0x4}, {0x4b68, 0xc312, 0x6, 0x4, 0xfffffffd, 0xd34}, {0x80, 0x401, 0x9, 0x5, 0x2, 0x5}, {0x1, 0x5, 0x39, 0x10000, 0xa55, 0x7f}, {0xa7ae, 0x9, 0x2, 0xaa2, 0x8, 0x4}, {0xff, 0x9, 0x2, 0x7, 0x9, 0x5}, {0x400000, 0x81, 0xfff, 0x8, 0x2e75, 0x7}, {0xffffffff, 0x4, 0x1000, 0xfff, 0x1, 0x10001}, {0x5, 0x4, 0x4, 0x6b0, 0x2, 0x3}, {0x9, 0x1000, 0x8000, 0x3, 0x4, 0x1}, {0x80, 0x7, 0x3, 0x5, 0x4ba, 0x1ff}, {0x7, 0x8001, 0xe0e3, 0x4, 0xfffffffa}, {0x0, 0x1, 0x0, 0x8001, 0x7}, {0x8, 0x80000000, 0x6, 0x3, 0x5, 0x6}, {0x7, 0x9, 0xe7d3, 0x20, 0x9, 0x20}, {0x3, 0x5, 0x2, 0x9, 0x3, 0x9}, {0x29, 0xffffffff, 0xb160, 0x1, 0x4, 0x1}, {0xa277, 0xfff, 0x3, 0x9, 0x10000, 0xff}, {0x9, 0x2, 0x7d5, 0x101, 0x101, 0x8000}, {0xbdfb, 0xfff, 0x8750, 0x3, 0x61, 0x401}, {0x6, 0xff, 0x8001, 0x0, 0x80, 0x8000}, {0x4, 0x3, 0x8001, 0x2, 0xffff7fff, 0x200}, {0xffffffff, 0x5, 0x69, 0xf5b5, 0x80000001, 0xa0}, {0x400, 0x80000000, 0x4eb, 0x5, 0x101, 0x400}, {0x1, 0x200, 0x6, 0x9, 0x51, 0x3}, {0xe0, 0x5, 0x1, 0x9, 0x2, 0x9}, {0x10001, 0x3, 0x2, 0x1f, 0x5, 0x970e}, {0x9, 0x8, 0x84, 0x7f, 0xffff0001}, {0x1bf0000, 0x7, 0x3, 0xffffffff, 0x1, 0x2}, {0x7, 0x7, 0x7fffffff, 0x7, 0x1ff, 0x2}, {0x4, 0x4, 0x7, 0x40, 0xffffffff, 0x3}, {0x80000000, 0x4, 0x4, 0xfff, 0x101, 0x5}, {0xa1d0, 0x2, 0x7fffffff, 0x5, 0xffffffff, 0x8}, {0x0, 0x200, 0x43e, 0x3f, 0x2, 0x8}, {0xcee, 0x8, 0x2, 0x0, 0x1, 0x9}, {0x7, 0x20, 0x3ff, 0xff, 0x1, 0x8}, {0x3, 0x2, 0xff, 0x6, 0x7, 0x9e13}, {0x7, 0x49a, 0xfffffff9, 0x10001, 0x8, 0x9}, {0x8001, 0x4aa, 0xd9a, 0x43f, 0x8, 0x7f}, {0xffffffff, 0x1, 0x81, 0x96, 0x2, 0x7}, {0x5, 0x7f, 0x8ec8, 0x0, 0x400, 0x2a7}, {0x2, 0xb47e, 0x7, 0x600, 0xfffffff9, 0x8}, {0xfff, 0x4, 0x9, 0xc0, 0x6, 0x2}, {0xfffffffa, 0x0, 0x4, 0x400, 0x28, 0x9}, {0x0, 0x0, 0x1ff, 0x2, 0x8001, 0x839}, {0xfffffff9, 0x401, 0xfffffffd, 0x6a, 0x8, 0x4}, {0x2, 0xa6, 0x5, 0x10001, 0x2, 0xc719}, {0x5, 0x3, 0x7, 0x6, 0x69b0}, {0x1f, 0x1000000, 0x8, 0x1, 0x401, 0x9}, {0xffff0001, 0x13ae, 0x3, 0x285, 0x1000, 0x6}, {0xa839, 0x8, 0x3b, 0x8, 0x1f, 0x7fffffff}, {0x5, 0xffff, 0x7fffffff, 0x0, 0x9, 0x101}], [{0x3, 0x1}, {0x1}, {0x4}, {0x3, 0x1}, {0x1}, {0x3}, {0x0, 0x1}, {}, {0x4, 0x1}, {0x5}, {}, {0x1}, {0x1, 0x1}, {0x83677958aae269f2, 0x1}, {0x1, 0x1}, {0x5}, {0x5, 0x1}, {0x5, 0x1}, {0x5}, {0x1}, {0x3}, {}, {0x1}, {}, {0x1, 0x1}, {0x3}, {0x1, 0x1}, {0x3}, {0x1}, {0x4}, {0x0, 0x1}, {0x1, 0x1}, {0x1}, {0x0, 0x1}, {}, {0x4}, {0x1, 0x1}, {0x4, 0x1}, {0x2, 0x1}, {0x4, 0x1}, {0x4, 0x1}, {0x2}, {0x3}, {0x1}, {0x3, 0x1}, {}, {}, {}, {0x4}, {0x3, 0x1}, {0x2}, {0x1}, {0x0, 0x1}, {0x5}, {0x3}, {0x1, 0x1}, {0x1}, {0x4, 0x1}, {0x5}, {0x1}, {0x1}, {0x4, 0x1}, {}, {0x5}, {0x3, 0x1}, {0x5}, {0x4, 0x1}, {0x2, 0x1}, {0x3}, {0x8}, {0x3, 0x1}, {0x1}, {0x1, 0x1}, {0x4}, {0x5}, {0x4, 0x1}, {0x3, 0x1}, {0x1}, {0x0, 0x1}, {0x4}, {0x4, 0x1}, {0x3}, {0x4, 0x1}, {0x4, 0x1}, {}, {0x0, 0x1}, {0x0, 0x1}, {0x1}, {0x0, 0x1}, {0x5}, {0x3, 0x1}, {0x1, 0x1}, {0x7, 0x1}, {0x3, 0x1}, {0x3, 0x1}, {0x4}, {0x2}, {0x7}, {0x2}, {}, {0x3}, {0x2}, {0x3}, {0x3, 0x1}, {0x2, 0x1}, {}, {0x5}, {0x1}, {0x2}, {0x4, 0x1}, {0x5}, {0x3}, {0x5}, {0x4}, {0x3, 0x1}, {0x4}, {0x1}, {0x4}, {0x4}, {0x5}, {0x1, 0x1}, {0x4, 0x1}, {0x5, 0x1}, {0x5, 0x1}, {0x2, 0x1}, {0x1}, {0x1, 0x1}, {0x4, 0x1}]}}, @TCA_PEDIT_PARMS={0xe68, 0x2, {{{0x21, 0x8, 0x7, 0x9, 0x8}, 0x5, 0x1, [{0x794c, 0xea8b, 0x1ff, 0xffffffff, 0x7, 0x8a}, {0x0, 0x1, 0x7ff, 0x80000000, 0x7, 0x6b0}, {0x1, 0x44, 0x1, 0x0, 0x2, 0x1393}]}, [{0x7fffffff, 0x441, 0x4, 0x9, 0xffffff61, 0x7f}, {0x9, 0x48a45dca, 0x30, 0x7fff, 0x7, 0x8}, {0x7fffffff, 0x5, 0x7, 0x40, 0xffffffff, 0x62566041}, {0x100, 0x0, 0xffffff00, 0x3, 0x101, 0x401}, {0x8, 0x992c, 0x9, 0x5bc0, 0x6, 0x1000}, {0x3, 0x2, 0x3, 0x0, 0x1ff, 0x7}, {0x46, 0x0, 0x3, 0x6}, {0x7, 0xfffffffd, 0x8, 0x7, 0x0, 0x1}, {0x1, 0xf6b3, 0xffff, 0xffff, 0x0, 0x1f}, {0x1, 0xfffffff7, 0x9, 0xff, 0x3, 0x400}, {0x3f, 0x9, 0x7f, 0x7fffffff, 0x6, 0xffff}, {0x1, 0x1, 0x3f, 0x6, 0x6, 0x1}, {0x7, 0x10000, 0xfffffe91, 0xffff9cbd, 0x4, 0x7}, {0x2, 0x6, 0x9f24, 0x6, 0x7fffffff, 0x7}, {0x6, 0xa00000, 0x6, 0x4, 0x2, 0x85a}, {0x7, 0x9, 0xfa0, 0xfff, 0x7, 0x4}, {0xfffffffc, 0x3ff, 0x8, 0x1800ad08, 0x80000000, 0x4}, {0x1, 0x9, 0xffff, 0xffffffff, 0x8000, 0x3}, {0x3, 0x7ff, 0x4, 0x6, 0xfffffffd, 0x40}, {0x7, 0x4, 0x1, 0x0, 0x5, 0x2}, {0x8, 0x9, 0x8, 0x7, 0x7, 0x47}, {0x2, 0x8, 0x5, 0x1d6f, 0x2, 0x40}, {0x9, 0x100, 0xc28, 0x0, 0xfffffe49, 0x3}, {0x455, 0xfffffffb, 0x86b, 0xfffffff8, 0xfffffffe, 0x80000000}, {0x1, 0x1000, 0x8, 0x1ff, 0xe78, 0x8}, {0x2831, 0x3ff, 0x1, 0xfffffff8, 0x7, 0x20}, {0x39d6ad50, 0x6, 0xfff, 0x5, 0x6, 0x1}, {0x6, 0x839, 0xffff, 0x3, 0x7ff, 0x400}, {0xfffffffc, 0x8000, 0x4, 0x480000, 0xb30b, 0x4}, {0x400, 0x80000000, 0x6a4, 0x4, 0x9, 0xfffffffe}, {0xffff, 0x5fd1, 0x9, 0x8001, 0x3ff, 0x1}, {0x9, 0x7, 0x100, 0x1, 0x1, 0x29}, {0x40, 0x2, 0x200, 0x3f, 0x80, 0x8}, {0x4, 0x58ac, 0x7, 0x400, 0x4, 0x217}, {0x9, 0x5, 0x9, 0x5, 0xfe, 0x400}, {0x5, 0x8, 0x8, 0x10001, 0x8a0a, 0x8}, {0x4f0, 0x3f, 0x6, 0xfe4, 0x4, 0x2}, {0x2, 0x6, 0x1000, 0x0, 0x1, 0x1}, {0x8, 0x6, 0xe9, 0x5, 0x67, 0x2}, {0x3, 0x1, 0x9, 0x100, 0x7, 0x4}, {0x4, 0xb3, 0x6, 0x6, 0x1d2b, 0x7}, {0x7, 0x9, 0xce8, 0x2, 0x6, 0x20}, {0x2, 0x64, 0x4, 0x5, 0x8, 0x189}, {0x1000, 0x8, 0x1, 0x200, 0x1ff, 0x7}, {0x9, 0xfffffffb, 0x7, 0x0, 0x26, 0x226}, {0x80000000, 0xd35, 0x100, 0x8, 0x1, 0x8}, {0x5, 0x4, 0x8, 0x7, 0x81, 0x1}, {0x7, 0x7, 0x1f, 0x100, 0x9, 0x100}, {0x8fa4, 0x0, 0x1, 0x4, 0x6, 0xfffffffa}, {0x18b, 0x401, 0x7, 0x10000, 0x3, 0x8}, {0x81, 0x401, 0xfffffff9, 0x800, 0x8, 0x1000}, {0x4, 0x2, 0x1, 0x2, 0x8000, 0x8}, {0x0, 0x2, 0x9, 0x6, 0x1f, 0x8}, {0x7, 0x81, 0x8, 0x8, 0x8, 0x5}, {0x4, 0x3, 0x0, 0x39, 0x8, 0x7}, {0x0, 0x1, 0x80000001, 0x3, 0x7e05714f, 0x1}, {0x5, 0x0, 0x0, 0x5, 0x1, 0x800}, {0x0, 0x2, 0x1, 0x6, 0xe2ce9400, 0x7f05}, {0x4, 0x7, 0x1, 0x7a97, 0x4, 0x80}, {0x7f, 0x4, 0xba5, 0x69c9, 0x1, 0x9}, {0x6, 0x80000000, 0x800, 0x4, 0x5}, {0x3, 0x3f, 0x5, 0x2, 0x26d, 0x7}, {0xfa, 0xffff, 0x5, 0x4, 0x5, 0x5}, {0x7, 0x44dc, 0x0, 0x40, 0x7, 0x4}, {0x39c6, 0x6, 0x4, 0x1f, 0x1, 0x8}, {0x0, 0x1f, 0x47be54e, 0x6, 0xe0a, 0x7}, {0x9, 0xe92, 0x7, 0x10001, 0x6, 0x2}, {0x0, 0xfffffff8, 0x1f, 0x800, 0x357, 0xe6}, {0x6, 0x3e, 0x84, 0x2, 0xfffffff9, 0x1ff}, {0x1000, 0xffffff81, 0x4, 0x7, 0xb47, 0x7}, {0x1, 0x7, 0x6, 0x28000000, 0x2a, 0xf84}, {0x4, 0x8000, 0xaa71, 0x9, 0x7fff, 0xff}, {0x401, 0x80000000, 0x4, 0x7ff, 0x80, 0x1}, {0x3, 0x10000, 0x475, 0xfffffff9, 0x2, 0xf6dd}, {0x0, 0x9, 0x8, 0xba7c, 0x5, 0x8a7}, {0x4, 0xff, 0x598a82dc, 0x4, 0x1ff, 0x3}, {0x8, 0x1, 0x8, 0x6f, 0xe1, 0x3f}, {0x5, 0x8000, 0x8b, 0x1, 0x8}, {0x0, 0x4, 0xfffffffa, 0x4, 0x5c, 0x6}, {0x7, 0x7ff, 0xa3, 0x1, 0x9f5, 0x8}, {0x3, 0x6, 0x4, 0x4, 0x7, 0x7}, {0x2, 0x200, 0x7, 0x619a, 0x9, 0x100}, {0x1, 0x0, 0x7, 0x4, 0x1, 0x8}, {0x0, 0xffff, 0xff, 0x6, 0x401, 0x4c}, {0x3, 0x1, 0xffffffff, 0xffff, 0x2, 0x100}, {0x3, 0x6, 0x101, 0x7, 0x7, 0x82386ced}, {0x0, 0x6, 0x8610000, 0x7e8, 0x8, 0x1}, {0x3f, 0x3, 0x7, 0x0, 0x5, 0x8000}, {0x1f, 0x9, 0x3, 0xb1c, 0x2, 0x2}, {0x0, 0x3, 0x3, 0x1, 0x9, 0x5}, {0xffff39f7, 0x24, 0x6, 0x4, 0x5, 0x400}, {0x7, 0x979, 0x80000000, 0x8001, 0xffff, 0x8}, {0x8, 0x7, 0x80000001, 0x5, 0x0, 0x9}, {0x7fffffff, 0x3ff, 0x5, 0x4, 0x8000, 0x2000000}, {0x8, 0x0, 0xaa88, 0xffff7fff, 0x7, 0x2aa}, {0x800, 0x3, 0x6, 0xfffffe00, 0xaf, 0x6}, {0x5, 0x3ff, 0xfff, 0x7, 0x7dfbc609, 0x380000}, {0x8, 0x2, 0x8, 0x7ff, 0x7, 0x8001}, {0x2, 0x1000, 0x100, 0x0, 0x4, 0x2}, {0x2, 0x200, 0x1, 0x1, 0x6, 0x9}, {0x0, 0xeef, 0xea, 0x6, 0xd6c, 0x1}, {0x7f, 0x5111c847, 0x1f, 0xffffff03, 0x5, 0xb45}, {0x1000, 0x480, 0xfffff000, 0x7fffffff, 0x401, 0x80000000}, {0x1, 0x5, 0xff, 0x4, 0x6, 0xada}, {0x1ff, 0x101, 0x1ff, 0x9, 0x5, 0x400}, {0xfffffff8, 0xfe, 0x7, 0x18, 0x72b, 0x8}, {0x7, 0x3, 0x2, 0xfb8, 0x0, 0x1}, {0x35c0, 0x5, 0x0, 0xfffffeff, 0x6, 0x43ce}, {0x3, 0x4, 0x4, 0x7f, 0x40, 0x3f}, {0x1, 0x6, 0x400, 0x20, 0x4, 0x7}, {0xd6, 0x6, 0x84be, 0xffdb, 0x4, 0xff}, {0x9, 0x7fffffff, 0x5, 0x40, 0x80000000, 0x20}, {0x9, 0x1000, 0x8, 0x2, 0xffffffaf, 0x80000001}, {0x2, 0x0, 0x7f, 0x7, 0x2, 0x8af1}, {0xca, 0x7fff, 0x33, 0x2, 0x3, 0x3}, {0xdb, 0x4, 0x100, 0x2, 0xfffffeff, 0x40}, {0xffff9553, 0x6, 0x3, 0x0, 0x2, 0x8}, {0x2e, 0xc00, 0x7f, 0xb4, 0x7fffffff, 0x5}, {0x5, 0x7f, 0x69ffd618, 0x7c, 0x37b, 0xa26e}, {0x3, 0x1000, 0x1, 0x2, 0x9, 0xe16}, {0x7, 0x10001, 0x102, 0x4, 0x7, 0x4}, {0x62f0, 0x8, 0x7, 0x7, 0x40, 0x9}, {0x0, 0x5, 0x3395, 0x1, 0x81, 0x8}, {0x5, 0x0, 0x2, 0x2, 0xb70d, 0x3}, {0x2, 0x93b, 0xb9c, 0x7fff, 0xf6c, 0xbdd}, {0x3, 0x7f, 0x800, 0x5, 0x2, 0x6}, {0x7, 0x7, 0x5, 0x6, 0x0, 0x7}, {0xffffffff, 0x101, 0x3f, 0x3, 0x80000000, 0xc49}], [{0x5}, {0x4, 0x1}, {0x5}, {0x2, 0x1}, {}, {0x3, 0x1}, {0x4}, {0x5, 0xef8c3d3def8d5666}, {0x4}, {0x5, 0x1}, {0x4}, {0x4, 0x1}, {0x5}, {0x2, 0x1}, {0x0, 0x1}, {0x3}, {0x1}, {0x5}, {}, {0x5}, {0x2, 0x1}, {0x2, 0x1}, {0x1}, {0x1}, {0x2, 0x1}, {0x4}, {0x3}, {0x2}, {0x0, 0x1}, {0x4}, {}, {}, {0x1, 0x1}, {0x0, 0x1}, {0x3}, {0x4}, {}, {0x1, 0x1}, {0x2, 0x1}, {0x2, 0x1}, {}, {0x0, 0x1}, {0x4}, {0x0, 0x1}, {0x4, 0x1}, {0x3, 0x1}, {0x1}, {0x1, 0x1}, {}, {}, {0x5}, {0x3}, {0x3da3354c41c302f1}, {0x1}, {0x2, 0x1}, {0x2, 0x1}, {0x3, 0x1}, {0x2, 0x514e4d1c18189eb7}, {0x4}, {}, {0x5}, {0x1}, {0x1, 0x1}, {0x3, 0x1}, {0x5, 0x1}, {0x3, 0x1}, {0x5}, {0x0, 0x1}, {}, {0xf628017a80a24c5f}, {0x3}, {0x3}, {0x1}, {}, {}, {0x3, 0x1}, {0x2}, {0x3, 0x1}, {0x5}, {0x1}, {0x2, 0x1}, {0x1, 0x1}, {0x1}, {0x0, 0x1}, {0x4}, {0x3}, {0x5}, {0x0, 0x1}, {0x3, 0x1}, {0x1}, {0x4, 0x1}, {0x2}, {0x3}, {0x0, 0x1}, {0x3}, {0x0, 0x1}, {0x1, 0x1}, {0x2, 0x1}, {0x2, 0x1}, {0x4}, {0x4}, {0x1, 0x1}, {0x3}, {0x1, 0x1}, {0x3}, {0x0, 0x1}, {0x3, 0x1}, {0x4}, {0x3}, {0x4, 0x1}, {}, {0x5}, {0x1, 0x1}, {0x5}, {0x5}, {0x4}, {0x5}, {0x2, 0x1}, {0x4, 0xe80abd6bd0b61818}, {0x5, 0x1}, {0x3}, {0x4, 0x1}, {0x5, 0x1}, {0x5}, {0x1, 0x1}, {0x4, 0x1}, {0x1}, {0x4, 0x1}], 0x1}}, @TCA_PEDIT_KEYS_EX={0x90, 0x5, 0x0, 0x1, [{0x3c, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_HTYPE={0x6}, @TCA_PEDIT_KEY_EX_HTYPE={0x6}]}, {0x3c, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x3}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x1}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x4}, @TCA_PEDIT_KEY_EX_CMD={0x6}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x7}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x3}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}]}, {0x14, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x4}, @TCA_PEDIT_KEY_EX_CMD={0x6}]}]}, @TCA_PEDIT_PARMS_EX={0xe38, 0x4, {{{0x3, 0xffffffff, 0xffffffffffffffff, 0x2, 0x9a}, 0x7c, 0xbb, [{0x1ff, 0x9, 0x1, 0x3, 0x0, 0xa7}]}, [{0x8000, 0x3, 0x4, 0x20, 0x6, 0x800}, {0x20000000, 0x4, 0x8, 0x5, 0xc00000, 0x4}, {0xffffd46d, 0x1, 0x4c, 0x407, 0xfffffff9, 0x4}, {0xfff, 0x8, 0x80, 0x0, 0x0, 0xfffffbff}, {0x101, 0x5cdf, 0x20, 0x7fffffff, 0xfffff8e6, 0x9ea7}, {0x1ff, 0x800, 0x200, 0x2, 0x9, 0x9}, {0x40100000, 0x400040, 0xfffffff9, 0xffffffff, 0x7, 0x6}, {0x0, 0x0, 0x5, 0x6, 0x9, 0x5}, {0x4b, 0x5, 0xffffffff, 0x0, 0xf6}, {0x9, 0x2, 0x1, 0x0, 0xd10, 0xfff}, {0x8, 0x80, 0x80000001, 0x7281baa3, 0x100, 0x6}, {0x8000, 0xfff, 0x7, 0x3a2, 0x6, 0xf6}, {0x2, 0x1, 0x1f, 0x800, 0x4, 0x80}, {0x8, 0xfffffffc, 0x7da9, 0x0, 0x4, 0xff}, {0x183, 0x3, 0x401, 0x0, 0x4, 0x5}, {0x7, 0x0, 0x69, 0x0, 0x2157359d, 0x5}, {0x7, 0x80, 0x3, 0x7, 0x7, 0x7}, {0x5, 0x3, 0x80, 0xfffffffe, 0x9, 0x8001}, {0x2, 0xbfe9, 0x2e, 0xf85, 0x6, 0x101}, {0xfffffb20, 0x96, 0x3, 0x0, 0x1, 0xffffffa7}, {0x58, 0x5, 0x800, 0x80000001, 0x5, 0xfff}, {0x10001, 0x1c, 0x6, 0x13, 0xce3c, 0xffffffff}, {0x4, 0x8, 0x100, 0x52, 0x4, 0x1}, {0x9, 0x4, 0x80, 0x0, 0x4, 0x81}, {0x7, 0x617931c7, 0x0, 0x7, 0x6, 0x1ff}, {0x6, 0x5, 0x1, 0x21, 0x2, 0xff}, {0x1f, 0x800, 0x3, 0x4, 0x5, 0x1}, {0x7fffffff, 0x3, 0xfffff800, 0x3, 0x7, 0x40}, {0x7, 0xfff, 0x3f, 0x80, 0x2, 0x3}, {0x4, 0x1, 0x0, 0x3, 0x2, 0x200}, {0x8, 0xffffff01, 0x1ff, 0x8, 0xfffff001, 0x6}, {0x3, 0x5, 0xbf, 0x1, 0x9, 0xfffffff9}, {0x3, 0x1, 0x7, 0xffff, 0x81, 0x3ff}, {0x3, 0xf8, 0x2, 0x8, 0x3ff, 0xc6b6}, {0x9, 0x4, 0x4, 0x7, 0x4000000, 0x9}, {0xd001, 0x7ff, 0x6, 0x1000, 0x1000, 0x7}, {0x400, 0x3, 0x1, 0xb0, 0x86, 0xfffffff7}, {0x788, 0x4, 0x5, 0x0, 0x9, 0x10001}, {0x7ff, 0x1f51, 0xfffffffb, 0x1, 0x4, 0x4}, {0x1a6, 0xfffffffd, 0x80000001, 0x1ff, 0xdc, 0x8001}, {0xf65e, 0x559aecc0, 0x3e, 0x80000000, 0x4561, 0x7663}, {0x9, 0x3, 0x8001, 0x7f, 0x3f, 0x9}, {0x81, 0x0, 0x5, 0x8, 0x3, 0x8}, {0x1, 0x2, 0x8, 0x6, 0x5, 0x2}, {0xfdd, 0x9, 0x8, 0x400a, 0x8}, {0x6, 0xffff, 0x56a662a7, 0x100, 0xfff, 0x1f}, {0x10001, 0x7645, 0x6, 0x80000000, 0x3, 0x4}, {0xc0000000, 0x6, 0x4af32578, 0x2, 0x0, 0x1}, {0xe41, 0x1, 0x200, 0xffff, 0x6}, {0x3f, 0x6, 0x84, 0xffff, 0x81, 0x4}, {0x6, 0x2, 0x1, 0xa6b2, 0xfffffffd, 0x7}, {0x9, 0x99, 0x2, 0x200, 0x2, 0x5}, {0x100, 0xb37e, 0x8, 0x5, 0x0, 0x1}, {0x3ff, 0x9, 0x0, 0x88, 0x7f, 0x9}, {0x5d2da31b, 0x436, 0x7, 0xd6d5, 0x1, 0x1}, {0x9, 0xe50d, 0x4, 0x7, 0x1, 0xfffffffe}, {0xffffffff, 0x3f, 0x800, 0x8, 0x1, 0x11ee}, {0x1, 0x80, 0x8, 0x3, 0xfffffff7, 0x7f}, {0x3, 0x401, 0x7fffffff, 0xffffff7f, 0x200, 0xd26}, {0x1, 0xffffff00, 0x9a4, 0x9, 0x1, 0x8}, {0x5, 0x1, 0x2, 0x7fffffff, 0x1, 0x401}, {0x7, 0xfff, 0x7, 0x5, 0x7, 0xffffffff}, {0x0, 0x7, 0x8, 0xc0}, {0x6, 0x5, 0x4, 0x4, 0x7fffffff, 0x8}, {0x20, 0x8, 0xd25a, 0x100, 0x2, 0x6}, {0x5, 0x7, 0xffff, 0x8e8, 0xffffff00, 0x400}, {0x9, 0x5, 0x1, 0x0, 0x5829, 0x8}, {0x3, 0x8, 0xb46a, 0x2571d39f, 0x3, 0xe8}, {0x2, 0xfffffff9, 0x0, 0x7, 0x7fff, 0xcd}, {0x2, 0x8, 0xff, 0x3, 0xfffff3ba, 0x1f}, {0x8, 0xffff, 0x4, 0xff, 0x1, 0x2}, {0x40f9, 0x2, 0x8, 0x4749, 0x8, 0x3ff}, {0x4, 0x6af, 0x7fff, 0x7, 0x0, 0x3}, {0xfffffffe, 0xfff, 0x20, 0x0, 0x4e5, 0x6}, {0x8001, 0x7e3, 0x1, 0xff, 0x396, 0x81}, {0x2, 0x1000, 0x1, 0x7, 0x10000, 0x6}, {0x0, 0x9, 0x2, 0x40000000, 0x7ff, 0x3}, {0x200, 0xffff, 0x7, 0x96, 0xffff, 0xfffeffff}, {0x20, 0x8001, 0x1, 0x840000, 0x2, 0x8}, {0x1, 0x3a64, 0x6, 0x7fff, 0x6, 0x8c2f}, {0x4, 0x86, 0xc4fa, 0x8, 0x5, 0x8000}, {0x7, 0x1, 0x200, 0x0, 0x5, 0x6}, {0x800, 0x8, 0xbcc3, 0x3, 0x3, 0x6}, {0x6, 0x21, 0x6, 0x5, 0x401, 0x10000}, {0x10000, 0x7, 0xf84, 0x3, 0x1, 0x1f4ce609}, {0x4, 0x6, 0x200, 0x248, 0x0, 0x64e1}, {0x8001, 0x2, 0x9, 0x1, 0x1, 0x7fffffff}, {0x8bc0, 0x55a, 0x1, 0x9, 0x0, 0x5}, {0x5, 0x6, 0x7, 0x2, 0x100, 0x7}, {0xffffdfdf, 0xc2, 0xffff, 0x3, 0x40, 0x5}, {0x6, 0x7, 0xfffffff8, 0xff, 0x7, 0x1}, {0x5, 0x6, 0xf5, 0x6, 0x3, 0x7}, {0x7, 0x5, 0x7b253972, 0x80000000, 0x7, 0xff}, {0x8, 0x9, 0x1, 0x8, 0xed2, 0x3}, {0x7fff, 0x2279, 0xff, 0x0, 0x2, 0x3}, {0x81, 0x2, 0x2, 0x7, 0x9, 0x3f}, {0x2, 0x5, 0x7fff, 0xff, 0x1a, 0xd27e}, {0x5, 0x400, 0x6, 0x8000, 0x3, 0x8}, {0xbb, 0x40, 0x0, 0x9, 0x0, 0x5fd80000}, {0x0, 0x5, 0x3, 0x8001, 0x9, 0x80000000}, {0xfff, 0x1a03, 0x71, 0x100, 0x6, 0xeef}, {0x4, 0x7, 0x10000, 0x6d, 0x0, 0xffff0000}, {0x800000, 0x5, 0xadb6, 0x4, 0x4, 0x9}, {0x4, 0x1, 0x4, 0xffffffff, 0xffffff57}, {0x3, 0x1, 0x5, 0x0, 0x7, 0x2}, {0x2111, 0x101, 0x7, 0x40, 0x8, 0xffffffff}, {0x7, 0x4, 0x3, 0x8e96, 0x8001, 0xa1}, {0x7fffffff, 0x9, 0xd1a0, 0xfff, 0x4, 0x4}, {0xffffffff, 0x7, 0x2, 0x7, 0x8000, 0x200}, {0x80000001, 0x5, 0x8, 0x0, 0x1, 0x5}, {0x5, 0xfffc0000, 0x4, 0xb3, 0x7a, 0x100}, {0x48, 0x10001, 0x200, 0xb73, 0x1f, 0x8}, {0x9, 0x8, 0x9, 0x7, 0xa51f, 0x7ff}, {0x7, 0x8000, 0x4, 0x2, 0x6, 0xd4}, {0x200, 0x0, 0x3, 0x100, 0xc2d5, 0x8}, {0x81, 0x7, 0xff, 0x0, 0x195}, {0x9, 0x101, 0x20000000, 0x1, 0x7f, 0x40}, {0x2, 0x7fffffff, 0x8, 0x7, 0x7, 0x44}, {0x2, 0x0, 0x1, 0xffff0001, 0x1}, {0x9, 0x8000, 0x1, 0x75, 0x8407, 0x2}, {0x8, 0x6, 0xfffffffe, 0x80000000, 0x0, 0x80000000}, {0x400, 0x5, 0xffff0001, 0x6, 0xb7, 0x10001}, {0x2, 0x8, 0x0, 0x5, 0xffffffc1, 0x6}, {0x5, 0x2, 0x3, 0x1, 0x2, 0x1}, {0x7fff, 0x5, 0x7, 0x10000, 0x3, 0x7}, {0x180000, 0x6, 0xb7, 0xfffffffc, 0x3, 0x400}, {0x8, 0x6, 0x8, 0x8, 0xfffffffc, 0xdb}, {0x10000, 0x4, 0x5, 0xffffaf2c, 0x4c54, 0x6}], [{0x3, 0x1}, {}, {0x5}, {0x0, 0x1}, {0x5}, {}, {}, {}, {0x0, 0x63feaf9801dc13f4}, {0x5}, {0x1}, {}, {0x6}, {0x3, 0x1}, {0x1, 0x1}, {0x4, 0x1}, {0x5}, {}, {0x2, 0x1}, {0x2}, {0x2}, {0x4}, {0x2}, {0x5, 0x1}, {0x4, 0x1}, {0x1, 0x1}, {0x7}, {0x3}, {0x2}, {0x5}, {0x0, 0x1}, {0x3}, {0x4, 0x1}, {0x4}, {0x5, 0x1}, {0x1, 0x1}, {0x0, 0x1}, {0x1, 0x1}, {0x4, 0x6ca674b64e3e07da}, {0x4}, {0x5, 0x1}, {0x4, 0x1}, {0x4, 0x1}, {0x1, 0x1}, {0x4}, {0x1, 0x1}, {0x4, 0x1}, {0x5, 0x1}, {0x1}, {0x4}, {}, {0x4, 0x1}, {0x2, 0x1}, {0x0, 0x1}, {0x1, 0x1}, {0x3}, {0x0, 0x1}, {0x4}, {0x5}, {0x4, 0x1}, {0x3}, {0x1}, {0x5}, {0x1, 0x1}, {0x0, 0x1}, {0x4}, {0x3, 0x1}, {0x1, 0x1}, {0x3, 0x1}, {0x4, 0x1}, {0x2, 0x1}, {0x0, 0x1}, {0x1, 0x1}, {}, {0x4, 0x1}, {0x0, 0x1}, {0x3}, {0x0, 0x1}, {}, {0x4}, {0x0, 0x1}, {0x2, 0x1}, {0x1}, {0x3, 0x1}, {0xa, 0x1}, {0x2}, {0x1}, {0x2}, {0x3, 0x1}, {}, {0x3, 0x1}, {0x1, 0x1}, {0x5}, {0x5, 0x1}, {0x4, 0x1}, {}, {0x2, 0x1}, {0x5, 0x1}, {0x5}, {0x2, 0x1}, {0x2}, {0x0, 0x1}, {0x5}, {0x3}, {0x2}, {0x5}, {0x6, 0x1}, {0x4, 0x1}, {0x1, 0x1}, {0x5e785a44af5094fd}, {0x1, 0x1}, {0x2, 0x1}, {0x3, 0x1}, {0x3}, {0x3}, {0x4, 0x1}, {0x2, 0x1}, {0x2, 0x1}, {0x2, 0x1}, {0x0, 0x1}, {0x5}, {0x4, 0x1}, {0x3}, {}, {0x4}, {0x5, 0x1}, {0x1, 0x1}, {0x4, 0x1}], 0x1}}]}, {0xe4, 0x6, "abfd29742a69e0a5401d2befcd88003ca40490862f7ba7d82f818029692e7ea617d13b541189b9d107f677eccd11fe233e2e04473d00a354c2815580442d663add1420808f9ab9dfccf3b169f756ac17ec2c0e0294f34b580be9ea73c1a26315ba331edd05ba699953d571c5b536109499bafd5e65a1a7d4b84c62949e4ad36b98f46cd7773cd09765b02a334a2ed8831fde11df2daba0a2d69102321f15da6db56686643309d7424fe531d222f6735f0bb732afbdba0eb18a790aa4d5ab369371f283414bd31df96f0f44634e4cbb7b6701ca2c8db12a8cb0a46045b9e53215"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}]}, @TCA_FW_INDEV={0x14, 0x3, 'bond0\x00'}, @TCA_FW_MASK={0x8, 0x5, 0xede2}, @TCA_FW_MASK={0x8, 0x5, 0x5}]}}, @filter_kind_options=@f_u32={{0x8}, {0xf8, 0x2, [@TCA_U32_SEL={0xe4, 0x5, {0x6, 0x6, 0x6, 0x40, 0xff, 0x1, 0xfffb, 0xd95, [{0x6, 0x2, 0xb662, 0x3}, {0xfffffff9, 0x1, 0x4, 0x7}, {0x6, 0xa1a3, 0x2538000, 0xc3}, {0x8, 0xff, 0x6, 0x7fff}, {0x3, 0x8, 0x3, 0x4}, {0x2, 0x1000, 0x7, 0x8b}, {0x8, 0xc8, 0x9682, 0x2}, {0x3ff, 0x5, 0x7, 0x7f}, {0x1, 0x1, 0x4, 0x3f}, {0xe815b9dd, 0x1, 0x800, 0xfc}, {0xb2, 0x5, 0x6bca, 0xfffffffb}, {0x7fff, 0x0, 0x2965, 0xfffffffd}, {0x401, 0x1f, 0x8, 0x1}]}}, @TCA_U32_LINK={0x8, 0x3, 0x6}, @TCA_U32_CLASSID={0x8, 0x1, {0xfff1, 0xd}}]}}, @filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_TCP_DST_MASK={0x6}, @TCA_FLOWER_KEY_UDP_SRC={0x6}]}}, @TCA_CHAIN={0x8, 0xb, 0x1}]}, 0x6d90}}, 0x0) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000000c0)={[{@rlog_wakeup_cnt}]}) 03:40:38 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000008300002c003480"], 0x60}}, 0x0) 03:40:38 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) 03:40:38 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000003002c003480"], 0x60}}, 0x0) [ 845.353987][ T3966] ref_ctr increment failed for inode: 0x4f7 offset: 0x0 ref_ctr_offset: 0xfffffff6 of mm: 0x0000000053698efc 03:40:38 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x8002a0, 0x0, 0x0) 03:40:38 executing program 2: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) perf_event_open(&(0x7f00000002c0)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0xfffffff6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', 0x0, 0x0) write(r0, &(0x7f0000000040)="80", 0x1) mmap(&(0x7f00002a4000/0x4000)=nil, 0x4000, 0x1800007, 0x12, r1, 0xffffc000) openat(r0, &(0x7f0000000080)='./bus\x00', 0x80000, 0x108) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x4052, r0, 0x0) clone(0x4202000, &(0x7f00000000c0)="e3c46c224a9bf50677c739211b69775a184d97a41753fda40d5a10af9db3e3860c13cbb0a7f934fa6547dbba03", &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000340)="84bc08730228d76975be975226d8becd03b623b7be3c4ce3ec5f6c73f9fb2e0fc753f2e34552d7723f05a503a10f490de1d615a74e276b7a4cfdf581d60573f326590a4fdb45b297c9d4980ae0333df3457c163d6e7dc5364bcc06f0879ae61394f637a5111bed1a0fc561217e56977a7e6874820ccfd36dd3e3361dc5e1b5c1a5236582ba9ec8c9d6ed9e25c1d5ce2ed24de06edb823d72b4afccb9a833aaf76ead11a180f121477d04d8be9c104094653c707c313af85758f41f49e1ea5524320cbf8f4914a49bff09c3aff5e9cbd3ffce4fb8b9c307c6f05dc11d4063524e9e29114077ff28dd8fa9ba827054af7a056d7e1ea70efab543562a9d077d85cf2a1e4fe55b2fa846cc92eed57b67c7fd51b281b88256703314370ad710031d555319259aa8fd12dd3be31b3b2031ac9c56288f4f5c8e440dff0f832a3ab9c582fc02c04b6ae51e6a594e196b5e953a047e23ecb6852b633d4a0322b67b80d803f932fcff3be9227b35f7fff8e7af150e1e8ac8389da5ed4e5e3bf18fdc707909cc8fab5df732481710c43aea7a498ff5023b10997eb8d61141a04bb325b09b55b89dc9d7ad1a533bd39c707db0a0b4046a7f2cc3265e5d998d7adfcea44c776a553e400e625f36544c5060abfbe25e735d7bed13521d0b57b7c77b90fa36fba916e43f36da594732d4ec68c4601f980680827414f6959d2587167a3080aca7d236fb9da1de5d6d1f7f13725387f5727609d8562908bd3d2e6e12295aa6a773d19dbf9a56274dc9f28d09da3a04f3c88a779eb51aa120c54cff574d9295387f44416e7b8cf469e955bc9cc266b046cd9133a3fcf446cf2cf9255c9231901dbdbec08797efde5c94d8fbe256488e3a4ddbba1de9bb3b88cd0edba16bf8f416bedc62116e0e8a74182c53033f939f257e5ae0e236fa8463ac9415064610efee3cb54e0d8becdf314fa0e5d9aa2ce763a3e0d2ceda385573509f08da8cf71896b448fba1243ede14786d5eee9c5d253bc7f6d3c9c04dde36cd0a38836d258cb1a30397c3fda8b11be7e24456ed3c65c865cdf6f6531bb918ccfce1a1a610f70b1706b49223f50517dc1b295fd51640c1410c0fa677cfdbd7b4c6149e5d543edd19a583c967a03eac593c3731c11e44727a739fec7854192f14b94f4e271b9d564266b489df2d19c9fe55f5b9d9bee745b385b1bf8c229bef1f2dabe63ac9e43616f7af82895724ee16f88c13320d98581a0f71423f19454f90a91005b9664cac8fa1f5dfb792b94e6509f2f7dc8c2aa1b31504f160ca9ccf81173cd72e794d65a87a5ca02da1dfa3ce06e32e72a4a62af2bad93bc31117436e9aa3079026adbf669d13cfcd162277ef859608d374a72da5d2d2c4dac2e3cc62d7a9507e78ce9f4593857e27b87f264eddce736de86f1ca6a63fa75d7c60882c2882900913ec011e1d6bc0ce00350d539f98511f56b1ac0f8285e0554a5363b06a95092e7963b82c964b50b5da2f112c0116744a59369d50772071dcbabd4a031104b3c2bc543f1b9058de2352ae6161e9a6b713883a355dc3e9289dd5c2b6ee856b70e95a6a8e17e9804e616a7f080f9e401e3ac2bf56ac20d005ac9115611d840bb56dd9b50c29b8ce0c9866670e421db3ea3fbe5a1436063faafa58b27e9a65603f8a72c4aae5f483807e553485253eb4fe3edec01af6db1e589574710b9df363756002c164e9b341702ba26eac1b697cf9501f60fb9b21bbfd8a099eef85ca270201c78b660a07e440d26536fcf9b6dbe8e41e9e4cf92576bc79ac1c2cbb63e415835dd6abd1f5b3cb933dadb02812022cbdf17690e2f0ec45f9237485ac5c7a254937ed65f40b23aa1f335eccd00f58326754b52aaeff600b9e9310fc1b6584839ad70adaa1e83a1e198ed5a42c4867f1ef2885b90d1287abf9dd6a7a5d428a4cc80b93523b12550d1da3ed9fd218e541862a1bab9b2790f81e3c4234cf233d9d72789fd9fc2fe938a5eb3e6f9e55b6ccd3b14b2f80c8a54760b1957bc8926cda06dd149d7bea901fd71322b0d4901e3afe71b7782f97b30fa31a4453b2d024efc82214d712a55ea8b0b963870429069583f95bdc735af5808a70f2fe552b6f365f9ccbef9c9001728f445704f877c1048e2b683e7b0ff9440b6e35b814358e0962318346c756c6a45d584fea329e9256b92a87c865aa3077dcab801b4acc1992536ab0dd2ef5bfb95b1b9b630b43644d99f0659338c6cffe6c02ffc1a37960d7ab35f3fabd347e87c41eba5edaead8f26c09f3b180e08f989a7a1601ccafd87104dc29a3d778d356ac2eebbe1af594aaa279b7a3d4c1f3ab5771069e09682214bae9e24742e67845d24d4e6e36e59787f6a915f0501ca0c6f263354180a208798928f067c0d8a6c8990f12f6656e4a80634112726064132df49aca10363f0008946800cf62b0e6147a232353f2f3ef5fb18779c1f8e2ab0a3ac61a800c0fde746f3805849442678de7f17f341c0816aff4bab102f6dc3afbcb42c3f16959b74b7653d64e32fe8f789a3ff45af6c933cce8234c7921e6af5b18ce64ecdd9514f2597b8e707ca71b5b194a579c85c7c56ab2b3654cfee9f24ac3fa0b202d3246661425576f9b1c07a163a3fff9777e6244f54982ed2034f0f734e04a76c2beff5b4f42b4c4a634ab23d5472a3f14cedc96627a6d0b94c3bdcd7a20b3971a941bdde290deabaef86b12deb63dd7ad629a896870149147a2f216d9e34969d3ba69325e0184b6d88b3aba54c8076289e794f8a10ee2fe7a48839fa604897039f0ba128bf6934e84b67231d0e2399c291c808633b0139cf7f2a80451bc57f2762f9162d7506176f0e11b51f57835b9d6c3dbb225ba68854d3989c83f7d6d48c689e31c8c09572ced86fb120fedf397818893b5bd2ecb05e5e60e3392de93a62b1bb8fceffcfa5e1f808e60147b566816e42b97ebb45702cb7128a5cc0b48acc7f5fd25067ea202dc005c828e1afe0498ee36d4927d64d27e95611210985b142e0588c47678904944e6d84e5084cb7d155414b986d60b1a6fd7ab88ce5563750b2d612f0013589b01537d19e81583bfdb7fe1b5ce472316727df7d715de77e1500e3946be5b6ad1c6c62ab73493412354abacd53b52b204976724d5346bcad311625898d5cbb1b9764e9f30cd91c2a366cd9a5d8b4299680f7861c9a2d78043044b303b7015f855826f377b519f2b8ed70eb7870bed41b29391a80db42bb9b55bdf3c64db1622285ef30223d75173d2b61009465e9f7bb89101b4f0acd9fe29d78290281ebefe2db6ccfb8856b531859a1a7a6a8369bdf241ca8ac8272ffc6377f4589acff139ec4433ff0f964c4065b5dea4f2e0b88199de16fb27c4510c685e503aad2868cc96d10e0dfb5104f252dd62d270e7c3f2b22ff341f01db470a91329466e34144787c18a33c5d225f1e83dd19814e2665f5785f49e4014f436b1f121e6f6da25b6bf32791f5a7a14d7ee5fb3532f9041488b05b6be5f987f0a04e15407fc17f0175938438bf91c5faadea2eef8bb1343d7467c341b19508129dd3781aa7ced6aee48617a8a407fe0ae2ea69fd498ab84a740f87585105e9a09fe49404015898fa4193ecd4bfcd6bb8d439defd8de73bd149d71e193a82761c2acc37122943df1ed006f033285d2e67627465809c3d9325af51f5fd04c45aea8a8b52b7c52bbe5dfaed45c1c80405ce9d22653a77e5537768626cefb3e8c049406ee98fb31fb37e46e1fda290a14b7e88ef0f106f7dbf46eb27de041a0d9e5ab1e6e965ec16de2211132be54566b731c868d3ec132228c1612f8e92fffd11bd2b9dd3bf79f9285693b57e1772d5b12f8cea028f678743ef83554938b2ff3d62906f4e877caa7208a8c71de050ee363fd1f58f60d8dd2220a8631e4cb594f80d5b60c041df9ce6cded89afa4e042ed440055d193679c3118160c558529f1ff7c1ff3cdfe593f416566d06232cbaa4a0be5daaf5157c683c943c8162a38067a08f9fa5f688ada924778beb1011603ae90428795dceaed6d75afc78d1cdd55c522a7b72769379d9d187dd6457da22ec703c7fb66cb38840fc97723f7d6ad0abfa1245b263b782947860d47a29f1d38f00d74b17f7df59d076f07670d4cad6e413e1bf10811a24b5d921247e796997560b6a4538e800e22a2ad563dcbc877b8668d7947be6d990235c795b45f7f9c64c11808898822dd757131f475252093b7e677b561fdad51ee040d5ca43628fdd34e5280668c6585e8d9ad2ba80b3ce22c3540c10499f6442a219a9cc1164a99d7f41681287a41800602ec364cd383a62f864853226430f109e7ad1b4dae4b2cdb4f7e521b28f0e76d43ca25c23c482c439aea49fb1b2f22d6c7f95cd7f0c5cc0df127f328d9eb19cf0816bf4bf072962e264c73ca924d9bc19c51fbb7703114db60b80d01a470e3ffe80128052e96738bdf56f85c0f7823c18e415d6408b79408c393daf358a412a40a915d1b60dd2193451ad9abc3a8b1c4bbe775f7aa3599dbd5b3a27181945f35610ce41834ec6ae45feb31f71b53bbcc709d9a9bff93dc8d86f3afde723642ec89ae2a02a403586cbe0176e2194b4280e3c823f227b5d1ef367f66b4825d2b0124ff252aa840268c2df04969dc687c640afac0479d40a3a95dfdb994f0ad187cfb92ca2b641647ab852fb464d7e43ab86c9691a4544659575f133255a1dbc834f97af25486514a5a3ddfdda092959b6965fc9133a29d2652837cefc96bf3fc44f7705c7b14b66ac40b4c88b36ab978008cf5a05ee0e0b583623692456df9d9dce9a25e513caa23144770abdb000db025655ed18a37fa40bd97b531a7bd673ea79ac209738e30be1e11cd8e3a6bd38eb4fb73401e2c86e0c03387a27f78be862f4a5bbef304778b6f0e7d6ad9eab931ec5deed33985e70b21f827e6a8b243e7bb85f7c192629c9e8c2eab4ec609ea5f8a7286f5cc91b13c586a22b2f6600ee849fffb2f213ed514131d42706ed634a888a347370cc141c58732d253c7f9ea8b2f0151288c1005090a26c735680289bf5e34814719aaf07b08b39da93c87b559abea511bc6c4f80e4fdf04852002f3b9cc42462f287d743488bcbe465a06288e750691a49c7094b96b93447179cfa02e2def943172b5be9e5eda8c750304fabf7aecb34273e287004bdbb558f6865f03c17a04effc9c69757282a98bc4cbf77af3ff8b211dc2544ddb97d1b05cc6d03df690e7aa0a395a3ebf3604e6682575a286cbbabf4080c2a5071ca75234cd1480227136132f242952fc171b8f1f4adeb929fd75f3f1cff972da78f083e610e615660ce35bca4a06a5622009ae977a2c9e5a1bcfa26699c354817343de769f11d3943165e2c956d8b0f9c6bfc3f203257a0985976f7bf92c26256274d96f2bb5a6fbccabfd281fec82800dd6a5b7ae4576390c5e83fb2cf35d390a3a8fb287ca364d741e43338c96d734cf35c9178d2e04eecb7770d778a3f06278f62812b2828c996fc6e931ed143e07695ce97226e81d19b0a9bf9588fd5a238e9ee15ce74fa32c118e5796ca3bee5f5f0e1b0ac24e93fd4c7c69665dd6c3a352504a2e6a6750d0f090ced3aaf8b6c158779b1c40c3252576fd62beb0941e39fbcec85111ad862f8c6c0990214646174daefcb02e96f179c4df974fd9574d9a6cc2e68f2cfaf42e88df002bfc00b70a9fba98315d4f8da0381656ea0b0824b72fae440a7af8e199dd5bedceed7a83880915c3573525412dffe068f740e247bf672189aebb4511c7f858c0e5530") 03:40:38 executing program 3: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) perf_event_open(&(0x7f00000002c0)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', 0x0, 0x0) write(r0, &(0x7f0000000040)="80", 0x1) mmap(&(0x7f00002a4000/0x4000)=nil, 0x4000, 0x1800007, 0x12, r1, 0xffffc000) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000000)="fc0000001d000724ab09254ec100070007ab08001b000000f0ffff002100057e0000000000000e000039000000039815fad151ba0101099cecb94b46fe0000000a00020025", 0xffffff0c) r3 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r3, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) listen(r3, 0x12) close(r3) r4 = syz_open_dev$vcsu(&(0x7f0000000100), 0x4, 0x1c2) ioctl$KVM_SET_IDENTITY_MAP_ADDR(r4, 0x4008ae48, &(0x7f0000000180)=0x10000) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000010d00)=ANY=[@ANYBLOB="900601002d000105", @ANYBLOB], 0x10690}}, 0x0) splice(r0, 0x0, r2, 0x0, 0xffffffffffffffff, 0x13) linkat(r2, &(0x7f0000000080)='./bus\x00', r0, &(0x7f00000000c0)='./bus\x00', 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x4052, r0, 0x0) 03:40:38 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) 03:40:38 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB='rl00000,\x00'/22]) [ 845.410948][ T3966] ref_ctr increment failed for inode: 0x4f7 offset: 0x0 ref_ctr_offset: 0xfffffff6 of mm: 0x0000000053698efc 03:40:38 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000005002c003480"], 0x60}}, 0x0) 03:40:38 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x943577, 0x0, 0x0) 03:40:38 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 1) [ 845.483923][ T4107] ref_ctr increment failed for inode: 0x4fa offset: 0x0 ref_ctr_offset: 0xfffffff6 of mm: 0x000000006087fa42 03:40:38 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000006002c003480"], 0x60}}, 0x0) 03:40:38 executing program 4: syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r3 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r2, r1, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r3, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(0xffffffffffffffff, 0x45f5, 0x0, 0x0, 0x0, 0x0) 03:40:38 executing program 1: mkdir(&(0x7f0000000040)='./file1\x00', 0x0) chdir(&(0x7f0000000080)='.\x00') rename(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='./file1\x00') mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="726c6f675f77616b6575705f636e743d30303030303030303030303030303030303030302c0088359a57f9f3b68df0d69119968710ea"]) mkdir(&(0x7f00000000c0)='./file0\x00', 0x40) 03:40:38 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0xf0ff7f, 0x0, 0x0) [ 845.561026][ T4128] incfs: Options parsing error. -22 03:40:38 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000007002c003480"], 0x60}}, 0x0) [ 845.595184][ T4141] netlink: 67180 bytes leftover after parsing attributes in process `syz-executor.3'. [ 845.613943][ T4141] ref_ctr increment failed for inode: 0x4ef offset: 0x0 ref_ctr_offset: 0xfffffff6 of mm: 0x000000003eb86e63 [ 845.626486][ T4142] FAULT_INJECTION: forcing a failure. [ 845.626486][ T4142] name failslab, interval 1, probability 0, space 0, times 0 [ 845.640053][ T4142] CPU: 0 PID: 4142 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 845.651593][ T4142] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 845.661645][ T4142] Call Trace: [ 845.664937][ T4142] dump_stack_lvl+0x1e2/0x24b [ 845.669614][ T4142] ? devkmsg_release+0x127/0x127 [ 845.674544][ T4142] ? show_regs_print_info+0x18/0x18 [ 845.679741][ T4142] ? __kasan_check_write+0x14/0x20 [ 845.684849][ T4142] ? _raw_spin_lock_irqsave+0xf8/0x210 [ 845.690301][ T4142] dump_stack+0x15/0x1d 03:40:38 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) listen(r0, 0x12) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) listen(r1, 0x12) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000200)={0x0, 0x0}, &(0x7f0000000280)=0xc) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r4, &(0x7f0000000000)="fc0000001d000724ab09254ec100070007ab08001b000000f0ffff002100057e0000000000000e000039000000039815fad151ba0101099cecb94b46fe0000000a00020025", 0xffffff0c) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000010d00)=ANY=[@ANYBLOB="900601002d000105", @ANYBLOB], 0x10690}}, 0x0) splice(r5, 0x0, r4, 0x0, 0x1, 0x0) pipe(&(0x7f0000000200)) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0x7, &(0x7f00000003c0)={0x40061, 0x7, 0x80000000, 0xfffffffa}, 0xfffffffffffffd3b) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="726561645f74696d656f75745f6df33d303010303030b3c03030303030303030303030342c657569643e", @ANYRESDEC=0xee00, @ANYRES64=r2, @ANYRESDEC=r3, @ANYBLOB=',fsname=readahead,permit_directio,\x00']) r6 = openat$incfs(0xffffffffffffffff, &(0x7f0000000180)='.log\x00', 0x111900, 0x2c0) r7 = syz_open_dev$vcsa(&(0x7f0000000240), 0x1ff, 0x1) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r7, 0x6, 0x21, &(0x7f00000002c0)="576fff70dc84a9092a326756b45c61a0", 0x10) symlinkat(&(0x7f0000000080)='./file0\x00', r6, &(0x7f00000001c0)='./file0\x00') [ 845.694451][ T4142] should_fail+0x3c0/0x510 [ 845.698863][ T4142] __should_failslab+0x9f/0xe0 [ 845.703670][ T4142] should_failslab+0x9/0x20 [ 845.708160][ T4142] kmem_cache_alloc_bulk+0x30/0x3f0 [ 845.713357][ T4142] io_submit_sqes+0x6bf/0x2da0 [ 845.718117][ T4142] ? _kstrtoull+0x3cb/0x4d0 [ 845.722626][ T4142] ? io_uring_add_task_file+0x290/0x290 [ 845.728171][ T4142] ? security_file_permission+0xa8/0xc0 [ 845.733719][ T4142] ? __kasan_check_write+0x14/0x20 [ 845.738833][ T4142] ? mutex_lock+0xa6/0x110 [ 845.743245][ T4142] ? io_uring_add_task_file+0x127/0x290 [ 845.748782][ T4142] ? __fdget+0x1b5/0x240 [ 845.753005][ T4142] __se_sys_io_uring_enter+0x322/0x12b0 [ 845.758536][ T4142] ? __fget_files+0x26d/0x2c0 [ 845.763204][ T4142] ? __kasan_check_write+0x14/0x20 [ 845.768297][ T4142] ? fput_many+0x47/0x1a0 [ 845.772620][ T4142] ? __x64_sys_io_uring_enter+0x100/0x100 [ 845.778324][ T4142] ? __ia32_sys_read+0x90/0x90 [ 845.783076][ T4142] ? debug_smp_processor_id+0x1c/0x20 [ 845.788448][ T4142] __x64_sys_io_uring_enter+0xe5/0x100 [ 845.793908][ T4142] do_syscall_64+0x31/0x70 [ 845.798323][ T4142] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 845.804212][ T4142] RIP: 0033:0x7f5fb5d49a39 [ 845.808628][ T4142] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 845.828241][ T4142] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 845.836652][ T4142] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 845.844612][ T4142] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 [ 845.852581][ T4142] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 [ 845.860546][ T4142] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 845.868514][ T4142] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:40:39 executing program 3: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) perf_event_open(&(0x7f00000002c0)={0x6, 0x80, 0x0, 0xfe, 0x0, 0x0, 0xfffffff6, 0x0, 0x2100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x1, 0x3f}, 0x0, 0x0, 0x0, 0x1, 0x9, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x3, 0xb3) write(r0, &(0x7f0000000040)="80", 0x1) mmap(&(0x7f00002a4000/0x4000)=nil, 0x4000, 0x1800007, 0x12, r1, 0xffffc000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x4052, r0, 0x0) 03:40:39 executing program 4: syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r3 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r2, r1, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r3, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(0xffffffffffffffff, 0x45f5, 0x0, 0x0, 0x0, 0x0) 03:40:39 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000009002c003480"], 0x60}}, 0x0) 03:40:39 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000180)={[{@rlog_wakeup_cnt}, {@no_bf_readahead}]}) 03:40:39 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 2) 03:40:39 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0xfeffff, 0x0, 0x0) 03:40:39 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f0000000000000000000000a065002c003480"], 0x60}}, 0x0) 03:40:39 executing program 4: syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r3 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r2, r1, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r3, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(0xffffffffffffffff, 0x45f5, 0x0, 0x0, 0x0, 0x0) 03:40:39 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) write$P9_RREADLINK(0xffffffffffffffff, &(0x7f0000000080)={0x10, 0x17, 0x2, {0x7, './file1'}}, 0x10) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000000c0)={[{@rlog_wakeup_cnt}]}) 03:40:39 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x1000000, 0x0, 0x0) [ 846.396873][ T4584] incfs: Options parsing error. -22 [ 846.412143][ T4585] FAULT_INJECTION: forcing a failure. [ 846.412143][ T4585] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 846.425986][ T4585] CPU: 1 PID: 4585 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 846.437546][ T4585] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 846.447596][ T4585] Call Trace: [ 846.450863][ T4585] dump_stack_lvl+0x1e2/0x24b [ 846.455514][ T4585] ? show_regs_print_info+0x18/0x18 [ 846.460719][ T4585] dump_stack+0x15/0x1d [ 846.464847][ T4585] should_fail+0x3c0/0x510 [ 846.469236][ T4585] should_fail_usercopy+0x1a/0x20 [ 846.474231][ T4585] _copy_from_user+0x20/0xd0 [ 846.478794][ T4585] __copy_msghdr_from_user+0xaf/0x730 [ 846.484135][ T4585] ? __ia32_sys_shutdown+0x70/0x70 [ 846.489222][ T4585] ? is_bpf_text_address+0x1a2/0x1c0 [ 846.494477][ T4585] io_recvmsg_copy_hdr+0x1cf/0x7f0 [ 846.499561][ T4585] ? __kernel_text_address+0x9a/0x110 [ 846.504903][ T4585] ? io_poll_remove_one+0xf90/0xf90 [ 846.510089][ T4585] ? arch_stack_walk+0xf8/0x140 [ 846.514912][ T4585] io_issue_sqe+0x2ccf/0xfc10 [ 846.519562][ T4585] ? __io_req_task_cancel+0x720/0x720 [ 846.524908][ T4585] ? __rcu_read_lock+0x50/0x50 [ 846.529645][ T4585] ? is_bpf_text_address+0x1a2/0x1c0 [ 846.534916][ T4585] ? stack_trace_save+0x1e0/0x1e0 [ 846.539929][ T4585] ? __kernel_text_address+0x9a/0x110 [ 846.545272][ T4585] ? unwind_get_return_address+0x4c/0x90 [ 846.550891][ T4585] ? arch_stack_walk+0xf8/0x140 [ 846.555733][ T4585] ? __rcu_read_lock+0x50/0x50 [ 846.560471][ T4585] ? is_bpf_text_address+0x1a2/0x1c0 [ 846.565726][ T4585] ? stack_trace_save+0x1e0/0x1e0 [ 846.570725][ T4585] ? __kernel_text_address+0x9a/0x110 [ 846.576070][ T4585] ? unwind_get_return_address+0x4c/0x90 [ 846.581673][ T4585] ? arch_stack_walk+0xf8/0x140 [ 846.586493][ T4585] ? stack_trace_save+0x11b/0x1e0 [ 846.591489][ T4585] ? stack_trace_snprint+0xe0/0xe0 [ 846.596572][ T4585] ? __rcu_read_lock+0x50/0x50 [ 846.601311][ T4585] ? __kasan_slab_alloc+0xc9/0xe0 [ 846.606307][ T4585] ? __kasan_slab_alloc+0xb2/0xe0 [ 846.611303][ T4585] ? kmem_cache_alloc_bulk+0x2d5/0x3f0 [ 846.616734][ T4585] ? io_submit_sqes+0x6bf/0x2da0 [ 846.621647][ T4585] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 846.627337][ T4585] ? io_req_prep+0x1906/0x51b0 [ 846.632073][ T4585] ? io_queue_sqe+0x1180/0x1180 [ 846.636894][ T4585] ? __rcu_read_lock+0x50/0x50 [ 846.641630][ T4585] __io_queue_sqe+0x2cf/0x2fa0 [ 846.646366][ T4585] io_queue_sqe+0x295/0x1180 [ 846.650929][ T4585] io_submit_sqe+0x385/0xfd0 [ 846.655491][ T4585] ? io_file_get+0x437/0x9c0 [ 846.660070][ T4585] io_submit_sqes+0x1050/0x2da0 [ 846.664898][ T4585] ? io_uring_add_task_file+0x290/0x290 [ 846.670417][ T4585] ? security_file_permission+0xa8/0xc0 [ 846.675939][ T4585] ? __kasan_check_write+0x14/0x20 [ 846.681021][ T4585] ? mutex_lock+0xa6/0x110 [ 846.685411][ T4585] ? io_uring_add_task_file+0x127/0x290 [ 846.690949][ T4585] ? __fdget+0x1b5/0x240 [ 846.695179][ T4585] __se_sys_io_uring_enter+0x322/0x12b0 [ 846.700694][ T4585] ? __fget_files+0x26d/0x2c0 [ 846.705344][ T4585] ? __kasan_check_write+0x14/0x20 [ 846.710428][ T4585] ? fput_many+0x47/0x1a0 [ 846.714729][ T4585] ? __x64_sys_io_uring_enter+0x100/0x100 [ 846.720433][ T4585] ? __ia32_sys_read+0x90/0x90 [ 846.725170][ T4585] ? debug_smp_processor_id+0x1c/0x20 [ 846.730514][ T4585] __x64_sys_io_uring_enter+0xe5/0x100 [ 846.735942][ T4585] do_syscall_64+0x31/0x70 [ 846.740327][ T4585] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 846.746188][ T4585] RIP: 0033:0x7f5fb5d49a39 [ 846.750573][ T4585] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 846.770149][ T4585] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 846.778533][ T4585] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 846.786477][ T4585] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 03:40:39 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 3) [ 846.794419][ T4585] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 [ 846.802364][ T4585] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 846.810310][ T4585] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:40:39 executing program 3: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) r1 = perf_event_open(&(0x7f00000002c0)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0xfffffff6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000100)={0x0, 0x80, 0x40, 0x1, 0x2, 0x49, 0x0, 0x520, 0xa964, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x5, 0x2, @perf_bp={&(0x7f0000000180), 0x7}, 0x5d50, 0x84a, 0x7f, 0x5, 0x9, 0x8f5, 0x3, 0x0, 0x81, 0x0, 0x8}, 0x0, 0x10, r0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', 0x0, 0x0) r3 = signalfd(r1, &(0x7f00000000c0)={[0x3]}, 0x8) ftruncate(r3, 0x9) write(r0, &(0x7f0000000040)="80", 0x1) fadvise64(r2, 0x0, 0x0, 0x6) faccessat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x101) mmap(&(0x7f00002a4000/0x4000)=nil, 0x4000, 0x1800007, 0x12, r2, 0xffffc000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x4052, r0, 0x0) 03:40:39 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 03:40:39 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000081002c003480"], 0x60}}, 0x0) 03:40:39 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x2000000, 0x0, 0x0) 03:40:39 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000000c0)={[{@rlog_wakeup_cnt}]}) lremovexattr(&(0x7f0000000080)='./file0\x00', &(0x7f0000000180)=@random={'security.', 'incremental-fs\x00'}) [ 846.912796][ T4705] FAULT_INJECTION: forcing a failure. [ 846.912796][ T4705] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 846.926742][ T4705] CPU: 0 PID: 4705 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 846.938275][ T4705] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 846.948320][ T4705] Call Trace: [ 846.951594][ T4705] dump_stack_lvl+0x1e2/0x24b [ 846.956264][ T4705] ? show_regs_print_info+0x18/0x18 [ 846.961471][ T4705] dump_stack+0x15/0x1d [ 846.965627][ T4705] should_fail+0x3c0/0x510 [ 846.970040][ T4705] should_fail_usercopy+0x1a/0x20 [ 846.975055][ T4705] _copy_from_user+0x20/0xd0 [ 846.979635][ T4705] iovec_from_user+0xc7/0x310 [ 846.984303][ T4705] ? __ia32_sys_shutdown+0x70/0x70 [ 846.989409][ T4705] __import_iovec+0x72/0x3b0 [ 846.994000][ T4705] io_recvmsg_copy_hdr+0x396/0x7f0 [ 846.999101][ T4705] ? __kernel_text_address+0x9a/0x110 [ 847.004464][ T4705] ? io_poll_remove_one+0xf90/0xf90 03:40:39 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000083002c003480"], 0x60}}, 0x0) 03:40:39 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x0, 0x0, 0x0, 0x0, 0x0) [ 847.009643][ T4705] ? arch_stack_walk+0xf8/0x140 [ 847.014484][ T4705] io_issue_sqe+0x2ccf/0xfc10 [ 847.019158][ T4705] ? __io_req_task_cancel+0x720/0x720 [ 847.024507][ T4705] ? __rcu_read_lock+0x50/0x50 [ 847.029260][ T4705] ? is_bpf_text_address+0x1a2/0x1c0 [ 847.034545][ T4705] ? stack_trace_save+0x1e0/0x1e0 [ 847.039571][ T4705] ? __kernel_text_address+0x9a/0x110 [ 847.045636][ T4705] ? unwind_get_return_address+0x4c/0x90 [ 847.051274][ T4705] ? arch_stack_walk+0xf8/0x140 [ 847.056144][ T4705] ? __rcu_read_lock+0x50/0x50 03:40:39 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x4000000, 0x0, 0x0) 03:40:39 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f000000000000000000000065a0002c003480"], 0x60}}, 0x0) [ 847.060910][ T4705] ? is_bpf_text_address+0x1a2/0x1c0 [ 847.066198][ T4705] ? stack_trace_save+0x1e0/0x1e0 [ 847.071223][ T4705] ? __kernel_text_address+0x9a/0x110 [ 847.076599][ T4705] ? unwind_get_return_address+0x4c/0x90 [ 847.082236][ T4705] ? arch_stack_walk+0xf8/0x140 [ 847.087092][ T4705] ? stack_trace_save+0x11b/0x1e0 [ 847.092115][ T4705] ? stack_trace_snprint+0xe0/0xe0 [ 847.097222][ T4705] ? __rcu_read_lock+0x50/0x50 [ 847.101979][ T4705] ? __kasan_slab_alloc+0xc9/0xe0 [ 847.106996][ T4705] ? __kasan_slab_alloc+0xb2/0xe0 03:40:39 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x0, 0x0, 0x0, 0x0, 0x0) [ 847.112011][ T4705] ? kmem_cache_alloc_bulk+0x2d5/0x3f0 [ 847.117470][ T4705] ? io_submit_sqes+0x6bf/0x2da0 [ 847.122409][ T4705] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 847.128130][ T4705] ? io_req_prep+0x1906/0x51b0 [ 847.132885][ T4705] ? io_queue_sqe+0x1180/0x1180 [ 847.137724][ T4705] ? __rcu_read_lock+0x50/0x50 [ 847.142485][ T4705] __io_queue_sqe+0x2cf/0x2fa0 [ 847.147249][ T4705] io_queue_sqe+0x295/0x1180 [ 847.151841][ T4705] io_submit_sqe+0x385/0xfd0 [ 847.156419][ T4705] ? io_file_get+0x437/0x9c0 03:40:39 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000006c003480"], 0x60}}, 0x0) [ 847.160991][ T4705] io_submit_sqes+0x1050/0x2da0 [ 847.165837][ T4705] ? io_uring_add_task_file+0x290/0x290 [ 847.171376][ T4705] ? security_file_permission+0xa8/0xc0 [ 847.176926][ T4705] ? __kasan_check_write+0x14/0x20 [ 847.182027][ T4705] ? mutex_lock+0xa6/0x110 [ 847.186422][ T4705] ? io_uring_add_task_file+0x127/0x290 [ 847.191945][ T4705] ? __fdget+0x1b5/0x240 [ 847.196164][ T4705] __se_sys_io_uring_enter+0x322/0x12b0 [ 847.201695][ T4705] ? __fget_files+0x26d/0x2c0 [ 847.206371][ T4705] ? __kasan_check_write+0x14/0x20 [ 847.211484][ T4705] ? fput_many+0x47/0x1a0 [ 847.215816][ T4705] ? __x64_sys_io_uring_enter+0x100/0x100 [ 847.221539][ T4705] ? __ia32_sys_read+0x90/0x90 [ 847.226306][ T4705] ? debug_smp_processor_id+0x1c/0x20 [ 847.231674][ T4705] __x64_sys_io_uring_enter+0xe5/0x100 [ 847.237127][ T4705] do_syscall_64+0x31/0x70 [ 847.241544][ T4705] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 847.247430][ T4705] RIP: 0033:0x7f5fb5d49a39 [ 847.250453][ T4807] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.0'. [ 847.251837][ T4705] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 847.251845][ T4705] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 847.251860][ T4705] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 847.251875][ T4705] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 [ 847.304997][ T4705] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 03:40:40 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 4) 03:40:40 executing program 3: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) fallocate(r0, 0x22, 0x0, 0x400) perf_event_open(&(0x7f00000002c0)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0xfffffff6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', 0x0, 0x0) write(r0, &(0x7f0000000040)="80", 0x1) mmap(&(0x7f00002a4000/0x4000)=nil, 0x4000, 0x1800007, 0x12, r1, 0xffffc000) ioctl$sock_inet_SIOCGIFBRDADDR(r0, 0x8919, &(0x7f0000000080)={'caif0\x00', {0x2, 0x0, @private}}) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x4052, r0, 0x0) 03:40:40 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x8000000, 0x0, 0x0) 03:40:40 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000002002c003480"], 0x60}}, 0x0) 03:40:40 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 1) [ 847.312945][ T4705] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 847.320916][ T4705] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 [ 847.329986][ T4760] ref_ctr increment failed for inode: 0x4ee offset: 0x0 ref_ctr_offset: 0xfffffff6 of mm: 0x00000000021cec97 [ 847.345205][ T4760] ref_ctr increment failed for inode: 0x4ee offset: 0x0 ref_ctr_offset: 0xfffffff6 of mm: 0x00000000021cec97 [ 847.422712][ T4885] FAULT_INJECTION: forcing a failure. [ 847.422712][ T4885] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 847.435804][ T4885] CPU: 1 PID: 4885 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 847.447335][ T4885] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 847.457383][ T4885] Call Trace: [ 847.460671][ T4885] dump_stack_lvl+0x1e2/0x24b [ 847.465349][ T4885] ? show_regs_print_info+0x18/0x18 [ 847.470546][ T4885] ? netlink_sendmsg+0xe00/0xe00 [ 847.475478][ T4885] dump_stack+0x15/0x1d [ 847.479626][ T4885] should_fail+0x3c0/0x510 [ 847.484029][ T4885] should_fail_usercopy+0x1a/0x20 [ 847.489027][ T4885] _copy_from_user+0x20/0xd0 [ 847.493598][ T4885] __copy_msghdr_from_user+0xaf/0x730 [ 847.498946][ T4885] ? __ia32_sys_shutdown+0x70/0x70 [ 847.504029][ T4885] ? __sys_recvmsg_sock+0x130/0x130 [ 847.509202][ T4885] io_recvmsg_copy_hdr+0x1cf/0x7f0 [ 847.514287][ T4885] ? io_poll_remove_one+0xf90/0xf90 [ 847.519460][ T4885] ? arch_stack_walk+0xf8/0x140 [ 847.524292][ T4885] io_issue_sqe+0x2ccf/0xfc10 [ 847.528960][ T4885] ? __io_req_task_cancel+0x720/0x720 [ 847.534306][ T4885] ? __rcu_read_lock+0x50/0x50 [ 847.539045][ T4885] ? is_bpf_text_address+0x1a2/0x1c0 [ 847.544314][ T4885] ? stack_trace_save+0x1e0/0x1e0 [ 847.549313][ T4885] ? __kernel_text_address+0x9a/0x110 [ 847.554658][ T4885] ? unwind_get_return_address+0x4c/0x90 [ 847.560286][ T4885] ? arch_stack_walk+0xf8/0x140 [ 847.565114][ T4885] ? __rcu_read_lock+0x50/0x50 [ 847.569849][ T4885] ? is_bpf_text_address+0x1a2/0x1c0 [ 847.575107][ T4885] ? stack_trace_save+0x1e0/0x1e0 [ 847.580102][ T4885] ? __kernel_text_address+0x9a/0x110 [ 847.585446][ T4885] ? unwind_get_return_address+0x4c/0x90 [ 847.591054][ T4885] ? arch_stack_walk+0xf8/0x140 [ 847.595879][ T4885] ? stack_trace_save+0x11b/0x1e0 [ 847.600890][ T4885] ? stack_trace_snprint+0xe0/0xe0 [ 847.605970][ T4885] ? __rcu_read_lock+0x50/0x50 [ 847.610707][ T4885] ? __kasan_slab_alloc+0xc9/0xe0 [ 847.615701][ T4885] ? __kasan_slab_alloc+0xb2/0xe0 [ 847.620697][ T4885] ? kmem_cache_alloc_bulk+0x2d5/0x3f0 [ 847.626133][ T4885] ? io_submit_sqes+0x6bf/0x2da0 [ 847.631040][ T4885] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 847.636730][ T4885] ? io_req_prep+0x1906/0x51b0 [ 847.641467][ T4885] ? io_queue_sqe+0x1180/0x1180 [ 847.646298][ T4885] ? __rcu_read_lock+0x50/0x50 [ 847.651038][ T4885] __io_queue_sqe+0x2cf/0x2fa0 [ 847.655777][ T4885] io_queue_sqe+0x295/0x1180 [ 847.660341][ T4885] io_submit_sqe+0x385/0xfd0 [ 847.664918][ T4885] ? io_file_get+0x437/0x9c0 [ 847.669478][ T4885] io_submit_sqes+0x1050/0x2da0 [ 847.674306][ T4885] ? io_uring_add_task_file+0x290/0x290 [ 847.679825][ T4885] ? security_file_permission+0xa8/0xc0 [ 847.685345][ T4885] ? __kasan_check_write+0x14/0x20 [ 847.690431][ T4885] ? mutex_lock+0xa6/0x110 [ 847.694820][ T4885] ? io_uring_add_task_file+0x127/0x290 [ 847.700340][ T4885] ? __fdget+0x1b5/0x240 [ 847.704554][ T4885] __se_sys_io_uring_enter+0x322/0x12b0 [ 847.710076][ T4885] ? __fget_files+0x26d/0x2c0 [ 847.714728][ T4885] ? __kasan_check_write+0x14/0x20 [ 847.719812][ T4885] ? fput_many+0x47/0x1a0 [ 847.724123][ T4885] ? __x64_sys_io_uring_enter+0x100/0x100 [ 847.729821][ T4885] ? __ia32_sys_read+0x90/0x90 [ 847.734559][ T4885] ? debug_smp_processor_id+0x1c/0x20 [ 847.739901][ T4885] __x64_sys_io_uring_enter+0xe5/0x100 [ 847.745338][ T4885] do_syscall_64+0x31/0x70 [ 847.749726][ T4885] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 847.755591][ T4885] RIP: 0033:0x7f5fb5d49a39 [ 847.759981][ T4885] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 847.779559][ T4885] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 847.788037][ T4885] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 847.795981][ T4885] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 [ 847.803924][ T4885] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 [ 847.811876][ T4885] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 03:40:40 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000003002c003480"], 0x60}}, 0x0) 03:40:40 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0xc000000, 0x0, 0x0) 03:40:40 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) 03:40:40 executing program 1: lstat(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000000480)=0xc) setregid(0x0, r3) getgroups(0x6, &(0x7f0000000280)=[0xffffffffffffffff, 0xffffffffffffffff, 0xee00, r1, r3, 0xffffffffffffffff]) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) rt_sigqueueinfo(0x0, 0x3c, &(0x7f0000000040)) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000000480)=0xc) setregid(0x0, r7) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000002680)={0x0, 0x0, 0x0}, &(0x7f00000026c0)=0xc) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000002880)={{{@in=@multicast2, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in=@dev}}, &(0x7f0000002a40)=0xe8) fstat(0xffffffffffffffff, &(0x7f00000029c0)={0x0, 0x0, 0x0, 0x0, 0x0}) newfstatat(0xffffffffffffff9c, &(0x7f0000002a80)='./file0\x00', &(0x7f0000002ac0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000) newfstatat(0xffffffffffffff9c, &(0x7f0000002b40)='./file0\x00', &(0x7f0000002b80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4000) recvmsg$unix(0xffffffffffffffff, &(0x7f0000002f40)={&(0x7f0000002c00)=@abs, 0x6e, &(0x7f0000002e80)=[{&(0x7f0000002c80)=""/217, 0xd9}, {&(0x7f0000002d80)=""/39, 0x27}, {&(0x7f0000002dc0)=""/25, 0x19}, {&(0x7f0000002e00)=""/54, 0x36}, {&(0x7f0000002e40)=""/20, 0x14}], 0x5, &(0x7f0000002f00)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0x0}}}], 0x20}, 0x40000152) statx(0xffffffffffffffff, &(0x7f0000003380)='./file1\x00', 0x1000, 0x20, &(0x7f00000033c0)={0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000000480)=0xc) setregid(0x0, r15) syz_fuse_handle_req(0xffffffffffffffff, &(0x7f00000004c0)="0cda02948f4f560b2939fa5c10b964b88bbcc04ef983372a70198794e3125dff7819058277e9b4fb06c134db53da25663d69602393304270fc156d22705a73cd419f1878ea5289c5a5ace54aeeadbca985060bb711ee7ad2f7e53e1c25d7f5ddd76e78a40a5cfe7b489d6059f2906cfb92b0a6f8cc308a926c5cf9ea68f3b64a29eea8a3d62fbe94b8170b2573a5f00d2f784d2632577fc06e01032191ee1d7bb85a653052a5992279bedd455b24a68c38f9b3fb5e170bbb29487bbe0be23d42799e9dee096bd56eeeb12c9827879037e2339535c2f8c571e84989e12f052d478b9ff255b02baf19e20f4b424258fbaca183c4c76d931aee42bc1fc126d41d4dc06afc5ed7ca9fc661d80b1bdbee9b39b235217edb323fc6086ff2ea1132395be5feefb575f9ca21d21627ebfd262e5c014a99fca7a9dba8d173d9e37771cd8bfa3f02791367be08ee3ec584dc1433c1be2babb6b01cbf6de217b5a04a8a0745b64e061047d9132f4076e65707790e769cf93ebc82493112baef961fa6a3578c51a7db045a3d09226f8c2de1f11e00abadc4e462b805304e6e4e92e1f86219e88cd978f976f1ac844d1564013a12ce50022bbb70b1e02678825fb639d8d05df073b3bed0bc2a8abf8f125566f041b0c0dd27d16d0afbcb2ccc4b5e3280d61069e3152dd29af84e75cf31eab034e08ab1c343800026efba55f48ed4cd0afa9865d36e5be0a7515689561183cebfea9c7a5b558256615e733b073672a4ad12e13149f7eaf6fa13722be3eb0c6ef1bd72c6ec21deaccb3504367dd0a159e9b71394c66596ed41a1808e623f5ddf0ca3621650303f44a61379ba779bb81a988e47409bc1c03a060628e8a7dc74c559af439301779c00937e038449c80aca696479868fa17cb5a6374537d3eecaeaf9cc0995f5b2ca6f359dae0538dcae9e3c64ec414bc63dceb541cbd6fa5498818eb50b9eef97908ae8f0c4a46a8b318ad930f0a6be7bcfc6ccaf5c6f15e2b8a8c944cbf0a119ab8a0046bdf71b88fdbe59a78cdaae85caa79dc9908343d870d2d771e43fe2303b602919b8bc76d2527c9e515b430b2874d3a6c0123313d1d42ff2b186d05e8769b9f8b30d7fd1d1cf8fb1fd2c1618f9448cc136cc62ec33cf9a2b3d49c465df2dadeebf855b746ccc3b741f05fe65de768ed77b4ee746c813e3b1e563b4188a2d03805b90c34a810183b329f123814c8e160e45d9db9382b6940834c8f975bc409c6c45cc305899c786f8930b2891f02d12f95ea0d69a70b308f098c07ad1299e235e81e017abadd2415bc65703d5f72bddd7f4a59d43fd618ab27025ab6df67cedeb74afadedb0f4e30b96fac1ecf6a7d763fc20051a50e23903e7a68c9ffd375110fdc1165eac015f4c21d01d977d1e06c80a692d83496aeedc5a523a9e93e882adce17ffd2d6b96934f15970185a29b152d69d05d1dbd48d8e6da25e6ec79925b3cc389493ca0bacff50a2fa831c5725e482729c922737c0d061be093dea664f888c6398ad4b6650703ca72dd993b2c7a53d34548c5f1c001bffd0c941e5de9d7e92d042751a961ddd4a4a3722736bd555d7e5e6d4cd50c16e50a34c7803a2f0758281e112052763a6ea6512f060b33aafdf71b01b6408b8436a59f849709cf847fe951ea63bc99dbf032d87e06816dfc5df0f4256088cdee5bddda834143bd2f050ae1d38fc17fa18f9b0c06d2e3083f4135d568a61754d934e29fb3989f63b56678069cd251a4c9d7c6e362d1bb2dd88553595052996fb2b55b6c5d061ec53a4770fa20931e7a752c99b9e00db629ec478a412536a57481e3f8f4908a9e512a2167a07910365adbd7e1361d93d8d65d40f3c4e774b73d5f0cb4043132fa7586ca27a8e258fe591675c3b6c8f089204191810a7701e1d3ec1547c895d15f3dce05ef9ab26dedbbb527742dcf2b6b8855e90c6e4144a4a88ce641aa9be8c2d63886257b6b7a45c02bf9a67bc45bd90632741e46e15e19f52a1f0aecbf11e0da2f9343ae51de89f7dd74968bed6c0fe747396e5dbe6b91f7b8323b845110e6c973b56a35ac4588c4007d6e05ef4c22b4a18ca2b419fef90202ee0f2267cadca9dc8c143b5f051e76ee19e77bbec669bf099f63d1bd9812d0be55ef7405fcc3f115f686ce042d76bf1c283598bbdfc3fc348491453a06abb9a17787409947dc94e12742591c2474e62de19017c3faf81480ec21b9558733d6995630bb25e108f9d6296269afa79abbff6c1e9d8c032357062d6cffdd7907dc2ebba96da00788b3fd23118e27d2a87522f1bc495e487c645b27e63cb87fb6b6a28f4d5b0a48bdb6c51962559ae1ff649d9715e9ec616b212e5faffe9deef652d637da3a5a6ac0d18f08ada92b97b320f8f491d875fa4e5b2df2e89c7453ae9bb7ca812aaa4b55d7c0643d95bf67dd7fcc5ce5adbb97ce3c16e203c78281519fa91ab22596297b3a0cc9aab3d47c652360a94f3e38630e87a7d39715f19f8092bd83a96c12b895ee3ee2f15e456a31fed0f12e5d8a876ac05f16fabc3e9ceb650aea02b8d9ff8ce3014f6664c50b864d493c838e137c500bd626fcbaff33895e1b107153a0536ebd7af8f2be9ba72c0dbe6039939ce10ee18f3982b2bc39074d615ac87b93aad85d9e87279d92ebf37d08b865997b5621650b777436b4dd472a691bf64cc3ec999695b2d85f4cfeda828e83b56afee31f0b07c8ee49ca421f4e71519b472ce6e6e1eb55f892578c380cd899fea33ad38b1273100314ab0d7baf3630bd27a9c5280c610d8d9b0a520f53b32bf8404605d3abb0dcc27eea54006a661e0771967e6e06c24c5d7f41c8517d894f8686817f3fbdae1b108c11fe619f426b85fe50193d2e2afb81f8e47b875e07540f96d8229fed27ad40afb9e751ea210c757f7e6140de75b94c9701b750fbe268fff2050ca43e7fb3f38063be0d893b586eeb58f0163c87ea524bb01dba6778029c202a0a12685ceedaa056ae77ea539de43f9050d224d8160796e032f81375a6f3844b57971ce23fcc61944ea594f480090ee147eb128c4dd0906b39b3750c0933ba37cbf12a82b77c2dd680c563e8cf4eeb4bf7ecf5347a228df1650e0eba8fef275a403dfd1f5855d60b5f5866b881f79eaab397883584ae2ae743829ea0e28a0b7016398334474a361ab118a1e30087028903bca8c523326d60e9c8adf17c07e3e2f19f9c66724aeb5e382b27a55389d0e14250ceb64bb43c23c51f6a83d443fbe89e745b110387f64c83074f28887eb9d23e0a60416533000797572e4706ba31074cad67b08970cf285356fa06949e961b8046a0f81a77c80cd8e17e227a86974e5777be102f0053eb40a067fb117ebed8bff8415b4e3d101a989d58db81fb7eb6fb11213bc2c23623cb97f30d786fdd83d84aa85c48a4916d1a9beed1780e2c7b3143c13988f8dfd3f497ce957d5cd41d96897c23757607c5029e73d41262dbcc4ae97c3ec72ceec6f8b27f6982fb72c222addc7436e5e8c20edc511f2e1b62f4dc28930fb9bb52f83e7debba973f5de819bccf460ca69724e5439735986b75f5a81ec461a37d0caf703839ff9cc334cac9e38af25f0492679644f3b1a3f6c4b47c54c3deb9606f49af7455ab310bedc110aae5689eae82485be6ca7b10d8c4bfb5d9cb4d13e41d5417f1cd4c4e8840af75536fa40e08c29779c0d0498d1b10055b3de4cc18a689c67e6833e9a868d6b07b85a2a99227e4df62aeb7cc0aa846d1789d1feeabfdf6f77c82ce5550f179e007c996da8869d3fd74c78a6c0d7a64da2806ba5c4fd9085f7aa3c7373053671c917ddbab8bd4b8ed8e6c0fd1319d76ee200ed65afe25dca64cece211c852032c9e6fb182365e0d11cf1c28165d0746da693f801c40a88a3767a3d0d1282cfcbaefeeb4e0d04a269caba379f4ee516729e9343f86b23a8d17ea592c667473a77dd2ad433e94316e61ad8ee2c9eeb41d8508c6f2d348351ff1cffcfd75b942a1884bf49a487ce447b2cc4e1548354c7c040a93df2ca2d4b933610dc9daf21361d87c5eaeee7f7145071cb5e33954327b424f11b9e1fee966fab2916633d36e0c626619e4307054ca5ed5d8fc182da4516524d696a631887477e6b1d7403ab48a74dbd8ee8521ac058e5e9ac9d50f8208c68d6f7a105b478227447ece1efa9385e520d90ed4d417d5d140f8c631cdd7a1ce945f8e0aabefbff99df657214fe07636d6716a14980e30654395c8740d3718fe4dcfab84547c71d8b9b219a0762a8b1f15018bd8b0d20594c3568548ef44983dfea1183dd9b01e1b247a48e741c26f0da35557b50cba0f9fa66e3d3ed9504ff2574edc0a6b830867142ce865c551863032e54b39c930f71ede211c1b812c377da0eef44403dfdc8620b7f8ac77832495b0c9d9ebd339f9ae76f8335246780919e730c0526b7c20c53f56a58ffc890d4525ca0418e68150fd3fa6431a3aa81278c729f8ad90ef9e79c32b843d141b7562000a3f3554b3d0c05eb12ce8290f64405ea715f2694ef01d701be7085d50218e19fd1388291deefbe824c84b3a1aa8e12305a5178b5dde444974d27eaa94882d4436f9202290bf22a845b261c986c1eed3f65006028f05acf811fb1975771710c7d49a23fe2869f690341e171aeb04b315df6ddba1c93170488a9dc5ac565139abda4ca412929dac77344b7a84c8a09f1c79b045ead9604c8c987ff590dc8cde6218d112687894c7734c33456d0c3bef6fb2f18bd243686ec2bf0234388dd7175c55cfd49e2a6c88399aace70deead1dc9f0508c166051e3f7936eb7d5fde5ebb73a6f6493d9edde44122084441a0e060c28ad4c4df68310fa3d2c0c5cdc206e7d51626581d8925ab7e863b979901f7005ef36e20a1df731de188c1f0b8ad7e0af0d959573be461cc363553b3ac892609fc3ef02618018a19d5e68aba9468d0efb1736256c55bcb42d458d0022fc09bcf3daed2aa8a708a5d47f85fd16540badb7c27b81a2081d5447b1e6fa9b7e4da48041f4f57b704fbe656e5318baa0d0259c14b431e3879a72791ecc5b9d5e14f58939d4f883c29c2b92de558b6b0b0f8700769e48541b4ea3e2450c7d2cb9dacaae1d9d258eda415e898cfcb96ff82b40f0fb9bb26de7e82bb54807f178d0bbd5c86493a984bc4590f27281eeb97cec506321b55d361600085224d2381815e03d3a9344daf7ac3101fb3c87e5e5ca4a30fb4762668d351561420648bd288459c14d71a576456e5eb302b094db4cae25d049dfcb1a2c03bc6e3a017ac28714a4bf117f6ff1019473757378f351c4480dc83aa3dcc593c27d5857d0689343cbcf4428e3b4d704facf7fdfa172a12b986e19c7331031ee89775756f167aefc8a946a44ddc4e4c0a2259d603eca445acd0c57a193ca1e135a7c37e33db99d335381f33b313c3f9fc1cbe3e75b8d66f0257b592c825a078942e5347155302f122ce9e37d608ca0d759c836c5dd6e71f443caa29f48318b5df8c0e18297a417a474ab41205ec74d7b9f6820b6531da447da1a57b00518a63c2258bcd54dfd16b75a0bf8ca13779036a6628c90c22a731494f452560ba5ad439c73a45e3e71e4f221a9b9f3fcc344b9e593d810444a813b0faba6171d464390b1f6985dbf9792b9f9bbffd09a6bd18a7df7b401a8c940b06cf05be980d403caff72c797940d376bc25e19f0d7f01abc16d3778573ecb57f642a3ca59b5946afa7557758436afc414b0863f90e251a4fd5cb456fd3106339d46b4377da63389316cee8f0c57a051cfd3d9c1b80963b9e2c0c09864bd962d3b0528d1a716698954c75f929745bb062f9e26f3409bcf2be91e8c9b3f74256832dcaa1a5f8e22eb8e4ae1ff8acd7f9f031e85ae4943dad0b9db7365fe5b05ec884aa4755d490bac50601d14f72beaaf25ccf9391950dac68d84dfb9b2ad95811c6d10c7f586bcbbb855a44d1ad4f472cef5f926fe321348794eafd314ae7e1ed2d72aaa59faf213ca21159201835b361e6d5641aaac6daffd652e90aefae410fa64a2f2185f7a1f78a7649e8e3e0d166a0aa2aff2e5bcba00bf16df41f89f2f1a6034951634e7d5fd188157dde210549c93577be4b019eb50e5a6827ed1ea79a771b4243b428412e0c440556daa59787de937cb2d7db74dd069c4251f4173e4d2ab5684ff84629fe1b8453e9eeef1d2ea2f47b60cf486b8354cc559aac258748d113b9a2544b9b8c25e94fbb1ba64ed117881f7f7addb2d0de721e4eb2f122c6fc9999eebeb2410787c59a640972e3a24a77d5888214207c90f9f92ccce9bed07db5fc15eb9c96ef5e0cbf40db59eb84fbaa5e6cfbf9332583cc1022302f439af781fedaa17e7f2d58767d94e5629c66986e92f97cdd1ab094c2d7bc3dcc7d9d7c4e95793340f2fd48932836f7f655ab0baf0442a9263e485a17171c0366f5666b02f03694db9f5823a05f9c76048c14ab50073624a7f852f3b9a869b86f6c14f57f4c84f49ea240aba6b817cf8fd8915676ebecbf95a2bf15b055ae202b6604883a8d0d96db96644fce33d66f2b73009b34b64030030240d18319c7c6a45e8158efaa16ba15f802e8dc1498f59866c251450cb7d76e8b71477b5912cb8ee0134c6b0fe9e2a360d9afb772d3b8b80e1ff498b51a84fa407d03915be64d6c56a3f4d79246ef2aa96cf28a136d888d4ca8c2ecf9f5c2ee5b28d827c0b68321dd194fad50474f2ab227c393b4ccfa3a2f7583427683185e8a1cd48ec65355342b1100dfc4778a27a220c276124a6ae8ceda5d0fe02a86dfb9db4b343e530050082c8c181e6cbe74e1b392aee8c45b4a83e4c60d72e357c953244320e19a8467e1a9874605a6d555d49a745cd9b09f7bc152fa6989f74bdf8e789394a197b6108f8edb859871d4519d2d356f99398f019206bea329ab59628ba265bdc24360521d2903d496198ead62e3d8f700f7f8dbfe27b6c09df52858cb066d410401b7ad32eddd9388b0d0189c97b54cc233c86306bea6c91dd7c557807765e21966eaf6f538d56ce8ad60bef86c01577b4ac56a8af9a87038518f4abe0e294824cf930fc61dbc7c8f4e316e6a811217d2dc6cc202f4916f1ccb25020b80a9e1e267be2d012c1f1d313545695601e27ef2dfd648e66598d658569bba94431abba2ef3419c93c904925cbc71dbf17e7fa8509acfbd503c6da751a65e19a658fb2c128f39ee58b76b4d81461d6f6abaab0c5c6fd20ce7a181a4f7273e016796d4c09178d1d093da18fd2bd484eccd71bcbcba98e1bbb9b2defc841a812a9e7444c7b9ca07467fd19bee9ce86e8babf52b55a4857fc66c8791b1abab18700569d7150c95764e0f39703559283caa976ad1558c391803e9954c980485682d7b2480afae25f2e678ef923c6a4b35bcbd04599c878926df7806d9bad18b072ffc9ff1b2f41ff23fbd3e94296f277775d96da4dd11a5809c21752c93456bcccdfb1fc6b3aae6b4cd54f5fa158ff7e95dbab482cb5ab1fcc4cf5c4c437b62f95e669933e55403c2ceceb4d2b2d3771451796cd3e292b6c80c28c198a4ef8aa1246973fa8b1082b8a0524a12721c43518196e09347fbb63131468cded47f062ebf3cb3a71141b0b1831df59dc91c99a2600d8ef7f9673f04bf7664d81aa699d021a081b4a1edbf9963847a34c4c76b689d64c962d00d6e724693dfa8ca23197da1d0dd0345fdea03995fe0e8eb1e010962174a36731f03518b7db5d20faa16202434d0b4ead1ed4111f1a1efd3b64a9e3b00d11e14479e3e135263212df10074f0e318e07ed28daaf870b6503a53bb61356d8c0f003282dfd4ba2a47737bf4b427dbad7de5f88c78ae7afbaeb8a147f4964850ebeaef30161fb8c086d791e570f0d418d6193a09204f51262ad61a86517f1e7c11e792aaac726856b758cac822f4340def1fdbc3b229e8f08a8d88057149368bf12851dda2e7ea683cdf256d63098b34ffbac3de8644f23760f129d59c8fdd63a2d40ea53e18ddab5a2232d743e692b84825eca9dc98887bf634d61775c19f2029043cbc7ceaa0f222866a26840ff55ff67560465ccbfdff2d29104188e75b7bea60b5cff7eb3be084df135d0271f9eb0bc8ebf0d3e56595b3fee42f02ee95f08d6e83b2a9fbc4cf9e73ed37743daf4599d8de4fe5bee4ed51bd15608c1fe50e6d8403515317800167fce66b2c669e44a11b96a8d0ee0d2b60a19bb89f4b91ad030a1e118f6143c693b33d097470bbc9ff9a0fe1178f0e4bfdf023c7a22df42db45da260e899562be0fb6121b64e1f102f060785e969b1fc7f2780423dfb62d9ea00c45b60d49f1583d0f955d36c68fd3e9b0e05abf7dde47eccd60eca1ebe0e00596bc0a256a03f7bdc54223302291149f7d7d1740dcdaf5d2e994629bc53659bdbdcb4b6045a211fe6bf783cde349aab3a87f45dce34b2643ecabca81bf088a7f22b9178a358dbd4ac303e00c59b028c2b10675314e0d8a9a179b6be0f00f1e47207f0af4a493eb05a97b451a36f49917a2e1d162d75f99366de56d4d8061216a7475195799e8cb775d793015cfce8546b6f07ebb2f868ed86fdf0ce43b1d5b8c01fe7344ea4df3a0ab7bcdcd31c4698d5f860228003329a4afddb447442d9dd47394ef46af33078eff197b78546d5ac87eb4c59594fa66533b7c35724db2e116188e659a494f86ffb1c346a19a9e0bee38c3d09dad04ecd2417eeeb1cbd54e72ecc252563b863bc0fb147fe9e3694273b638c10f37ccb159563a6a1517e3af9dca18343dc63840828f6bc3b5eca4285769e8ede9ff4e4afa8eb30c1726926c2fd172adc4737719189ab2dc63450ef426ad0b2d56bdab8cdfd82cccede293ed69bd14f8030bf3bfbdc79bd9d50c84817d11ce48938c5407286710c75f1c3994ecd37ab07b61f987ffe8c6365c938fc8776eda31c9378cbb6c8b75f7b5dd8e648093b66f326937d4701e4ff61c72fbd9da4b1f3cd9ae458dd1f39baaa71c3a9b51b87a15be650a1a688817118f3badbb2bc961e0cd95844ee8e4f7db69c93b45ab0d93e64d95ab7a34b9fe42af6687d4aa70a59d467cff49a0bb3bb80fbc6adeaddf41c9f4da164010a2d8b5ea6e5bdeef610e4b534aeb554dfd65374f3ccebf2c99c4c26661e5cc777b719f5c162ad4000618bedf4d9e3ac886a34b89d37b54349d2ff637eb478b4a8fdbf9d2a6fa8c1d103c221b92cb53d6898764c84425049ae2a720876aa5594211fb5cef7ef7235ae6c465d4de01d699522a379f0b66424f385d2e8e359e42631ffaeeaaa8b6fd3d5c294793b6984d749ba357e5552dfeeb3076646746f4c78e707b725165f651259708f7bd3ff3d1ec1b7a20f61b91430a594613d16d895b275d38b5d1abb5523e3389ecfd1dfe40785de564a1f05d082f90e2c97ab660fbac52151d9b385e820c9b7c4f15c41483ea03c6d27dbcc213d698f3ea779470afe52c78f8e9c415e82e23d169da2803baeffe57100a080c3042745054ea86527a446768ed9bbc97972dd16f5a5760d84907f3a0e3ed0ef730fc9e6ba2f81ed49dfc9bdd44d627df698d087dcd933cd819ccc96e9db5a7e56d68ef62825da1de8c4efaf96158218698cad3b3a668441c0ebf7c7c1074d32e84ed632af22c1d2e84560515e0144333bdac3826472ddc8088c1262c02054d04d6cea009edbb1acfb0e83778169cf45954abf65ddd1212d3c49fab3d5964e543600e4a9f0bf3b0ffa19987e54f3d8aad0e54c891e9902574b1c2481497c21b30a225a8e3f55ef695fe294e8441f821c8c46709d2bbf10761dd871259daeb299cef15b30aaeb85d98949229f9d35579969c5ef5c5cd98cd12529380c72015246f77a0a8499fded4326c32f70fe65ba7c32809b4652dea6ed53b6f4c32c2a6c6f23294c1c7ace002db0d02f636505a74d3a1a1a22ba22ff76885492843dd0130f68d38ced26297a98ce8bca58f48fc0186d4de772ab5dd48f72c79b43248ae26e0a3228f961a185e10838a211bc8269fb73e9b0621fa4fba47e71af9409fb38f97785adc2e6e226567db18ad1ffeb90fc921f6fac22570866ea64a6f9c305ac1f8e4475316d547c77c25e69af82cc86c189e56c2a063da058798f3c3bf845aa3ccec46b1f7201f3e77e7d1bd26bf4079187e0e4ef087bbf7440a89dc9679972620b3f4ed7e49f2e5dee04df294ab30d17ac2761eaac7eeac3f74a00c5afffee6bc90f5a509a73b121839afdc36a8cbda76adab3a8546addd14baba285bb1e6a8bff2b8ec7defd44b6a719d8459de0af548fede0100dd610496c510c9d8a41d1c88ba4aa58ca346a0a75da1c2213da1272924b11a38ac9a9b646ce713c589410841c9592ecc153c2fc34b83e2a1cdf535be1e7491d9fd7af09728773b1508d72dc0b3ccf6b92a1924583472e84e16b792f91470d899c1aafa8f3494773ad5a69e6d3201598d2fc75f02bd9143d0f461d15ab3b7faf97f2953c62ba262ab7d0ff6f1060171c4dc70f899ddae09a3c3c78e6179246cf9150cafc7490dfdbf3c0c455fd72e083cbba28ba83c41f1e3336df08accaa42ba805cd6ba7e9b7b4bf9907441891d052aae78ee4dd90c955b888a9bf51159978ea9ccafd3da81b463f8c40c7cac569f3fe43d43cb4df94e6a53e3af7d16fc9b987ee73628f193e75f34f797d46eb1e8bfb93b099928ef1aad2e2da3b8d7a01063256058f34ade78e23662009ec9ccfaaa1780dd079763e70a113114304b7dbe5ca684115b3287b6b54894f76842d03c3ec9f0560daa1ebd8b6f7daadf7255e8a8d92181a9916cc6b55f57be2021e3533b316b27e34bda13c036d72d734ba93c1f6a78ce7b8c71c38c8f1b42848d335e0511dd39e7404cce3ad20cb7258c0c237c1496c8efa4d6eea967536ef6bc5542cb2b8a647adfe62dfc683bd57746d1e02dad321121f29bde223df566d4c21fc127f257d8fca10983981465a912984bcd78f4b40077319cbc19a63c47883bc350b7add84487a587a873a471dc8a7aeb4726ebdb715e451a9fc8018a046371f46ad59b64b62666e438929016726a5a8d6ca09e556a8e49354a0a9c14da34be7cb9b7ae478892a3171511be00d8ae49f4523157e49587c1cfcfa8f0c9f106f927fbae20f1fe92f8b6e194b04dedf64653e119afce871b1e63f761988bf6551a27e29bef79c8df5b538df4667670d2d14c2bffd5dccf84ca6f9fad113f18f6cc7a65514b8a4c09ff6f138181b4c951091f1d4b801274526e8b51c701ffdd7ae272b55d8548ef0d528d2505610a4c737784ef04661609990f4710f3a306a91788a06f1fe4fc34ceb3367cc2841f402a9cbd194041562df49f03b4f0980b56af140a1099f9fd4dee154b407fe1249dc0aca8cc75b44d9f8d95a346e48ff9d1b3a88327f2d97773ad90470dc335f204d10dc4befb32622f24b1d23022230457fb776fa80b297ca3338ade80d2952809fb9e45fb53745e1b6324678b1de5ca8d74f4e934367eabbfe381103a238c903707f384b07a95671ae026e016268c58224ca82f039a54a957b00a2911158f3c44ce052a9b080c487d03bdc445b45667154a9fcbf64380a2d466f8b16", 0x2000, &(0x7f00000035c0)={&(0x7f00000002c0)={0x50, 0x0, 0x7e0000000000, {0x7, 0x22, 0x9c, 0x8048, 0x2, 0x1, 0x401, 0x4}}, &(0x7f0000000340)={0x18, 0xfffffffffffffff5, 0x0, {0x1}}, &(0x7f0000000380)={0x18, 0x0, 0x7be, {0x9}}, &(0x7f00000003c0)={0x18, 0x0, 0x9, {0x5}}, &(0x7f0000000400)={0x18, 0x0, 0xffffffffffffffff, {0x9}}, &(0x7f0000000440)={0x28, 0x0, 0x0, {{0xffffffffffffff15, 0x5, 0x2}}}, &(0x7f00000024c0)={0x60, 0xffffffffffffffda, 0x7, {{0x3fd, 0x80000001, 0x8, 0xebe, 0x2, 0xffff, 0x1, 0x6}}}, &(0x7f0000002540)={0x18, 0x0, 0xfffffffffffffff9, {0xee9}}, &(0x7f0000002580)={0x1f, 0x0, 0xfb8e, {'rlog_wakeup_cnt'}}, &(0x7f00000025c0)={0x20, 0xffffffffffffffda, 0x6d41, {0x0, 0xc}}, &(0x7f0000002600)={0x78, 0x0, 0x6, {0x0, 0x2, 0x0, {0x4, 0xb14, 0x3, 0x56ae5bbe, 0x80000000, 0xff, 0xfffffffa, 0x4, 0x0, 0x6000, 0x0, r2, r7, 0x9, 0x7ee}}}, &(0x7f0000002700)={0x90, 0x0, 0x507b, {0x4, 0x3, 0x6, 0x100, 0x10001, 0x4, {0x5, 0x1, 0x1, 0x0, 0x4, 0x1ff, 0x1, 0x6, 0xe2, 0x6000, 0x1, r0, r8, 0x7, 0x2}}}, &(0x7f00000027c0)=ANY=[@ANYBLOB="9800000000000000ff0f000000000000030000000000000081827a270000000007000000030000007f0035ca657f0000000000000f00000800000000726c6f675f77616b6575705f636e74000400000000000000080000000000000006000000d70000005e9b2b242b4000000400000000000000a30000000000000004002040040000003a2b242b00"/152], &(0x7f0000002f80)={0x3f8, 0x0, 0x3, [{{0x2, 0x2, 0x1, 0x5, 0x80000000, 0x4, {0x0, 0x9, 0x1, 0x2f, 0x9, 0x7, 0x1, 0x10001, 0x5, 0x1000, 0x40, r9, r6, 0xb1, 0x3}}, {0x2, 0x0, 0xf, 0x0, 'incremental-fs\x00'}}, {{0x5, 0x1, 0x9, 0x0, 0x6, 0x0, {0x3, 0x9, 0x80, 0x9, 0x7, 0xe6, 0x695, 0x400, 0xfffffffd, 0x2000, 0x1b, r10, r11, 0x7fffffff, 0xffffffff}}, {0x5, 0x100000001, 0x12, 0x6, '(!-%/\\+:)-%&\x0f}((&#'}}, {{0x0, 0x3, 0x2, 0x5, 0x6, 0x2, {0x0, 0x7f, 0xfff, 0x400, 0x7, 0x3, 0x1, 0x4, 0x7fffffff, 0x4000, 0x14, r0, r12, 0xffff, 0xf36}}, {0x5, 0x5c, 0x1, 0x7fb5, ']'}}, {{0x5, 0x2, 0x3, 0x2, 0xa8, 0x2, {0x5, 0x9, 0x4, 0x100, 0x0, 0xff, 0xfffffff7, 0x76, 0x9, 0xa000, 0x9, r0, r5, 0x0, 0x5}}, {0x4, 0x8, 0xf, 0xfffffff9, 'rlog_wakeup_cnt'}}, {{0x2, 0x1, 0x8, 0x39, 0x7f, 0x1000, {0x1, 0x80000001, 0x2, 0x1, 0x80, 0x81, 0x1, 0x8, 0x80, 0x8000, 0x3cf9, r2, r4, 0x1, 0x3f}}, {0x6, 0x1, 0xf, 0x71b9ba03, 'rlog_wakeup_cnt'}}, {{0x2, 0x0, 0x9, 0x6, 0x1, 0x5, {0x4, 0x10001, 0xfff, 0x1, 0x3, 0x3, 0x8, 0x8000, 0x9, 0x8000, 0x1, r2, r13, 0x4, 0x5}}, {0x4, 0xcc, 0x2, 0x1, ')\n'}}]}, &(0x7f00000034c0)={0xa0, 0x0, 0x7fff, {{0x2, 0x1, 0x1, 0x9, 0x728d, 0x6, {0x5, 0x10000, 0x80000000, 0x5, 0x3f27d5f4, 0x4, 0xe3, 0xffffffc1, 0x200, 0x4000, 0x80000001, r14, r15, 0xfffffff7, 0x9}}, {0x0, 0x4}}}, &(0x7f0000003580)={0x20, 0x0, 0x4, {0xb96c, 0x4, 0x9, 0xd68}}}) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000000c0)={[{@rlog_wakeup_cnt}]}) utime(&(0x7f0000000080)='./file0\x00', &(0x7f0000000180)={0x80, 0x2}) 03:40:40 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 5) [ 847.819822][ T4885] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:40:40 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000004002c003480"], 0x60}}, 0x0) 03:40:40 executing program 3: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r0, r0, &(0x7f0000000080)=0x1f, 0x7) perf_event_open(&(0x7f00000002c0)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0xfffffff6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', 0x0, 0x0) write(r0, &(0x7f0000000040)="80", 0x1) mmap(&(0x7f00002a4000/0x4000)=nil, 0x4000, 0x1800007, 0x12, r1, 0xffffc000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x4052, r0, 0x0) [ 847.861929][ T4943] ref_ctr increment failed for inode: 0x4d7 offset: 0x0 ref_ctr_offset: 0xfffffff6 of mm: 0x00000000cd8e4630 [ 847.876128][ T4947] ref_ctr increment failed for inode: 0x4d7 offset: 0x0 ref_ctr_offset: 0xfffffff6 of mm: 0x00000000cd8e4630 03:40:40 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) 03:40:40 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x18010000, 0x0, 0x0) [ 847.951911][ T4962] FAULT_INJECTION: forcing a failure. [ 847.951911][ T4962] name failslab, interval 1, probability 0, space 0, times 0 [ 847.982047][ T5057] ref_ctr increment failed for inode: 0x4fd offset: 0x0 ref_ctr_offset: 0xfffffff6 of mm: 0x00000000ca170aa7 [ 847.994862][ T4962] CPU: 0 PID: 4962 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 848.006403][ T4962] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 848.016457][ T4962] Call Trace: [ 848.019752][ T4962] dump_stack_lvl+0x1e2/0x24b [ 848.024473][ T4962] ? devkmsg_release+0x127/0x127 [ 848.029393][ T4962] ? show_regs_print_info+0x18/0x18 [ 848.034579][ T4962] ? netlink_recvmsg+0xc5e/0x11a0 [ 848.039602][ T4962] dump_stack+0x15/0x1d [ 848.043752][ T4962] should_fail+0x3c0/0x510 03:40:40 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000008440), 0x0, 0x0) read$FUSE(r0, &(0x7f0000000040)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) setreuid(0xee00, r1) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000000)="fc0000001d000724ab09254ec100070007ab08001b000000f0ffff002100057e0000000000000e000039000000039815fad151ba0101099cecb94b46fe0000000a00020025", 0xffffff0c) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000046c0)=ANY=[@ANYBLOB="900601002d000105", @ANYBLOB="62f9e7110f3e1eb22eec"], 0x10690}}, 0x0) splice(r4, 0x0, r3, 0x0, 0x1, 0x0) r5 = openat(r3, &(0x7f0000002080)='./file0\x00', 0x80002, 0x1e8) mmap$perf(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0xa, 0x40010, r3, 0x2) mount$fuse(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f00000020c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=r1, @ANYBLOB=',group_id=', @ANYRESDEC, @ANYBLOB="2c616c6c6f775f6f746865722c64656661756c745f7065726d697373696f6e732c6d61785f726561643d3078303030303130303030303030303030332c6d61785f726561643d3078303030303030303038303030303030312c736d61636b6673666c6f6f723d696e6372656d656e74616c2d6673002c0092fdb4192ef318676673c3df25d139fefcaa7f7e65aa591057fc1c69598e5f55fbcec2dadc559de416151181fba3dddeba8b15ce44b57ece669fd6d864679140be96b7b173ab20a11fd569efc43caa79ad394944da0687aff47944d9c95d939b70ba4bdd8d5c77f5440dfeac61b8bcb48c"]) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000002340)=ANY=[@ANYBLOB="726c6f675f77616b6575705f636e743d47303032303030303030303030303030303030302c003105d75f7aa9a38d6a8a0fac2286fd392421e2e47f0582a84bd4c095038cb7828bb4f4a0df1f2325dd8ab7a0f2d82e600d21a8405300c383c896bba4a2"]) mkdir(&(0x7f0000000080)='./file0\x00', 0x12) r6 = getuid() recvmmsg$unix(r5, &(0x7f00000081c0)=[{{0x0, 0x0, &(0x7f0000005140)=[{&(0x7f0000004c80)}, {&(0x7f0000004cc0)=""/248, 0xf8}, {&(0x7f0000004dc0)=""/83, 0x53}, {&(0x7f0000004e40)=""/151, 0x97}, {&(0x7f0000004f00)=""/250, 0xfa}, {&(0x7f0000005000)=""/16, 0x10}, {&(0x7f0000005040)=""/237, 0xed}], 0x7, &(0x7f00000051c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x38}}, {{0x0, 0x0, &(0x7f0000005280)=[{&(0x7f0000005200)=""/21, 0x15}, {&(0x7f0000005240)=""/23, 0x17}], 0x2, &(0x7f00000052c0)=[@rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}], 0x40}}, {{&(0x7f0000005300), 0x6e, &(0x7f0000007500)=[{&(0x7f0000005380)=""/4096, 0x1000}, {&(0x7f0000006380)=""/4096, 0x1000}, {&(0x7f0000007380)=""/217, 0xd9}, {&(0x7f0000007480)=""/114, 0x72}], 0x4, &(0x7f0000007540)=[@cred={{0x1c}}], 0x20}}, {{0x0, 0x0, &(0x7f0000007700)=[{&(0x7f0000007580)=""/149, 0x95}, {&(0x7f0000007640)=""/58, 0x3a}, {&(0x7f0000007680)=""/88, 0x58}], 0x3}}, {{&(0x7f0000007740)=@abs, 0x6e, &(0x7f00000079c0)=[{&(0x7f00000077c0)=""/114, 0x72}, {&(0x7f0000007840)=""/122, 0x7a}, {&(0x7f00000078c0)=""/53, 0x35}, {&(0x7f0000007900)=""/165, 0xa5}], 0x4, &(0x7f0000007a00)=[@cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0}}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0xe0}}, {{&(0x7f0000007b00)=@abs, 0x6e, &(0x7f0000008100)=[{&(0x7f0000007b80)=""/56, 0x38}, {&(0x7f0000007bc0)=""/208, 0xd0}, {&(0x7f0000007cc0)=""/71, 0x47}, {&(0x7f0000007d40)=""/125, 0x7d}, {&(0x7f0000008480)=""/4096, 0x1000}, {&(0x7f0000007dc0)=""/134, 0x86}, {&(0x7f0000007e80)=""/108, 0x6c}, {&(0x7f0000007f00)=""/137, 0x89}, {&(0x7f0000007fc0)=""/169, 0xa9}, {&(0x7f0000008080)=""/111, 0x6f}], 0xa}}], 0x6, 0x2001, &(0x7f0000008340)={0x0, 0x3938700}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000000480)=0xc) setregid(0x0, r8) syz_fuse_handle_req(0xffffffffffffffff, &(0x7f00000023c0)="033e25894f264ef6e3ce6ad4f6ffd02c11504e5194aabd91b20e9796d9091183c53e7fe42791f25133c1e8905e7b7a3b648174dccf2afd81f1558dbc9aabae6ebed0e522ce9ed6ea57dfc46b79188dddb25c4ab25303679f21fb74f1c3098f6273e75716f80e2e6d6617be95004442de536212ddee21cbf43563f8ace2a800092daeb1fa29e74c044b3cbc7e2465124e2d040dd978e44035e629ee5b2dfd6784e13b029209f337a5a3537a5da44f4ddfeda582bab4cc676eaa91ba0841c4cf252b8cb5af1c115834fb2de7101971b5406fa1c9dcdef2291a1ead034395993ea21c197ac1b1f9d7afd8bd2d971c3dcf549b7a209b0248e0fbfdccd112acec6a7424897e65befc21de0cf329a93d6c443d5581a3d0e35f7e4b124c28f9334bfa9fefec2ca4ef79c0d3a3340a3a74b8c39d9894833463f6f792280c264f219e3911f316f41ffc7149d2ebe019c9671458e8b702abeca97d93502f30a922ff148848298feaa6294947759dce5d2cad7895c590e4ee946cbd00b58890f55b247c7aa70a6e96e69eda7bc550d880429662c364b0a25e0065144dd2ce175c22e6f01f2547edc84b55166edb2b8adcc0ad569f61cf2d27039e37296ce0afa422617d40ca57e5a896138cdaef80f07aad3a6c5fd86bac07eab3ae60e4a090d2b631f9f668e96757c11e2c4d80d42b96fc01426cce3a833d40d3c594db22dbfc82c49fc02bc2c48852a1daa85ba4a15a3b9dbc998dfa22c2a387a0c02611f1732e2be5b719feea84308865eb333fb32b481c592884568fdf05d34f87e27be3880afef8805a583c367dd7b74cdd7af5c2e427980fa96165bb89db68bb5dd6c2e38811faea5c26dd8cfb12f874761f99059f21d041999877e17f50e7dafa8335653736bffc5b0410c916255e0f3477702154d69fb8df297e4a65119b5c6c1add941bee45d0813595c42c9e3cffa4b29283d53a74ced18292a01b4ebdb690d69f7ba0c93db9124926442012cda58f839f45a466a35b932d69c396b8de811052799d5d553a768d861da630d100b3ab215c0ef71b4348236cf640cfa55f6133aac286c3fa68c64e093c1546340a6a372e9c39a1d1117eaed1457f3c1e084952ec5ea99c006ce1c41aafd1deb4dfd4bc54f9028ca0e12527bbc7c76223b1800ae042f7c1e25afc449ed05191feaafe60a0a87ba547cd4c1bd578d839c6b7b249a94b086ed0920c3432e0cb7a85fd46c750ff6b21f5563740ddcaae6f5b914387c2479239eb1b6f3186c51bd0f811ba7d2f8d6fd9effa5c95ef87442d0c1df038419ebf43f310b0abf51e9e47d75b6e474d34a6fb2f472d8884e1826eaa318c2ed55bb582eac2bcf7616c38c9659632545e34cc29195f034af738bbb0de12822e2079fa6921e14b6602c350617033a3d1e8d3bb33bf189f262fe51d0c451fd281c37d7ff5e83b698f11344296e6143a8dbe8782331a99ca967b313fb47e5d764be7d3bf9b1f11dcd59379dc92c9f9f8c942660ce30860444c702199858d14c4744d27af338597490f8e1288e68f71325435773ff8034e2836c7dc1124569286213b9c2b3f4408f80ee05dcb7a136e1357ea0487a52a6a1f0756f583521a452358b8c32e9706ad70362b62fb36d546c4823bee90af9213a0c5c066caee1f80f33561b7986dd16f54b4d226051ce458fa6b2d0382e7db02ba1211b1a779af92b8440a30bdb8f619a3546511dc95661ea7abc8dafbd6532c5c556e42eb89b04091b689c36b03e815ba075ac14ee10fee47f99e41cdd109dac074e44c2962fdcca0bdae7deea9798f9ad4bcf411bb4844c485144653ba69b60ceb21b15091539da4112d39284c71d4ac14bcc052528124ecfaeb2c78253f7ba50a3f560f94704b094b42dfc4621e7fedcb6917526b8540c0e5d15c1ecb76cebab506cfe22e45f0a4dd17bb3b3a61ca9c3272dd22452ec1cab4bd753efc51c2b6ca535f9aea835cc0ffb693a088110b2f3ab728d33832ef027851ba4fce782cd42bfdf2c51ee85651a5c532af72098e583e9611f7c8991ee093dedd5ddf3b1e8b292dab5fcbd497a2a4b735715379e837ecf2dd2b2c76f65a09437652b20f2d5a801f14803726aaa66af35b13e6f2c25de31a8a13e49a6abdc044f99d5afd45aaaa8e9fef5afe002688985e84c1e2b985b592839301bd6b14edf255791df0a6171fb53e63bcedd5739ae0cac93d7d25ae6e585a7bb52885f10346f96341ab741fa44c7870306503520d73e6969a068ae1a7cd90b780c8141cf21efe13837bbea61db08623988a58c2846351510606e05dccea4865c942807d63649aef56d32c601864b291a1a2a40cb1887c115e0d2e98494330f264e37b260366c277a9e85658a05c51ad614df6644f9f01edd565c23b633d86d9548f1bab861c052ab2c032c5201aa7364d5b1f3f1c30091da1e8342d6b87f825723ae7ef8ca83edb9cbd99ef8de1762f46729a4e12cd710d585f7f6485e31a4b567eea2ce158830aa6fa92871d49e47833648ea01f78dc676fca51fa7cd093bcd3b3f86b548b1a4560c49ccc97663afd439476af1f1eaf0e6f3794fb7d3091d3cada94803b74dba01c69d97a1db043e32bf6b93c7ac7b1fc4c56667b79669a597f1facfdf14e40b79f74c6fec6f3f7f2b44d69d2cb700da88c1215926211c2426cdc4fddd7cab60bbabd12cc7f7e3adab866e692aa9c8de6602a80401dd8b60512c58f9ff7de00a250d9b238d8a053c563afedc669e32a249629d521c2b8afbc33a20ddc36acbecc64a32078413220b51f4534f8c242573f8c7d5d6538fd3dec640e26d4fd916f066e649efe80cb22e2a8cffbe7a52049c7eda8edd4a6b6b5ae61367513a0cd1d40868434aa6278a83834accf90f21307f6143552d11e2f41ad115144217ffcd5bca28d557b27272f5f916b559d2289fc6dbf48fb89be7492677439ee7ff39670611d9d92151a91b1c9fa7480ff749788c293dfc6bd95a7c3287e96b37a8073640cf9910110091955f5578045349550d3019a59fa7c914987f8b0206156c421ea2b99332a3548a1757e2f414fe9bea194f488e06b8024daf9f0023e57ead8a400ce92d449248c9549e76a16189c12dd749ba8dabb59066858d38d77ccdfe567f6ad9f54cff3d249db47478b65913f87fdc4d24501ed628a98e9f79fc2975d5d32ad12b8dd76c9eb8fdf8e091bd75c7aa2cd139dfde842b1bd86c624f6ff4d6798f3af43008d30f76317fb589bc5b2a1bbf2a648c098e8e852fdc74f5755acf73ebab746fa73ecc5658f0931916052891977a4d7bac103204da29a795ae2466164992b5837896b35a4d9d90e87014c65a4c9c19d0118f834dd0747e5a16257f7a12fbc2666e4077a20f78c0c37d3f25cdad4d74b8b7de09cd629a850eb99bfb09633c6372591e3cb46cb8c26cf8175732f59632d2ea865da753f59c4c28b5e9a42b15d625b883168bd25e6bb7ad1b18aa14c25f84fc38a26efc907161309eb5395130f6fd8814dfd5b0d20f7499750f30f83c0b5e73104948b482396693c5cf592b882e511816b9d65504fde326d34ea4492d893f8fb4e80f0a1a41ea813b65d1cf3a7c6d5d58995762036b3eb5fe2788c2e1c8565c245dfb496b90934d171706d2096c6c002cb089e7142fc481a980436ca3714ac327029b1c99e2f058ff2c28f88db43d63b8c2503f572956000038f295141192cde3f21e4060f4e2127cf69a52a4df6486491a16c11b4167593755feeb5640ff7851348283248d12eb6cfc8187d622cc7b3a50ffc6794feee0e23bc1d557bc1c0e4067632bb047ba6c317e5d54df7f542483a16a36fb4dac33622e65cd590241ff030f5903cbc9a36fa4516979bdd260859dde01c47494c4aa959be55306d0aec6acbd5f50b2d824e0eb93a1ea8b6ebea2fd37a13bb8a738027def1ea1a99ee66355b658e678fa6c80a1234b9d66722b7849098685ab8bdbabaf12af9c5cd6220db3ee16804980293d1c6d9262c83eb78370b2126fb221e9b74586f353f6598b3238c63f195110593a578cab24983158b751dff0940d3b9076209958fa225d92b18ec4aacc91a6894ae679c83d89541a75dd5a338e05eaa14d4c98a5c4b730e8f304de39e34600c6c218bb419a5fc5f82e44a79d73163da32813fe93fbd541ceecad4f2b296e0efe13470885549aeb34b2c1aaa4f0cc98c7cf328bbae97ebf90d3b7d171deb54553c1b2ec41619fbf708266b50ec1d48f36d285720eb6ee769a3e9f6b309c49734e60a59eff21b67929bcf3512a08232fd03c382e89382d5e4934f0a48b96c7f4cffdec120a3487df477979e198b742309787a95b481decfb7e542ab80616f70cbc6a60e873e0835a6e46ed89aee88fbe29ae3c4d65ce7e16a1d7dcc976a4a928b5bf86aeb27b825761a1fc0f2b441734372c890bc5d8adc7b10d9f60ea1ad5f7cccbdbf26883769fbafb4ad626be27c06c87727f4cba05efa04ed3c8a3af2ea937b854536abf31234105a39eb55e030a9260426c17e50b9a892f20efc43756168692443cf711b002a587bf0d7e8242c41efe5c499da9763da918a4dfeb05e5bebb44c5ccee6fc8e335d9fdce928d201c9e9b17a1c7a7a28f37c1c6e938235ee77aa3df1709e4d9bae1d49f8f21b9dc386430ac777456edc2877a24668cda5fdd8c01ba958368b77182dcd66adb76d46438322c51ef6336c9ce5a78d2e56480f5904be912d4f5e04d811c322c7c7aabcbb75206463b7ab132110af43cea51c0b49f1531de37e13d2cc9af0f7df52f4be12b339ea5406c0a68bac76854e5a44e73c4e85fc4993c4ad9400a1725e68596a1937bee8b9eb569989d6ed96166704e50fd78e514d204e8bd632100e63865c118507d4f47a76108cc6589dbe2b8066e5c44f9fced80a0166441eaff2173d162f69cb73bad27297f42c4345c59ca1028dc1f0578147726fd90a37672d86de0f096fc07dd6b91a590a1d64aa827a1e89de6deb746693c177d9aad7c79546c4e51020f8ea26302df3698a78f13bab89fc8da5bab4931cc1f3222754914c957497317acbe9d758f021848553aae584980cc3835eb1e6db37f12b75c350f87a4b9e3b7d825cde7d9b36c8a8c107762c8c5fdfa3c5cf10577e1e3eaff146c2e450d7190f0d733cb06554f8661ca439b14cd240bdf0755a8d9c83b51d234a8f10c37d4e60b7e4397d28627c92d6ac21d3cdd92531c0454526c220fc7ef7af88849f62e67ff39c64ad3402b9a953ffa779ad18e76c7e72bf1c339b87a6e5188f726cf4aa588cdf5b2b63e77d771e14be94c59c92fc278b99430adb92a3e0f0a7317f1d085538174b4ce7d06addf774f16779c8a384f405b381ad2d8e1b789d95d75b4f3305711235e4e47b1f6b9de5c3d8bc264e79453bb9984c2e1ec20568c923d0b53d7c8a7e4d6db424ceb3b2a28ffdf4cf83e5c628b8bd547e54e12430940e569ad6ac35d9ce615660e4a89232e37aaf3a16e6ba73cc7cca37e4e6f1bafa92ca50e523ad8c4655c55b47b55137ae8f8a4db0da2ab6cc723bdd6c25338252f01e9216c4dfb59350c1091f9ac5b179e558d2d7521e491188dc2d3a8d56f974e87e89959b5125a8fcd1d5420d2d3b7d2da0aaacd8d3107fe3c107ce539a4bdffa6d6b2b9aa668c6c5dcd927341c6b67e9b65431f8dd8929eff0107b7e18917226ee2fb6c9ba0f448499a364699177060f35652de0e489646b9b73a69ded06d777c48a4eab59e9802a9239f3e6b836c8163e401382a440ea40e64bc03e1b90fc00efeb8f1aec000e2b2f415a6107cb056a265d762ed30cc6c0dd8d2e051be0286e0cfd3f43629ce2d2175f9cb88ca7abb3973407c2209b6d90d82f0abc6f2778a860bf5a0ed0e0a4fa6f34c15dd82d65838e57f59fd740a90848e8839b479ecc2326bbc77bc4010ebc94c063c0d01907ebfde2157576c691cb42ec7ee2ebbd2bc484944f59affdc6adbfa5d5fb95cc2500475e2c5a6a627c271b10843354ef1fcd05bab9b94c0fc0e537b96deaf7d3fc2bcdae291c1000f5634891f74b7fac7b2a6704b4e9dd160752516ca3512a3a6540001461760eff3506a596215b1819fba5711ce5207c4837996e541dfa9d957f8590acf6cc1d1805b3c619e0d9ff48a9340ae898a061006b4e2764c2df52da25c19d81e7b6a585431806c1e43b52affc84882fb2ae451e59ae90476a267a0d48a237b0823349161e8f00a67a1556217f0602ca3a79d45680510cf89ba8a1330034ceaf39a04a8978f0288df6c6c5a1503538ccd3801e25ad5e2d169c363dd69bc0f3aaa18da47cbf633be8a288f065275d85d38e4a4e4427e72c27941114ce38dbfe9b7a0acd7c7991e4a48cc7b58f5fef512c81dae7b1b7428262c5d56b027faa1bb594e46f1882fcc3a4dea16d4ac41bbee37208d2a351b66c682cbdfcf892d4fd3e57d332ee9fe47f8cfaf94b9e23e3ca95afb39bb7fc07dbe7a44f9696479c501df4b831fc2cf8a03ca7b7467c90ecf1bc479d35e3dee18ded4efc44663160893ce176298bef5c5ea2e2da70c50013f1534ba2c5e90addbc6b2b76b259be32eab60f9738a98af42137e5582c51850c2c855bdb1cca40b1c9f38c334b1f37bd46164ddeb9be97669ccc36b7399e33ef205ec926a059b5a83183effe91cb0c7693affaa78de4e68aeb5b1cb7166645a8be32ed032a864fd6c2d8a12e309b18bf928d95afe6bbd5ff1737e304388d77989a59aa4aea7176e9c5a50164f41b12ed4747cc591a91ba002a06fe0c733826a665e23158e67ed416bd2765afba7435c1fdd358e8cf636f94a3eb4b177a28bd16694d9807d0f99b5f8955888fc6719f6a42f6f0191518de1717601bf83fb6644d560ad740c8f2e264b10e279f8b42a75d9b1ad8579e2a4627738539cda9c09198653d25be8d31de41c902f40c15d506012753ca5aa1fbf0b074dec74390aeff2f4ecfd78be06f43f8483f3282eeabd715b8235278f4227e06cba9cc8c7bf55342a5dfb6afde250dbeca5fac89915e5fd17108146eabe472bb6a16be41ad8e5094a6465d3fc6e69276d2568296c55f087c584066371a49164f7c3dedf850afa21a8acc076905660de1f8b3df853739c24547d3faf4d463619f77bc6cc70645504bba1ac7ea7fc8efe716c63c3ce30ff919500670d5d5a5e110ff5faf5514e1d2bb948b1ea62df64a9bbb38fc5fe6b203bbb2e35766834a8a8003161d3e1f2561f097c4d1d8cbcc5a617add3687fbbe607f03ebee47594beea60890b095e94f5d65400d22aafbefe1b38fa04236c53b958fd7bd1057ad2d155dcdc3fb40ab38b9d096d60665119d03cb97182e5edad84a4f4d438808880c68e435eff678fe7e98c8d100c0875cd3030bf419a511f2ac55dc7e8756e03ace826b61ad3a1c4e92715124bdaada58b6c12f27958d719a6bc03a4bb5dd96e950dab4adb7afaee84a6c3501b31c82015afadf4209703917886ce831d7abc1289dcca9ad2e6a18236b29e2a311fa9a4e890c932366bafe9212bce4fab4c255cf6553db43337e53a228b7b74b3e0a9b5c247ca4e8a18edff12ca064492a3a046102f661d29f3d35ed5d4b9e155c2e42d7fa334f25057a11593212a837641deb6a85cd856778eaa9bf2265c6623444d4c52d62accd6d406a0a1f115a3998f6f20e6a84859edab7bc5e8252fedc70c4e051488c9fb35553c1b24aa3fbc687f01c7ef0b51b2bb3116d143e25a159248450fa6a7019f25d8f82baa6dc33e2aa575eb2a3fa77912ee64fd18445bb1aa445e311190f4b6d56b94ff2549499a4ef184cd64866350deed91e1f999b0f092241bd062d4922f3e03a9d5ac05f2458542b10a57f61c5880f95eb2e6bca12c8e8868ae7355b970959b7fc77833c9beab880a57ec04576a9e2a7678de2a7622a58f4883b62dc2631c5ca43b2aba50ff7b17524e47274f8e1d599de8f93472b315193406a6ee3ee14b224746eafa393720f5003a63999aa0b92cc8057aa7dccc3ff4f9db45a6ce34ca3b4cdb9b83bb5cdd30a197aa63e610b7cc3544cdcdba5e6583f24e958063fbe9a3a9d6f623e04e234d6472adbc890b5d09372e6133a3bbf975fbce8d8512ff8613a0d2c75be288c486cdd9be91079aaa2f278d1180b1c410554524e94568a17d364ab8a66131d782afcf2102776dd0f69976487ab242b70ab5529e9da14fe4e3c4cb3f66ae8e953912ac9c96e117e12ea58381cf288312518db88e3a98b55de2e2088988448499a1ec9c15869a1bd444376068fe9d461589493d95c40ef6c0b375341d34d1cf21707efded916178adee073b28d1ee1a7c31334777fdf51b702510fb066fc7c7902dc12bcdd3718911d7fcb48df989147a46caa9f8cb2ccbc11c6905e93138e788185541f020835af17caf657f6706f86f3d76e663ef64b26039a5cb581ed4125d0215ca027e0bad8dffbcf28fbbb0053601177ad415e2bee952fe2eda4f9bc719fdd83c941b65eb9a7e20bf92f913c205dd01d310bfd95dde6ea0dfc98e27345b538f762bcd219f465cf90c32edc65f08e3c0b4d3b9dc62933622a49ae2ba7ebb260c7d31a9ff540b260a961f11c0b420ed7e225343a8804dca16c13dff8256adb7c768e2bde201c83c57df20cde3f62eddf01dbda68b40e14fe92695b2482795071e06a21c276fd5ae45573da6f5d261558c4f50b22380a6a187ece72ed4339fbef24d9f7e0a5dac6973d3d1b310e45618866f9f139cf21ebd47c42cb1c337cff25122960d228769eb82d1e403b75b8d1760e9081de2e6675e10da9039c80673869fc53d9b2ef2cfc9c78eb49c81872776362c70f0bcfcf8a046f3ed79e4e7263b1141de7db09368161b0399722c67f70ef7a3823ae99aa5c5cb0c5b26a4709f367ea97d8495fa15aaa3f5ad97488599df45ce0bbc312d88fa06dff256ce0482464843628042d7bfac7d5115ce9666783111cb0ac6ccfeea2ec6dd6d7b045988a7ab57d0e44b333a6ce1a3e2bea15677030cec422826838f0e87107581ffbb78dead212025045c478ab631a14804ff224a69bca4436c1c53aa6974bddc358b0b740228e641da14af5c2519ac0fb1e6851d777088283358409e71fd5c2637aa8642a49be6392f7146462db0c2ba07d8c1193fe6e694f3e33adf2fa016c5d2e8dbfc055e7a698680c47e9949bc7e443437b6ce07b322a69f17d0c4ddee7c5411a4e891f40ff289cec4f554c4fd669e5f3de0e50a1d0b3981afc12c0444c259b4805c50e7d40585eb17453b3a73521f13ae162ce298e2370623bb75fc0481a9a587bfa9583c0769bf1d35ec868ba26c040599c12c59453f2c3aadcb47a0b185a064407db5e660a2577d0ade69c6813d0a269a7acc07ba4229a1db4cab2219f2fca9f67938b973c77ce0880ab9fe4be108af498370db0c87a7826a2f41246bc6b0153eb79b56a39767325e3088968e9066788996556c9ed217dec62d53093e666f9e4c865a3e6a3a0b94987d92bb301c668886606242617a10b13f7cb3630ad1acefdf2fd2031e04d99180365d570c98343e684b6600adfa3d325c5b707880a1d3f339f46d85bd7053088ba49690ff60ba3a3b5831179ce4a88c1cb98186c0ae5e518f037b073f82a36d32a30017fc2dd6cbe1455905c6ebfd39282fcb643b68929a4ddb5a7db7d4f6dffb3a3a888608c11bcddc2a58e8f4526f5439d9f07099823f26eb9f9a19d8a74245b164b9cd198cbf6bf40ff0dffb582d381739807af1dc40a543f840adb457d455c0fa427a9f8ccbefc484e4ea914066e7580d10bc40634ee78cf6011de43753ffcb451fbad23ef13709b26213927186092badf39ad8190e13d17749b7d20c84c06a0011ba84dd62ab38d87254fdc90a1ba8f324bafb953535a7808756cdc19b77611e0b67fa03e7498bd4156f2a58740b04e4399c97a3b8409131a7eac2a9995765f7702a7726f16aaa7c95b915b0f18a8900ccd8a9f6fceed73e6a471e2afea9cd8c3b9ea97f778165fa100b22cd829cd2b9c5eae509d2d14fbfc28c57b06bc261ec49a87fa04968558e8d2456fcd794d928b6eca7bdb9bdc1dc1cd2b7c947c42937409ecfc7732420f89ad39b88786e59f6371371a9e91043d80586bb12ad58629a9baf8eafe26d87dcda87a3e8135a41c57bec10274c7548009c5ea9ae86536de3af8cc055fd0013e63b304a1ee51f376bf6a56b368f7eece013046b0f8c6462f22f30a4feb388efd9318be173e7c17b9c1a04a72ed3ebd3f24c49c1de4104d5a73f05b39aeec8a6828d0efe503bcab89579c2281f32aee4e277bcc66ca6b483ab72c9f3003d5ea5fdc079f2916fb6ba6f25e68a157387c4d8d6cfb4aa596f1d4440e94f328d5d4119afe457cf6a6b6d20971d3b895e9763790814e4b44db8ea39b66e2f23622e37505dbcc98a0cb742ea6ceb8c62da3dd5db4c0d876f888c3b7a2827a6d1f901eee979018b43d60145aff7eefd2156869f38382d8708bb2b6e61f254fa4d8b2e79499ef173f43acd23d6d5f43228edcdb7f584bf7e73e35d84da5b74bd3bf5189f90f990a11902c02d6e54490f0f7cd8afbdf013e78c649683f13910322aa2737eddc01e6c8847a39df36d110ce593f7712086f5e3c5d9b8bbbe06b991731e9860b8ecdd9a38b5a901f6538f7902826bcea7906146524ff70fc8504bf119463c5146f61a2e5c65d26287464ae2f1240ed5efb592867761c9c6cc29aac3fcb0bc50473dd488bec60252420f3c8e746834edd8607db5f336cb896888812122d2ea6b88d8327d68cf52ad23c65e01d763f35fef3b205662e172beb304e4128ddd84ba6b8451ce78ea018cf842c22e93c0c0405920973c79fd938d813e915e64b2cc70af335afb09958dd5245cd75ecd1edaee3bd5f6b1efb6acb96d8f45a48b91335c4529ebac5618bc864bc7033276e9c6f4ac73a159f8dd2bf76dfd24008223add14a918b9c5ffabe9cbb04baba1b3af64b74547b2109e0ba3e29a2fbb0ff532bc45ba82ade07202b8e379a26e0dde856990d17968c108c239cb17323d57612a641f9e7ea802b718763067dcb827098232c745b6129bac0d8c481b7eb39968a03e8077ba7166e48dd65d0c0c0d997d884ae9c810fa2c9c39ba98157c2d76d4d1eb77ae76ecde1bdff61032aa0a053c1c7cce335ae9f242d52fe1fedb95e3f3619f110692dc1b6199be1e4a99ef98605926d912b38fc17d80755cdd18204abf101d9f04d786696e55ac414ae7a2aacfc163578c4281f48c28fc79b827c0ac0eb462b4be8af80be97098726590bb87eb9670e9842a15b24e24436ae636de52b88d8a07dadfef53ffa22cbef5cea455708b2d609781884478b59109f0ffef84549a43fea75d86f6bd71481142de514aebd1b11590b26aeb164a4f5d9ac5752d5f677f7829db8af8ee0b991f0fa8223525ec254321dcf76e4c1f5789c16afe634f40700ec92b7f9615e6edc31a2b4d0dd9dfb346efd6f7ce017048b7c9a6243e830494d9b7a1b386872d5820d00c0c559c90bb657ec2db10dd8cdc7b15f2bc9e690230ec2fd640af4f68fda345ad0ba724e0c09b6b2efa5238fd0580b8f6d9baa3255d99b65b3f7b21a2a59550a50067", 0x2000, &(0x7f00000094c0)={&(0x7f00000043c0)={0x50, 0x0, 0x800000000000000, {0x7, 0x22, 0x5, 0x130180, 0x90a8, 0xb028, 0x2, 0x3}}, &(0x7f0000004440)={0x18, 0x0, 0x800000000000000, {0x10000}}, &(0x7f0000004480)={0x18, 0x0, 0x3f, {0x3}}, &(0x7f00000044c0)={0x18, 0xfffffffffffffffe, 0x7, {0x3}}, &(0x7f0000004500)={0x18, 0x0, 0xff, {0x7}}, &(0x7f0000004540)={0x28, 0x0, 0x800, {{0xffff, 0x7fff, 0x2}}}, &(0x7f0000004580)={0x60, 0x0, 0x1000, {{0x7fff, 0x0, 0xee8, 0xffffffffffffffff, 0xfff, 0x6, 0x4b4f, 0x40}}}, &(0x7f0000004600)={0x18, 0x0, 0x100000000, {0x8000}}, &(0x7f0000004640)={0x11, 0x0, 0x9, {'\x00'}}, &(0x7f0000004680)={0x20, 0x24, 0x8, {0x0, 0x18}}, &(0x7f0000004780)={0x78, 0x0, 0x0, {0x521, 0x10001, 0x0, {0x0, 0x7, 0x300, 0x9, 0x100000000, 0x1, 0x10001, 0x80000001, 0xde00000, 0xa000, 0x3, r1, 0x0, 0x4, 0x80000001}}}, &(0x7f0000004800)={0x90, 0x0, 0x1, {0x1, 0x1, 0x7, 0x3, 0xab7d, 0x7, {0x1, 0x7, 0x6, 0x100000000, 0x800, 0x4, 0x1, 0x33, 0x3, 0x4000, 0x2, 0x0, 0x0, 0x2a, 0x8}}}, &(0x7f0000009540)=ANY=[@ANYBLOB="2801000000000000fdffffffffffffff000000000000000009000000000000000d00000002000000646f6e745f61707072616973650000000600000000000000ff7f000000000000050000000000feff2e2e402e5e00000005000000000000000000000000000000030000009700000025297d00000000000200000000000000000000000000000001000000000000002800000000000000020000000000000001000000000000000f00000080000000696e6372656d656e74616c2d66730000020000000000000000000000000000000d0000007ac80000646f6e745f61707072610f2b63809b20dab7915dd6b7f07c813b6973650000000000000000000000ff0300000000000001000000ffffffff28000000000000000600000000000000060000000000000006000000000000004023212e2d5d0000"], &(0x7f0000004b00)={0x150, 0x0, 0x0, [{{0x0, 0x0, 0xffffffffffffff32, 0x100000001, 0x1c, 0x2, {0x2, 0x2, 0x1ff, 0x1ff, 0x2, 0x3ff80000000000, 0x2, 0x29, 0x1, 0xc000, 0x3, 0x0, 0x0, 0x1, 0x40}}, {0x2, 0x0, 0x5, 0xfffffff9, '.)-%:'}}, {{0x5, 0x1, 0x3f, 0x8, 0x8, 0x4, {0x5, 0x9, 0x1, 0x200, 0x1ff, 0x4, 0x0, 0x0, 0x3, 0x1000, 0x7, r6, r2, 0x7f, 0x1}}, {0x6, 0xf8, 0x6, 0x9, 'fsname'}}]}, &(0x7f0000008380)={0xa0, 0x0, 0x5, {{0x6, 0x1, 0x8, 0x9, 0x4, 0x1, {0x1, 0x7598, 0x3, 0x644, 0x6, 0x87, 0x3, 0x9, 0x4, 0x1000, 0x4000000, r7, r8, 0x3, 0x8}}, {0x0, 0xa}}}, &(0x7f0000009480)={0x20, 0x0, 0x5, {0x4, 0x0, 0x5, 0x8}}}) 03:40:40 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000005002c003480"], 0x60}}, 0x0) 03:40:40 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x2, 0x0, 0x0, 0x0) 03:40:40 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000006002c003480"], 0x60}}, 0x0) [ 848.048174][ T4962] ? iovec_from_user+0x8a/0x310 [ 848.053029][ T4962] __should_failslab+0x9f/0xe0 [ 848.057790][ T4962] should_failslab+0x9/0x20 [ 848.062288][ T4962] __kmalloc+0x68/0x3d0 [ 848.066441][ T4962] ? _copy_from_user+0x93/0xd0 [ 848.071208][ T4962] iovec_from_user+0x8a/0x310 [ 848.075887][ T4962] ? __ia32_sys_shutdown+0x70/0x70 [ 848.080996][ T4962] __import_iovec+0x72/0x3b0 [ 848.085595][ T4962] io_recvmsg_copy_hdr+0x396/0x7f0 [ 848.090712][ T4962] ? io_poll_remove_one+0xf90/0xf90 [ 848.095911][ T4962] ? arch_stack_walk+0xf8/0x140 03:40:40 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x1f000000, 0x0, 0x0) [ 848.100762][ T4962] io_issue_sqe+0x2ccf/0xfc10 [ 848.105442][ T4962] ? __io_req_task_cancel+0x720/0x720 [ 848.110826][ T4962] ? __rcu_read_lock+0x50/0x50 [ 848.115592][ T4962] ? is_bpf_text_address+0x1a2/0x1c0 [ 848.120875][ T4962] ? stack_trace_save+0x1e0/0x1e0 [ 848.125900][ T4962] ? __kernel_text_address+0x9a/0x110 [ 848.131275][ T4962] ? unwind_get_return_address+0x4c/0x90 [ 848.136976][ T4962] ? arch_stack_walk+0xf8/0x140 [ 848.141827][ T4962] ? __rcu_read_lock+0x50/0x50 [ 848.146582][ T4962] ? is_bpf_text_address+0x1a2/0x1c0 03:40:40 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000007002c003480"], 0x60}}, 0x0) [ 848.151865][ T4962] ? stack_trace_save+0x1e0/0x1e0 [ 848.156928][ T4962] ? __kernel_text_address+0x9a/0x110 [ 848.162302][ T4962] ? unwind_get_return_address+0x4c/0x90 [ 848.167922][ T4962] ? arch_stack_walk+0xf8/0x140 [ 848.172751][ T4962] ? stack_trace_save+0x11b/0x1e0 [ 848.177763][ T4962] ? stack_trace_snprint+0xe0/0xe0 [ 848.182879][ T4962] ? __rcu_read_lock+0x50/0x50 [ 848.187653][ T4962] ? __kasan_slab_alloc+0xc9/0xe0 [ 848.192679][ T4962] ? __kasan_slab_alloc+0xb2/0xe0 [ 848.197703][ T4962] ? kmem_cache_alloc_bulk+0x2d5/0x3f0 03:40:40 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x38000000, 0x0, 0x0) [ 848.203165][ T4962] ? io_submit_sqes+0x6bf/0x2da0 [ 848.208103][ T4962] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 848.213826][ T4962] ? io_req_prep+0x1906/0x51b0 [ 848.218591][ T4962] ? io_queue_sqe+0x1180/0x1180 [ 848.223442][ T4962] ? __rcu_read_lock+0x50/0x50 [ 848.228208][ T4962] __io_queue_sqe+0x2cf/0x2fa0 [ 848.232974][ T4962] io_queue_sqe+0x295/0x1180 [ 848.237563][ T4962] io_submit_sqe+0x385/0xfd0 [ 848.242149][ T4962] ? io_file_get+0x437/0x9c0 [ 848.246743][ T4962] io_submit_sqes+0x1050/0x2da0 [ 848.251602][ T4962] ? io_uring_add_task_file+0x290/0x290 [ 848.257152][ T4962] ? security_file_permission+0xa8/0xc0 [ 848.262703][ T4962] ? __kasan_check_write+0x14/0x20 [ 848.267822][ T4962] ? mutex_lock+0xa6/0x110 [ 848.272244][ T4962] ? io_uring_add_task_file+0x127/0x290 [ 848.277790][ T4962] ? __fdget+0x1b5/0x240 [ 848.282034][ T4962] __se_sys_io_uring_enter+0x322/0x12b0 [ 848.287577][ T4962] ? __fget_files+0x26d/0x2c0 [ 848.292260][ T4962] ? __kasan_check_write+0x14/0x20 [ 848.297369][ T4962] ? fput_many+0x47/0x1a0 [ 848.301692][ T4962] ? __x64_sys_io_uring_enter+0x100/0x100 [ 848.307406][ T4962] ? __ia32_sys_read+0x90/0x90 [ 848.312167][ T4962] ? debug_smp_processor_id+0x1c/0x20 [ 848.317545][ T4962] __x64_sys_io_uring_enter+0xe5/0x100 [ 848.323001][ T4962] do_syscall_64+0x31/0x70 [ 848.327405][ T4962] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 848.333282][ T4962] RIP: 0033:0x7f5fb5d49a39 [ 848.337687][ T4962] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 848.357323][ T4962] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 848.365714][ T4962] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 848.373677][ T4962] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 [ 848.381635][ T4962] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 [ 848.389583][ T4962] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 03:40:41 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 6) 03:40:41 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x4, 0x0, 0x0, 0x0) 03:40:41 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000009002c003480"], 0x60}}, 0x0) 03:40:41 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x40000000, 0x0, 0x0) 03:40:41 executing program 3: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) perf_event_open(&(0x7f00000002c0)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0xfffffff6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', 0x0, 0x0) write(r0, &(0x7f0000000040)="80", 0x1) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000340)="063ec44f95c30223905882998078baa2ae6421114af02223b616da336e8d0deb98fabce312c297b8688cea238f3ebf9b2d65283308897b13d5bc2a57147b99b086e32ba60d7e1d6401ccd4c719a7c53839b8d8ea3c99957cc6164d90d3b16bcec432a059e81be537eb7797fbeef77bb4da89daecb70aa7fda0d9292ba2ec80d390b8c5252490e62cb20aa73a1a4b9d75f424c39255a343c02683764351f0668094b0cb0ace5c92fd03258240e9444371fd29a58b3b7fd9f653a64be38dd34cff890336e2b2f6e844eb62e70751f2d38195ed2a98c8c23b950653ab6b72e48c120f17fe2c1a6d331509409af3fa5064be1f6c77656d70028561f118425fb0dd17f6f31640c07d7ee760b2775cb8b55c818432e822a9af049ebb522ecd0ff1c7ca41dbfd14933f835fff66ad91a2f2311a1bd4715f3560863bfd091ef38366d83e1293d9123cbfc818835f7a91de4a81142b7c7f23ef852414e3fef10cc397b8e63089527000b3b32301f92a2729a6fb8b47dc3f241caec4aadf736917443663d49c6be0c06e88c98cda85f30250ddd4ba5f768d3e3a3da252267d98bc00a96d5ceb2e0e990063b5c31f0637b2fdfde49b4a0fdac518fe74e34ad7bbce5490a37af3c3d76385584c06a3603adb5c4311aece22af1675ad01c9402effcab28431b8d8e8fd7aeae5f28d33587e65c33b5539c91c424146addc6f96bf0a44e8f6fd18c9e6b985521e6c0f74b910247bd4a5d4baa56916a334ea7dc2b304966af09afb84e3a559233dda123762e52f8cc050ba7c53f975414e6362555e9928aaa2a533e0dc7e1165d18e8c25794774591f63d4a200d9e2dedee1fea54d457d8e746d8752efcc14e7f1a9b56d659872847d3a664a529a9c6022d66a3adb2c98b53692948604bf51e7b3662c36ca96f85503d2913ac59fe849ea9b9e4905dc077ee98e5a9e8a1c9abc58a1a41ffa45b264c6e2a615c4184a3395df7cda6c970a6469cca8ceea68c3e0fd36605be2d2a9c6d0457e03cdb08e6e2c56ecdfcd8cdcc7dc16a1669448d4a75cd9b3d4e7691a154ff926dd9c7b531e2da61810a99bcf552abbe9e99526119dd9aae09519fff4892c67fa426f72f5052c15bfb6bf9d9ef7c8d32ed8f0881c0d8b79d5e0aabb55883d7130e8af7b6d1b5fd2e165e2cd571319d25fd27a8013e274636da2f05294790e60c5a05741ec826857f07d3dbca725363759c8b941995f5dc641b01caafd33eaf5f2b93b1275c4eb8f64089b33a8634b477b4147672ddbe482d5d1e76dcf8be751ad69f763f5b26def633655bd1a5f2e42e42513d7dca712021ffec497bb5200fdbad71dad0c20e16d85a31107084a1cac132f673419fde6b9e1750494c0b160f413840e0e8571a4a816d3c4fa16e02aa4e1eae48d1f1737b93172d2d0dcba9b977617f3d283114aaf00316da36ac383ace554eb367bb6d4f0c61f475c99cc3ac605f8c45a3f0f12bcf4b750e754852da75bbe1ad2f74e5132b820f09bf9e10976a2518707fec90e55b904df746dd9baf64a18e62a65530eec0639e347919269539c7c14bbc6c0bfe4f92cad343b8b76272aac59dd940aef78cba98e61377bca0af1ff31d0e4ce49da89f5b4b214eecde57ad55f9435b39efec6c6edcbc068b306c4cf3bbda87c3f46d7346b101771301b3189e809c9c640fa14dd7dca1739c202e5e5fff6b6bb8910a86c4342252fbf874faaa33194fdc996dbea3c838c858483f765ca04953bd451f3bda29c4af743f47a174460f538d8d1dee06abd501ab2bbdfa78acdd709b3d603374fda4fc549f63500348e8fdbb3efcefb761f0830a62ac1a96d3669119650cb33b652c00298e295ef61873a3d457218d78afaae24caabab286fa94124a43e1186accd62d6f8aadc37995cae5aa3c229a06df98abdd2e0d4e693394892f926fdafd5b39dbc4d533c32a226599f6a9f79132ca1be68f3716a9a1f4ee2c01faf2e8b462c59004ff9e2e2874edd6f471fba33b00a3b525ffdce2a50ccb095857f64a99344deda3b13d93e4f4fa01ddfade8c786ff8926d2f6bb88cbd48c311e3177519924ef4e711bca9e2798561381cac1c41741750f25b2418abd19f6808c2e9f771ee4e7d8cd00c43eccf8e079bea923db2a71283148f05e727b391263283c08349e851c7e5d97e1f27e6675ea0cd2d4c7ce0a2c4fc204cd52ae40ae70493892df037e6a24dcb95929de863450ca78c5cfc8770320f6ac67a3fee6f9dfe55b46dcd1a1dbd8c9ac958fb68ec078ded5b0e4568888fe6d6ec2d0091c6ef80aa4f39644d7bd0d6ab734c01d0ff01c83c046450b6f80d782534c018de2356c5c5f57cafb8027eb0f4e2f846d179d34f2d8cf1f263f0d6276f14a6ae98618ecc401239aa81ee3f549a916b454b61fbe828cb947f125d7482dd88feefa16106002d9da96fcc18aff4efca314665fdf7ba9e9da06b3d19fb959631bfc6f0b67a0ee0ac075772b2f43f49f88a01ff3cc947e53f48c42df4d9adf91cf00fc75741fc096de8eeb42e2594c7a7a477b4500535d3d1a86feb6bfdf80427de0e93521fefab43f180af339ecd612af7084433e78072423ce638f04eea7d31f242d74c208a2be35686c126f461571c3ab03f41fd2b1c43cb19a21bb8e94a8531f5c8e98744fe10cffbea54dd2f5a26ff75e99f821e8d8a069b64c0763382b61a1f68720876d4ef3fd97cc7119ba1743ae89c71f7bde7436e1c5a9a5f196bb779e2dae3b4172045e7cec8916060d5328e3c798e1bcaeeea1909333dcb6d61d90a9ee9d4919e47f3b8ffb8fe1259b6a0a321454b57a007bec0637bb297e70b896c2634820ff2ad87421320dd1efb33c45a24a4d7baebfa93e7080b37e8e41c2cad96ccf885214e2fd88d120b988aeb9d01f4f9c9354cda85d648e7468b44f0702451c07771e84d58fb3abed0430fa4be1a4793f49a2c9bb7956597f025e9e179d6c897ac4cba6a69b42b34a68d1ef6c12ec1d0dee80b2c69960d99443b83773e33fe51557480fbaf8da36b69f1826759bd285d178a44624a9db09eaf410d6c3f51e380d0a41597ab8a3e72071e41d915540282ad7ebff331dbb759aec68c521bb419482a705d725510782a1816f9d2c4a2e2dee26191723e8b40475888375cf2432ff3591eb60a185e6685041466e0addadb8dfbacdd92bc447fe7b676378e76b97154ac012da5746e7875fa639cca03d03d9007d13d7faf79b613f7048e0fda72f29633940b0e243e68f63a9c73857771f8f8c8d0adece2aeeaea869e7613ea7cb355ffd952ea73e5a251973b6b1f21c68a5fb8321085fdb42844ba75e93154750b0e1df38ad8931f18288c2f7fe27b8bc5f560f431e9b33dd2100e44763bf6c0f61922dae16905584a2bced9032b1bb5f84e668b4852940f691f595205ba4568407a6d07359863cb3ce43d7ca2386347961768511667d491b33eb0f18b83cb683b4ea337aa9349b8acde4e101d989cdbe35b45559c913d6eb283e2f1618f14ba7bcc56276fa2422a65a52477e26e4c782ccf85779c4010b3c3370b47972d0acd434d966281bcc285b136f94217bbb95f45f34c59f8710390c912d503df4433f6bb11542f0173676e42477467d9b09e16ec70a1fe72e5173d6196b1a7fe4c80066bcd9a57289195d267d8fcd04516b70bc1feadafd111aae76154f97e46f48b57fb1c6faaef97c800d50553a5a9ad9b8929d2b909fe1ebfab1a4011703b9c800248ce7a823261b2304fedb89930133debcacf5e6fb5674f4e3f80b703c9734f7d767fb04ed8a14dcebe49526906b3d48d0c45149992ed3dd9632d1a276e2c0f2bef325412bb801bffd659cbdfe85cb28d490a36ae5404295741e119c1975bdc8b3d48dfd6413c2ee0da2c857558cb3c3d179356aa99aa3ff2c914e631e411b03ff8fd639b1f47da5f25ca454d10bc710d4ff0cc4655b39889df6ffd8594337fc2a77063a9dc5d818bcad139cee693f716c5ad82e591300eb7b59adfabb4dbf3ce1a458f68089b338dc275ab18889c276b94577a67e9d4e615ca1e4f345ecbd038506e0fdb455580236d5bc886485ad4b8f802fd9d2a8f017e24dc09d1b574108e2f6d76b408224d289154dc84f5b31e790b119f286f2500ad1ac67c2ead1a8ff131ca98a14a295cf1afd6cc2222fb49d9dd2ea1c0c4c655761378bf4b9a6b38ef9b1a489f72260c4601ff5c8a09d9a7d5214026960c7ebdfe0fd4ae420bdf2da8a66be51817595c737310ba2ceca301d4d993c42828e53b97f0337e8b3f9e238cb7849a8c430d756cd6f681986a47594647515e89f2e3e99d9de6cbd0d0dc14ac5bf32866d9af6c35681d801b2e310f532dfcc5f03b09cc440fadc29b4dfb5e62e32bd4f297d35a745cea12b20a0144208d9fbd2bb8194ef6c4cdcd323583696aa92ac9fc14bc5aa75cc35066f0181b162bacc8084c58e64946326fa7da7c418fda4c21ff0081fd53c59933e392538b0d0ec15bf9a92f6fbebf52fccad185b97a469568b7ba0507687617a6c145641651ffef7a79c2f510ce46a9551316ae5344f63cd981689cd73a7b771e58e935f462c2441436ae31c11686136f981699ebf0939bc268f7ceaf0ddbb86dde5549cae867f4db9a8f56a79c042a2483903c20784499d2acc976a3f9d1529c853f042b3fd1cc2e2d7970e6d899e11defb479733888ab640a0a1ee3bfe759c6b42d83695db682918c7b02f6be1671ef17770acc3cabfdc3173c69fa966095232b568a28760639c67eacd7d62389331c06c3ca313d2df12acc63827874c11a1addeeb680b96b75611fbfbd363a175a48f49a6feac2869f469455cdd4a11a7001463bc193173d6d21c32f1f39a2fe9544f8bf961195429e395484ecad22345a6b756708e15dc1c0fd529ca01ac186c54c058d159c76cfffbacfcf43287e2a1f3f9d6deb674b47f3ca04107a1afc168558c3dd09b413c039081c68fb5a626b62a8654b3512e70232c4218df86bc9c457e71ae8e53afcb300a625c3ec485762c04c477eea160da6f66aa7632eecc762809e36e067e3b64a1a5b905375b6e8c7e67b27c96c4e9478bf317078c81ce384959bc2835b3c0fc99baab8e5c77679ced09ecbca78df95d07015fbfc67f1eac9ef1052c97a06effaa0c6198c1244bd1a1acb764e2d10889e7c7b2db04d10066b8cfaebba0362ecac83ec4acf1bf29e479765773599c308bf5c9f81ae1201e45edd0b5f319a347643026fc9a68983968d01575efa03c6af24ffb9e17dd3e371eff19ca0f8d0739a789bcd120ee7476794e72c3c1da82bc81387f7f718b58c6eb089b70a19bf7b418779e2da960dcdd0955a68fb176806c2e51c22b13bc8aa09b5582d79eb04af697c7aea7e269560e1e17b192c7f0f372aec2d7a691ad4aa9ef0c7d362e5d22f1c3a8087c3443a59683e80d9876ce4caa60a6e5109c2148c4d0c277e91b1a56ce2304b28393f27c5f8abf263e10c5e33a40495362a1f8d537a93e3543f07faf1243fb31cef62a061c34d66644f66f4b9e8ac18ce3f8a62eadeae280a8fffc155a9340286854c93fd07502231186f1361196f4e10574dc5da191036bedc71f1d66f068273cbeb98a86279820851d96a003ab019710c917cad1cc999082b192b40e4905fcc2d73e648b48bfadf7b678989df0fe9bb7ccf45115ec1ddebb6abf86ab2676a2c4dc4fd6696eeb1dff2cbacc6a8beb94d11e9dfa0bc75da432881390d59511e70b79de8eaee6410dd9472cc52713a79cd772e4156f7a73d7096320b75f71a96ed49ac4352d4be2055415e4d1d7", 0x1000}], 0x1) mmap(&(0x7f00002a4000/0x4000)=nil, 0x4000, 0x1800007, 0x12, r1, 0xffffc000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x4052, r0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff}) r4 = socket$inet_udp(0x2, 0x2, 0x0) close(r4) splice(r3, 0x0, r4, 0x0, 0x4ffdc, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff}) r6 = socket$inet_udp(0x2, 0x2, 0x0) close(r6) splice(r5, 0x0, r6, 0x0, 0x4ffdc, 0x0) ioctl$TUNSETSTEERINGEBPF(r3, 0x800454e0, &(0x7f0000000080)=r5) [ 848.397536][ T4962] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 [ 848.408417][ T5350] ref_ctr increment failed for inode: 0x4fd offset: 0x0 ref_ctr_offset: 0xfffffff6 of mm: 0x00000000ca170aa7 03:40:41 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="726c6f675f77616b4875705f636e743d303030303030303030307e3e4d57bda8aee800000000"]) 03:40:41 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000083002c003480"], 0x60}}, 0x0) 03:40:41 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x40410000, 0x0, 0x0) 03:40:41 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x8, 0x0, 0x0, 0x0) [ 848.506289][ T5435] FAULT_INJECTION: forcing a failure. [ 848.506289][ T5435] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 848.528564][ T5435] CPU: 1 PID: 5435 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 848.540117][ T5435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 848.550162][ T5435] Call Trace: [ 848.553447][ T5435] dump_stack_lvl+0x1e2/0x24b [ 848.558112][ T5435] ? show_regs_print_info+0x18/0x18 [ 848.563289][ T5435] dump_stack+0x15/0x1d [ 848.567418][ T5435] should_fail+0x3c0/0x510 [ 848.571806][ T5435] should_fail_usercopy+0x1a/0x20 [ 848.576805][ T5435] _copy_from_user+0x20/0xd0 [ 848.581370][ T5435] iovec_from_user+0xc7/0x310 [ 848.586023][ T5435] ? __ia32_sys_shutdown+0x70/0x70 [ 848.591108][ T5435] __import_iovec+0x72/0x3b0 [ 848.595678][ T5435] io_recvmsg_copy_hdr+0x396/0x7f0 [ 848.600769][ T5435] ? io_poll_remove_one+0xf90/0xf90 [ 848.605943][ T5435] ? arch_stack_walk+0xf8/0x140 [ 848.610765][ T5435] io_issue_sqe+0x2ccf/0xfc10 [ 848.615419][ T5435] ? __io_req_task_cancel+0x720/0x720 [ 848.620762][ T5435] ? __rcu_read_lock+0x50/0x50 [ 848.625499][ T5435] ? is_bpf_text_address+0x1a2/0x1c0 [ 848.630755][ T5435] ? stack_trace_save+0x1e0/0x1e0 [ 848.635755][ T5435] ? __kernel_text_address+0x9a/0x110 [ 848.641115][ T5435] ? unwind_get_return_address+0x4c/0x90 [ 848.646740][ T5435] ? arch_stack_walk+0xf8/0x140 [ 848.651568][ T5435] ? __rcu_read_lock+0x50/0x50 [ 848.656306][ T5435] ? is_bpf_text_address+0x1a2/0x1c0 [ 848.661563][ T5435] ? stack_trace_save+0x1e0/0x1e0 [ 848.666603][ T5435] ? __kernel_text_address+0x9a/0x110 [ 848.671945][ T5435] ? unwind_get_return_address+0x4c/0x90 [ 848.677563][ T5435] ? arch_stack_walk+0xf8/0x140 [ 848.682414][ T5435] ? stack_trace_save+0x11b/0x1e0 [ 848.687411][ T5435] ? stack_trace_snprint+0xe0/0xe0 [ 848.692494][ T5435] ? __rcu_read_lock+0x50/0x50 [ 848.697238][ T5435] ? __kasan_slab_alloc+0xc9/0xe0 [ 848.702252][ T5435] ? __kasan_slab_alloc+0xb2/0xe0 [ 848.707247][ T5435] ? kmem_cache_alloc_bulk+0x2d5/0x3f0 [ 848.712679][ T5435] ? io_submit_sqes+0x6bf/0x2da0 [ 848.717592][ T5435] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 848.723288][ T5435] ? io_req_prep+0x1906/0x51b0 [ 848.728036][ T5435] ? io_queue_sqe+0x1180/0x1180 [ 848.732861][ T5435] ? __rcu_read_lock+0x50/0x50 [ 848.737597][ T5435] __io_queue_sqe+0x2cf/0x2fa0 [ 848.742336][ T5435] io_queue_sqe+0x295/0x1180 [ 848.746900][ T5435] io_submit_sqe+0x385/0xfd0 [ 848.751460][ T5435] ? io_file_get+0x437/0x9c0 [ 848.756025][ T5435] io_submit_sqes+0x1050/0x2da0 [ 848.760877][ T5435] ? io_uring_add_task_file+0x290/0x290 [ 848.766396][ T5435] ? security_file_permission+0xa8/0xc0 [ 848.771936][ T5435] ? __kasan_check_write+0x14/0x20 [ 848.777032][ T5435] ? mutex_lock+0xa6/0x110 [ 848.781446][ T5435] ? io_uring_add_task_file+0x127/0x290 [ 848.786963][ T5435] ? __fdget+0x1b5/0x240 [ 848.791184][ T5435] __se_sys_io_uring_enter+0x322/0x12b0 [ 848.796841][ T5435] ? __fget_files+0x26d/0x2c0 [ 848.801612][ T5435] ? __kasan_check_write+0x14/0x20 [ 848.806714][ T5435] ? fput_many+0x47/0x1a0 [ 848.811018][ T5435] ? __x64_sys_io_uring_enter+0x100/0x100 [ 848.816708][ T5435] ? __ia32_sys_read+0x90/0x90 [ 848.821448][ T5435] ? debug_smp_processor_id+0x1c/0x20 [ 848.826792][ T5435] __x64_sys_io_uring_enter+0xe5/0x100 [ 848.832226][ T5435] do_syscall_64+0x31/0x70 [ 848.836615][ T5435] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 848.842481][ T5435] RIP: 0033:0x7f5fb5d49a39 [ 848.846871][ T5435] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 848.866452][ T5435] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 848.874916][ T5435] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 848.882870][ T5435] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 [ 848.890929][ T5435] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 [ 848.898882][ T5435] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 03:40:41 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 7) [ 848.906841][ T5435] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 [ 848.937559][ T5581] ref_ctr increment failed for inode: 0x4ee offset: 0x0 ref_ctr_offset: 0xfffffff6 of mm: 0x0000000021c078c6 03:40:41 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000032c003480"], 0x60}}, 0x0) 03:40:41 executing program 3: r0 = open(&(0x7f0000000000)='./bus\x00', 0x541842, 0x10) perf_event_open(&(0x7f00000002c0)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0xfffffff6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', 0x0, 0x0) write(r0, &(0x7f0000000040)="80", 0x1) mmap(&(0x7f00002a4000/0x4000)=nil, 0x4000, 0x1800007, 0x12, r1, 0xffffc000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x4052, r0, 0x0) 03:40:41 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x77359400, 0x0, 0x0) [ 848.951487][ T5581] ref_ctr increment failed for inode: 0x4ee offset: 0x0 ref_ctr_offset: 0xfffffff6 of mm: 0x0000000021c078c6 [ 849.026290][ T5606] incfs: Options parsing error. -22 03:40:41 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000052c003480"], 0x60}}, 0x0) 03:40:41 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0xc, 0x0, 0x0, 0x0) 03:40:41 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000008440), 0x0, 0x0) read$FUSE(r0, &(0x7f0000000040)={0x2020, 0x0, 0x0, 0x0}, 0x2020) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_drop_memb(r2, 0x107, 0x2, &(0x7f0000000000)={0x0, 0x1, 0x6, @random="fd0adf5424bb"}, 0x1d) setreuid(0xee00, r1) mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180), 0x102000, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}], [{@euid_lt={'euid<', r1}}]}) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB='rlog_wakeupOcnt=00000000000000000000,\x00']) pwritev(r0, &(0x7f0000003440)=[{&(0x7f00000020c0)="11c82768536a8684553ab7def2ef0b54d88e73295bedb5b89e56f1f597f00cea7f45e4c65e35473572d2766def9360570b8ee8fab1dfdaf69af45fd733c0158f41bdcd3aa7f99fe6fcef3caf4dd374a1359a40c602887e450a712a4c7d57dd781f2e72c82488ffff881d02325a8c5e1422f5519b57490b276fc216c07f65523b921fba851e2c3f3c0f617addd8ce67f00a22a9857c4ef6760cfc482f086c0d9355f0a19375d978a7be5ff32088cf8177080461e268d474076a475658daeae488422c87944d85d58d578f7238ad0db63ad02e9c754d1b0d29ab5953", 0xdb}, {&(0x7f00000021c0)="f5d595cbc7db9bc76a69e0", 0xb}, {&(0x7f0000002200)="ae21fc6afc54987ad752e11b389e56e35923e7846a7e85", 0x17}, {&(0x7f0000002240)="c1e5b52ad0db143b44a92ca2f4b1e314ccb677569b4e35a8cb61cdc68f45f7dfc00cf73be89bdc5bfe7490561a2dc9fa66aa4746a1dc5d0acb0d45005f45853e09c14ac0bb0fb9a9b3f81f2fe5d977d4a990a55280d9fd664c9bbbe38cfcfe1d2e31abf68cc912a68ad66f0fb28b494abe39fa30698f968fb79b905d09b3814ef7c539eee38cbcb1eb268b3e33923611c15c7363dd03928d67e9e35541a51ff3a294a14344dae9f989e405240541bb5125f2bb267ad6a733ed2be946a64f86b926804c2315fe39b468dcf9fc07bff5fc3a64369094af80508a127217d785fb43796be64d83279294fae0180b6d28d10f1fcdeb3a4ebe1daa9563d968848097c2ec8ed898da68604159c4542d23bbf324d5abd4672e1dc6685f4464ebb02dac7fd0c704db76e85941f4ddc069984959901678ad8a639d5e122a11d04435e450dac10de20f530be03a264d0e451bddda3eba24c3045be5be4084c4c047973843fd58ffca5c3172c808ba242a2f0ce8e9b3d6cd889deb24b91e910a1b53d610c19080310c719e5923f7e7c32a7857bb935b4491ba99c5174dd1412de35979db8bd5f8be4cb0122bd7072e9c84231c442d9e38ac06cc8fc132c672a81377ed2acaba51ad10bd58d563054810213be1fd9892e1964263e494648beffbfcb38126ec343849c5b16e6d7ee74194351b9c54d4f1b985672f7c8b939f284fd0ba9fe3024ab7de2dde5ad68d9e229d683a4aec540cca57d62ef0b45345c99cf1dbc27040c8b12d3b47a0db2a7da32f720161fd48b9a87c205810d2f44f1689a887453411c4faf6b413a111bf5a7d266668bf0d3632f5faab39f3ad2ec7bf90cb93e45afc9b24704f94df702102e9b166b4f87b4c10b4d05566aa661a946a88ebb97403c8a9bfcd087039c87fb893226135819f0a273bc777ad4dfb64ee042dc389beddf99c1d8f5275a87fc000c9605dc832f0af35659d11cc8a109123a3ea8011201b615cd0e4a39295a268bd9ce1b8c503367489f44cdd7a4def641ba1d86e2aee624c8f571a8426efa04650b27b392f46b837ae91acaca3b501fae5d124ea76c1bc4776865bc9ac0a66841c842e74d6fc5b34273c7204a7b5010a7bca0be40e8ad1a57a8d177beb2d2968bc21c399f99bb76c7a2ce7bdcff6202cb59015474a865d41c2248fc9a47fa267ee302f9516b017433191e53002d1bebc54be568eeae857cf23c1ce9286a153ee888c14beee4fd77ed247f8d77db1a6d980474d9d17e2a4fa1dd7b8abcb4f04a70f712af18403ce94de226d586c0d97dba9c96366971ad179cc351ed6cab82d368a3b1372df66981cb4c1e093ad5b67bf45c589a8f50075ee083430fa423e52184c48cd1a8df909cf372958818fb64ec0f9c8b8358ed5c4c7f5ba00bd7bd370e64cdecb51c6e581be912112b3493d3d71877e96d4b30bd18d306cdd5cbfce8c082982564806baef5b80238c27596d3c2cf6c597a56100c61686d54c305d7c1907528ceb47c50c23638610cf7a5f8092b558b71d771a1f88eca4c3f2992c3c75086d49c531e39e5a4ffb478bbe462f12418f3e00e934fab361fa0fbfc48bd85f5ddef22691d9d63d649a7b97fd823bf598b8257def805e90a02fff823f7859dc237cafb94eff152a5da299f811bc9e4354bd991ab236b814928fd4d680f97dccf258d02fcc26a551046fc6e157c977e7f5f51b07a75639633440241174721d7c69a8f62c3ea0704d85a2d98996a5a859e682d434868e91c1b38f0532c8ba583606541c29eeb62edfeb03bc31ae0b77375eeb79a2540fa3df1edb2073885cc9fe3d3ae8db5e06a3ba06f3cd7daae6cf60b0ab13026768211c4b2b64c61fbdfbd5f9c9d87d5ca898754f0ad2b2c77d4ce134a82bfa15362759b2bba195f66affc6e267d3f14dbdd357367e5170964e2d375ada92333bf3a0e5d1d5571137c8acb32fc5bdb2d7e68f2eda9d6d14667a8de2db27ead6341caa7cb7f1b1f6832aaba3b1ba7bbe768b38cb0bcd17bd5136998591b392f604d55c56ec8131639c905e053184ed2e31624dfb45247505d952b83a21b0af5e1ab57e7574c53e5867f91d666f8209d9f5f72eb8357b38fc8e2618f6fcb1f5944420456b6a5c5b8555e5a9506958adc6b8895d25a0d6fc5d9ed55233e0d0b882c10888a8ab202193fb6638adc29afeec81baa8bf93e0bcb320e4c3884303c490d15f7c92c33b24c8c0e839e8adf9792e906172f0547584e556d60bbccfc1810e0c316d606a090b8f2e9aed322e12737cc0fab7e6ead4ce55df34a7704e61fda7a4588f6187a35bae2f65da3660dd30da39f6e2fc65f4627f6aa504d9aaf45c6314d7aca5b4b0ea9d71e39395356712319b403f0e02c8c12b5503bd61fc68d7f3d996142470cfc0b1e98eaba1f3da79c4daa230ab52340df0a9cba29f957085d6632b15aff654e33a91b1b1151813d64037f1f2e20ff05d3bdba2eeb61e9500f9595487cee835fd7874e8023c72ac6b4493594aa20e04556c41f429fe0e02735ffc709ef0b575ad7d571ca2448bb00084a966598d177201785c734e2ea2dda1a642bb1edd00b8f131263d602d303a30023142ad02349cc5ba6d6842206b812dffbc2123257f59a84ca0ae0c1210ebeb6fc43a115863273bb99aa5d24c1ea7b4c88c64d9d6c10b4756b2a832e5ab363c5cae4813965555210695ffc58be274e098435b122e27cabb823c657bfea28372b90cad4dfcb08663b11bbec4c73d60612767c399f2c9a35db89655c99fc8d05925b0acee4aa3c13f56ff17c5067c850eb5b77b870181a94545b9567fd26553225cbcf35af04d63694ab41f948d3d03ea0b5ce26da9d4c0e6e06687469f709a547785911f929c00f24faf0d6d94f005a26f1aefb037244067f1fc9ff95b82fb31a5c24a6ce3152a7b86cf1056c3f43a0f1a3a27dbce5256ca69727ad9bdb1acb6969d7173535838b480573f345ddf26cf742276ad185e90221ba016b8ab791848e5891a46c3fc7cb74722f3e1ede3c86ead774de2bd7984ba3620d35294e61d93358234246db77dbf683a763076e96fc70ebc2adad7d1791de1eecee772845ba270fab54b66a4abaf115848224bc023917eea790db805bb16914c08f1f2dab1dc21221faa84c697f83cec3ec51701c678fe7d400d75eeff6f6fbbda4e26e4ad6048ab9977edf6e428b0ebbe2f29c6c2b7373469980ea13701da2e47b4c9f44f34854b9bf06f7296ec3ce323e84308488e2d0e99b68f625cb1dcde5baf616f69c97d114a9a026c323011bc9f3f8fcb07d294d0d8f96238f9650c3881266fd7cb7b470b2c0aebbeb091a60b6130f853b1a610eb25405b8856b129685a7ba7094a6b62ce6d18bc1cb3fc630fca14c6aeed774556270bfc39a9f90f63c5376d9ee34d1813d1dbfa2f7bfd17aa6e02f57287c3d6f1a1112425a9aee5a69ba361b11972f8506a2c0f7397348a4931ef53f4b15b5f911edbcbc04cf850c0645a3236ab9356b8fcd271df4074b1371e550f9a8e796986fcf66b8f0deeaae41e24714e3d23264691d762cb0f05046f8065309ac446a3a3bdc79fb7b166641666bcd2ad387bc3e48265499504e91c98f20ff22955779c49e58eba13d04e8291adc3b113616d3edafce45950a2b2b1f4a4622be67d1f81f8994c1babb277e9683b71a5e2ee648e882ac946c6a143192ccc0e6372c1d6d82979d6deaba590f72d5201a092a7282ba10ab8dc5c7ba66036d6ee6cacacb986527ea53dfc84a5f902082697c2df92398fc20b2027b42fc81fba882ba8adfe873fef9f2d50fae57091832bb3a2281e614764f46a5cda2a0624daf88388808e946ffe828b9f95b2d4a102dd686b3d97e47ad8e2d74777941b43a2523dfba5580ba49bb94cf59a7794858ab33b2c2ec4fc9daa69aee94e75282015950de1164ce0512168a9dce9f0f4d356f3e98c3d354059ef246c4b67c3bead38b17cf63fb7663df13a6b04ac96362589e5e9a306779abbf36954520c0c3ac157c5c4778b60eb7fe872d258c0116e8b42ca46d947c5ca1a70874300d46263a798653867992599f821396a7ec77c7160e09602b3a74721741ae8487497e2741a159509e820d536c5589a1a390d5784bbe6375dd6762acad0ec80116f2d9661994297f19f94746311892543198cc1684a45295ff624f40ab44ada5ddee1a0f0d1c17b7f654838098688c07dc00e039260a08102cdf3e35c0287ba9f3f9cf9c19fb6c98b56e382ee0c85d41b814087f8e07b10f02149bd6cdc7f95e9c8f3b12202878025c3f005b59dafce8e5798341bc4c4764627530f9c4a7e30dc4010743a25c2a9e89be79cc65f34bae4b944b88423086ae82889956f6210621aac795dcd557a9980771d6ffd96b25ff96241b6f158e5c914029bb2a67c564b3de15ec580eff072650a1feb6988e20f3ef4663979c9646a1371e35d091b5d6acf6e68e4156470d2c0582b43910702d5fb18c21a7421ddc6a86b565faf33a9b2ebbcecbe4b291e121edaf5f722631d082cc4e716fe9d0be77ae00323fc8ddad0ebe55da5ed3559a89c21cdfc1e838a2886036ed9ce43d2620e268e74da143f641cf8676e3a694e0d2eaf867935daa7c5b623e496fccac54e8b6ae81c12b117a6fcd0b109a6b268a7b99d1fd1fd5c7bade5e4ad6342a52e3b224ee1514d1a921a2a68819e59f6bd47ffc7b6e87e9acc09d071f3e4163d022b152633cc169e410c025c4d5ffc267546668d81953a0a1c5d58b4240ee25808b6c5af3c190da700604948d86ad707eef3aa2a4e7b04c8e4ff2727d25298d7e3daffa240604459ac4f5ba6b824e6b17be06052284a9afb55c86f7b049e0a9f4a5976c6d0c5ff847056270725fddccce6a23e34cb41df98a57b0babce5a4a8df364eb66a0bf1292ea600801264abe9603434f13069c1b1dc7444fb361cf06cecb5b5b4368ee70386bd39d1de5e2f4e3d8db4b2ffcc53933ae599e2a4feb2a20a1ace3a5d9504a225bb834e3b9462f3e62b7ed20df4c2e9bd65bc088911954ebdcc89edd9229854737d98bc7859e340421aea06b87ebd8d5da0fda386c14fff978bf14f2aa12ea06556b496d6bb484cd068e81f8a821d89c735c8d43e3453f77366567af4bed71b9a006254c6546116ad82e79b5b4f2b7bc768eb8e17cf32e9c7e341bfd3aeac682f9c040379b0c785b81cc75e63f06bf791390089f5f3d48ee1c6309eae898acab5e6f75e9d9d2f38538cbd19336ce5cb2e46ab968be1756c195faa4d9e772bd35e3e35d69704e493b00596f0b510a47f5a229556f3aa014230116b533700fb7788896b3b798773476a18bb48687f9f5720e67ec60385a03d1a98147a18facf8e3e59a168ae99a144833c087d99dfcb4682b887d1cfab8e43a26dc97f143dcd9096cc2401d2e7f4ead9478e96bdab1ac0f70bddcf9a053e1076630d52edf6200173af70742a7a67e4d06a76f9b6ce0ed91cb0b8f2e03677f491b92f86a15bad2f042702c3e4d89f8a81ef00386814949ec6685ebd3afa8ec40a5fa7c5b07010c49d6a0f73980d5eaebe47dfcd1e5b885938cca32331cb1497b8697f2a9b355a5008516ed55fe5b63bd3482f18a7f22a3c908b72399f7bc2afc3bfd7a0dad43765c122db291d2961e44b54025f255eb3ba2350a0a2fbc09262c15fffbaf6b9563f444fdd00e9420518f046269dd7d0b0b0d41f712b756a2167fcf1852854c867e66c9356f115d1426ea73e7b612e26e449d5ef045e4e4342808ad1f262799b08f9fc83489a366b94fe77e76f09d8e5ef9a14ebb75a2ed", 0x1000}, {&(0x7f0000003240)="09f0bc525a4ae918e30ddbc2dc9436bae2b25fd1f31995ae71d8", 0x1a}, {&(0x7f0000003280)="d2c71ff9ea4c49ecb702494a00ef497532a6e10009b2d8b64456a94b02f9be58a175d471bdcd96b0069081c6f2", 0x2d}, {&(0x7f00000032c0)="e4ac0dee46650446e0d6e758b1d9634e7fcf62abf970a6e4d0bedaffd5379de7a07e5009088f9aca8bf2195d1359d09b3ed39a239c323d77f0db43d02d0389df0927032ab4b32e006400eceaca0f2e8501339c78d03d5fdd1c6d34637542a53b3464a8f88be63ab62b0e77854d9c2f4bdc", 0x71}, {&(0x7f0000003340)="0d4c51752ab6697cb7e0ec8a4a274e4aa1ac8854a83862d1829e2e29b3d6bbe518c19d84a0a42880bb5ab6332e6f29611c2a7732e1a631c91ea3c3437bdc50fe33a961ad45d7823801730e1922abf0a5be77434b50bdf780cf6e131ce066e03b2953ef7debfc7b4987630cf2421afbe080c3ea45a01f2dd1c71ce902596cccbe98faf5b4904ec36b8b20273ea64e0a4d5b28a7475d16013ea3ebedc453eb133ec374456646f811df60f3810acccdd6091a94dc86d2618ae68e043a0567ea99e30273a5559d7b34898a52a65a93e6f28a2623b386c1dd42c9bb01b231cb4acdfda70fbb2f0caed78de2048f046fec171a75a223", 0xf3}], 0x8, 0xff, 0x8) mkdir(&(0x7f0000002080)='./file0\x00', 0x141) 03:40:41 executing program 3: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) inotify_add_watch(0xffffffffffffffff, &(0x7f0000000080)='.\x00', 0x100001c6) perf_event_open(&(0x7f00000002c0)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0xfffffff6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/module/spurious', 0x20000, 0x80) r2 = perf_event_open(&(0x7f00000000c0)={0x3, 0x80, 0x4, 0x7, 0x1, 0x1, 0x0, 0x800, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x2, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x1, @perf_config_ext={0x1, 0x100000001}, 0x0, 0xfffffffffffffff9, 0x6, 0x8, 0x1ff, 0x7fff, 0x0, 0x0, 0x7fff, 0x0, 0x5}, 0x0, 0x6, r1, 0x1) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', 0x0, 0x0) write(r0, &(0x7f0000000040)="80", 0x1) mmap(&(0x7f00002a4000/0x4000)=nil, 0x4000, 0x1800007, 0x12, r3, 0xffffc000) r4 = gettid() ptrace$setopts(0x4206, r4, 0x0, 0x0) tkill(r4, 0x40) ptrace$setregs(0xd, r4, 0x0, &(0x7f0000000080)) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x3d, 0x6f, 0x9, 0x81, 0x0, 0x1, 0x21100, 0x8, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x3, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x2, 0x4, @perf_config_ext={0x400, 0x5}, 0x14040, 0x3ff, 0x9, 0x4, 0x3, 0x34, 0xd5, 0x0, 0x5, 0x0, 0x7}, r4, 0x9, r2, 0xa) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x4052, r0, 0x0) [ 849.050841][ T5656] FAULT_INJECTION: forcing a failure. [ 849.050841][ T5656] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 849.065256][ T5656] CPU: 0 PID: 5656 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 849.076813][ T5656] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 849.086863][ T5656] Call Trace: [ 849.090148][ T5656] dump_stack_lvl+0x1e2/0x24b [ 849.094823][ T5656] ? show_regs_print_info+0x18/0x18 [ 849.100005][ T5656] ? kfree+0xca/0x310 [ 849.103975][ T5656] dump_stack+0x15/0x1d [ 849.108125][ T5656] should_fail+0x3c0/0x510 [ 849.112549][ T5656] should_fail_usercopy+0x1a/0x20 [ 849.117574][ T5656] _copy_from_user+0x20/0xd0 [ 849.122164][ T5656] __copy_msghdr_from_user+0xaf/0x730 [ 849.127548][ T5656] ? __import_iovec+0x343/0x3b0 [ 849.132404][ T5656] ? __ia32_sys_shutdown+0x70/0x70 [ 849.137503][ T5656] io_recvmsg_copy_hdr+0x1cf/0x7f0 [ 849.142607][ T5656] ? io_poll_remove_one+0xf90/0xf90 03:40:41 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000062c003480"], 0x60}}, 0x0) [ 849.147805][ T5656] ? arch_stack_walk+0xf8/0x140 [ 849.152648][ T5656] io_issue_sqe+0x2ccf/0xfc10 [ 849.157324][ T5656] ? __io_req_task_cancel+0x720/0x720 [ 849.162693][ T5656] ? __rcu_read_lock+0x50/0x50 [ 849.167438][ T5656] ? is_bpf_text_address+0x1a2/0x1c0 [ 849.172714][ T5656] ? stack_trace_save+0x1e0/0x1e0 [ 849.177739][ T5656] ? __kernel_text_address+0x9a/0x110 [ 849.183117][ T5656] ? kmem_cache_free+0xaa/0x1e0 [ 849.187968][ T5656] ? kmem_cache_free+0xaa/0x1e0 [ 849.192820][ T5656] ? kasan_set_track+0x63/0x80 03:40:41 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000072c003480"], 0x60}}, 0x0) 03:40:41 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x38, 0x0, 0x0, 0x0) [ 849.197584][ T5656] ? kasan_set_track+0x4c/0x80 [ 849.202350][ T5656] ? kasan_set_free_info+0x23/0x40 [ 849.207468][ T5656] ? ____kasan_slab_free+0x133/0x170 [ 849.212752][ T5656] ? __kasan_slab_free+0x11/0x20 [ 849.217691][ T5656] ? slab_free_freelist_hook+0xb2/0x180 [ 849.223232][ T5656] ? kmem_cache_free+0xaa/0x1e0 [ 849.228080][ T5656] ? __io_free_req+0x20e/0x380 [ 849.232845][ T5656] ? io_req_complete+0xeb/0x610 [ 849.237696][ T5656] ? __io_queue_sqe+0x1070/0x2fa0 [ 849.242704][ T5656] ? io_queue_sqe+0x295/0x1180 03:40:42 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, &(0x7f0000000000)="fc0000001d000724ab09254ec100070007ab08001b000000f0ffff002100057e0000000000000e000039000000039815fad151ba0101099cecb94b46fe0000000a00020025", 0xffffff0c) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000010d00)=ANY=[@ANYBLOB="900601002d000105", @ANYBLOB], 0x10690}}, 0x0) splice(r1, 0x0, r0, 0x0, 0x1, 0x0) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000200)={@multicast1, @broadcast, 0x0}, &(0x7f0000000240)=0xc) sendmsg$nl_route_sched(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000500)={&(0x7f0000000280)=@newqdisc={0x27c, 0x24, 0x300, 0x70bd2b, 0x25dfdbff, {0x0, 0x0, 0x0, r2, {0xffff, 0xc}, {0xa, 0x6}, {0xffe0, 0xc}}, [@TCA_RATE={0x6, 0x5, {0x2, 0x9}}, @qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x2, 0x8, 0x3, 0x4, 0x5}, 0x12, 0x1, 0x5, 0x4, 0x0, 0xe, 0x20, 0x2, 0x1, 0x101, {0x7, 0x5, 0x0, 0x2, 0xffffffff, 0x3b}}}}, @TCA_STAB={0x144, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0xff, 0xfa, 0xaa, 0x401, 0x1, 0xfff, 0x6, 0x9}}, {0x16, 0x2, [0x8dc, 0x7, 0x8, 0x9, 0x4, 0x2f1, 0x9, 0x3, 0x7]}}, {{0x1c, 0x1, {0xff, 0x1f, 0x4, 0x5, 0x1, 0x8, 0x1, 0x1}}, {0x6, 0x2, [0x3]}}, {{0x1c, 0x1, {0xaa, 0x81, 0xffff, 0x1, 0x1, 0x9, 0xfd62, 0x1}}, {0x6, 0x2, [0x2]}}, {{0x1c, 0x1, {0x26, 0xf8, 0x2, 0x86, 0x2, 0x50, 0x8000, 0x1}}, {0x6, 0x2, [0x6]}}, {{0x1c, 0x1, {0x83, 0xd4, 0x5, 0x80, 0x2, 0xff, 0x100, 0x3}}, {0xa, 0x2, [0x101, 0x4, 0xa48e]}}, {{0x1c, 0x1, {0x3, 0xff, 0x0, 0x1f, 0x1, 0x7, 0x2, 0x3}}, {0xa, 0x2, [0xfff8, 0x8, 0xfff9]}}, {{0x1c, 0x1, {0x3, 0x0, 0x4, 0x3, 0x1, 0x3f, 0x8, 0x3}}, {0xa, 0x2, [0x31, 0x8, 0x5]}}, {{0x1c, 0x1, {0x2, 0xe0, 0x0, 0x8, 0x1, 0xa59, 0x9, 0x4}}, {0xc, 0x2, [0x8001, 0x8000, 0x3, 0x4]}}]}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x8c1}, @TCA_RATE={0x6, 0x5, {0x2, 0x5}}, @TCA_INGRESS_BLOCK={0x8}, @TCA_STAB={0xa0, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x8, 0x80, 0x1, 0x5740000, 0x1, 0x1000, 0x7fff, 0x3}}, {0xa, 0x2, [0x1, 0x6, 0x4]}}, {{0x1c, 0x1, {0x80, 0x5, 0x4, 0x1, 0x2, 0x2, 0x0, 0x4}}, {0xc, 0x2, [0x2, 0x1f, 0xfff2, 0x6]}}, {{0x1c, 0x1, {0x0, 0x3f, 0x1000, 0x5, 0x0, 0xfff, 0x4, 0x5}}, {0xe, 0x2, [0x5, 0x4, 0x368, 0x800, 0x9]}}, {{0x1c, 0x1, {0x6, 0x9, 0x3, 0x401, 0x2, 0x4, 0x8}}, {0x4}}]}]}, 0x27c}, 0x1, 0x0, 0x0, 0x8884}, 0x4000014) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000000c0)={[{@rlog_wakeup_cnt}]}) removexattr(&(0x7f0000000080)='./file0\x00', &(0x7f0000000180)=@known='trusted.overlay.origin\x00') [ 849.247464][ T5656] ? io_submit_sqe+0x385/0xfd0 [ 849.252221][ T5656] ? io_submit_sqes+0x1050/0x2da0 [ 849.257238][ T5656] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 849.262955][ T5656] ? __x64_sys_io_uring_enter+0xe5/0x100 [ 849.268591][ T5656] ? do_syscall_64+0x31/0x70 [ 849.273183][ T5656] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 849.279256][ T5656] ? kmem_cache_free+0xaa/0x1e0 [ 849.284115][ T5656] ? debug_smp_processor_id+0x1c/0x20 [ 849.289487][ T5656] ? kmem_cache_free+0xaa/0x1e0 [ 849.294342][ T5656] ? ____kasan_slab_free+0x13e/0x170 [ 849.299626][ T5656] ? __kasan_slab_free+0x11/0x20 [ 849.304555][ T5656] ? slab_free_freelist_hook+0xb2/0x180 [ 849.310094][ T5656] ? __rcu_read_lock+0x50/0x50 [ 849.314860][ T5656] ? io_req_prep+0x1906/0x51b0 [ 849.319632][ T5656] ? io_queue_sqe+0x1180/0x1180 [ 849.324602][ T5656] ? __rcu_read_lock+0x50/0x50 [ 849.329360][ T5656] __io_queue_sqe+0x2cf/0x2fa0 [ 849.334126][ T5656] io_queue_sqe+0x295/0x1180 [ 849.338716][ T5656] io_submit_sqe+0x385/0xfd0 [ 849.343300][ T5656] ? io_file_get+0x437/0x9c0 [ 849.347889][ T5656] io_submit_sqes+0x1050/0x2da0 [ 849.352734][ T5656] ? io_uring_add_task_file+0x290/0x290 [ 849.358275][ T5656] ? security_file_permission+0xa8/0xc0 [ 849.363800][ T5656] ? __kasan_check_write+0x14/0x20 [ 849.368901][ T5656] ? mutex_lock+0xa6/0x110 [ 849.373314][ T5656] ? io_uring_add_task_file+0x127/0x290 [ 849.378855][ T5656] ? __fdget+0x1b5/0x240 [ 849.383096][ T5656] __se_sys_io_uring_enter+0x322/0x12b0 [ 849.388643][ T5656] ? __fget_files+0x26d/0x2c0 [ 849.393310][ T5656] ? __kasan_check_write+0x14/0x20 [ 849.398402][ T5656] ? fput_many+0x47/0x1a0 [ 849.402725][ T5656] ? __x64_sys_io_uring_enter+0x100/0x100 [ 849.408445][ T5656] ? __ia32_sys_read+0x90/0x90 [ 849.413219][ T5656] ? debug_smp_processor_id+0x1c/0x20 [ 849.418576][ T5656] __x64_sys_io_uring_enter+0xe5/0x100 [ 849.424012][ T5656] do_syscall_64+0x31/0x70 [ 849.428409][ T5656] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 849.434281][ T5656] RIP: 0033:0x7f5fb5d49a39 [ 849.438675][ T5656] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 849.458260][ T5656] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 849.466654][ T5656] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 849.474605][ T5656] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 [ 849.482555][ T5656] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 [ 849.490505][ T5656] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 03:40:42 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 8) 03:40:42 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x118, 0x0, 0x0, 0x0) 03:40:42 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x7fffefe0, 0x0, 0x0) 03:40:42 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000092c003480"], 0x60}}, 0x0) 03:40:42 executing program 3: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) perf_event_open(&(0x7f00000002c0)={0x6, 0x80, 0x0, 0x0, 0x0, 0xfc, 0xfffffff6}, 0x0, 0x0, 0xffffffffffffffff, 0x6) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', 0x0, 0x0) write(r0, &(0x7f0000000040)="80", 0x1) mmap(&(0x7f00002a4000/0x4000)=nil, 0x4000, 0x1800007, 0x12, r1, 0xffffc000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x4052, r0, 0x0) [ 849.498471][ T5656] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:40:42 executing program 1: setsockopt$bt_BT_RCVMTU(0xffffffffffffffff, 0x112, 0xd, &(0x7f0000000080)=0x7, 0x2) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="6e6f5f62665f7265616461686561643d30303030303030303030303030303030303030300000f42b402a86ff635a3fbd5d357be0eeaec53057d33a0055f212aae0a83251fd3a46754bdb1ca52cddb23cfda337c2f82dbe9303aa0b749dcff9e78085f122003aeea67ac043528e79b498157d676432459fac588f9fd74479f48f77a6f9f30fa960c69f05565f2e215340dde274837ed4e14fed276e313dfd7b3d4b01c8c3343d7e"]) 03:40:42 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f000000000000000000000000a0652c003480"], 0x60}}, 0x0) 03:40:42 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x7ffff000, 0x0, 0x0) 03:40:42 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0xc00, 0x0, 0x0, 0x0) [ 849.617076][ T6293] incfs: Options parsing error. -22 [ 849.623238][ T6290] FAULT_INJECTION: forcing a failure. [ 849.623238][ T6290] name failslab, interval 1, probability 0, space 0, times 0 [ 849.637101][ T6290] CPU: 0 PID: 6290 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 849.648647][ T6290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 849.658698][ T6290] Call Trace: [ 849.661993][ T6290] dump_stack_lvl+0x1e2/0x24b [ 849.666671][ T6290] ? devkmsg_release+0x127/0x127 [ 849.671606][ T6290] ? show_regs_print_info+0x18/0x18 [ 849.676796][ T6290] dump_stack+0x15/0x1d [ 849.679143][ T6295] ref_ctr increment failed for inode: 0x4f9 offset: 0x0 ref_ctr_offset: 0xfffffff6 of mm: 0x0000000001392716 [ 849.680937][ T6290] should_fail+0x3c0/0x510 [ 849.680957][ T6290] ? iovec_from_user+0x8a/0x310 [ 849.701721][ T6290] __should_failslab+0x9f/0xe0 [ 849.706544][ T6290] should_failslab+0x9/0x20 [ 849.711063][ T6290] __kmalloc+0x68/0x3d0 03:40:42 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x807e0000, 0x0, 0x0) 03:40:42 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x1801, 0x0, 0x0, 0x0) [ 849.715216][ T6290] ? _copy_from_user+0x93/0xd0 [ 849.719976][ T6290] iovec_from_user+0x8a/0x310 [ 849.724647][ T6290] ? __ia32_sys_shutdown+0x70/0x70 [ 849.729754][ T6290] __import_iovec+0x72/0x3b0 [ 849.734342][ T6290] io_recvmsg_copy_hdr+0x396/0x7f0 [ 849.739451][ T6290] ? io_poll_remove_one+0xf90/0xf90 [ 849.744647][ T6290] ? arch_stack_walk+0xf8/0x140 [ 849.749504][ T6290] io_issue_sqe+0x2ccf/0xfc10 [ 849.754181][ T6290] ? __io_req_task_cancel+0x720/0x720 [ 849.759545][ T6290] ? __rcu_read_lock+0x50/0x50 [ 849.764301][ T6290] ? is_bpf_text_address+0x1a2/0x1c0 [ 849.769585][ T6290] ? stack_trace_save+0x1e0/0x1e0 [ 849.774610][ T6290] ? __kernel_text_address+0x9a/0x110 [ 849.779981][ T6290] ? kmem_cache_free+0xaa/0x1e0 [ 849.784829][ T6290] ? kmem_cache_free+0xaa/0x1e0 [ 849.789784][ T6290] ? kasan_set_track+0x63/0x80 [ 849.794527][ T6290] ? kasan_set_track+0x4c/0x80 [ 849.799284][ T6290] ? kasan_set_free_info+0x23/0x40 [ 849.804393][ T6290] ? ____kasan_slab_free+0x133/0x170 [ 849.809679][ T6290] ? __kasan_slab_free+0x11/0x20 03:40:42 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x87c50000, 0x0, 0x0) [ 849.814649][ T6290] ? slab_free_freelist_hook+0xb2/0x180 [ 849.820189][ T6290] ? kmem_cache_free+0xaa/0x1e0 [ 849.825038][ T6290] ? __io_free_req+0x20e/0x380 [ 849.829798][ T6290] ? io_req_complete+0xeb/0x610 [ 849.834643][ T6290] ? __io_queue_sqe+0x1070/0x2fa0 [ 849.839664][ T6290] ? io_queue_sqe+0x295/0x1180 [ 849.844419][ T6290] ? io_submit_sqe+0x385/0xfd0 [ 849.849173][ T6290] ? io_submit_sqes+0x1050/0x2da0 [ 849.854196][ T6290] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 849.859914][ T6290] ? __x64_sys_io_uring_enter+0xe5/0x100 [ 849.865543][ T6290] ? do_syscall_64+0x31/0x70 [ 849.870118][ T6290] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 849.876166][ T6290] ? kmem_cache_free+0xaa/0x1e0 [ 849.881004][ T6290] ? debug_smp_processor_id+0x1c/0x20 [ 849.886370][ T6290] ? kmem_cache_free+0xaa/0x1e0 [ 849.891229][ T6290] ? ____kasan_slab_free+0x13e/0x170 [ 849.896505][ T6290] ? __kasan_slab_free+0x11/0x20 [ 849.901432][ T6290] ? slab_free_freelist_hook+0xb2/0x180 [ 849.906964][ T6290] ? __rcu_read_lock+0x50/0x50 [ 849.911717][ T6290] ? io_req_prep+0x1906/0x51b0 [ 849.916473][ T6290] ? io_queue_sqe+0x1180/0x1180 [ 849.921313][ T6290] ? __rcu_read_lock+0x50/0x50 [ 849.926061][ T6290] __io_queue_sqe+0x2cf/0x2fa0 [ 849.930804][ T6290] io_queue_sqe+0x295/0x1180 [ 849.935371][ T6290] io_submit_sqe+0x385/0xfd0 [ 849.939938][ T6290] ? io_file_get+0x437/0x9c0 [ 849.944502][ T6290] io_submit_sqes+0x1050/0x2da0 [ 849.949336][ T6290] ? io_uring_add_task_file+0x290/0x290 [ 849.955643][ T6290] ? security_file_permission+0xa8/0xc0 [ 849.961181][ T6290] ? __kasan_check_write+0x14/0x20 [ 849.966277][ T6290] ? mutex_lock+0xa6/0x110 [ 849.970676][ T6290] ? io_uring_add_task_file+0x127/0x290 [ 849.976203][ T6290] ? __fdget+0x1b5/0x240 [ 849.980424][ T6290] __se_sys_io_uring_enter+0x322/0x12b0 [ 849.985943][ T6290] ? __fget_files+0x26d/0x2c0 [ 849.990645][ T6290] ? __kasan_check_write+0x14/0x20 [ 849.995732][ T6290] ? fput_many+0x47/0x1a0 [ 850.000035][ T6290] ? __x64_sys_io_uring_enter+0x100/0x100 [ 850.005728][ T6290] ? __ia32_sys_read+0x90/0x90 [ 850.010472][ T6290] ? debug_smp_processor_id+0x1c/0x20 [ 850.015820][ T6290] __x64_sys_io_uring_enter+0xe5/0x100 [ 850.021253][ T6290] do_syscall_64+0x31/0x70 [ 850.025642][ T6290] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 850.031509][ T6290] RIP: 0033:0x7f5fb5d49a39 [ 850.035899][ T6290] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 850.055484][ T6290] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa 03:40:42 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 9) 03:40:42 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0xa0028000, 0x0, 0x0) 03:40:42 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x1f00, 0x0, 0x0, 0x0) 03:40:42 executing program 1: pipe(&(0x7f0000000300)={0xffffffffffffffff}) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_MPATH(r0, &(0x7f00000004c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x44, r1, 0x200, 0x70bd27, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x200, 0x16}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}]}, 0x44}, 0x1, 0x0, 0x0, 0x40000}, 0x4040) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) rename(&(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='./file0\x00') mount(&(0x7f0000000080)=@sr0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='squashfs\x00', 0x58000, 0x0) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="726c6f675f77616b6575705f636e743d30303030002a30303030e57a003bf0235c94d130303030303030303030302cb2ba10b7f97e50"]) lsetxattr$security_capability(&(0x7f0000000280)='./file0\x00', &(0x7f00000002c0), &(0x7f00000000c0)=@v2={0x2000000, [{0x20, 0x4}, {0x3, 0x80000001}]}, 0x14, 0x1) 03:40:42 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000812c003480"], 0x60}}, 0x0) 03:40:42 executing program 3: r0 = open(&(0x7f0000000000)='./bus\x00', 0x1510c2, 0x0) perf_event_open(&(0x7f00000002c0)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0xfffffff6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', 0x0, 0x0) r2 = perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0xa4, 0x8, 0x5, 0x1, 0x0, 0x9, 0x10, 0x7, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x3, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x3, 0x1, @perf_config_ext={0x8000, 0x1}, 0x8808, 0x1ff, 0x0, 0x3, 0x7ff, 0x7, 0x7, 0x0, 0xf8, 0x0, 0x1}, 0x0, 0x10, 0xffffffffffffffff, 0x1) write(r0, &(0x7f0000000040)="80", 0x1) syz_open_dev$mouse(&(0x7f0000000100), 0x100000001, 0x8c00) mmap(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x1000000, 0x10, r2, 0x21d39000) mmap(&(0x7f00002a4000/0x4000)=nil, 0x4000, 0x1800007, 0x12, r1, 0xffffc000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x4052, r0, 0x0) [ 850.063879][ T6290] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 850.071831][ T6290] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 [ 850.079778][ T6290] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 [ 850.087729][ T6290] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 850.095688][ T6290] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:40:42 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000832c003480"], 0x60}}, 0x0) 03:40:42 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0xe0efff7f, 0x0, 0x0) 03:40:42 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x3800, 0x0, 0x0, 0x0) [ 850.199233][ T6746] FAULT_INJECTION: forcing a failure. [ 850.199233][ T6746] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 850.212981][ T6746] CPU: 1 PID: 6746 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 850.224525][ T6746] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 850.234571][ T6746] Call Trace: [ 850.237842][ T6746] dump_stack_lvl+0x1e2/0x24b [ 850.242494][ T6746] ? show_regs_print_info+0x18/0x18 [ 850.247662][ T6746] dump_stack+0x15/0x1d [ 850.251797][ T6746] should_fail+0x3c0/0x510 [ 850.256191][ T6746] should_fail_usercopy+0x1a/0x20 [ 850.261187][ T6746] _copy_from_user+0x20/0xd0 [ 850.265750][ T6746] iovec_from_user+0xc7/0x310 [ 850.270401][ T6746] ? __ia32_sys_shutdown+0x70/0x70 [ 850.275482][ T6746] __import_iovec+0x72/0x3b0 [ 850.280050][ T6746] io_recvmsg_copy_hdr+0x396/0x7f0 [ 850.285207][ T6746] ? io_poll_remove_one+0xf90/0xf90 [ 850.290379][ T6746] ? arch_stack_walk+0xf8/0x140 [ 850.295203][ T6746] io_issue_sqe+0x2ccf/0xfc10 [ 850.299860][ T6746] ? __io_req_task_cancel+0x720/0x720 [ 850.305745][ T6746] ? __rcu_read_lock+0x50/0x50 [ 850.310489][ T6746] ? is_bpf_text_address+0x1a2/0x1c0 [ 850.315749][ T6746] ? stack_trace_save+0x1e0/0x1e0 [ 850.320773][ T6746] ? __kernel_text_address+0x9a/0x110 [ 850.326122][ T6746] ? kmem_cache_free+0xaa/0x1e0 [ 850.330943][ T6746] ? kmem_cache_free+0xaa/0x1e0 [ 850.335769][ T6746] ? kasan_set_track+0x63/0x80 [ 850.340509][ T6746] ? kasan_set_track+0x4c/0x80 [ 850.345248][ T6746] ? kasan_set_free_info+0x23/0x40 [ 850.350356][ T6746] ? ____kasan_slab_free+0x133/0x170 [ 850.355611][ T6746] ? __kasan_slab_free+0x11/0x20 [ 850.360521][ T6746] ? slab_free_freelist_hook+0xb2/0x180 [ 850.366040][ T6746] ? kmem_cache_free+0xaa/0x1e0 [ 850.370867][ T6746] ? __io_free_req+0x20e/0x380 [ 850.375606][ T6746] ? io_req_complete+0xeb/0x610 [ 850.380450][ T6746] ? __io_queue_sqe+0x1070/0x2fa0 [ 850.385447][ T6746] ? io_queue_sqe+0x295/0x1180 [ 850.390182][ T6746] ? io_submit_sqe+0x385/0xfd0 [ 850.394934][ T6746] ? io_submit_sqes+0x1050/0x2da0 [ 850.399930][ T6746] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 850.405619][ T6746] ? __x64_sys_io_uring_enter+0xe5/0x100 [ 850.411221][ T6746] ? do_syscall_64+0x31/0x70 [ 850.415784][ T6746] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 850.421829][ T6746] ? kmem_cache_free+0xaa/0x1e0 [ 850.426650][ T6746] ? debug_smp_processor_id+0x1c/0x20 [ 850.431991][ T6746] ? kmem_cache_free+0xaa/0x1e0 [ 850.436832][ T6746] ? ____kasan_slab_free+0x13e/0x170 [ 850.442087][ T6746] ? __kasan_slab_free+0x11/0x20 [ 850.446993][ T6746] ? slab_free_freelist_hook+0xb2/0x180 [ 850.452509][ T6746] ? __rcu_read_lock+0x50/0x50 [ 850.457264][ T6746] ? io_req_prep+0x1906/0x51b0 [ 850.461998][ T6746] ? io_queue_sqe+0x1180/0x1180 [ 850.466843][ T6746] ? __rcu_read_lock+0x50/0x50 [ 850.471580][ T6746] __io_queue_sqe+0x2cf/0x2fa0 [ 850.476318][ T6746] io_queue_sqe+0x295/0x1180 [ 850.480901][ T6746] io_submit_sqe+0x385/0xfd0 [ 850.485465][ T6746] ? io_file_get+0x437/0x9c0 [ 850.490033][ T6746] io_submit_sqes+0x1050/0x2da0 [ 850.494858][ T6746] ? io_uring_add_task_file+0x290/0x290 [ 850.500374][ T6746] ? security_file_permission+0xa8/0xc0 [ 850.505916][ T6746] ? __kasan_check_write+0x14/0x20 [ 850.510998][ T6746] ? mutex_lock+0xa6/0x110 [ 850.515384][ T6746] ? io_uring_add_task_file+0x127/0x290 [ 850.520902][ T6746] ? __fdget+0x1b5/0x240 [ 850.525120][ T6746] __se_sys_io_uring_enter+0x322/0x12b0 [ 850.530636][ T6746] ? __fget_files+0x26d/0x2c0 [ 850.535286][ T6746] ? __kasan_check_write+0x14/0x20 [ 850.540365][ T6746] ? fput_many+0x47/0x1a0 [ 850.544668][ T6746] ? __x64_sys_io_uring_enter+0x100/0x100 [ 850.550356][ T6746] ? __ia32_sys_read+0x90/0x90 [ 850.555090][ T6746] ? debug_smp_processor_id+0x1c/0x20 [ 850.560434][ T6746] __x64_sys_io_uring_enter+0xe5/0x100 [ 850.565868][ T6746] do_syscall_64+0x31/0x70 [ 850.570257][ T6746] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 850.576120][ T6746] RIP: 0033:0x7f5fb5d49a39 [ 850.580507][ T6746] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 03:40:43 executing program 1: inotify_add_watch(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) open$dir(&(0x7f0000000180)='./file0\x00', 0x101200, 0x201) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f00000000c0)={[{@rlog_wakeup_cnt}]}) open(&(0x7f0000000140)='./file0\x00', 0x0, 0x108) 03:40:43 executing program 3: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) perf_event_open(&(0x7f00000002c0)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x4, 0x1161, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_config_ext={0x6e4, 0x5d192000}, 0x0, 0x0, 0x2}, 0x0, 0x200000000000000, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', 0x0, 0x0) write(r0, &(0x7f0000000040)="80", 0x1) r2 = perf_event_open$cgroup(&(0x7f0000000140)={0x4, 0x80, 0x2, 0xd5, 0x9c, 0x80, 0x0, 0xffff, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x7f, 0x4, @perf_bp={&(0x7f0000000100)}, 0x9108, 0x42, 0xb8, 0x5, 0x3, 0x6, 0x4, 0x0, 0xac25, 0x0, 0x1ff}, r1, 0xd, r1, 0xd) perf_event_open(&(0x7f0000000080)={0x4, 0x80, 0x4, 0x1, 0xfe, 0x81, 0x0, 0x6c54, 0x82, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x38ebf4b0, 0x2, @perf_config_ext={0x0, 0x4}, 0x80, 0x40, 0x40, 0x6, 0x1, 0x7, 0x1f, 0x0, 0x4, 0x0, 0x2}, 0x0, 0xd, r2, 0x2) mmap(&(0x7f00002a4000/0x4000)=nil, 0x4000, 0x1800007, 0x12, r1, 0xffffc000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x4052, r0, 0x0) [ 850.600086][ T6746] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 850.608473][ T6746] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 850.616419][ T6746] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 [ 850.624382][ T6746] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 [ 850.632327][ T6746] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 850.640270][ T6746] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:40:43 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 10) 03:40:43 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000065a02c003480"], 0x60}}, 0x0) 03:40:43 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0xeffdffff, 0x0, 0x0) [ 850.743533][ T6969] FAULT_INJECTION: forcing a failure. [ 850.743533][ T6969] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 850.757390][ T6969] CPU: 0 PID: 6969 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 850.768934][ T6969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 850.778974][ T6969] Call Trace: [ 850.782241][ T6969] dump_stack_lvl+0x1e2/0x24b [ 850.786894][ T6969] ? show_regs_print_info+0x18/0x18 03:40:43 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000022c003480"], 0x60}}, 0x0) 03:40:43 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0xf5ffffff, 0x0, 0x0) [ 850.792080][ T6969] ? kfree+0xca/0x310 [ 850.796061][ T6969] dump_stack+0x15/0x1d [ 850.800218][ T6969] should_fail+0x3c0/0x510 [ 850.804631][ T6969] should_fail_usercopy+0x1a/0x20 [ 850.809653][ T6969] _copy_from_user+0x20/0xd0 [ 850.814246][ T6969] __copy_msghdr_from_user+0xaf/0x730 [ 850.819615][ T6969] ? __import_iovec+0x343/0x3b0 [ 850.824463][ T6969] ? __ia32_sys_shutdown+0x70/0x70 [ 850.829570][ T6969] io_recvmsg_copy_hdr+0x1cf/0x7f0 [ 850.834683][ T6969] ? io_poll_remove_one+0xf90/0xf90 [ 850.839880][ T6969] ? arch_stack_walk+0xf8/0x140 [ 850.844720][ T6969] io_issue_sqe+0x2ccf/0xfc10 [ 850.849386][ T6969] ? __io_req_task_cancel+0x720/0x720 [ 850.855381][ T6969] ? __rcu_read_lock+0x50/0x50 [ 850.860136][ T6969] ? is_bpf_text_address+0x1a2/0x1c0 [ 850.865411][ T6969] ? stack_trace_save+0x1e0/0x1e0 [ 850.870428][ T6969] ? __kernel_text_address+0x9a/0x110 [ 850.875782][ T6969] ? kmem_cache_free+0xaa/0x1e0 [ 850.880620][ T6969] ? kmem_cache_free+0xaa/0x1e0 [ 850.885471][ T6969] ? kasan_set_track+0x63/0x80 03:40:43 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0xfffffdef, 0x0, 0x0) 03:40:43 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000032c003480"], 0x60}}, 0x0) [ 850.890233][ T6969] ? kasan_set_track+0x4c/0x80 [ 850.894991][ T6969] ? kasan_set_free_info+0x23/0x40 [ 850.900096][ T6969] ? ____kasan_slab_free+0x133/0x170 [ 850.905372][ T6969] ? __kasan_slab_free+0x11/0x20 [ 850.910293][ T6969] ? slab_free_freelist_hook+0xb2/0x180 [ 850.915820][ T6969] ? kmem_cache_free+0xaa/0x1e0 [ 850.920661][ T6969] ? __io_free_req+0x20e/0x380 [ 850.925438][ T6969] ? io_req_complete+0xeb/0x610 [ 850.930290][ T6969] ? __io_queue_sqe+0x1070/0x2fa0 [ 850.935315][ T6969] ? io_queue_sqe+0x295/0x1180 03:40:43 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000042c003480"], 0x60}}, 0x0) 03:40:43 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000052c003480"], 0x60}}, 0x0) [ 850.940070][ T6969] ? io_submit_sqe+0x385/0xfd0 [ 850.944823][ T6969] ? io_submit_sqes+0x1050/0x2da0 [ 850.949844][ T6969] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 850.955562][ T6969] ? __x64_sys_io_uring_enter+0xe5/0x100 [ 850.961199][ T6969] ? do_syscall_64+0x31/0x70 [ 850.965773][ T6969] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 850.971831][ T6969] ? kmem_cache_free+0xaa/0x1e0 [ 850.976703][ T6969] ? debug_smp_processor_id+0x1c/0x20 [ 850.982078][ T6969] ? kmem_cache_free+0xaa/0x1e0 [ 850.987054][ T6969] ? ____kasan_slab_free+0x13e/0x170 [ 850.992325][ T6969] ? __kasan_slab_free+0x11/0x20 [ 850.997277][ T6969] ? slab_free_freelist_hook+0xb2/0x180 [ 851.002817][ T6969] ? __rcu_read_lock+0x50/0x50 [ 851.007593][ T6969] ? io_req_prep+0x1906/0x51b0 [ 851.012361][ T6969] ? io_queue_sqe+0x1180/0x1180 [ 851.017218][ T6969] ? __rcu_read_lock+0x50/0x50 [ 851.021983][ T6969] __io_queue_sqe+0x2cf/0x2fa0 [ 851.026752][ T6969] io_queue_sqe+0x295/0x1180 [ 851.031344][ T6969] io_submit_sqe+0x385/0xfd0 [ 851.035936][ T6969] ? io_file_get+0x437/0x9c0 [ 851.040528][ T6969] io_submit_sqes+0x1050/0x2da0 [ 851.045397][ T6969] ? io_uring_add_task_file+0x290/0x290 [ 851.050948][ T6969] ? security_file_permission+0xa8/0xc0 [ 851.056497][ T6969] ? __kasan_check_write+0x14/0x20 [ 851.061599][ T6969] ? mutex_lock+0xa6/0x110 [ 851.065999][ T6969] ? io_uring_add_task_file+0x127/0x290 [ 851.071532][ T6969] ? __fdget+0x1b5/0x240 [ 851.075773][ T6969] __se_sys_io_uring_enter+0x322/0x12b0 [ 851.081301][ T6969] ? __fget_files+0x26d/0x2c0 [ 851.085954][ T6969] ? __kasan_check_write+0x14/0x20 [ 851.091041][ T6969] ? fput_many+0x47/0x1a0 [ 851.095348][ T6969] ? __x64_sys_io_uring_enter+0x100/0x100 [ 851.101041][ T6969] ? __ia32_sys_read+0x90/0x90 [ 851.105783][ T6969] ? debug_smp_processor_id+0x1c/0x20 [ 851.111130][ T6969] __x64_sys_io_uring_enter+0xe5/0x100 [ 851.116567][ T6969] do_syscall_64+0x31/0x70 [ 851.120957][ T6969] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 851.126819][ T6969] RIP: 0033:0x7f5fb5d49a39 [ 851.131210][ T6969] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 851.150792][ T6969] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 851.159221][ T6969] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 851.167166][ T6969] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 [ 851.175115][ T6969] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 [ 851.183063][ T6969] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 03:40:43 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x4000, 0x0, 0x0, 0x0) 03:40:43 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000062c003480"], 0x60}}, 0x0) 03:40:43 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0xfffffe00, 0x0, 0x0) 03:40:43 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 11) 03:40:43 executing program 1: mkdir(&(0x7f0000000080)='./file0\x00', 0x30) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) listen(r0, 0x12) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x80404, &(0x7f0000000200)=ANY=[@ANYBLOB="10963bebf0cd5d985db73295f9adcabb02e4ac1c8b0b3916050000003b35609b6b35d6db102f98fc270764ae67d152849affd6dd8a1016f897b9010271f39a15a9035460190203905f04434e724b5b"]) 03:40:43 executing program 3: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) perf_event_open(&(0x7f00000002c0)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0xfffffff6}, 0x0, 0x0, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', 0x0, 0x0) write(r0, &(0x7f0000000040)="80", 0x1) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000080)={[0x0, 0x10001, 0x8, 0x8, 0x3, 0x3, 0xffffffff00000000, 0x3, 0x80000000c5f, 0x4f09, 0x0, 0x7, 0x80, 0x94a, 0x7, 0xff], 0x1, 0x80200}) mmap(&(0x7f00002a4000/0x4000)=nil, 0x4000, 0x1800007, 0x12, r1, 0xffffc000) open(&(0x7f0000000140)='./bus\x00', 0x200, 0x20) ioctl$FAT_IOCTL_GET_ATTRIBUTES(r0, 0x80047210, &(0x7f0000000180)) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x4052, r0, 0x0) [ 851.191014][ T6969] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:40:43 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000072c003480"], 0x60}}, 0x0) 03:40:43 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0xffffff7f, 0x0, 0x0) 03:40:44 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x4041, 0x0, 0x0, 0x0) [ 851.285553][ T7184] FAULT_INJECTION: forcing a failure. [ 851.285553][ T7184] name failslab, interval 1, probability 0, space 0, times 0 [ 851.298366][ T7184] CPU: 1 PID: 7184 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 851.309900][ T7184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 851.319944][ T7184] Call Trace: [ 851.323230][ T7184] dump_stack_lvl+0x1e2/0x24b [ 851.327903][ T7184] ? devkmsg_release+0x127/0x127 [ 851.332828][ T7184] ? show_regs_print_info+0x18/0x18 [ 851.338008][ T7184] dump_stack+0x15/0x1d [ 851.342191][ T7184] should_fail+0x3c0/0x510 [ 851.346586][ T7184] ? iovec_from_user+0x8a/0x310 [ 851.351410][ T7184] __should_failslab+0x9f/0xe0 [ 851.356159][ T7184] should_failslab+0x9/0x20 [ 851.360644][ T7184] __kmalloc+0x68/0x3d0 [ 851.364776][ T7184] ? _copy_from_user+0x93/0xd0 [ 851.369528][ T7184] iovec_from_user+0x8a/0x310 [ 851.374186][ T7184] ? __ia32_sys_shutdown+0x70/0x70 [ 851.379270][ T7184] __import_iovec+0x72/0x3b0 [ 851.383920][ T7184] io_recvmsg_copy_hdr+0x396/0x7f0 [ 851.389006][ T7184] ? io_poll_remove_one+0xf90/0xf90 [ 851.394181][ T7184] ? arch_stack_walk+0xf8/0x140 [ 851.399010][ T7184] io_issue_sqe+0x2ccf/0xfc10 [ 851.403662][ T7184] ? __io_req_task_cancel+0x720/0x720 [ 851.409006][ T7184] ? __rcu_read_lock+0x50/0x50 [ 851.413743][ T7184] ? is_bpf_text_address+0x1a2/0x1c0 [ 851.419022][ T7184] ? stack_trace_save+0x1e0/0x1e0 [ 851.424027][ T7184] ? __kernel_text_address+0x9a/0x110 [ 851.429377][ T7184] ? kmem_cache_free+0xaa/0x1e0 [ 851.434205][ T7184] ? kmem_cache_free+0xaa/0x1e0 [ 851.439037][ T7184] ? kasan_set_track+0x63/0x80 [ 851.443772][ T7184] ? kasan_set_track+0x4c/0x80 [ 851.448510][ T7184] ? kasan_set_free_info+0x23/0x40 [ 851.453597][ T7184] ? ____kasan_slab_free+0x133/0x170 [ 851.458854][ T7184] ? __kasan_slab_free+0x11/0x20 [ 851.464290][ T7184] ? slab_free_freelist_hook+0xb2/0x180 [ 851.469805][ T7184] ? kmem_cache_free+0xaa/0x1e0 [ 851.474645][ T7184] ? __io_free_req+0x20e/0x380 [ 851.479398][ T7184] ? io_req_complete+0xeb/0x610 [ 851.484218][ T7184] ? __io_queue_sqe+0x1070/0x2fa0 [ 851.489212][ T7184] ? io_queue_sqe+0x295/0x1180 [ 851.493966][ T7184] ? io_submit_sqe+0x385/0xfd0 [ 851.498701][ T7184] ? io_submit_sqes+0x1050/0x2da0 [ 851.503697][ T7184] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 851.509391][ T7184] ? __x64_sys_io_uring_enter+0xe5/0x100 [ 851.514997][ T7184] ? do_syscall_64+0x31/0x70 [ 851.519556][ T7184] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 851.525601][ T7184] ? kmem_cache_free+0xaa/0x1e0 [ 851.530426][ T7184] ? debug_smp_processor_id+0x1c/0x20 [ 851.535772][ T7184] ? kmem_cache_free+0xaa/0x1e0 [ 851.540599][ T7184] ? ____kasan_slab_free+0x13e/0x170 [ 851.545863][ T7184] ? __kasan_slab_free+0x11/0x20 [ 851.550776][ T7184] ? slab_free_freelist_hook+0xb2/0x180 [ 851.556295][ T7184] ? __rcu_read_lock+0x50/0x50 [ 851.561040][ T7184] ? io_req_prep+0x1906/0x51b0 [ 851.565786][ T7184] ? io_queue_sqe+0x1180/0x1180 [ 851.570609][ T7184] ? __rcu_read_lock+0x50/0x50 [ 851.575345][ T7184] __io_queue_sqe+0x2cf/0x2fa0 [ 851.580081][ T7184] io_queue_sqe+0x295/0x1180 [ 851.584646][ T7184] io_submit_sqe+0x385/0xfd0 [ 851.589212][ T7184] ? io_file_get+0x437/0x9c0 [ 851.593788][ T7184] io_submit_sqes+0x1050/0x2da0 [ 851.598614][ T7184] ? io_uring_add_task_file+0x290/0x290 [ 851.604134][ T7184] ? security_file_permission+0xa8/0xc0 [ 851.609672][ T7184] ? __kasan_check_write+0x14/0x20 [ 851.614753][ T7184] ? mutex_lock+0xa6/0x110 [ 851.619142][ T7184] ? io_uring_add_task_file+0x127/0x290 [ 851.624659][ T7184] ? __fdget+0x1b5/0x240 [ 851.628873][ T7184] __se_sys_io_uring_enter+0x322/0x12b0 [ 851.634393][ T7184] ? __fget_files+0x26d/0x2c0 [ 851.639049][ T7184] ? __kasan_check_write+0x14/0x20 [ 851.644139][ T7184] ? fput_many+0x47/0x1a0 [ 851.648441][ T7184] ? __x64_sys_io_uring_enter+0x100/0x100 [ 851.654133][ T7184] ? __ia32_sys_read+0x90/0x90 [ 851.658873][ T7184] ? debug_smp_processor_id+0x1c/0x20 [ 851.664216][ T7184] __x64_sys_io_uring_enter+0xe5/0x100 [ 851.669646][ T7184] do_syscall_64+0x31/0x70 [ 851.674034][ T7184] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 851.679897][ T7184] RIP: 0033:0x7f5fb5d49a39 [ 851.684287][ T7184] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 851.703864][ T7184] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 851.712253][ T7184] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 851.720219][ T7184] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 [ 851.728163][ T7184] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 03:40:44 executing program 3: r0 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x10) perf_event_open(&(0x7f00000002c0)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0xfffffff6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000100)={0x3, 0x80, 0xda, 0x7, 0x7, 0x69, 0x0, 0xce7, 0x2000, 0xa, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x3, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x3, 0x1, @perf_bp={&(0x7f00000000c0), 0x4}, 0x10006, 0x0, 0x80000000, 0x9, 0x8, 0x5, 0x40, 0x0, 0x0, 0x0, 0x80000001}, 0x0, 0x10, r1, 0x8) write(r0, &(0x7f0000000040)="80", 0x1) mmap(&(0x7f00002a4000/0x4000)=nil, 0x4000, 0x1800007, 0x12, r1, 0xffffc000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x4052, r0, 0x0) 03:40:44 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 12) [ 851.736107][ T7184] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 851.744051][ T7184] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:40:44 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000092c003480"], 0x60}}, 0x0) 03:40:44 executing program 1: r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000008440), 0x0, 0x0) read$FUSE(r0, &(0x7f0000000040)={0x2020, 0x0, 0x0, 0x0}, 0x2020) setreuid(0xee00, r1) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000008440), 0x0, 0x0) read$FUSE(r2, &(0x7f0000000040)={0x2020, 0x0, 0x0, 0x0}, 0x2020) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) io_submit(0x0, 0x1, &(0x7f0000000540)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r6, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r6, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r7, 0x4008ae8a, &(0x7f0000002080)=ANY=[@ANYBLOB="03000000390000ff0000cfce0819ee000401000002000000000000000009aaffe700002000000000000a8f10409deb114d7f09bfcf1bf6f2b54086a44f507ae4bd34c99794c61998284f80672458f965ee65ffffff7f3b6e012a8d6314518aff4e0dd80056e5cc7e2b9ae3d146a679748cd8d9989031becc"]) ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f0000000000)=ANY=[]) setreuid(0xee00, r3) r8 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000008440), 0x0, 0x0) read$FUSE(r8, &(0x7f0000000040)={0x2020, 0x0, 0x0, 0x0}, 0x2020) setreuid(0xee00, r9) setresuid(r1, r3, r9) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) 03:40:44 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0xfffffff5, 0x0, 0x0) 03:40:44 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x4140, 0x0, 0x0, 0x0) [ 851.853383][ T7426] ref_ctr increment failed for inode: 0x4f5 offset: 0x0 ref_ctr_offset: 0xfffffff6 of mm: 0x00000000916c58c7 [ 851.854597][ T7427] FAULT_INJECTION: forcing a failure. [ 851.854597][ T7427] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 851.878526][ T7427] CPU: 1 PID: 7427 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 851.890068][ T7427] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 851.900207][ T7427] Call Trace: [ 851.903505][ T7427] dump_stack_lvl+0x1e2/0x24b [ 851.908182][ T7427] ? show_regs_print_info+0x18/0x18 [ 851.913420][ T7427] dump_stack+0x15/0x1d [ 851.917553][ T7427] should_fail+0x3c0/0x510 [ 851.921946][ T7427] should_fail_usercopy+0x1a/0x20 [ 851.927127][ T7427] _copy_from_user+0x20/0xd0 [ 851.931699][ T7427] iovec_from_user+0xc7/0x310 [ 851.936361][ T7427] ? __ia32_sys_shutdown+0x70/0x70 [ 851.941443][ T7427] __import_iovec+0x72/0x3b0 [ 851.946008][ T7427] io_recvmsg_copy_hdr+0x396/0x7f0 [ 851.951101][ T7427] ? io_poll_remove_one+0xf90/0xf90 [ 851.956274][ T7427] ? arch_stack_walk+0xf8/0x140 [ 851.961119][ T7427] io_issue_sqe+0x2ccf/0xfc10 [ 851.965779][ T7427] ? __io_req_task_cancel+0x720/0x720 [ 851.971121][ T7427] ? __rcu_read_lock+0x50/0x50 [ 851.975853][ T7427] ? is_bpf_text_address+0x1a2/0x1c0 [ 851.981109][ T7427] ? stack_trace_save+0x1e0/0x1e0 [ 851.986105][ T7427] ? __kernel_text_address+0x9a/0x110 [ 851.991450][ T7427] ? kmem_cache_free+0xaa/0x1e0 [ 851.996270][ T7427] ? kmem_cache_free+0xaa/0x1e0 [ 852.001097][ T7427] ? kasan_set_track+0x63/0x80 [ 852.005832][ T7427] ? kasan_set_track+0x4c/0x80 [ 852.010566][ T7427] ? kasan_set_free_info+0x23/0x40 [ 852.015651][ T7427] ? ____kasan_slab_free+0x133/0x170 [ 852.020906][ T7427] ? __kasan_slab_free+0x11/0x20 [ 852.025812][ T7427] ? slab_free_freelist_hook+0xb2/0x180 [ 852.031324][ T7427] ? kmem_cache_free+0xaa/0x1e0 [ 852.036146][ T7427] ? __io_free_req+0x20e/0x380 [ 852.040882][ T7427] ? io_req_complete+0xeb/0x610 [ 852.045704][ T7427] ? __io_queue_sqe+0x1070/0x2fa0 [ 852.050699][ T7427] ? io_queue_sqe+0x295/0x1180 [ 852.055437][ T7427] ? io_submit_sqe+0x385/0xfd0 [ 852.060174][ T7427] ? io_submit_sqes+0x1050/0x2da0 [ 852.065168][ T7427] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 852.070857][ T7427] ? __x64_sys_io_uring_enter+0xe5/0x100 [ 852.076461][ T7427] ? do_syscall_64+0x31/0x70 [ 852.081026][ T7427] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 852.087067][ T7427] ? kmem_cache_free+0xaa/0x1e0 [ 852.091891][ T7427] ? debug_smp_processor_id+0x1c/0x20 [ 852.097233][ T7427] ? kmem_cache_free+0xaa/0x1e0 [ 852.102057][ T7427] ? ____kasan_slab_free+0x13e/0x170 [ 852.107315][ T7427] ? __kasan_slab_free+0x11/0x20 [ 852.112227][ T7427] ? slab_free_freelist_hook+0xb2/0x180 [ 852.117759][ T7427] ? __rcu_read_lock+0x50/0x50 [ 852.122495][ T7427] ? io_req_prep+0x1906/0x51b0 [ 852.127232][ T7427] ? io_queue_sqe+0x1180/0x1180 [ 852.132053][ T7427] ? __rcu_read_lock+0x50/0x50 [ 852.136805][ T7427] __io_queue_sqe+0x2cf/0x2fa0 [ 852.141543][ T7427] io_queue_sqe+0x295/0x1180 [ 852.146106][ T7427] io_submit_sqe+0x385/0xfd0 [ 852.150667][ T7427] ? io_file_get+0x437/0x9c0 [ 852.155237][ T7427] io_submit_sqes+0x1050/0x2da0 [ 852.160067][ T7427] ? io_uring_add_task_file+0x290/0x290 [ 852.165583][ T7427] ? security_file_permission+0xa8/0xc0 [ 852.171104][ T7427] ? __kasan_check_write+0x14/0x20 [ 852.176205][ T7427] ? mutex_lock+0xa6/0x110 [ 852.180594][ T7427] ? io_uring_add_task_file+0x127/0x290 [ 852.186109][ T7427] ? __fdget+0x1b5/0x240 [ 852.190341][ T7427] __se_sys_io_uring_enter+0x322/0x12b0 [ 852.195858][ T7427] ? __fget_files+0x26d/0x2c0 [ 852.200511][ T7427] ? __kasan_check_write+0x14/0x20 [ 852.205592][ T7427] ? fput_many+0x47/0x1a0 [ 852.209893][ T7427] ? __x64_sys_io_uring_enter+0x100/0x100 [ 852.215585][ T7427] ? __ia32_sys_read+0x90/0x90 [ 852.220323][ T7427] ? debug_smp_processor_id+0x1c/0x20 [ 852.225666][ T7427] __x64_sys_io_uring_enter+0xe5/0x100 [ 852.231096][ T7427] do_syscall_64+0x31/0x70 [ 852.235485][ T7427] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 852.241356][ T7427] RIP: 0033:0x7f5fb5d49a39 [ 852.245742][ T7427] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 852.265321][ T7427] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 852.273707][ T7427] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 852.281661][ T7427] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 [ 852.289607][ T7427] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 [ 852.297551][ T7427] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 03:40:45 executing program 3: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) perf_event_open(&(0x7f00000002c0)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0xfffffff6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', 0x0, 0x0) write(r0, &(0x7f0000000040)="80", 0x1) ioctl$KVM_RUN(r1, 0xae80, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/diskstats\x00', 0x0, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r2, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) listen(r2, 0x12) mmap(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x0, 0x40010, r2, 0xe1b5c000) mmap(&(0x7f00002a2000/0x4000)=nil, 0x4000, 0x8, 0x1010, r0, 0xa2cff000) mmap(&(0x7f00002a4000/0x4000)=nil, 0x4000, 0x1800007, 0x12, r1, 0xffffc000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x4052, r0, 0x0) r3 = openat(r0, &(0x7f00000000c0)='./bus\x00', 0x80000, 0xd0) mmap(&(0x7f00002a4000/0x3000)=nil, 0x3000, 0x0, 0x20010, r3, 0xef1ad000) 03:40:45 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 13) 03:40:45 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000832c003480"], 0x60}}, 0x0) [ 852.305495][ T7427] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:40:45 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0xc0000000f, 0x0, 0x0) 03:40:45 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000006c003480"], 0x60}}, 0x0) [ 852.422326][ T7585] ref_ctr increment failed for inode: 0x4f9 offset: 0x0 ref_ctr_offset: 0xfffffff6 of mm: 0x00000000c84b08f5 [ 852.459231][ T7585] ref_ctr increment failed for inode: 0x4f9 offset: 0x0 ref_ctr_offset: 0xfffffff6 of mm: 0x00000000c84b08f5 03:40:45 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x7e80, 0x0, 0x0, 0x0) [ 852.459741][ T7625] FAULT_INJECTION: forcing a failure. [ 852.459741][ T7625] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 852.495320][ T7625] CPU: 0 PID: 7625 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 852.506877][ T7625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 852.516928][ T7625] Call Trace: [ 852.520223][ T7625] dump_stack_lvl+0x1e2/0x24b [ 852.524903][ T7625] ? show_regs_print_info+0x18/0x18 [ 852.530100][ T7625] ? kfree+0xca/0x310 [ 852.534078][ T7625] dump_stack+0x15/0x1d [ 852.538236][ T7625] should_fail+0x3c0/0x510 [ 852.542650][ T7625] should_fail_usercopy+0x1a/0x20 [ 852.547676][ T7625] _copy_from_user+0x20/0xd0 [ 852.552267][ T7625] __copy_msghdr_from_user+0xaf/0x730 [ 852.557624][ T7625] ? __import_iovec+0x343/0x3b0 [ 852.562469][ T7625] ? __ia32_sys_shutdown+0x70/0x70 [ 852.567581][ T7625] io_recvmsg_copy_hdr+0x1cf/0x7f0 03:40:45 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f000000000000000000000000000004003480"], 0x60}}, 0x0) 03:40:45 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x4000000000, 0x0, 0x0) [ 852.572703][ T7625] ? io_poll_remove_one+0xf90/0xf90 [ 852.577899][ T7625] ? arch_stack_walk+0xf8/0x140 [ 852.579456][ T7789] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.0'. [ 852.582747][ T7625] io_issue_sqe+0x2ccf/0xfc10 [ 852.582760][ T7625] ? __io_req_task_cancel+0x720/0x720 [ 852.582781][ T7625] ? __rcu_read_lock+0x50/0x50 [ 852.606791][ T7625] ? is_bpf_text_address+0x1a2/0x1c0 [ 852.612079][ T7625] ? stack_trace_save+0x1e0/0x1e0 [ 852.617107][ T7625] ? __kernel_text_address+0x9a/0x110 03:40:45 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x807e, 0x0, 0x0, 0x0) [ 852.622477][ T7625] ? kmem_cache_free+0xaa/0x1e0 [ 852.627325][ T7625] ? kmem_cache_free+0xaa/0x1e0 [ 852.632175][ T7625] ? kasan_set_track+0x63/0x80 [ 852.636938][ T7625] ? kasan_set_track+0x4c/0x80 [ 852.641703][ T7625] ? kasan_set_free_info+0x23/0x40 [ 852.646807][ T7625] ? ____kasan_slab_free+0x133/0x170 [ 852.652084][ T7625] ? __kasan_slab_free+0x11/0x20 [ 852.657019][ T7625] ? slab_free_freelist_hook+0xb2/0x180 [ 852.662554][ T7625] ? kmem_cache_free+0xaa/0x1e0 [ 852.667393][ T7625] ? __io_free_req+0x20e/0x380 [ 852.672145][ T7625] ? io_req_complete+0xeb/0x610 [ 852.676987][ T7625] ? __io_queue_sqe+0x1070/0x2fa0 [ 852.682007][ T7625] ? io_queue_sqe+0x295/0x1180 [ 852.686761][ T7625] ? io_submit_sqe+0x385/0xfd0 [ 852.691512][ T7625] ? io_submit_sqes+0x1050/0x2da0 [ 852.696533][ T7625] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 852.702251][ T7625] ? __x64_sys_io_uring_enter+0xe5/0x100 [ 852.707478][ T7911] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.0'. [ 852.707883][ T7625] ? do_syscall_64+0x31/0x70 [ 852.721725][ T7625] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 852.727805][ T7625] ? kmem_cache_free+0xaa/0x1e0 [ 852.732661][ T7625] ? debug_smp_processor_id+0x1c/0x20 [ 852.738032][ T7625] ? kmem_cache_free+0xaa/0x1e0 [ 852.742879][ T7625] ? ____kasan_slab_free+0x13e/0x170 [ 852.748197][ T7625] ? __kasan_slab_free+0x11/0x20 [ 852.753132][ T7625] ? slab_free_freelist_hook+0xb2/0x180 [ 852.758675][ T7625] ? __rcu_read_lock+0x50/0x50 [ 852.763434][ T7625] ? io_req_prep+0x1906/0x51b0 [ 852.768197][ T7625] ? io_queue_sqe+0x1180/0x1180 [ 852.773044][ T7625] ? __rcu_read_lock+0x50/0x50 [ 852.777807][ T7625] __io_queue_sqe+0x2cf/0x2fa0 [ 852.782576][ T7625] io_queue_sqe+0x295/0x1180 [ 852.787170][ T7625] io_submit_sqe+0x385/0xfd0 [ 852.791756][ T7625] ? io_file_get+0x437/0x9c0 [ 852.796346][ T7625] io_submit_sqes+0x1050/0x2da0 [ 852.801190][ T7625] ? io_uring_add_task_file+0x290/0x290 [ 852.806729][ T7625] ? security_file_permission+0xa8/0xc0 [ 852.812270][ T7625] ? __kasan_check_write+0x14/0x20 [ 852.817363][ T7625] ? mutex_lock+0xa6/0x110 [ 852.821761][ T7625] ? io_uring_add_task_file+0x127/0x290 [ 852.827295][ T7625] ? __fdget+0x1b5/0x240 [ 852.831525][ T7625] __se_sys_io_uring_enter+0x322/0x12b0 [ 852.837054][ T7625] ? __fget_files+0x26d/0x2c0 [ 852.841712][ T7625] ? __kasan_check_write+0x14/0x20 [ 852.846821][ T7625] ? fput_many+0x47/0x1a0 [ 852.851148][ T7625] ? __x64_sys_io_uring_enter+0x100/0x100 [ 852.856857][ T7625] ? __ia32_sys_read+0x90/0x90 [ 852.861609][ T7625] ? debug_smp_processor_id+0x1c/0x20 [ 852.866960][ T7625] __x64_sys_io_uring_enter+0xe5/0x100 [ 852.872394][ T7625] do_syscall_64+0x31/0x70 [ 852.876790][ T7625] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 852.882663][ T7625] RIP: 0033:0x7f5fb5d49a39 [ 852.887061][ T7625] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 852.906658][ T7625] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 852.915067][ T7625] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 03:40:45 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) r0 = getuid() mount$incfs(&(0x7f0000000180)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x1000000, &(0x7f0000000240)={[{@rlog_wakeup_cnt}], [{@fowner_lt={'fowner<', r0}}]}) open$dir(&(0x7f0000000080)='./file0\x00', 0xd5f64ba5c6168a28, 0x4) 03:40:45 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f000000000000000000000000000008003480"], 0x60}}, 0x0) 03:40:45 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x10c00000104, 0x0, 0x0) 03:40:45 executing program 3: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) r1 = perf_event_open(&(0x7f00000002c0)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x9}, 0x0, 0x0, r0, 0x0) r2 = open(&(0x7f0000000100)='./bus\x00', 0x200, 0x9) io_submit(0x0, 0x1, &(0x7f0000000280)=[&(0x7f0000000240)={0x0, 0x0, 0x0, 0x8, 0x8, r2, &(0x7f0000000180)="94cbac93e3945b96b4442b0676f0558f4987a6b25c87f3b2f895baa46a41c0a88f4e8db5048dfc08bb8f63cc1a07053969560459ea9b938801b972c9a9f62501aa372b825006fd65d4505af0395ba1244e0e9c5a4a522222d4b173b5de45ce2fb01708e99963e3fc24fa01776c556afcd6a00150a522ff5dcad5ce051c5a9e234ada5a26a2488ad3e0f4d6a8ea492cac77a9", 0x92, 0xfff, 0x0, 0x2, r2}]) perf_event_open(&(0x7f0000000080)={0x5, 0x80, 0x6, 0x4, 0x9, 0x8, 0x0, 0x7ff, 0xe20c0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfffffffa, 0x4, @perf_config_ext={0x5a1, 0x9}, 0x402, 0x6, 0x9, 0x0, 0x1, 0x2, 0xc00, 0x0, 0x1ff, 0x0, 0x8}, 0x0, 0xc, r2, 0x1) r3 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000140)='.pending_reads\x00', 0x20002, 0x104) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r3, 0x2405, r1) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', 0x0, 0x0) write(r0, &(0x7f0000000040)="80", 0x1) mmap(&(0x7f00002a4000/0x4000)=nil, 0x4000, 0x1800007, 0x12, r4, 0xffffc000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x4052, r0, 0x0) r5 = accept$nfc_llcp(0xffffffffffffffff, 0x0, &(0x7f0000000340)) r6 = socket$inet_tcp(0x2, 0x1, 0x0) sendfile(r5, r6, &(0x7f0000000380)=0x100000001, 0x3ff) [ 852.923022][ T7625] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 [ 852.930974][ T7625] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 [ 852.938926][ T7625] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 852.946876][ T7625] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:40:45 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 14) 03:40:45 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x20000, 0x0, 0x0, 0x0) 03:40:45 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000006c003480"], 0x60}}, 0x0) 03:40:45 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x11000000114, 0x0, 0x0) [ 852.982553][ T8035] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.0'. 03:40:45 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x40000, 0x0, 0x0, 0x0) 03:40:45 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c023480"], 0x60}}, 0x0) [ 853.067321][ T8159] FAULT_INJECTION: forcing a failure. [ 853.067321][ T8159] name failslab, interval 1, probability 0, space 0, times 0 [ 853.075127][ T8165] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.0'. [ 853.082331][ T8159] CPU: 0 PID: 8159 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 853.100809][ T8159] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 853.110975][ T8159] Call Trace: 03:40:45 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c033480"], 0x60}}, 0x0) [ 853.114265][ T8159] dump_stack_lvl+0x1e2/0x24b [ 853.118939][ T8159] ? devkmsg_release+0x127/0x127 [ 853.123879][ T8159] ? show_regs_print_info+0x18/0x18 [ 853.129077][ T8159] dump_stack+0x15/0x1d [ 853.133228][ T8159] should_fail+0x3c0/0x510 [ 853.137642][ T8159] ? iovec_from_user+0x8a/0x310 [ 853.142509][ T8159] __should_failslab+0x9f/0xe0 [ 853.144744][ T8270] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.0'. [ 853.147267][ T8159] should_failslab+0x9/0x20 [ 853.147277][ T8159] __kmalloc+0x68/0x3d0 03:40:45 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) write$P9_RREADDIR(0xffffffffffffffff, &(0x7f0000000180)={0x141, 0x29, 0x2, {0x1ff, [{{0x20, 0x3}, 0xfffffffffffffff7, 0x2, 0x7, './file0'}, {{0x4, 0x4, 0x2}, 0x0, 0x40, 0x7, './file1'}, {{0x1, 0x2, 0x1}, 0x100, 0x7f, 0x7, './file0'}, {{0x20, 0x2, 0x1}, 0x4, 0x7b, 0x7, './file0'}, {{0x20, 0x4, 0xa}, 0x0, 0x0, 0x7, './file0'}, {{0x1, 0x1, 0x8}, 0x8, 0x0, 0x7, './file0'}, {{0xe26d44dd81c05ac9, 0x4, 0x2}, 0x8001, 0x69, 0x7, './file0'}, {{0x4, 0x0, 0x1}, 0x7, 0x9, 0x7, './file0'}, {{0x20, 0x3, 0xaff6}, 0x2, 0xf8, 0x7, './file0'}, {{0x40, 0x1, 0x3}, 0x7, 0xb6, 0x7, './file0'}]}}, 0x141) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000000c0)={[{@rlog_wakeup_cnt}]}) sendmsg$sock(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000300)=@ll={0x11, 0x1a, 0x0, 0x1, 0x6, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xf}}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000380)="bd4e2e57490552e13ef241b0943116e9118be8a0d45ee9435893b8b1fc32a6e73ee2d1f774d9c5f68643554c5668cc801bd249e9729074fdc54edf47a28a200adede687584ea88ef93eb50932cdc60f0016ca049582c949dca6cd7485e92fb47db7298d2e1d676034b9d9474bbc9fdda67119b8884c4f9ad0854d1dc231b47c77de09335e59a6c2a6b4e3b0d789610f1bca15f1c427c81bdc2fb04723c65887ffa8b926b7fb61793e0f4e6987c6e5c8ba9353787b60dc101f13a16e1258fa7b9389b4000fe2def37d7e3cf81fb250744f096a8ab821bb855dfc0", 0xda}, {&(0x7f0000000480)="313ab7ae1f3bbf08fc8690091d57c7708f368b86f73d85f36d9408a9567f59ab550af6fcf00e0e82580a4b549600a246c70ee6cccec1aedd51318a7e1bac9187cf471e0e4bd7df754ecccf3e9117282e1665a77f974a4de2839e75b1ba8054c733e4138b0ea7b9caa8d02be2f9009e23e1123ebfe5f2a84e8f0827a18d637abf3650e1f286d17e2d01aba37d0b425a5db75600d8654805dd46b2ff8d1f0a5ea1af6df92da4bd4b6d7148aaa13ea9dcf36e2a0b3900af3d3730df07001bbce3a5d103b7786dd13c307821969b612730a02a8b82dd5e6b3e5320ed629d5561a2bc567f895ab38e619d92ce6f5859d15950", 0xf0}, {&(0x7f0000000580)="8da1d589662be8239292407f33e254d7a9894df93ca4cd8350169ff8823d7721975ce620d92104095ce2334bcc9406c17dd57c15e529b494f1ee39b26f5b10c05ef518823e6ee5cd9455902a34f6f6423a47f8b8b9a3", 0x56}, {&(0x7f0000000600)="884dd9a1398a08e1b0c031fa917a58af556228856a82664b8a7508c7b00de671e1f0a3a6f711d0f53e0068c1c5e6243913262a8fdfbbd08cee3c3caea171471ae33df8acd61f626cdb26a6dc1645033635bc3e8d049e94e2a95dbcdfa23d3943e26b61c76e2f89cc768d30dbe16f0ef981864c67147909e9a1763428bf1f73f251afe9bf05c2042318b72a69c515eb0272aa86c39b7167f475304d14ca24390031c91d6bba30e69bf53c12259740d7c42935f57598", 0xb5}], 0x4}, 0x20008800) [ 853.147288][ T8159] ? _copy_from_user+0x93/0xd0 [ 853.147306][ T8159] iovec_from_user+0x8a/0x310 [ 853.174581][ T8159] ? __ia32_sys_shutdown+0x70/0x70 [ 853.179692][ T8159] __import_iovec+0x72/0x3b0 [ 853.184377][ T8159] io_recvmsg_copy_hdr+0x396/0x7f0 [ 853.189535][ T8159] ? io_poll_remove_one+0xf90/0xf90 [ 853.194729][ T8159] ? arch_stack_walk+0xf8/0x140 [ 853.199580][ T8159] io_issue_sqe+0x2ccf/0xfc10 [ 853.204261][ T8159] ? __io_req_task_cancel+0x720/0x720 [ 853.209637][ T8159] ? __rcu_read_lock+0x50/0x50 03:40:45 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c043480"], 0x60}}, 0x0) [ 853.214395][ T8159] ? is_bpf_text_address+0x1a2/0x1c0 [ 853.216739][ T8273] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.0'. [ 853.219665][ T8159] ? stack_trace_save+0x1e0/0x1e0 [ 853.219677][ T8159] ? __kernel_text_address+0x9a/0x110 [ 853.219692][ T8159] ? kmem_cache_free+0xaa/0x1e0 [ 853.219701][ T8159] ? kmem_cache_free+0xaa/0x1e0 [ 853.219710][ T8159] ? kasan_set_track+0x63/0x80 [ 853.219718][ T8159] ? kasan_set_track+0x4c/0x80 [ 853.219737][ T8159] ? kasan_set_free_info+0x23/0x40 03:40:46 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c053480"], 0x60}}, 0x0) [ 853.263567][ T8159] ? ____kasan_slab_free+0x133/0x170 [ 853.268843][ T8159] ? __kasan_slab_free+0x11/0x20 [ 853.273773][ T8159] ? slab_free_freelist_hook+0xb2/0x180 [ 853.279321][ T8159] ? kmem_cache_free+0xaa/0x1e0 [ 853.284173][ T8159] ? __io_free_req+0x20e/0x380 [ 853.284538][ T8378] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.0'. [ 853.288930][ T8159] ? io_req_complete+0xeb/0x610 [ 853.288941][ T8159] ? __io_queue_sqe+0x1070/0x2fa0 [ 853.288951][ T8159] ? io_queue_sqe+0x295/0x1180 [ 853.288959][ T8159] ? io_submit_sqe+0x385/0xfd0 03:40:46 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c063480"], 0x60}}, 0x0) [ 853.288968][ T8159] ? io_submit_sqes+0x1050/0x2da0 [ 853.288977][ T8159] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 853.288985][ T8159] ? __x64_sys_io_uring_enter+0xe5/0x100 [ 853.288995][ T8159] ? do_syscall_64+0x31/0x70 [ 853.289014][ T8159] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 853.338456][ T8382] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.0'. [ 853.344526][ T8159] ? kmem_cache_free+0xaa/0x1e0 [ 853.344539][ T8159] ? debug_smp_processor_id+0x1c/0x20 [ 853.344555][ T8159] ? kmem_cache_free+0xaa/0x1e0 [ 853.368822][ T8159] ? ____kasan_slab_free+0x13e/0x170 [ 853.374105][ T8159] ? __kasan_slab_free+0x11/0x20 [ 853.379041][ T8159] ? slab_free_freelist_hook+0xb2/0x180 [ 853.384581][ T8159] ? __rcu_read_lock+0x50/0x50 [ 853.389333][ T8159] ? io_req_prep+0x1906/0x51b0 [ 853.394086][ T8159] ? io_queue_sqe+0x1180/0x1180 [ 853.398939][ T8159] ? __rcu_read_lock+0x50/0x50 [ 853.403701][ T8159] __io_queue_sqe+0x2cf/0x2fa0 [ 853.408465][ T8159] io_queue_sqe+0x295/0x1180 [ 853.413052][ T8159] io_submit_sqe+0x385/0xfd0 03:40:46 executing program 3: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) r1 = perf_event_open(&(0x7f00000002c0)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0xfffffff6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', 0x0, 0x0) write(r0, &(0x7f0000000040)="80", 0x1) mmap(&(0x7f00002a4000/0x4000)=nil, 0x4000, 0x1800006, 0x20010, r1, 0xffffa000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x4052, r0, 0x0) r2 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000080), 0x648202, 0x0) r3 = fsopen(&(0x7f00000000c0)='cgroup2\x00', 0x0) sendfile(r2, r3, 0x0, 0xf0c) [ 853.417637][ T8159] ? io_file_get+0x437/0x9c0 [ 853.422229][ T8159] io_submit_sqes+0x1050/0x2da0 [ 853.427071][ T8159] ? io_uring_add_task_file+0x290/0x290 [ 853.432604][ T8159] ? security_file_permission+0xa8/0xc0 [ 853.438148][ T8159] ? __kasan_check_write+0x14/0x20 [ 853.439230][ T8389] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.0'. [ 853.443250][ T8159] ? mutex_lock+0xa6/0x110 [ 853.443264][ T8159] ? io_uring_add_task_file+0x127/0x290 [ 853.443273][ T8159] ? __fdget+0x1b5/0x240 [ 853.443284][ T8159] __se_sys_io_uring_enter+0x322/0x12b0 [ 853.443294][ T8159] ? __fget_files+0x26d/0x2c0 [ 853.443312][ T8159] ? __kasan_check_write+0x14/0x20 [ 853.481927][ T8159] ? fput_many+0x47/0x1a0 [ 853.486236][ T8159] ? __x64_sys_io_uring_enter+0x100/0x100 [ 853.491933][ T8159] ? __ia32_sys_read+0x90/0x90 [ 853.496676][ T8159] ? debug_smp_processor_id+0x1c/0x20 [ 853.502025][ T8159] __x64_sys_io_uring_enter+0xe5/0x100 [ 853.507462][ T8159] do_syscall_64+0x31/0x70 [ 853.511857][ T8159] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 853.517722][ T8159] RIP: 0033:0x7f5fb5d49a39 [ 853.522116][ T8159] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 853.541694][ T8159] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 853.550098][ T8159] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 853.558045][ T8159] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 [ 853.565991][ T8159] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 [ 853.573940][ T8159] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 853.581888][ T8159] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:40:46 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 15) 03:40:46 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x8002a0, 0x0, 0x0, 0x0) 03:40:46 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c073480"], 0x60}}, 0x0) 03:40:46 executing program 3: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) perf_event_open(&(0x7f00000002c0)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0xfffffff6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', 0x0, 0x0) write(r0, &(0x7f0000000040)="80", 0x1) r2 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r2, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) listen(r2, 0x12) bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e21, @empty}, 0x10) mmap(&(0x7f00002a4000/0x4000)=nil, 0x4000, 0x1800007, 0x12, r1, 0xffffc000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x4052, r0, 0x0) 03:40:46 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x40000000200, 0x0, 0x0) 03:40:46 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) lstat(&(0x7f0000000080)='./file0\x00', &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x1f6022, &(0x7f0000000200)=ANY=[@ANYBLOB='rlog_wakeup_cnt=00000000000000000000,mask=^MAY_EXEC,smackfstransmute=incremental-fs\x00,fowner=', @ANYRESDEC=r0, @ANYBLOB=',fowner=', @ANYRESDEC=r0, @ANYBLOB=',bontext=system_u,\x00']) 03:40:46 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c093480"], 0x60}}, 0x0) [ 853.667736][ T8503] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.0'. 03:40:46 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x7ffffffff000, 0x0, 0x0) 03:40:46 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x943577, 0x0, 0x0, 0x0) 03:40:46 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c833480"], 0x60}}, 0x0) [ 853.741597][ T8628] ref_ctr increment failed for inode: 0x4f1 offset: 0x0 ref_ctr_offset: 0xfffffff6 of mm: 0x000000004809ca2c [ 853.755785][ T8624] FAULT_INJECTION: forcing a failure. [ 853.755785][ T8624] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 853.778795][ T8624] CPU: 0 PID: 8624 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 03:40:46 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000000c0)={[{@rlog_wakeup_cnt}]}) pipe(&(0x7f0000000200)={0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) splice(r0, 0x0, r1, 0x0, 0x4ffdc, 0x0) openat(r0, &(0x7f0000000080)='./file0\x00', 0x2200, 0x19) [ 853.790353][ T8624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 853.800407][ T8624] Call Trace: [ 853.803710][ T8624] dump_stack_lvl+0x1e2/0x24b [ 853.808389][ T8624] ? show_regs_print_info+0x18/0x18 [ 853.813589][ T8624] dump_stack+0x15/0x1d [ 853.817746][ T8624] should_fail+0x3c0/0x510 [ 853.822157][ T8624] should_fail_usercopy+0x1a/0x20 [ 853.827176][ T8624] _copy_from_user+0x20/0xd0 [ 853.828598][ T8628] ref_ctr increment failed for inode: 0x4f1 offset: 0x0 ref_ctr_offset: 0xfffffff6 of mm: 0x000000004809ca2c [ 853.831761][ T8624] iovec_from_user+0xc7/0x310 [ 853.831777][ T8624] ? __ia32_sys_shutdown+0x70/0x70 [ 853.831786][ T8624] __import_iovec+0x72/0x3b0 [ 853.831806][ T8624] io_recvmsg_copy_hdr+0x396/0x7f0 [ 853.862725][ T8624] ? io_poll_remove_one+0xf90/0xf90 [ 853.867926][ T8624] ? arch_stack_walk+0xf8/0x140 [ 853.872782][ T8624] io_issue_sqe+0x2ccf/0xfc10 [ 853.877466][ T8624] ? __io_req_task_cancel+0x720/0x720 [ 853.882842][ T8624] ? __rcu_read_lock+0x50/0x50 03:40:46 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003780"], 0x60}}, 0x0) [ 853.887604][ T8624] ? is_bpf_text_address+0x1a2/0x1c0 [ 853.892890][ T8624] ? stack_trace_save+0x1e0/0x1e0 [ 853.897919][ T8624] ? __kernel_text_address+0x9a/0x110 [ 853.903294][ T8624] ? kmem_cache_free+0xaa/0x1e0 [ 853.908140][ T8624] ? kmem_cache_free+0xaa/0x1e0 [ 853.912991][ T8624] ? kasan_set_track+0x63/0x80 [ 853.917757][ T8624] ? kasan_set_track+0x4c/0x80 [ 853.922519][ T8624] ? kasan_set_free_info+0x23/0x40 [ 853.927629][ T8624] ? ____kasan_slab_free+0x133/0x170 [ 853.932925][ T8624] ? __kasan_slab_free+0x11/0x20 [ 853.937863][ T8624] ? slab_free_freelist_hook+0xb2/0x180 [ 853.943409][ T8624] ? kmem_cache_free+0xaa/0x1e0 [ 853.948259][ T8624] ? __io_free_req+0x20e/0x380 [ 853.953025][ T8624] ? io_req_complete+0xeb/0x610 [ 853.957876][ T8624] ? __io_queue_sqe+0x1070/0x2fa0 [ 853.962903][ T8624] ? io_queue_sqe+0x295/0x1180 [ 853.967667][ T8624] ? io_submit_sqe+0x385/0xfd0 [ 853.972433][ T8624] ? io_submit_sqes+0x1050/0x2da0 [ 853.977453][ T8624] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 853.983171][ T8624] ? __x64_sys_io_uring_enter+0xe5/0x100 [ 853.988802][ T8624] ? do_syscall_64+0x31/0x70 [ 853.993401][ T8624] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 853.999475][ T8624] ? kmem_cache_free+0xaa/0x1e0 [ 854.004311][ T8624] ? debug_smp_processor_id+0x1c/0x20 [ 854.009667][ T8624] ? kmem_cache_free+0xaa/0x1e0 [ 854.014509][ T8624] ? ____kasan_slab_free+0x13e/0x170 [ 854.019785][ T8624] ? __kasan_slab_free+0x11/0x20 [ 854.024718][ T8624] ? slab_free_freelist_hook+0xb2/0x180 [ 854.030266][ T8624] ? __rcu_read_lock+0x50/0x50 [ 854.035030][ T8624] ? io_req_prep+0x1906/0x51b0 [ 854.039789][ T8624] ? io_queue_sqe+0x1180/0x1180 [ 854.044632][ T8624] ? __rcu_read_lock+0x50/0x50 [ 854.049381][ T8624] __io_queue_sqe+0x2cf/0x2fa0 [ 854.054128][ T8624] io_queue_sqe+0x295/0x1180 [ 854.058749][ T8624] io_submit_sqe+0x385/0xfd0 [ 854.063313][ T8624] ? io_file_get+0x437/0x9c0 [ 854.067895][ T8624] io_submit_sqes+0x1050/0x2da0 [ 854.072724][ T8624] ? io_uring_add_task_file+0x290/0x290 [ 854.078248][ T8624] ? security_file_permission+0xa8/0xc0 [ 854.083767][ T8624] ? __kasan_check_write+0x14/0x20 [ 854.088850][ T8624] ? mutex_lock+0xa6/0x110 [ 854.093240][ T8624] ? io_uring_add_task_file+0x127/0x290 [ 854.098755][ T8624] ? __fdget+0x1b5/0x240 [ 854.102969][ T8624] __se_sys_io_uring_enter+0x322/0x12b0 [ 854.108485][ T8624] ? __fget_files+0x26d/0x2c0 [ 854.113132][ T8624] ? __kasan_check_write+0x14/0x20 [ 854.118218][ T8624] ? fput_many+0x47/0x1a0 [ 854.122525][ T8624] ? __x64_sys_io_uring_enter+0x100/0x100 [ 854.128215][ T8624] ? __ia32_sys_read+0x90/0x90 [ 854.132953][ T8624] ? debug_smp_processor_id+0x1c/0x20 [ 854.138298][ T8624] __x64_sys_io_uring_enter+0xe5/0x100 [ 854.143741][ T8624] do_syscall_64+0x31/0x70 [ 854.148133][ T8624] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 854.154017][ T8624] RIP: 0033:0x7f5fb5d49a39 [ 854.158408][ T8624] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 854.177984][ T8624] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa 03:40:46 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 16) 03:40:46 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0xc58700000000, 0x0, 0x0) 03:40:46 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0xf0ff7f, 0x0, 0x0, 0x0) 03:40:46 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) splice(r0, 0x0, r1, 0x0, 0x4ffdc, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$TIPC_CMD_GET_BEARER_NAMES(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r3, 0x1, 0x0, 0x0, {{}, {0x0, 0x4102}}}, 0x1c}}, 0x0) sendmsg$TIPC_CMD_SET_NODE_ADDR(r0, &(0x7f0000000280)={&(0x7f0000000180), 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x24, r3, 0x100, 0x70bd27, 0x25dfdbfc, {{}, {}, {0x8, 0x11, 0x5}}, ["", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x2404c058}, 0x4000) syz_genetlink_get_family_id$tipc2(&(0x7f0000000080), r0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000000c0)={[{@rlog_wakeup_cnt}]}) 03:40:46 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c006c80"], 0x60}}, 0x0) 03:40:46 executing program 3: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) perf_event_open(&(0x7f00000002c0)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0xfffffff6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000000)="fc0000001d000724ab09254ec100070007ab08001b000000f0ffff002100057e0000000000000e000039000000039815fad151ba0101099cecb94b46fe0000000a00020025", 0xffffff0c) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000010d00)=ANY=[@ANYBLOB="900601002d000105", @ANYBLOB], 0x10690}}, 0x0) splice(r3, 0x0, r2, 0x0, 0x1, 0x0) ioctl$BLKFRASET(r2, 0x1264, &(0x7f0000000080)=0x1) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsetxattr$security_capability(r1, &(0x7f0000000100), &(0x7f0000000180)=@v1={0x1000000, [{0x8, 0xffffffff}]}, 0xc, 0x2) write(r0, &(0x7f0000000040)="80", 0x1) mmap(&(0x7f00002a4000/0x4000)=nil, 0x4000, 0x180000f, 0x12, r4, 0xffffc000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x4052, r0, 0x0) [ 854.186371][ T8624] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 854.194315][ T8624] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 [ 854.202258][ T8624] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 [ 854.210201][ T8624] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 854.218147][ T8624] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:40:46 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003780"], 0x60}}, 0x0) 03:40:47 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x2000000000000, 0x0, 0x0) 03:40:47 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0xfeffff, 0x0, 0x0, 0x0) 03:40:47 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c006c80"], 0x60}}, 0x0) [ 854.316785][ T8999] FAULT_INJECTION: forcing a failure. [ 854.316785][ T8999] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 854.348677][ T8999] CPU: 1 PID: 8999 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 854.360229][ T8999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 854.370263][ T8999] Call Trace: [ 854.373535][ T8999] dump_stack_lvl+0x1e2/0x24b [ 854.378186][ T8999] ? show_regs_print_info+0x18/0x18 [ 854.383359][ T8999] ? kfree+0xca/0x310 [ 854.387311][ T8999] dump_stack+0x15/0x1d [ 854.391442][ T8999] should_fail+0x3c0/0x510 [ 854.395835][ T8999] should_fail_usercopy+0x1a/0x20 [ 854.400849][ T8999] _copy_from_user+0x20/0xd0 [ 854.405434][ T8999] __copy_msghdr_from_user+0xaf/0x730 [ 854.410779][ T8999] ? __import_iovec+0x343/0x3b0 [ 854.415604][ T8999] ? __ia32_sys_shutdown+0x70/0x70 [ 854.420690][ T8999] io_recvmsg_copy_hdr+0x1cf/0x7f0 [ 854.425775][ T8999] ? io_poll_remove_one+0xf90/0xf90 [ 854.430946][ T8999] ? arch_stack_walk+0xf8/0x140 [ 854.435769][ T8999] io_issue_sqe+0x2ccf/0xfc10 [ 854.440426][ T8999] ? __io_req_task_cancel+0x720/0x720 [ 854.445774][ T8999] ? __rcu_read_lock+0x50/0x50 [ 854.450515][ T8999] ? is_bpf_text_address+0x1a2/0x1c0 [ 854.455772][ T8999] ? stack_trace_save+0x1e0/0x1e0 [ 854.460770][ T8999] ? __kernel_text_address+0x9a/0x110 [ 854.466116][ T8999] ? kmem_cache_free+0xaa/0x1e0 [ 854.470935][ T8999] ? kmem_cache_free+0xaa/0x1e0 [ 854.475759][ T8999] ? kasan_set_track+0x63/0x80 [ 854.480493][ T8999] ? kasan_set_track+0x4c/0x80 [ 854.485228][ T8999] ? kasan_set_free_info+0x23/0x40 [ 854.490330][ T8999] ? ____kasan_slab_free+0x133/0x170 [ 854.495589][ T8999] ? __kasan_slab_free+0x11/0x20 [ 854.500495][ T8999] ? slab_free_freelist_hook+0xb2/0x180 [ 854.506011][ T8999] ? kmem_cache_free+0xaa/0x1e0 [ 854.510831][ T8999] ? __io_free_req+0x20e/0x380 [ 854.515567][ T8999] ? io_req_complete+0xeb/0x610 [ 854.520392][ T8999] ? __io_queue_sqe+0x1070/0x2fa0 [ 854.525388][ T8999] ? io_queue_sqe+0x295/0x1180 [ 854.530125][ T8999] ? io_submit_sqe+0x385/0xfd0 [ 854.534861][ T8999] ? io_submit_sqes+0x1050/0x2da0 [ 854.539856][ T8999] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 854.545567][ T8999] ? __x64_sys_io_uring_enter+0xe5/0x100 [ 854.551173][ T8999] ? do_syscall_64+0x31/0x70 [ 854.555734][ T8999] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 854.561779][ T8999] ? kmem_cache_free+0xaa/0x1e0 [ 854.566605][ T8999] ? debug_smp_processor_id+0x1c/0x20 [ 854.571953][ T8999] ? kmem_cache_free+0xaa/0x1e0 [ 854.576776][ T8999] ? ____kasan_slab_free+0x13e/0x170 [ 854.582038][ T8999] ? __kasan_slab_free+0x11/0x20 [ 854.586949][ T8999] ? slab_free_freelist_hook+0xb2/0x180 [ 854.592473][ T8999] ? __rcu_read_lock+0x50/0x50 [ 854.597209][ T8999] ? io_req_prep+0x1906/0x51b0 [ 854.601945][ T8999] ? io_queue_sqe+0x1180/0x1180 [ 854.606767][ T8999] ? __rcu_read_lock+0x50/0x50 [ 854.611504][ T8999] __io_queue_sqe+0x2cf/0x2fa0 [ 854.616248][ T8999] io_queue_sqe+0x295/0x1180 [ 854.620812][ T8999] io_submit_sqe+0x385/0xfd0 [ 854.625381][ T8999] ? io_file_get+0x437/0x9c0 [ 854.629950][ T8999] io_submit_sqes+0x1050/0x2da0 [ 854.634788][ T8999] ? io_uring_add_task_file+0x290/0x290 [ 854.640320][ T8999] ? security_file_permission+0xa8/0xc0 [ 854.645858][ T8999] ? __kasan_check_write+0x14/0x20 [ 854.650945][ T8999] ? mutex_lock+0xa6/0x110 [ 854.655354][ T8999] ? io_uring_add_task_file+0x127/0x290 [ 854.660880][ T8999] ? __fdget+0x1b5/0x240 [ 854.665092][ T8999] __se_sys_io_uring_enter+0x322/0x12b0 [ 854.670609][ T8999] ? __fget_files+0x26d/0x2c0 [ 854.675258][ T8999] ? __kasan_check_write+0x14/0x20 [ 854.680340][ T8999] ? fput_many+0x47/0x1a0 [ 854.684642][ T8999] ? __x64_sys_io_uring_enter+0x100/0x100 [ 854.690337][ T8999] ? __ia32_sys_read+0x90/0x90 [ 854.695075][ T8999] ? debug_smp_processor_id+0x1c/0x20 [ 854.700419][ T8999] __x64_sys_io_uring_enter+0xe5/0x100 [ 854.705852][ T8999] do_syscall_64+0x31/0x70 [ 854.710242][ T8999] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 854.716105][ T8999] RIP: 0033:0x7f5fb5d49a39 [ 854.720497][ T8999] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 854.740087][ T8999] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 854.748483][ T8999] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 854.756432][ T8999] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 03:40:47 executing program 1: fcntl$addseals(0xffffffffffffffff, 0x409, 0xe) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000000c0)={[{@rlog_wakeup_cnt}]}) 03:40:47 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 17) [ 854.764387][ T8999] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 [ 854.772342][ T8999] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 854.780298][ T8999] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:40:47 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003460"], 0x60}}, 0x0) 03:40:47 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x2000000040000, 0x0, 0x0) [ 854.848576][ T9220] ref_ctr increment failed for inode: 0x4fd offset: 0x0 ref_ctr_offset: 0xfffffff6 of mm: 0x0000000070a844d8 [ 854.892127][ T9268] FAULT_INJECTION: forcing a failure. [ 854.892127][ T9268] name failslab, interval 1, probability 0, space 0, times 0 [ 854.904986][ T9268] CPU: 1 PID: 9268 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 854.916517][ T9268] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 854.926556][ T9268] Call Trace: [ 854.929826][ T9268] dump_stack_lvl+0x1e2/0x24b [ 854.934480][ T9268] ? devkmsg_release+0x127/0x127 [ 854.939416][ T9268] ? show_regs_print_info+0x18/0x18 [ 854.944591][ T9268] dump_stack+0x15/0x1d [ 854.948727][ T9268] should_fail+0x3c0/0x510 [ 854.953126][ T9268] ? iovec_from_user+0x8a/0x310 [ 854.957965][ T9268] __should_failslab+0x9f/0xe0 [ 854.962709][ T9268] should_failslab+0x9/0x20 [ 854.967201][ T9268] __kmalloc+0x68/0x3d0 [ 854.971340][ T9268] ? _copy_from_user+0x93/0xd0 [ 854.976081][ T9268] iovec_from_user+0x8a/0x310 [ 854.980743][ T9268] ? __ia32_sys_shutdown+0x70/0x70 [ 854.985830][ T9268] __import_iovec+0x72/0x3b0 [ 854.990399][ T9268] io_recvmsg_copy_hdr+0x396/0x7f0 [ 854.995486][ T9268] ? io_poll_remove_one+0xf90/0xf90 [ 855.000705][ T9268] ? arch_stack_walk+0xf8/0x140 [ 855.005532][ T9268] io_issue_sqe+0x2ccf/0xfc10 [ 855.010183][ T9268] ? __io_req_task_cancel+0x720/0x720 [ 855.015534][ T9268] ? __rcu_read_lock+0x50/0x50 [ 855.020271][ T9268] ? is_bpf_text_address+0x1a2/0x1c0 [ 855.025529][ T9268] ? stack_trace_save+0x1e0/0x1e0 [ 855.030529][ T9268] ? __kernel_text_address+0x9a/0x110 [ 855.035878][ T9268] ? kmem_cache_free+0xaa/0x1e0 [ 855.040703][ T9268] ? kmem_cache_free+0xaa/0x1e0 [ 855.045527][ T9268] ? kasan_set_track+0x63/0x80 [ 855.050264][ T9268] ? kasan_set_track+0x4c/0x80 [ 855.055000][ T9268] ? kasan_set_free_info+0x23/0x40 [ 855.060083][ T9268] ? ____kasan_slab_free+0x133/0x170 [ 855.065339][ T9268] ? __kasan_slab_free+0x11/0x20 [ 855.070247][ T9268] ? slab_free_freelist_hook+0xb2/0x180 [ 855.075763][ T9268] ? kmem_cache_free+0xaa/0x1e0 [ 855.080585][ T9268] ? __io_free_req+0x20e/0x380 [ 855.085319][ T9268] ? io_req_complete+0xeb/0x610 [ 855.090144][ T9268] ? __io_queue_sqe+0x1070/0x2fa0 [ 855.095142][ T9268] ? io_queue_sqe+0x295/0x1180 [ 855.099880][ T9268] ? io_submit_sqe+0x385/0xfd0 [ 855.104615][ T9268] ? io_submit_sqes+0x1050/0x2da0 [ 855.109614][ T9268] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 855.115305][ T9268] ? __x64_sys_io_uring_enter+0xe5/0x100 [ 855.120927][ T9268] ? do_syscall_64+0x31/0x70 [ 855.125488][ T9268] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 855.131531][ T9268] ? kmem_cache_free+0xaa/0x1e0 [ 855.136357][ T9268] ? debug_smp_processor_id+0x1c/0x20 [ 855.141702][ T9268] ? kmem_cache_free+0xaa/0x1e0 [ 855.146523][ T9268] ? ____kasan_slab_free+0x13e/0x170 [ 855.151781][ T9268] ? __kasan_slab_free+0x11/0x20 [ 855.156741][ T9268] ? slab_free_freelist_hook+0xb2/0x180 [ 855.162262][ T9268] ? __rcu_read_lock+0x50/0x50 [ 855.166998][ T9268] ? io_req_prep+0x1906/0x51b0 [ 855.171735][ T9268] ? io_queue_sqe+0x1180/0x1180 [ 855.176558][ T9268] ? __rcu_read_lock+0x50/0x50 [ 855.181296][ T9268] __io_queue_sqe+0x2cf/0x2fa0 [ 855.186031][ T9268] io_queue_sqe+0x295/0x1180 [ 855.190594][ T9268] io_submit_sqe+0x385/0xfd0 [ 855.195154][ T9268] ? io_file_get+0x437/0x9c0 [ 855.199720][ T9268] io_submit_sqes+0x1050/0x2da0 [ 855.204545][ T9268] ? io_uring_add_task_file+0x290/0x290 [ 855.210064][ T9268] ? security_file_permission+0xa8/0xc0 [ 855.215585][ T9268] ? __kasan_check_write+0x14/0x20 [ 855.220671][ T9268] ? mutex_lock+0xa6/0x110 [ 855.225060][ T9268] ? io_uring_add_task_file+0x127/0x290 [ 855.230575][ T9268] ? __fdget+0x1b5/0x240 [ 855.234791][ T9268] __se_sys_io_uring_enter+0x322/0x12b0 [ 855.240310][ T9268] ? __fget_files+0x26d/0x2c0 [ 855.244960][ T9268] ? __kasan_check_write+0x14/0x20 [ 855.250041][ T9268] ? fput_many+0x47/0x1a0 [ 855.254348][ T9268] ? __x64_sys_io_uring_enter+0x100/0x100 [ 855.260039][ T9268] ? __ia32_sys_read+0x90/0x90 [ 855.264778][ T9268] ? debug_smp_processor_id+0x1c/0x20 [ 855.270124][ T9268] __x64_sys_io_uring_enter+0xe5/0x100 [ 855.275556][ T9268] do_syscall_64+0x31/0x70 [ 855.279948][ T9268] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 855.285815][ T9268] RIP: 0033:0x7f5fb5d49a39 [ 855.290205][ T9268] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 855.309784][ T9268] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 855.318182][ T9268] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 855.326131][ T9268] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 [ 855.334078][ T9268] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 03:40:48 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x1000000, 0x0, 0x0, 0x0) 03:40:48 executing program 3: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) perf_event_open(&(0x7f00000002c0)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0xfffffff6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000000)="fc0000001d000724ab09254ec100070007ab08001b000000f0ffff002100057e0000000000000e000039000000039815fad151ba0101099cecb94b46fe0000000a00020025", 0xffffff0c) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000010d00)=ANY=[@ANYBLOB="900601002d000105", @ANYBLOB], 0x10690}}, 0x0) splice(r3, 0x0, r2, 0x0, 0x1, 0x0) ioctl$BLKFRASET(r2, 0x1264, &(0x7f0000000080)=0x1) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsetxattr$security_capability(r1, &(0x7f0000000100), &(0x7f0000000180)=@v1={0x1000000, [{0x8, 0xffffffff}]}, 0xc, 0x2) write(r0, &(0x7f0000000040)="80", 0x1) mmap(&(0x7f00002a4000/0x4000)=nil, 0x4000, 0x180000f, 0x12, r4, 0xffffc000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x4052, r0, 0x0) 03:40:48 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 18) 03:40:48 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003474"], 0x60}}, 0x0) [ 855.342024][ T9268] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 855.349975][ T9268] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:40:48 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000008440), 0x0, 0x0) read$FUSE(r0, &(0x7f0000000040)={0x2020, 0x0, 0x0, 0x0}, 0x2020) setreuid(0xee00, r1) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000008440), 0x0, 0x0) read$FUSE(r2, &(0x7f0000000040)={0x2020, 0x0, 0x0, 0x0}, 0x2020) setreuid(0xee00, r3) lstat(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) lsetxattr$system_posix_acl(&(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='system.posix_acl_access\x00', &(0x7f0000000280)={{}, {0x1, 0x3}, [{0x2, 0x2}, {0x2, 0xf, r1}, {0x2, 0x0, 0xee00}, {0x2, 0x4, r3}, {0x2, 0x7, 0xffffffffffffffff}, {0x2, 0x6, 0xee01}], {0x4, 0x3}, [{0x8, 0x6, 0xee00}, {0x8, 0x2, 0xee01}, {0x8, 0x1, r4}, {0x8, 0x1, 0xee00}], {0x10, 0x5}, {0x20, 0x6}}, 0x74, 0x0) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000000c0)={[{@rlog_wakeup_cnt}]}) 03:40:48 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x4000000000000, 0x0, 0x0) 03:40:48 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003400"], 0x60}}, 0x0) [ 855.464789][ T9543] FAULT_INJECTION: forcing a failure. [ 855.464789][ T9543] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 855.478059][ T9543] CPU: 1 PID: 9543 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 855.489592][ T9543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 855.499631][ T9543] Call Trace: [ 855.502958][ T9543] dump_stack_lvl+0x1e2/0x24b [ 855.507611][ T9543] ? show_regs_print_info+0x18/0x18 [ 855.512796][ T9543] dump_stack+0x15/0x1d [ 855.516932][ T9543] should_fail+0x3c0/0x510 [ 855.521340][ T9543] should_fail_usercopy+0x1a/0x20 [ 855.526350][ T9543] _copy_from_user+0x20/0xd0 [ 855.530916][ T9543] iovec_from_user+0xc7/0x310 [ 855.535575][ T9543] ? __ia32_sys_shutdown+0x70/0x70 [ 855.540673][ T9543] __import_iovec+0x72/0x3b0 [ 855.545241][ T9543] io_recvmsg_copy_hdr+0x396/0x7f0 [ 855.550330][ T9543] ? io_poll_remove_one+0xf90/0xf90 [ 855.555517][ T9543] ? arch_stack_walk+0xf8/0x140 [ 855.560358][ T9543] io_issue_sqe+0x2ccf/0xfc10 [ 855.565018][ T9543] ? __io_req_task_cancel+0x720/0x720 [ 855.570373][ T9543] ? __rcu_read_lock+0x50/0x50 [ 855.575116][ T9543] ? is_bpf_text_address+0x1a2/0x1c0 [ 855.580374][ T9543] ? stack_trace_save+0x1e0/0x1e0 [ 855.585374][ T9543] ? __kernel_text_address+0x9a/0x110 [ 855.591280][ T9543] ? kmem_cache_free+0xaa/0x1e0 [ 855.596104][ T9543] ? kmem_cache_free+0xaa/0x1e0 [ 855.600928][ T9543] ? kasan_set_track+0x63/0x80 [ 855.605666][ T9543] ? kasan_set_track+0x4c/0x80 [ 855.610405][ T9543] ? kasan_set_free_info+0x23/0x40 [ 855.615490][ T9543] ? ____kasan_slab_free+0x133/0x170 [ 855.620784][ T9543] ? __kasan_slab_free+0x11/0x20 [ 855.625696][ T9543] ? slab_free_freelist_hook+0xb2/0x180 [ 855.631219][ T9543] ? kmem_cache_free+0xaa/0x1e0 [ 855.636087][ T9543] ? __io_free_req+0x20e/0x380 [ 855.640827][ T9543] ? io_req_complete+0xeb/0x610 [ 855.645647][ T9543] ? __io_queue_sqe+0x1070/0x2fa0 [ 855.650643][ T9543] ? io_queue_sqe+0x295/0x1180 [ 855.655379][ T9543] ? io_submit_sqe+0x385/0xfd0 [ 855.660113][ T9543] ? io_submit_sqes+0x1050/0x2da0 [ 855.665108][ T9543] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 855.670797][ T9543] ? __x64_sys_io_uring_enter+0xe5/0x100 [ 855.676401][ T9543] ? do_syscall_64+0x31/0x70 [ 855.680963][ T9543] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 855.687045][ T9543] ? kmem_cache_free+0xaa/0x1e0 [ 855.691869][ T9543] ? debug_smp_processor_id+0x1c/0x20 [ 855.697215][ T9543] ? kmem_cache_free+0xaa/0x1e0 [ 855.702127][ T9543] ? ____kasan_slab_free+0x13e/0x170 [ 855.707381][ T9543] ? __kasan_slab_free+0x11/0x20 [ 855.712290][ T9543] ? slab_free_freelist_hook+0xb2/0x180 [ 855.717825][ T9543] ? __rcu_read_lock+0x50/0x50 [ 855.722569][ T9543] ? io_req_prep+0x1906/0x51b0 [ 855.727330][ T9543] ? io_queue_sqe+0x1180/0x1180 [ 855.732162][ T9543] ? __rcu_read_lock+0x50/0x50 [ 855.736903][ T9543] __io_queue_sqe+0x2cf/0x2fa0 [ 855.741647][ T9543] io_queue_sqe+0x295/0x1180 [ 855.746223][ T9543] io_submit_sqe+0x385/0xfd0 [ 855.750799][ T9543] ? io_file_get+0x437/0x9c0 [ 855.755376][ T9543] io_submit_sqes+0x1050/0x2da0 [ 855.760213][ T9543] ? io_uring_add_task_file+0x290/0x290 [ 855.765736][ T9543] ? security_file_permission+0xa8/0xc0 [ 855.771266][ T9543] ? __kasan_check_write+0x14/0x20 [ 855.776363][ T9543] ? mutex_lock+0xa6/0x110 [ 855.780769][ T9543] ? io_uring_add_task_file+0x127/0x290 [ 855.786303][ T9543] ? __fdget+0x1b5/0x240 [ 855.790532][ T9543] __se_sys_io_uring_enter+0x322/0x12b0 [ 855.796061][ T9543] ? __fget_files+0x26d/0x2c0 [ 855.800726][ T9543] ? __kasan_check_write+0x14/0x20 [ 855.805817][ T9543] ? fput_many+0x47/0x1a0 [ 855.810132][ T9543] ? __x64_sys_io_uring_enter+0x100/0x100 [ 855.815839][ T9543] ? __ia32_sys_read+0x90/0x90 [ 855.820584][ T9543] ? debug_smp_processor_id+0x1c/0x20 [ 855.825932][ T9543] __x64_sys_io_uring_enter+0xe5/0x100 [ 855.831370][ T9543] do_syscall_64+0x31/0x70 [ 855.835763][ T9543] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 855.841631][ T9543] RIP: 0033:0x7f5fb5d49a39 [ 855.846030][ T9543] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 03:40:48 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x2000000, 0x0, 0x0, 0x0) 03:40:48 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 19) [ 855.865617][ T9543] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 855.874011][ T9543] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 855.881969][ T9543] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 [ 855.889919][ T9543] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 [ 855.897873][ T9543] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 855.905823][ T9543] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:40:48 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0xf}}, 0x0) 03:40:48 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000000)='./file0/file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x8f00a5, &(0x7f0000000180)=ANY=[]) 03:40:48 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x8002a0ffffffff, 0x0, 0x0) 03:40:48 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x4000000, 0x0, 0x0, 0x0) [ 856.006937][ T9698] FAULT_INJECTION: forcing a failure. [ 856.006937][ T9698] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 856.022142][ T9698] CPU: 1 PID: 9698 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 856.033686][ T9698] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 856.043761][ T9698] Call Trace: [ 856.047092][ T9698] dump_stack_lvl+0x1e2/0x24b [ 856.051755][ T9698] ? show_regs_print_info+0x18/0x18 [ 856.056937][ T9698] ? kfree+0xca/0x310 [ 856.060902][ T9698] dump_stack+0x15/0x1d [ 856.065031][ T9698] should_fail+0x3c0/0x510 [ 856.069421][ T9698] should_fail_usercopy+0x1a/0x20 [ 856.074416][ T9698] _copy_from_user+0x20/0xd0 [ 856.078985][ T9698] __copy_msghdr_from_user+0xaf/0x730 [ 856.084338][ T9698] ? __import_iovec+0x343/0x3b0 [ 856.089162][ T9698] ? __ia32_sys_shutdown+0x70/0x70 [ 856.094249][ T9698] io_recvmsg_copy_hdr+0x1cf/0x7f0 [ 856.099335][ T9698] ? io_poll_remove_one+0xf90/0xf90 [ 856.104507][ T9698] ? arch_stack_walk+0xf8/0x140 [ 856.109336][ T9698] io_issue_sqe+0x2ccf/0xfc10 [ 856.113988][ T9698] ? __io_req_task_cancel+0x720/0x720 [ 856.119357][ T9698] ? __rcu_read_lock+0x50/0x50 [ 856.124092][ T9698] ? is_bpf_text_address+0x1a2/0x1c0 [ 856.129348][ T9698] ? stack_trace_save+0x1e0/0x1e0 [ 856.134366][ T9698] ? __kernel_text_address+0x9a/0x110 [ 856.139716][ T9698] ? kmem_cache_free+0xaa/0x1e0 [ 856.144538][ T9698] ? kmem_cache_free+0xaa/0x1e0 [ 856.149361][ T9698] ? kasan_set_track+0x63/0x80 [ 856.154096][ T9698] ? kasan_set_track+0x4c/0x80 [ 856.158835][ T9698] ? kasan_set_free_info+0x23/0x40 [ 856.163918][ T9698] ? ____kasan_slab_free+0x133/0x170 [ 856.169174][ T9698] ? __kasan_slab_free+0x11/0x20 [ 856.174084][ T9698] ? slab_free_freelist_hook+0xb2/0x180 [ 856.179602][ T9698] ? kmem_cache_free+0xaa/0x1e0 [ 856.184449][ T9698] ? __io_free_req+0x20e/0x380 [ 856.189186][ T9698] ? io_req_complete+0xeb/0x610 [ 856.194023][ T9698] ? __io_queue_sqe+0x1070/0x2fa0 [ 856.199035][ T9698] ? io_queue_sqe+0x295/0x1180 [ 856.203770][ T9698] ? io_submit_sqe+0x385/0xfd0 [ 856.208524][ T9698] ? io_submit_sqes+0x1050/0x2da0 [ 856.213525][ T9698] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 856.219223][ T9698] ? __x64_sys_io_uring_enter+0xe5/0x100 [ 856.224829][ T9698] ? do_syscall_64+0x31/0x70 [ 856.229391][ T9698] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 856.235454][ T9698] ? kmem_cache_free+0xaa/0x1e0 [ 856.240293][ T9698] ? debug_smp_processor_id+0x1c/0x20 [ 856.245641][ T9698] ? kmem_cache_free+0xaa/0x1e0 [ 856.250468][ T9698] ? ____kasan_slab_free+0x13e/0x170 [ 856.255725][ T9698] ? __kasan_slab_free+0x11/0x20 [ 856.260649][ T9698] ? slab_free_freelist_hook+0xb2/0x180 [ 856.266172][ T9698] ? __rcu_read_lock+0x50/0x50 [ 856.270915][ T9698] ? io_req_prep+0x1906/0x51b0 [ 856.275655][ T9698] ? io_queue_sqe+0x1180/0x1180 [ 856.280486][ T9698] ? __rcu_read_lock+0x50/0x50 [ 856.285226][ T9698] __io_queue_sqe+0x2cf/0x2fa0 [ 856.289964][ T9698] io_queue_sqe+0x295/0x1180 [ 856.294539][ T9698] io_submit_sqe+0x385/0xfd0 [ 856.299103][ T9698] ? io_file_get+0x437/0x9c0 [ 856.303683][ T9698] io_submit_sqes+0x1050/0x2da0 [ 856.308515][ T9698] ? io_uring_add_task_file+0x290/0x290 [ 856.314036][ T9698] ? security_file_permission+0xa8/0xc0 [ 856.319558][ T9698] ? __kasan_check_write+0x14/0x20 [ 856.324648][ T9698] ? mutex_lock+0xa6/0x110 [ 856.329059][ T9698] ? io_uring_add_task_file+0x127/0x290 [ 856.334581][ T9698] ? __fdget+0x1b5/0x240 [ 856.338855][ T9698] __se_sys_io_uring_enter+0x322/0x12b0 [ 856.344436][ T9698] ? __fget_files+0x26d/0x2c0 [ 856.349090][ T9698] ? __kasan_check_write+0x14/0x20 [ 856.354176][ T9698] ? fput_many+0x47/0x1a0 [ 856.358481][ T9698] ? __x64_sys_io_uring_enter+0x100/0x100 [ 856.364172][ T9698] ? __ia32_sys_read+0x90/0x90 [ 856.368910][ T9698] ? debug_smp_processor_id+0x1c/0x20 [ 856.374258][ T9698] __x64_sys_io_uring_enter+0xe5/0x100 [ 856.379734][ T9698] do_syscall_64+0x31/0x70 [ 856.384129][ T9698] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 856.389998][ T9698] RIP: 0033:0x7f5fb5d49a39 [ 856.394390][ T9698] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 856.413970][ T9698] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 856.422383][ T9698] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 856.430336][ T9698] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 [ 856.438288][ T9698] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 [ 856.446237][ T9698] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 856.454189][ T9698] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 [ 856.464059][ T9807] ref_ctr increment failed for inode: 0x4e7 offset: 0x0 ref_ctr_offset: 0xfffffff6 of mm: 0x00000000fc4cb31f 03:40:49 executing program 3: fcntl$addseals(0xffffffffffffffff, 0x409, 0xe) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000000c0)={[{@rlog_wakeup_cnt}]}) 03:40:49 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 20) 03:40:49 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x10}}, 0x0) 03:40:49 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x94357700000000, 0x0, 0x0) 03:40:49 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x165) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f00000024c0)='./file0\x00', &(0x7f0000002480), 0x202004, &(0x7f0000002480)=ANY=[]) r0 = open(&(0x7f0000000080)='./file0\x00', 0x60080, 0x40) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000008440), 0x0, 0x0) read$FUSE(r1, &(0x7f0000000040)={0x2020, 0x0, 0x0, 0x0}, 0x2020) setreuid(0xee00, r2) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000000480)=0xc) setregid(0x0, r3) r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000008440), 0x0, 0x0) read$FUSE(r4, &(0x7f0000000040)={0x2020, 0x0, 0x0, 0x0}, 0x2020) setreuid(0xee00, r5) recvmsg$unix(r0, &(0x7f0000001840)={&(0x7f0000000200)=@abs, 0x6e, &(0x7f00000016c0)=[{&(0x7f0000000280)=""/169, 0xa9}, {&(0x7f0000000340)=""/207, 0xcf}, {&(0x7f0000000440)=""/12, 0xc}, {&(0x7f0000000480)=""/51, 0x33}, {&(0x7f00000004c0)=""/18, 0x12}, {&(0x7f0000000500)=""/4096, 0x1000}, {&(0x7f0000001500)=""/215, 0xd7}, {&(0x7f0000001600)=""/135, 0x87}], 0x8, &(0x7f0000001740)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000030000000000000000100000001000000", @ANYRES32=0xffffffffffffffff, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="28000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="1c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00'], 0xd8}, 0x2023) r8 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000008440), 0x0, 0x0) r9 = bpf$ITER_CREATE(0x21, &(0x7f00000023c0), 0x8) r10 = accept$packet(r6, &(0x7f0000002400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000002440)=0x14) dup2(r9, r10) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f00000020c0)=@filter={'filter\x00', 0xe, 0x4, 0x2a0, 0xffffffff, 0xd8, 0x0, 0xd8, 0xffffffff, 0xffffffff, 0x208, 0x208, 0x208, 0xffffffff, 0x4, &(0x7f0000002080), {[{{@ip={@broadcast, @loopback, 0xffffff00, 0xffffffff, 'veth1_to_bridge\x00', 'bond0\x00', {0xff}, {}, 0x84, 0x1, 0x3}, 0x0, 0xb0, 0xd8, 0x0, {}, [@common=@set={{0x40}, {{0x2, [0x5, 0x4, 0x2, 0x2, 0x4], 0x6, 0x4}}}]}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x5}}}, {{@uncond, 0x0, 0x70, 0x98}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x8}}}, {{@uncond, 0x0, 0x70, 0x98}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x3}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x300) read$FUSE(r8, &(0x7f0000000040)={0x2020, 0x0, 0x0, 0x0}, 0x2020) setreuid(0xee00, r11) mount$fuse(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x100020, &(0x7f0000001880)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xa000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r3}, 0x2c, {[{@default_permissions}, {@max_read={'max_read', 0x3d, 0x6}}, {@default_permissions}, {@max_read={'max_read', 0x3d, 0x8001}}, {@default_permissions}, {@blksize={'blksize', 0x3d, 0x1200}}, {@blksize={'blksize', 0x3d, 0xa00}}, {@default_permissions}, {@allow_other}], [{@uid_eq={'uid', 0x3d, r5}}, {@euid_gt}, {@context={'context', 0x3d, 'unconfined_u'}}, {@fowner_eq={'fowner', 0x3d, r7}}, {@smackfsfloor={'smackfsfloor', 0x3d, 'incremental-fs\x00'}}, {@uid_gt={'uid>', r11}}]}}) 03:40:49 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x8000000, 0x0, 0x0, 0x0) 03:40:49 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x6c}}, 0x0) [ 856.616811][ T9936] FAULT_INJECTION: forcing a failure. [ 856.616811][ T9936] name failslab, interval 1, probability 0, space 0, times 0 [ 856.632119][ T9936] CPU: 0 PID: 9936 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 856.643662][ T9936] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 856.653708][ T9936] Call Trace: [ 856.657004][ T9936] dump_stack_lvl+0x1e2/0x24b [ 856.661666][ T9936] ? devkmsg_release+0x127/0x127 03:40:49 executing program 3: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) perf_event_open(&(0x7f00000002c0)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0xfffffff6}, 0x0, 0x0, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', 0x0, 0x0) write(r0, &(0x7f0000000040)="80", 0x1) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000080)={[0x0, 0x10001, 0x8, 0x8, 0x3, 0x3, 0xffffffff00000000, 0x3, 0x80000000c5f, 0x4f09, 0x0, 0x7, 0x80, 0x94a, 0x7, 0xff], 0x1, 0x80200}) mmap(&(0x7f00002a4000/0x4000)=nil, 0x4000, 0x1800007, 0x12, r1, 0xffffc000) open(&(0x7f0000000140)='./bus\x00', 0x200, 0x20) ioctl$FAT_IOCTL_GET_ATTRIBUTES(r0, 0x80047210, &(0x7f0000000180)) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x4052, r0, 0x0) [ 856.666596][ T9936] ? show_regs_print_info+0x18/0x18 [ 856.671794][ T9936] dump_stack+0x15/0x1d [ 856.675948][ T9936] should_fail+0x3c0/0x510 [ 856.680362][ T9936] ? iovec_from_user+0x8a/0x310 [ 856.685211][ T9936] __should_failslab+0x9f/0xe0 [ 856.689976][ T9936] should_failslab+0x9/0x20 [ 856.694477][ T9936] __kmalloc+0x68/0x3d0 [ 856.698618][ T9936] ? _copy_from_user+0x93/0xd0 [ 856.703378][ T9936] iovec_from_user+0x8a/0x310 [ 856.708052][ T9936] ? __ia32_sys_shutdown+0x70/0x70 03:40:49 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0xc000000, 0x0, 0x0, 0x0) [ 856.713165][ T9936] __import_iovec+0x72/0x3b0 [ 856.717761][ T9936] io_recvmsg_copy_hdr+0x396/0x7f0 [ 856.722874][ T9936] ? io_poll_remove_one+0xf90/0xf90 [ 856.728071][ T9936] ? arch_stack_walk+0xf8/0x140 [ 856.732927][ T9936] io_issue_sqe+0x2ccf/0xfc10 [ 856.737607][ T9936] ? __io_req_task_cancel+0x720/0x720 [ 856.742966][ T9936] ? __rcu_read_lock+0x50/0x50 [ 856.747728][ T9936] ? is_bpf_text_address+0x1a2/0x1c0 [ 856.753011][ T9936] ? stack_trace_save+0x1e0/0x1e0 [ 856.758033][ T9936] ? __kernel_text_address+0x9a/0x110 [ 856.763401][ T9936] ? kmem_cache_free+0xaa/0x1e0 [ 856.768235][ T9936] ? kmem_cache_free+0xaa/0x1e0 [ 856.773176][ T9936] ? kasan_set_track+0x63/0x80 [ 856.777930][ T9936] ? kasan_set_track+0x4c/0x80 [ 856.782687][ T9936] ? kasan_set_free_info+0x23/0x40 [ 856.787789][ T9936] ? ____kasan_slab_free+0x133/0x170 [ 856.793177][ T9936] ? __kasan_slab_free+0x11/0x20 [ 856.798092][ T9936] ? slab_free_freelist_hook+0xb2/0x180 [ 856.803638][ T9936] ? kmem_cache_free+0xaa/0x1e0 [ 856.808513][ T9936] ? __io_free_req+0x20e/0x380 03:40:49 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0xe80}}, 0x0) 03:40:49 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x18010000, 0x0, 0x0, 0x0) [ 856.813277][ T9936] ? io_req_complete+0xeb/0x610 [ 856.818127][ T9936] ? __io_queue_sqe+0x1070/0x2fa0 [ 856.823150][ T9936] ? io_queue_sqe+0x295/0x1180 [ 856.827918][ T9936] ? io_submit_sqe+0x385/0xfd0 [ 856.832684][ T9936] ? io_submit_sqes+0x1050/0x2da0 [ 856.837714][ T9936] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 856.843437][ T9936] ? __x64_sys_io_uring_enter+0xe5/0x100 [ 856.849075][ T9936] ? do_syscall_64+0x31/0x70 [ 856.853669][ T9936] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 856.859733][ T9936] ? kmem_cache_free+0xaa/0x1e0 [ 856.864571][ T9936] ? debug_smp_processor_id+0x1c/0x20 [ 856.869930][ T9936] ? kmem_cache_free+0xaa/0x1e0 [ 856.874771][ T9936] ? ____kasan_slab_free+0x13e/0x170 [ 856.880053][ T9936] ? __kasan_slab_free+0x11/0x20 [ 856.884998][ T9936] ? slab_free_freelist_hook+0xb2/0x180 [ 856.890584][ T9936] ? __rcu_read_lock+0x50/0x50 [ 856.895332][ T9936] ? io_req_prep+0x1906/0x51b0 [ 856.900090][ T9936] ? io_queue_sqe+0x1180/0x1180 [ 856.904941][ T9936] ? __rcu_read_lock+0x50/0x50 [ 856.909708][ T9936] __io_queue_sqe+0x2cf/0x2fa0 03:40:49 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x37fe0}}, 0x0) 03:40:49 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x1f000000, 0x0, 0x0, 0x0) [ 856.914484][ T9936] io_queue_sqe+0x295/0x1180 [ 856.919080][ T9936] io_submit_sqe+0x385/0xfd0 [ 856.923685][ T9936] ? io_file_get+0x437/0x9c0 [ 856.928275][ T9936] io_submit_sqes+0x1050/0x2da0 [ 856.933134][ T9936] ? io_uring_add_task_file+0x290/0x290 [ 856.938683][ T9936] ? security_file_permission+0xa8/0xc0 [ 856.944276][ T9936] ? __kasan_check_write+0x14/0x20 [ 856.949390][ T9936] ? mutex_lock+0xa6/0x110 [ 856.953811][ T9936] ? io_uring_add_task_file+0x127/0x290 [ 856.959357][ T9936] ? __fdget+0x1b5/0x240 [ 856.963602][ T9936] __se_sys_io_uring_enter+0x322/0x12b0 [ 856.969138][ T9936] ? __fget_files+0x26d/0x2c0 [ 856.973808][ T9936] ? __kasan_check_write+0x14/0x20 [ 856.978915][ T9936] ? fput_many+0x47/0x1a0 [ 856.983255][ T9936] ? __x64_sys_io_uring_enter+0x100/0x100 [ 856.989027][ T9936] ? __ia32_sys_read+0x90/0x90 [ 856.993774][ T9936] ? debug_smp_processor_id+0x1c/0x20 [ 856.999138][ T9936] __x64_sys_io_uring_enter+0xe5/0x100 [ 857.004602][ T9936] do_syscall_64+0x31/0x70 [ 857.009023][ T9936] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 857.014913][ T9936] RIP: 0033:0x7f5fb5d49a39 [ 857.019328][ T9936] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 857.038929][ T9936] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 857.047342][ T9936] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 857.055317][ T9936] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 03:40:49 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 21) 03:40:49 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x200002e0}}, 0x0) 03:40:49 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x38000000, 0x0, 0x0, 0x0) 03:40:49 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0xf0ff7f00000000, 0x0, 0x0) 03:40:49 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000000c0)={[{@rlog_wakeup_cnt}]}) newfstatat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180), 0x400) [ 857.063291][ T9936] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 [ 857.071255][ T9936] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 857.079218][ T9936] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:40:49 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x7ffff000}}, 0x0) 03:40:49 executing program 3: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x94357700000000, 0x0, 0x0) 03:40:49 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x40000000, 0x0, 0x0, 0x0) 03:40:49 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000000c0)={[{@rlog_wakeup_cnt}]}) mount(&(0x7f0000000080)=@sr0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='sockfs\x00', 0x2000800, &(0x7f0000000200)='V\x9a\x00') mkdir(&(0x7f0000000280)='./file1\x00', 0x20) unlink(&(0x7f0000000240)='./file0\x00') 03:40:49 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0xf0ffffff7f0000, 0x0, 0x0) 03:40:49 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0xfffffdef}}, 0x0) [ 857.278990][T10743] FAULT_INJECTION: forcing a failure. [ 857.278990][T10743] name fail_usercopy, interval 1, probability 0, space 0, times 0 03:40:50 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x2}, 0x0) [ 857.321041][T10743] CPU: 0 PID: 10743 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 857.331756][T10762] sockfs: Unknown parameter 'Vš' [ 857.332681][T10743] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 857.332686][T10743] Call Trace: [ 857.332705][T10743] dump_stack_lvl+0x1e2/0x24b [ 857.332725][T10743] ? show_regs_print_info+0x18/0x18 [ 857.360814][T10743] dump_stack+0x15/0x1d [ 857.364974][T10743] should_fail+0x3c0/0x510 [ 857.369397][T10743] should_fail_usercopy+0x1a/0x20 [ 857.374419][T10743] _copy_from_user+0x20/0xd0 [ 857.379012][T10743] iovec_from_user+0xc7/0x310 [ 857.383700][T10743] ? __ia32_sys_shutdown+0x70/0x70 [ 857.388819][T10743] __import_iovec+0x72/0x3b0 [ 857.393416][T10743] io_recvmsg_copy_hdr+0x396/0x7f0 [ 857.398534][T10743] ? io_poll_remove_one+0xf90/0xf90 [ 857.403739][T10743] ? arch_stack_walk+0xf8/0x140 [ 857.408595][T10743] io_issue_sqe+0x2ccf/0xfc10 [ 857.413270][T10743] ? __io_req_task_cancel+0x720/0x720 [ 857.418638][T10743] ? __rcu_read_lock+0x50/0x50 [ 857.423411][T10743] ? is_bpf_text_address+0x1a2/0x1c0 [ 857.428690][T10743] ? stack_trace_save+0x1e0/0x1e0 [ 857.433708][T10743] ? __kernel_text_address+0x9a/0x110 [ 857.439076][T10743] ? kmem_cache_free+0xaa/0x1e0 [ 857.443917][T10743] ? kmem_cache_free+0xaa/0x1e0 [ 857.448766][T10743] ? kasan_set_track+0x63/0x80 [ 857.453531][T10743] ? kasan_set_track+0x4c/0x80 [ 857.458299][T10743] ? kasan_set_free_info+0x23/0x40 [ 857.463411][T10743] ? ____kasan_slab_free+0x133/0x170 [ 857.468700][T10743] ? __kasan_slab_free+0x11/0x20 [ 857.473643][T10743] ? slab_free_freelist_hook+0xb2/0x180 [ 857.479184][T10743] ? kmem_cache_free+0xaa/0x1e0 [ 857.484027][T10743] ? __io_free_req+0x20e/0x380 [ 857.488783][T10743] ? io_req_complete+0xeb/0x610 [ 857.493689][T10743] ? __io_queue_sqe+0x1070/0x2fa0 [ 857.498698][T10743] ? io_queue_sqe+0x295/0x1180 [ 857.503440][T10743] ? io_submit_sqe+0x385/0xfd0 [ 857.508184][T10743] ? io_submit_sqes+0x1050/0x2da0 [ 857.513188][T10743] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 857.518882][T10743] ? __x64_sys_io_uring_enter+0xe5/0x100 [ 857.524495][T10743] ? do_syscall_64+0x31/0x70 [ 857.529060][T10743] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 857.535103][T10743] ? kmem_cache_free+0xaa/0x1e0 [ 857.539926][T10743] ? debug_smp_processor_id+0x1c/0x20 [ 857.545268][T10743] ? kmem_cache_free+0xaa/0x1e0 [ 857.550090][T10743] ? ____kasan_slab_free+0x13e/0x170 [ 857.555348][T10743] ? __kasan_slab_free+0x11/0x20 [ 857.560257][T10743] ? slab_free_freelist_hook+0xb2/0x180 [ 857.565776][T10743] ? __rcu_read_lock+0x50/0x50 [ 857.570512][T10743] ? io_req_prep+0x1906/0x51b0 [ 857.575248][T10743] ? io_queue_sqe+0x1180/0x1180 [ 857.580072][T10743] ? __rcu_read_lock+0x50/0x50 [ 857.584856][T10743] __io_queue_sqe+0x2cf/0x2fa0 [ 857.589595][T10743] io_queue_sqe+0x295/0x1180 [ 857.594158][T10743] io_submit_sqe+0x385/0xfd0 [ 857.598734][T10743] ? io_file_get+0x437/0x9c0 [ 857.603308][T10743] io_submit_sqes+0x1050/0x2da0 [ 857.608152][T10743] ? io_uring_add_task_file+0x290/0x290 [ 857.613682][T10743] ? security_file_permission+0xa8/0xc0 [ 857.619206][T10743] ? __kasan_check_write+0x14/0x20 [ 857.624289][T10743] ? mutex_lock+0xa6/0x110 [ 857.628681][T10743] ? io_uring_add_task_file+0x127/0x290 [ 857.634199][T10743] ? __fdget+0x1b5/0x240 [ 857.638415][T10743] __se_sys_io_uring_enter+0x322/0x12b0 [ 857.643938][T10743] ? __fget_files+0x26d/0x2c0 [ 857.648589][T10743] ? __kasan_check_write+0x14/0x20 [ 857.653670][T10743] ? fput_many+0x47/0x1a0 [ 857.657974][T10743] ? __x64_sys_io_uring_enter+0x100/0x100 [ 857.663675][T10743] ? __ia32_sys_read+0x90/0x90 [ 857.668419][T10743] ? debug_smp_processor_id+0x1c/0x20 [ 857.673777][T10743] __x64_sys_io_uring_enter+0xe5/0x100 [ 857.679219][T10743] do_syscall_64+0x31/0x70 [ 857.683621][T10743] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 857.689492][T10743] RIP: 0033:0x7f5fb5d49a39 [ 857.693881][T10743] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 857.713477][T10743] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa 03:40:50 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 22) 03:40:50 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="726c6f677f77616b6575705f636e743d30303030303030303030303030303030302c80000000"]) 03:40:50 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x5}, 0x0) 03:40:50 executing program 3: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x1801, 0x0, 0x0, 0x0) 03:40:50 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0xfeffff00000000, 0x0, 0x0) 03:40:50 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x40410000, 0x0, 0x0, 0x0) [ 857.721875][T10743] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 857.729825][T10743] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 [ 857.737787][T10743] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 [ 857.745779][T10743] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 857.753739][T10743] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:40:50 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x8}, 0x0) 03:40:50 executing program 3: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x7ffff000, 0x0, 0x0) 03:40:50 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="726c6f675f77616b6575705f636e743d3030303e303030303130faa82beb37095dbf8f24efa73030303030303030302c00"]) stat(&(0x7f0000000080)='./file0\x00', &(0x7f0000000180)) openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x80000, 0x40) [ 857.828256][T10992] incfs: Options parsing error. -22 03:40:50 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x100000000000000, 0x0, 0x0) 03:40:50 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x3d}, 0x0) 03:40:50 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x77359400, 0x0, 0x0, 0x0) [ 857.876039][T11066] FAULT_INJECTION: forcing a failure. [ 857.876039][T11066] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 857.890038][T11066] CPU: 0 PID: 11066 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 857.901792][T11066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 857.911850][T11066] Call Trace: [ 857.915157][T11066] dump_stack_lvl+0x1e2/0x24b [ 857.919834][T11066] ? show_regs_print_info+0x18/0x18 [ 857.925043][T11066] ? kfree+0xca/0x310 [ 857.929141][T11066] dump_stack+0x15/0x1d [ 857.933300][T11066] should_fail+0x3c0/0x510 [ 857.937720][T11066] should_fail_usercopy+0x1a/0x20 [ 857.942738][T11066] _copy_from_user+0x20/0xd0 [ 857.947331][T11066] __copy_msghdr_from_user+0xaf/0x730 [ 857.952697][T11066] ? __import_iovec+0x343/0x3b0 [ 857.957550][T11066] ? __ia32_sys_shutdown+0x70/0x70 [ 857.962668][T11066] io_recvmsg_copy_hdr+0x1cf/0x7f0 [ 857.967778][T11066] ? io_poll_remove_one+0xf90/0xf90 [ 857.972978][T11066] ? arch_stack_walk+0xf8/0x140 [ 857.977834][T11066] io_issue_sqe+0x2ccf/0xfc10 [ 857.982515][T11066] ? __io_req_task_cancel+0x720/0x720 [ 857.987894][T11066] ? __rcu_read_lock+0x50/0x50 [ 857.992661][T11066] ? is_bpf_text_address+0x1a2/0x1c0 [ 857.993596][T11123] incfs: Options parsing error. -22 [ 857.997939][T11066] ? stack_trace_save+0x1e0/0x1e0 [ 857.997953][T11066] ? __kernel_text_address+0x9a/0x110 [ 857.997974][T11066] ? kmem_cache_free+0xaa/0x1e0 [ 858.012841][T11123] incfs: Options parsing error. -22 [ 858.013509][T11066] ? kmem_cache_free+0xaa/0x1e0 [ 858.013521][T11066] ? kasan_set_track+0x63/0x80 [ 858.013530][T11066] ? kasan_set_track+0x4c/0x80 [ 858.013540][T11066] ? kasan_set_free_info+0x23/0x40 [ 858.013552][T11066] ? ____kasan_slab_free+0x133/0x170 [ 858.013562][T11066] ? __kasan_slab_free+0x11/0x20 [ 858.013572][T11066] ? slab_free_freelist_hook+0xb2/0x180 [ 858.013580][T11066] ? kmem_cache_free+0xaa/0x1e0 [ 858.013597][T11066] ? __io_free_req+0x20e/0x380 [ 858.068335][T11066] ? io_req_complete+0xeb/0x610 [ 858.073188][T11066] ? __io_queue_sqe+0x1070/0x2fa0 [ 858.078216][T11066] ? io_queue_sqe+0x295/0x1180 [ 858.082978][T11066] ? io_submit_sqe+0x385/0xfd0 [ 858.087736][T11066] ? io_submit_sqes+0x1050/0x2da0 [ 858.092764][T11066] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 858.098484][T11066] ? __x64_sys_io_uring_enter+0xe5/0x100 [ 858.104115][T11066] ? do_syscall_64+0x31/0x70 [ 858.108704][T11066] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 858.114779][T11066] ? kmem_cache_free+0xaa/0x1e0 [ 858.119633][T11066] ? debug_smp_processor_id+0x1c/0x20 [ 858.125011][T11066] ? kmem_cache_free+0xaa/0x1e0 [ 858.129866][T11066] ? ____kasan_slab_free+0x13e/0x170 [ 858.135158][T11066] ? __kasan_slab_free+0x11/0x20 [ 858.140080][T11066] ? slab_free_freelist_hook+0xb2/0x180 [ 858.145599][T11066] ? __rcu_read_lock+0x50/0x50 [ 858.150344][T11066] ? io_req_prep+0x1906/0x51b0 [ 858.155089][T11066] ? io_queue_sqe+0x1180/0x1180 [ 858.159919][T11066] ? __rcu_read_lock+0x50/0x50 [ 858.164654][T11066] __io_queue_sqe+0x2cf/0x2fa0 [ 858.169401][T11066] io_queue_sqe+0x295/0x1180 [ 858.173966][T11066] io_submit_sqe+0x385/0xfd0 [ 858.178527][T11066] ? io_file_get+0x437/0x9c0 [ 858.183093][T11066] io_submit_sqes+0x1050/0x2da0 [ 858.187926][T11066] ? io_uring_add_task_file+0x290/0x290 [ 858.193468][T11066] ? security_file_permission+0xa8/0xc0 [ 858.198989][T11066] ? __kasan_check_write+0x14/0x20 [ 858.204071][T11066] ? mutex_lock+0xa6/0x110 [ 858.208459][T11066] ? io_uring_add_task_file+0x127/0x290 [ 858.213976][T11066] ? __fdget+0x1b5/0x240 [ 858.218235][T11066] __se_sys_io_uring_enter+0x322/0x12b0 [ 858.223752][T11066] ? __fget_files+0x26d/0x2c0 [ 858.228402][T11066] ? __kasan_check_write+0x14/0x20 [ 858.233487][T11066] ? fput_many+0x47/0x1a0 [ 858.237789][T11066] ? __x64_sys_io_uring_enter+0x100/0x100 [ 858.243481][T11066] ? __ia32_sys_read+0x90/0x90 [ 858.248219][T11066] ? debug_smp_processor_id+0x1c/0x20 [ 858.253563][T11066] __x64_sys_io_uring_enter+0xe5/0x100 [ 858.258990][T11066] do_syscall_64+0x31/0x70 [ 858.263378][T11066] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 858.269239][T11066] RIP: 0033:0x7f5fb5d49a39 [ 858.273627][T11066] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 858.293207][T11066] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 858.301593][T11066] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 858.309538][T11066] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 [ 858.317483][T11066] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 03:40:51 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 23) 03:40:51 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x300}, 0x0) 03:40:51 executing program 3: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x40410000, 0x0, 0x0, 0x0) 03:40:51 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000008440), 0x0, 0x0) read$FUSE(r0, &(0x7f0000000040)={0x2020, 0x0, 0x0, 0x0}, 0x2020) setreuid(0xee00, r1) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000001c0)={0x0, 0x0, 0x0}, &(0x7f0000000200)=0xc) read$FUSE(0xffffffffffffffff, &(0x7f0000000240)={0x2020, 0x0, 0x0, 0x0}, 0x2020) syz_mount_image$fuse(&(0x7f0000000080), &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x60, &(0x7f0000002280)={{}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id', 0x3d, r1}, 0x2c, {'group_id', 0x3d, r2}, 0x2c, {[{@max_read={'max_read', 0x3d, 0xffff}}, {@allow_other}, {@blksize={'blksize', 0x3d, 0x800}}, {@allow_other}, {@default_permissions}, {@blksize={'blksize', 0x3d, 0x800}}, {@allow_other}], [{@uid_lt={'uid<', r3}}, {@fsname={'fsname', 0x3d, 'rlog_wakeup_cnt'}}, {@fsname={'fsname', 0x3d, 'incremental-fs\x00'}}, {@obj_role}, {@subj_user={'subj_user', 0x3d, 'incremental-fs\x00'}}]}}) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000000c0)={[{@rlog_wakeup_cnt}]}) 03:40:51 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x7fffefe0, 0x0, 0x0, 0x0) 03:40:51 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x200000000000000, 0x0, 0x0) 03:40:51 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x2}, 0x0) [ 858.325433][T11066] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 858.333377][T11066] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:40:51 executing program 3: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0xfeffff00000000, 0x0, 0x0) 03:40:51 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) r0 = syz_open_dev$vcsn(&(0x7f0000000300), 0x5, 0x2000) sendto$unix(r0, &(0x7f0000000340)="fc3b326f8b4efda940713c8e2863f56b75a74b64ef0014879a12a0bfe5bd4a80770dd0918038b4971c89", 0x2a, 0x0, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000000c0)={[{@rlog_wakeup_cnt}]}) mount(&(0x7f0000000200)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='configfs\x00', 0x3, &(0x7f00000002c0)='incremental-fs\x00') lstat(&(0x7f0000000080)='./file0\x00', &(0x7f0000000400)) 03:40:51 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x7ffff000, 0x0, 0x0, 0x0) [ 858.437978][T11424] FAULT_INJECTION: forcing a failure. [ 858.437978][T11424] name failslab, interval 1, probability 0, space 0, times 0 [ 858.451415][T11424] CPU: 0 PID: 11424 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 858.463048][T11424] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 858.473100][T11424] Call Trace: [ 858.476385][T11424] dump_stack_lvl+0x1e2/0x24b [ 858.481056][T11424] ? devkmsg_release+0x127/0x127 03:40:51 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x3}, 0x0) [ 858.485991][T11424] ? show_regs_print_info+0x18/0x18 [ 858.491191][T11424] dump_stack+0x15/0x1d [ 858.495336][T11424] should_fail+0x3c0/0x510 [ 858.499774][T11424] ? iovec_from_user+0x8a/0x310 [ 858.504632][T11424] __should_failslab+0x9f/0xe0 [ 858.509389][T11424] should_failslab+0x9/0x20 [ 858.513873][T11424] __kmalloc+0x68/0x3d0 [ 858.518127][T11424] ? _copy_from_user+0x93/0xd0 [ 858.522890][T11424] iovec_from_user+0x8a/0x310 [ 858.527575][T11424] ? __ia32_sys_shutdown+0x70/0x70 [ 858.532784][T11424] __import_iovec+0x72/0x3b0 [ 858.537374][T11424] io_recvmsg_copy_hdr+0x396/0x7f0 [ 858.542490][T11424] ? io_poll_remove_one+0xf90/0xf90 [ 858.547718][T11424] ? arch_stack_walk+0xf8/0x140 [ 858.552574][T11424] io_issue_sqe+0x2ccf/0xfc10 [ 858.557258][T11424] ? __io_req_task_cancel+0x720/0x720 [ 858.562627][T11424] ? __rcu_read_lock+0x50/0x50 [ 858.567389][T11424] ? is_bpf_text_address+0x1a2/0x1c0 [ 858.572680][T11424] ? stack_trace_save+0x1e0/0x1e0 [ 858.577709][T11424] ? __kernel_text_address+0x9a/0x110 [ 858.583085][T11424] ? kmem_cache_free+0xaa/0x1e0 03:40:51 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x807e0000, 0x0, 0x0, 0x0) [ 858.587932][T11424] ? kmem_cache_free+0xaa/0x1e0 [ 858.592780][T11424] ? kasan_set_track+0x63/0x80 [ 858.597538][T11424] ? kasan_set_track+0x4c/0x80 [ 858.602297][T11424] ? kasan_set_free_info+0x23/0x40 [ 858.607409][T11424] ? ____kasan_slab_free+0x133/0x170 [ 858.612687][T11424] ? __kasan_slab_free+0x11/0x20 [ 858.617622][T11424] ? slab_free_freelist_hook+0xb2/0x180 [ 858.623164][T11424] ? kmem_cache_free+0xaa/0x1e0 [ 858.628014][T11424] ? __io_free_req+0x20e/0x380 [ 858.632767][T11424] ? io_req_complete+0xeb/0x610 [ 858.637608][T11424] ? __io_queue_sqe+0x1070/0x2fa0 [ 858.642623][T11424] ? io_queue_sqe+0x295/0x1180 [ 858.647366][T11424] ? io_submit_sqe+0x385/0xfd0 [ 858.652117][T11424] ? io_submit_sqes+0x1050/0x2da0 [ 858.657137][T11424] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 858.662842][T11424] ? __x64_sys_io_uring_enter+0xe5/0x100 [ 858.668462][T11424] ? do_syscall_64+0x31/0x70 [ 858.673046][T11424] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 858.679104][T11424] ? kmem_cache_free+0xaa/0x1e0 [ 858.683943][T11424] ? debug_smp_processor_id+0x1c/0x20 [ 858.689303][T11424] ? kmem_cache_free+0xaa/0x1e0 [ 858.694151][T11424] ? ____kasan_slab_free+0x13e/0x170 [ 858.699430][T11424] ? __kasan_slab_free+0x11/0x20 [ 858.704353][T11424] ? slab_free_freelist_hook+0xb2/0x180 [ 858.709890][T11424] ? __rcu_read_lock+0x50/0x50 [ 858.714645][T11424] ? io_req_prep+0x1906/0x51b0 [ 858.719389][T11424] ? io_queue_sqe+0x1180/0x1180 [ 858.724213][T11424] ? __rcu_read_lock+0x50/0x50 [ 858.728950][T11424] __io_queue_sqe+0x2cf/0x2fa0 [ 858.733699][T11424] io_queue_sqe+0x295/0x1180 [ 858.738277][T11424] io_submit_sqe+0x385/0xfd0 [ 858.742847][T11424] ? io_file_get+0x437/0x9c0 [ 858.747411][T11424] io_submit_sqes+0x1050/0x2da0 [ 858.752242][T11424] ? io_uring_add_task_file+0x290/0x290 [ 858.757763][T11424] ? security_file_permission+0xa8/0xc0 [ 858.763284][T11424] ? __kasan_check_write+0x14/0x20 [ 858.768370][T11424] ? mutex_lock+0xa6/0x110 [ 858.772759][T11424] ? io_uring_add_task_file+0x127/0x290 [ 858.778276][T11424] ? __fdget+0x1b5/0x240 [ 858.782491][T11424] __se_sys_io_uring_enter+0x322/0x12b0 [ 858.788058][T11424] ? __fget_files+0x26d/0x2c0 [ 858.792711][T11424] ? __kasan_check_write+0x14/0x20 [ 858.797790][T11424] ? fput_many+0x47/0x1a0 [ 858.802091][T11424] ? __x64_sys_io_uring_enter+0x100/0x100 [ 858.807781][T11424] ? __ia32_sys_read+0x90/0x90 [ 858.812519][T11424] ? debug_smp_processor_id+0x1c/0x20 [ 858.817863][T11424] __x64_sys_io_uring_enter+0xe5/0x100 [ 858.823311][T11424] do_syscall_64+0x31/0x70 [ 858.827715][T11424] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 858.833589][T11424] RIP: 0033:0x7f5fb5d49a39 [ 858.837984][T11424] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 858.857564][T11424] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 858.865949][T11424] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 858.873898][T11424] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 [ 858.881842][T11424] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 03:40:51 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 24) 03:40:51 executing program 3: unshare(0x40000400) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x2, 0x4, 0x4, 0x1}, 0x40) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0}, 0x38) (fail_nth: 1) 03:40:51 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x4}, 0x0) 03:40:51 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0xa0028000, 0x0, 0x0, 0x0) 03:40:51 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x400000000000000, 0x0, 0x0) [ 858.889784][T11424] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 858.897728][T11424] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:40:51 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x5}, 0x0) 03:40:51 executing program 3: unshare(0x40000400) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x2, 0x4, 0x4, 0x1}, 0x40) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0}, 0x38) 03:40:51 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="726c6f675f77617ffffbff000000003d30301a3030303030000002000000302c000000000000"]) 03:40:51 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0xe0efff7f, 0x0, 0x0, 0x0) [ 858.994238][T11814] configfs: Unknown parameter 'incremental-fs' [ 859.011487][T11884] FAULT_INJECTION: forcing a failure. [ 859.011487][T11884] name fail_usercopy, interval 1, probability 0, space 0, times 0 03:40:51 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x6}, 0x0) [ 859.068199][T11884] CPU: 1 PID: 11884 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 859.079860][T11884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 859.089913][T11884] Call Trace: [ 859.093186][T11884] dump_stack_lvl+0x1e2/0x24b [ 859.097836][T11884] ? show_regs_print_info+0x18/0x18 [ 859.103028][T11884] dump_stack+0x15/0x1d [ 859.107177][T11884] should_fail+0x3c0/0x510 [ 859.111657][T11884] should_fail_usercopy+0x1a/0x20 [ 859.116654][T11884] _copy_from_user+0x20/0xd0 [ 859.121216][T11884] iovec_from_user+0xc7/0x310 [ 859.125867][T11884] ? __ia32_sys_shutdown+0x70/0x70 [ 859.130950][T11884] __import_iovec+0x72/0x3b0 [ 859.135517][T11884] io_recvmsg_copy_hdr+0x396/0x7f0 [ 859.140614][T11884] ? io_poll_remove_one+0xf90/0xf90 [ 859.145784][T11884] ? arch_stack_walk+0xf8/0x140 [ 859.150605][T11884] io_issue_sqe+0x2ccf/0xfc10 [ 859.155256][T11884] ? __io_req_task_cancel+0x720/0x720 [ 859.160600][T11884] ? __rcu_read_lock+0x50/0x50 [ 859.165340][T11884] ? is_bpf_text_address+0x1a2/0x1c0 [ 859.170609][T11884] ? stack_trace_save+0x1e0/0x1e0 [ 859.175606][T11884] ? __kernel_text_address+0x9a/0x110 [ 859.180952][T11884] ? kmem_cache_free+0xaa/0x1e0 [ 859.185772][T11884] ? kmem_cache_free+0xaa/0x1e0 [ 859.190594][T11884] ? kasan_set_track+0x63/0x80 [ 859.195332][T11884] ? kasan_set_track+0x4c/0x80 [ 859.200086][T11884] ? kasan_set_free_info+0x23/0x40 [ 859.205166][T11884] ? ____kasan_slab_free+0x133/0x170 [ 859.210421][T11884] ? __kasan_slab_free+0x11/0x20 [ 859.215331][T11884] ? slab_free_freelist_hook+0xb2/0x180 [ 859.220845][T11884] ? kmem_cache_free+0xaa/0x1e0 [ 859.225665][T11884] ? __io_free_req+0x20e/0x380 [ 859.230400][T11884] ? io_req_complete+0xeb/0x610 [ 859.235219][T11884] ? __io_queue_sqe+0x1070/0x2fa0 [ 859.240215][T11884] ? io_queue_sqe+0x295/0x1180 [ 859.244949][T11884] ? io_submit_sqe+0x385/0xfd0 [ 859.249687][T11884] ? io_submit_sqes+0x1050/0x2da0 [ 859.254681][T11884] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 859.260372][T11884] ? __x64_sys_io_uring_enter+0xe5/0x100 [ 859.265976][T11884] ? do_syscall_64+0x31/0x70 [ 859.270537][T11884] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 859.276578][T11884] ? kmem_cache_free+0xaa/0x1e0 [ 859.281400][T11884] ? debug_smp_processor_id+0x1c/0x20 [ 859.286741][T11884] ? kmem_cache_free+0xaa/0x1e0 [ 859.291564][T11884] ? ____kasan_slab_free+0x13e/0x170 [ 859.296818][T11884] ? __kasan_slab_free+0x11/0x20 [ 859.301726][T11884] ? slab_free_freelist_hook+0xb2/0x180 [ 859.307244][T11884] ? __rcu_read_lock+0x50/0x50 [ 859.311980][T11884] ? io_req_prep+0x1906/0x51b0 [ 859.316716][T11884] ? io_queue_sqe+0x1180/0x1180 [ 859.321537][T11884] ? __rcu_read_lock+0x50/0x50 [ 859.326277][T11884] __io_queue_sqe+0x2cf/0x2fa0 [ 859.331011][T11884] io_queue_sqe+0x295/0x1180 [ 859.335573][T11884] io_submit_sqe+0x385/0xfd0 [ 859.340135][T11884] ? io_file_get+0x437/0x9c0 [ 859.344699][T11884] io_submit_sqes+0x1050/0x2da0 [ 859.349532][T11884] ? io_uring_add_task_file+0x290/0x290 [ 859.355055][T11884] ? security_file_permission+0xa8/0xc0 [ 859.360573][T11884] ? __kasan_check_write+0x14/0x20 [ 859.365667][T11884] ? mutex_lock+0xa6/0x110 [ 859.370058][T11884] ? io_uring_add_task_file+0x127/0x290 [ 859.375572][T11884] ? __fdget+0x1b5/0x240 [ 859.379787][T11884] __se_sys_io_uring_enter+0x322/0x12b0 [ 859.385308][T11884] ? __fget_files+0x26d/0x2c0 [ 859.389955][T11884] ? __kasan_check_write+0x14/0x20 [ 859.395046][T11884] ? fput_many+0x47/0x1a0 [ 859.399348][T11884] ? __x64_sys_io_uring_enter+0x100/0x100 [ 859.405037][T11884] ? __ia32_sys_read+0x90/0x90 [ 859.409773][T11884] ? debug_smp_processor_id+0x1c/0x20 [ 859.415122][T11884] __x64_sys_io_uring_enter+0xe5/0x100 [ 859.420550][T11884] do_syscall_64+0x31/0x70 [ 859.424938][T11884] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 859.430800][T11884] RIP: 0033:0x7f5fb5d49a39 [ 859.435209][T11884] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 859.454785][T11884] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa 03:40:52 executing program 3: unshare(0x40000400) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x2, 0x4, 0x4, 0x1}, 0x40) bpf$MAP_LOOKUP_BATCH(0x2, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0}, 0x38) 03:40:52 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x40100000c010000, 0x0, 0x0) 03:40:52 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 25) [ 859.463181][T11884] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 859.471125][T11884] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 [ 859.479102][T11884] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 [ 859.487047][T11884] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 859.494990][T11884] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:40:52 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) rename(&(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='./file0\x00') mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="726c6f6747aeeec7657501705f636e2a3c3030300000000000000000eaf217684000b44a97efe74b2e0223ece73ce7e0cc67a7e7ed4174c79496659880809b758f664b1e45bae2251bdee34aef116e678b7a17edf70df239a293da716474e0651712739cbf915b015d141d1e09c93d22a4cad07757bd65d2d08746d6f5cd2768abb1e4e810ecdf4b36a6cd22d133b4a9d7e40dbef599c0c5ffa2f5e1e2fe7e5a669926f80c785be9"]) 03:40:52 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x7}, 0x0) [ 859.552161][T12045] incfs: Options parsing error. -22 03:40:52 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x800000000000000, 0x0, 0x0) 03:40:52 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0xeffdffff, 0x0, 0x0, 0x0) [ 859.601797][T12098] FAULT_INJECTION: forcing a failure. [ 859.601797][T12098] name failslab, interval 1, probability 0, space 0, times 0 [ 859.628492][T12098] CPU: 1 PID: 12098 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 859.640129][T12098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 859.650177][T12098] Call Trace: [ 859.653465][T12098] dump_stack_lvl+0x1e2/0x24b [ 859.658134][T12098] ? devkmsg_release+0x127/0x127 [ 859.663064][T12098] ? show_regs_print_info+0x18/0x18 [ 859.668242][T12098] ? __io_queue_sqe+0x1561/0x2fa0 [ 859.673239][T12098] dump_stack+0x15/0x1d [ 859.677375][T12098] should_fail+0x3c0/0x510 [ 859.681782][T12098] __should_failslab+0x9f/0xe0 [ 859.686525][T12098] should_failslab+0x9/0x20 [ 859.691001][T12098] kmem_cache_alloc_bulk+0x30/0x3f0 [ 859.696175][T12098] io_submit_sqes+0x6bf/0x2da0 [ 859.700914][T12098] ? io_uring_add_task_file+0x290/0x290 [ 859.706433][T12098] ? security_file_permission+0xa8/0xc0 [ 859.711955][T12098] ? __kasan_check_write+0x14/0x20 [ 859.717102][T12098] ? mutex_lock+0xa6/0x110 [ 859.721666][T12098] ? io_uring_add_task_file+0x127/0x290 [ 859.727188][T12098] ? __fdget+0x1b5/0x240 [ 859.731404][T12098] __se_sys_io_uring_enter+0x322/0x12b0 [ 859.736961][T12098] ? __fget_files+0x26d/0x2c0 [ 859.741614][T12098] ? __kasan_check_write+0x14/0x20 [ 859.746732][T12098] ? fput_many+0x47/0x1a0 [ 859.751037][T12098] ? __x64_sys_io_uring_enter+0x100/0x100 [ 859.756734][T12098] ? __ia32_sys_read+0x90/0x90 [ 859.761485][T12098] ? debug_smp_processor_id+0x1c/0x20 [ 859.766833][T12098] __x64_sys_io_uring_enter+0xe5/0x100 [ 859.772328][T12098] do_syscall_64+0x31/0x70 [ 859.776735][T12098] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 859.782600][T12098] RIP: 0033:0x7f5fb5d49a39 [ 859.786996][T12098] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 859.806580][T12098] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 859.814966][T12098] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 859.822911][T12098] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 [ 859.830864][T12098] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 [ 859.838806][T12098] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 03:40:52 executing program 3: unshare(0x40000400) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x2, 0x4, 0x4, 0x1}, 0x40) bpf$MAP_LOOKUP_BATCH(0x3, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0}, 0x38) 03:40:52 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x9}, 0x0) 03:40:52 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 26) [ 859.846755][T12098] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:40:52 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="08bb230aa1edb46d6575705f636e743d30303030303030303030303030303030303030302c00"]) 03:40:52 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x83}, 0x0) 03:40:52 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0xf5ffffff, 0x0, 0x0, 0x0) 03:40:52 executing program 1: r0 = request_key(&(0x7f0000000080)='cifs.spnego\x00', &(0x7f0000000180)={'syz', 0x0}, &(0x7f00000001c0)=')[\x00', 0xfffffffffffffffc) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) openat2$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)={0x1, 0x10, 0x1}, 0x18) add_key$fscrypt_v1(&(0x7f0000000280), &(0x7f00000002c0)={'fscrypt:', @desc2}, &(0x7f0000000300)={0x0, "aa15b8f318f0654c9f7e67ff8fbc1dbf49c1ed4b14857f623d5fa958ce2197b7e6695ca5004b3004301ecdf2d4a0440c4f86c89472f8f3c45fe29a0e9398a313", 0x1d}, 0x48, r0) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000000c0)={[{@rlog_wakeup_cnt}]}) 03:40:52 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x300}, 0x0) 03:40:52 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0xc00000000000000, 0x0, 0x0) [ 859.961086][T12305] FAULT_INJECTION: forcing a failure. [ 859.961086][T12305] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 859.979372][T12415] incfs: Options parsing error. -22 03:40:52 executing program 3: unshare(0x40000400) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x2, 0x4, 0x4, 0x1}, 0x40) bpf$MAP_LOOKUP_BATCH(0x4, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0}, 0x38) [ 860.020820][T12305] CPU: 1 PID: 12305 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 860.032445][T12305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 860.042477][T12305] Call Trace: [ 860.045745][T12305] dump_stack_lvl+0x1e2/0x24b [ 860.050396][T12305] ? show_regs_print_info+0x18/0x18 [ 860.055564][T12305] dump_stack+0x15/0x1d [ 860.059689][T12305] should_fail+0x3c0/0x510 [ 860.064074][T12305] should_fail_usercopy+0x1a/0x20 [ 860.069070][T12305] _copy_from_user+0x20/0xd0 [ 860.073666][T12305] iovec_from_user+0xc7/0x310 [ 860.078331][T12305] ? __ia32_sys_shutdown+0x70/0x70 [ 860.083414][T12305] __import_iovec+0x72/0x3b0 [ 860.087979][T12305] io_recvmsg_copy_hdr+0x396/0x7f0 [ 860.093062][T12305] ? io_poll_remove_one+0xf90/0xf90 [ 860.098229][T12305] ? arch_stack_walk+0xf8/0x140 [ 860.103050][T12305] io_issue_sqe+0x2ccf/0xfc10 [ 860.107701][T12305] ? __io_req_task_cancel+0x720/0x720 [ 860.113046][T12305] ? __rcu_read_lock+0x50/0x50 [ 860.117782][T12305] ? is_bpf_text_address+0x1a2/0x1c0 [ 860.123038][T12305] ? stack_trace_save+0x1e0/0x1e0 [ 860.128036][T12305] ? __kernel_text_address+0x9a/0x110 [ 860.133391][T12305] ? kmem_cache_free+0xaa/0x1e0 [ 860.138218][T12305] ? kmem_cache_free+0xaa/0x1e0 [ 860.143044][T12305] ? kasan_set_track+0x63/0x80 [ 860.147797][T12305] ? kasan_set_track+0x4c/0x80 [ 860.152531][T12305] ? kasan_set_free_info+0x23/0x40 [ 860.157611][T12305] ? ____kasan_slab_free+0x133/0x170 [ 860.162864][T12305] ? __kasan_slab_free+0x11/0x20 [ 860.167770][T12305] ? slab_free_freelist_hook+0xb2/0x180 [ 860.173289][T12305] ? kmem_cache_free+0xaa/0x1e0 [ 860.178120][T12305] ? __io_free_req+0x20e/0x380 [ 860.182855][T12305] ? io_req_complete+0xeb/0x610 [ 860.187693][T12305] ? __io_queue_sqe+0x1070/0x2fa0 [ 860.192687][T12305] ? io_queue_sqe+0x295/0x1180 [ 860.197419][T12305] ? io_submit_sqe+0x385/0xfd0 [ 860.202167][T12305] ? io_submit_sqes+0x1050/0x2da0 [ 860.207159][T12305] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 860.212850][T12305] ? __x64_sys_io_uring_enter+0xe5/0x100 [ 860.218465][T12305] ? do_syscall_64+0x31/0x70 [ 860.223030][T12305] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 860.229069][T12305] ? kmem_cache_free+0xaa/0x1e0 [ 860.233891][T12305] ? debug_smp_processor_id+0x1c/0x20 [ 860.239236][T12305] ? __set_page_owner+0x2e2/0x300 [ 860.244230][T12305] ? kmem_cache_free+0xaa/0x1e0 [ 860.249049][T12305] ? ____kasan_slab_free+0x13e/0x170 [ 860.254306][T12305] ? __kasan_slab_free+0x11/0x20 [ 860.259214][T12305] ? slab_free_freelist_hook+0xb2/0x180 [ 860.264737][T12305] ? __rcu_read_lock+0x50/0x50 [ 860.269479][T12305] ? io_req_prep+0x1906/0x51b0 [ 860.274215][T12305] ? io_queue_sqe+0x1180/0x1180 [ 860.279035][T12305] ? __rcu_read_lock+0x50/0x50 [ 860.283769][T12305] __io_queue_sqe+0x2cf/0x2fa0 [ 860.288502][T12305] io_queue_sqe+0x295/0x1180 [ 860.293063][T12305] io_submit_sqe+0x385/0xfd0 [ 860.297622][T12305] ? io_file_get+0x437/0x9c0 [ 860.302183][T12305] io_submit_sqes+0x1050/0x2da0 [ 860.307011][T12305] ? io_uring_add_task_file+0x290/0x290 [ 860.312530][T12305] ? security_file_permission+0xa8/0xc0 [ 860.318049][T12305] ? __kasan_check_write+0x14/0x20 [ 860.323130][T12305] ? mutex_lock+0xa6/0x110 [ 860.327519][T12305] ? io_uring_add_task_file+0x127/0x290 [ 860.333032][T12305] ? __fdget+0x1b5/0x240 [ 860.337254][T12305] __se_sys_io_uring_enter+0x322/0x12b0 [ 860.342770][T12305] ? __fget_files+0x26d/0x2c0 [ 860.347431][T12305] ? __kasan_check_write+0x14/0x20 [ 860.352519][T12305] ? fput_many+0x47/0x1a0 [ 860.356818][T12305] ? __x64_sys_io_uring_enter+0x100/0x100 [ 860.362505][T12305] ? __ia32_sys_read+0x90/0x90 [ 860.367243][T12305] ? debug_smp_processor_id+0x1c/0x20 [ 860.372586][T12305] __x64_sys_io_uring_enter+0xe5/0x100 [ 860.378013][T12305] do_syscall_64+0x31/0x70 [ 860.382401][T12305] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 860.388263][T12305] RIP: 0033:0x7f5fb5d49a39 [ 860.392744][T12305] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 860.412321][T12305] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa 03:40:53 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 27) [ 860.420720][T12305] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 860.428664][T12305] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 [ 860.436608][T12305] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 [ 860.444561][T12305] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 860.452513][T12305] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:40:53 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x500}, 0x0) 03:40:53 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0xfffffdef, 0x0, 0x0, 0x0) [ 860.534987][T12512] FAULT_INJECTION: forcing a failure. [ 860.534987][T12512] name failslab, interval 1, probability 0, space 0, times 0 [ 860.548461][T12512] CPU: 0 PID: 12512 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 860.560086][T12512] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 860.570133][T12512] Call Trace: [ 860.573460][T12512] dump_stack_lvl+0x1e2/0x24b [ 860.578137][T12512] ? devkmsg_release+0x127/0x127 03:40:53 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0xf0000000c000000, 0x0, 0x0) [ 860.583073][T12512] ? show_regs_print_info+0x18/0x18 [ 860.588278][T12512] dump_stack+0x15/0x1d [ 860.592429][T12512] should_fail+0x3c0/0x510 [ 860.596841][T12512] ? iovec_from_user+0x8a/0x310 [ 860.601690][T12512] __should_failslab+0x9f/0xe0 [ 860.606454][T12512] should_failslab+0x9/0x20 [ 860.610954][T12512] __kmalloc+0x68/0x3d0 [ 860.615105][T12512] ? _copy_from_user+0x93/0xd0 [ 860.619862][T12512] iovec_from_user+0x8a/0x310 [ 860.624536][T12512] ? __ia32_sys_shutdown+0x70/0x70 [ 860.629635][T12512] __import_iovec+0x72/0x3b0 03:40:53 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x600}, 0x0) [ 860.634203][T12512] io_recvmsg_copy_hdr+0x396/0x7f0 [ 860.639309][T12512] ? io_poll_remove_one+0xf90/0xf90 [ 860.644502][T12512] ? arch_stack_walk+0xf8/0x140 [ 860.649353][T12512] io_issue_sqe+0x2ccf/0xfc10 [ 860.654021][T12512] ? __io_req_task_cancel+0x720/0x720 [ 860.659382][T12512] ? __rcu_read_lock+0x50/0x50 [ 860.664126][T12512] ? is_bpf_text_address+0x1a2/0x1c0 [ 860.669405][T12512] ? stack_trace_save+0x1e0/0x1e0 [ 860.674422][T12512] ? __kernel_text_address+0x9a/0x110 [ 860.679795][T12512] ? __rcu_read_lock+0x50/0x50 03:40:53 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x1401000010010000, 0x0, 0x0) [ 860.684562][T12512] ? is_bpf_text_address+0x1a2/0x1c0 [ 860.689842][T12512] ? stack_trace_save+0x1e0/0x1e0 [ 860.694868][T12512] ? __kernel_text_address+0x9a/0x110 [ 860.700233][T12512] ? unwind_get_return_address+0x4c/0x90 [ 860.705861][T12512] ? arch_stack_walk+0xf8/0x140 [ 860.710707][T12512] ? stack_trace_save+0x11b/0x1e0 [ 860.715723][T12512] ? kmem_cache_free+0xaa/0x1e0 [ 860.720601][T12512] ? stack_trace_snprint+0xe0/0xe0 [ 860.725707][T12512] ? kmem_cache_free+0xaa/0x1e0 [ 860.730557][T12512] ? __kasan_slab_alloc+0xc9/0xe0 03:40:53 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0xfffffe00, 0x0, 0x0, 0x0) [ 860.735574][T12512] ? __kasan_slab_alloc+0xb2/0xe0 [ 860.740590][T12512] ? kmem_cache_alloc_bulk+0x2d5/0x3f0 [ 860.746047][T12512] ? io_submit_sqes+0x6bf/0x2da0 [ 860.750982][T12512] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 860.756689][T12512] ? io_req_prep+0x1906/0x51b0 [ 860.761447][T12512] ? io_queue_sqe+0x1180/0x1180 [ 860.766290][T12512] __io_queue_sqe+0x2cf/0x2fa0 [ 860.771042][T12512] io_queue_sqe+0x295/0x1180 [ 860.775629][T12512] io_submit_sqe+0x385/0xfd0 [ 860.780223][T12512] ? io_file_get+0x437/0x9c0 03:40:53 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x700}, 0x0) [ 860.784808][T12512] io_submit_sqes+0x1050/0x2da0 [ 860.789648][T12512] ? io_uring_add_task_file+0x290/0x290 [ 860.795179][T12512] ? security_file_permission+0xa8/0xc0 [ 860.800716][T12512] ? __kasan_check_write+0x14/0x20 [ 860.805825][T12512] ? mutex_lock+0xa6/0x110 [ 860.810242][T12512] ? io_uring_add_task_file+0x127/0x290 [ 860.815794][T12512] ? __fdget+0x1b5/0x240 [ 860.820019][T12512] __se_sys_io_uring_enter+0x322/0x12b0 [ 860.825551][T12512] ? __fget_files+0x26d/0x2c0 [ 860.830316][T12512] ? __kasan_check_write+0x14/0x20 [ 860.835426][T12512] ? fput_many+0x47/0x1a0 [ 860.839757][T12512] ? __x64_sys_io_uring_enter+0x100/0x100 [ 860.845475][T12512] ? __ia32_sys_read+0x90/0x90 [ 860.850217][T12512] ? debug_smp_processor_id+0x1c/0x20 [ 860.855575][T12512] __x64_sys_io_uring_enter+0xe5/0x100 [ 860.861020][T12512] do_syscall_64+0x31/0x70 [ 860.865414][T12512] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 860.871288][T12512] RIP: 0033:0x7f5fb5d49a39 [ 860.875712][T12512] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 860.895299][T12512] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 860.903705][T12512] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 860.911665][T12512] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 [ 860.919622][T12512] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 [ 860.927586][T12512] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 03:40:53 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x900}, 0x0) 03:40:53 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0xffffff7f, 0x0, 0x0, 0x0) 03:40:53 executing program 3: unshare(0x40000400) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x2, 0x4, 0x4, 0x1}, 0x40) bpf$MAP_LOOKUP_BATCH(0x5, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0}, 0x38) 03:40:53 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 28) 03:40:53 executing program 1: setsockopt$packet_fanout_data(0xffffffffffffffff, 0x107, 0x16, &(0x7f00000000c0)={0x6, &(0x7f0000000000)=[{0xaa8, 0x1f, 0x2, 0x9}, {0x2, 0x80, 0x20, 0x1d1}, {0x2, 0x6, 0x0, 0x1}, {0xfff7, 0x80, 0x1, 0x400}, {0x3, 0x3f, 0x3, 0x5}, {0x5, 0x1, 0x8c, 0xd1c}]}, 0x10) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x29) 03:40:53 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x1801000000000000, 0x0, 0x0) [ 860.935555][T12512] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:40:53 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x65a0}, 0x0) 03:40:53 executing program 3: unshare(0x40000400) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x2, 0x4, 0x4, 0x1}, 0x40) bpf$MAP_LOOKUP_BATCH(0x6, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0}, 0x38) [ 861.060705][T13128] FAULT_INJECTION: forcing a failure. [ 861.060705][T13128] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 861.075053][T13128] CPU: 0 PID: 13128 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 861.086683][T13128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 861.096729][T13128] Call Trace: [ 861.100022][T13128] dump_stack_lvl+0x1e2/0x24b [ 861.104740][T13128] ? show_regs_print_info+0x18/0x18 03:40:53 executing program 1: r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000080), 0x98000, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r0, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4a00042}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x3c, 0x0, 0x300, 0x70bd2a, 0x25dfdbff, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0xc5}, @chandef_params=[@NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x5}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x2}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x23a}]]}, 0x3c}, 0x1, 0x0, 0x0, 0x40}, 0x40004) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r2, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) listen(r2, 0x12) bind(r2, &(0x7f00000002c0)=@pppoe={0x18, 0x0, {0x0, @empty, 'virt_wifi0\x00'}}, 0x80) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000000c0)={[{@rlog_pages={'rlog_pages', 0x3d, 0x400}}]}) [ 861.109936][T13128] ? kfree+0xca/0x310 [ 861.113919][T13128] dump_stack+0x15/0x1d [ 861.118180][T13128] should_fail+0x3c0/0x510 [ 861.122593][T13128] should_fail_usercopy+0x1a/0x20 [ 861.127652][T13128] _copy_from_user+0x20/0xd0 [ 861.132329][T13128] __copy_msghdr_from_user+0xaf/0x730 [ 861.137705][T13128] ? __import_iovec+0x343/0x3b0 [ 861.142566][T13128] ? __ia32_sys_shutdown+0x70/0x70 [ 861.147666][T13128] io_recvmsg_copy_hdr+0x1cf/0x7f0 [ 861.152759][T13128] ? io_poll_remove_one+0xf90/0xf90 [ 861.158118][T13128] ? arch_stack_walk+0xf8/0x140 [ 861.162970][T13128] io_issue_sqe+0x2ccf/0xfc10 [ 861.167640][T13128] ? __io_req_task_cancel+0x720/0x720 [ 861.173115][T13128] ? __rcu_read_lock+0x50/0x50 [ 861.177883][T13128] ? __rcu_read_lock+0x50/0x50 [ 861.182643][T13128] ? is_bpf_text_address+0x1a2/0x1c0 [ 861.187924][T13128] ? stack_trace_save+0x1e0/0x1e0 [ 861.192947][T13128] ? __kernel_text_address+0x9a/0x110 [ 861.198305][T13128] ? unwind_get_return_address+0x4c/0x90 [ 861.203930][T13128] ? arch_stack_walk+0xf8/0x140 03:40:53 executing program 1: r0 = creat(&(0x7f0000000040)='./file0\x00', 0x100) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000000c0)=ANY=[@ANYRESDEC=r0]) socket$can_bcm(0x1d, 0x2, 0x2) openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000180), 0x1, 0x0) pipe2$9p(&(0x7f00000001c0), 0x80000) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) listen(r1, 0x12) r2 = syz_open_dev$tty20(0xc, 0x4, 0x1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r3, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) listen(r3, 0x12) sendfile(r3, r2, &(0x7f0000000200), 0x0) r4 = socket$tipc(0x1e, 0x5, 0x0) ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0) [ 861.208778][T13128] ? stack_trace_save+0x11b/0x1e0 [ 861.213798][T13128] ? stack_trace_snprint+0xe0/0xe0 [ 861.218904][T13128] ? __set_page_owner+0x2e2/0x300 [ 861.223928][T13128] ? __kasan_slab_alloc+0xc9/0xe0 [ 861.228940][T13128] ? __kasan_slab_alloc+0xb2/0xe0 [ 861.233993][T13128] ? kmem_cache_alloc_bulk+0x2d5/0x3f0 [ 861.239443][T13128] ? io_submit_sqes+0x6bf/0x2da0 [ 861.244384][T13128] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 861.250124][T13128] ? io_req_prep+0x1906/0x51b0 [ 861.254898][T13128] ? io_queue_sqe+0x1180/0x1180 03:40:53 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x8100}, 0x0) [ 861.259764][T13128] __io_queue_sqe+0x2cf/0x2fa0 [ 861.264523][T13128] io_queue_sqe+0x295/0x1180 [ 861.269107][T13128] io_submit_sqe+0x385/0xfd0 [ 861.273694][T13128] ? io_file_get+0x437/0x9c0 [ 861.278283][T13128] io_submit_sqes+0x1050/0x2da0 [ 861.283139][T13128] ? io_uring_add_task_file+0x290/0x290 [ 861.288685][T13128] ? security_file_permission+0xa8/0xc0 [ 861.294226][T13128] ? __kasan_check_write+0x14/0x20 [ 861.299332][T13128] ? mutex_lock+0xa6/0x110 [ 861.303744][T13128] ? io_uring_add_task_file+0x127/0x290 03:40:54 executing program 3: unshare(0x40000400) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x2, 0x4, 0x4, 0x1}, 0x40) bpf$MAP_LOOKUP_BATCH(0x7, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0}, 0x38) 03:40:54 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x8300}, 0x0) [ 861.309286][T13128] ? __fdget+0x1b5/0x240 [ 861.313524][T13128] __se_sys_io_uring_enter+0x322/0x12b0 [ 861.319069][T13128] ? __fget_files+0x26d/0x2c0 [ 861.323736][T13128] ? __kasan_check_write+0x14/0x20 [ 861.328826][T13128] ? fput_many+0x47/0x1a0 [ 861.333144][T13128] ? __x64_sys_io_uring_enter+0x100/0x100 [ 861.338855][T13128] ? __ia32_sys_read+0x90/0x90 [ 861.343613][T13128] ? debug_smp_processor_id+0x1c/0x20 [ 861.348975][T13128] __x64_sys_io_uring_enter+0xe5/0x100 [ 861.354426][T13128] do_syscall_64+0x31/0x70 [ 861.358831][T13128] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 861.364714][T13128] RIP: 0033:0x7f5fb5d49a39 [ 861.369125][T13128] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 861.388728][T13128] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 861.397141][T13128] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 03:40:54 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0xfffffff5, 0x0, 0x0, 0x0) 03:40:54 executing program 3: unshare(0x40000400) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x2, 0x4, 0x4, 0x1}, 0x40) bpf$MAP_LOOKUP_BATCH(0x8, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0}, 0x38) [ 861.405115][T13128] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 [ 861.413080][T13128] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 [ 861.421039][T13128] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 861.428991][T13128] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:40:54 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 29) 03:40:54 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0xa065}, 0x0) 03:40:54 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x1f00000000000000, 0x0, 0x0) 03:40:54 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x38000}, 0x0) [ 861.489502][T13479] incfs: Options parsing error. -22 [ 861.510178][T13479] incfs: Options parsing error. -22 03:40:54 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000008440), 0x0, 0x0) read$FUSE(r0, &(0x7f0000000040)={0x2020, 0x0, 0x0, 0x0}, 0x2020) setreuid(0xee00, r1) mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180), 0x4000, &(0x7f00000001c0)={[], [{@fsmagic={'fsmagic', 0x3d, 0x1482}}, {@defcontext={'defcontext', 0x3d, 'user_u'}}, {@pcr={'pcr', 0x3d, 0x4}}, {@audit}, {@uid_eq={'uid', 0x3d, r1}}]}) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000000c0)={[{@rlog_wakeup_cnt}]}) [ 861.537372][T13505] FAULT_INJECTION: forcing a failure. [ 861.537372][T13505] name fail_usercopy, interval 1, probability 0, space 0, times 0 03:40:54 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x8002a0}, 0x0) [ 861.576666][T13505] CPU: 1 PID: 13505 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 861.588312][T13505] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 861.598447][T13505] Call Trace: [ 861.601741][T13505] dump_stack_lvl+0x1e2/0x24b [ 861.606412][T13505] ? show_regs_print_info+0x18/0x18 [ 861.611606][T13505] ? kfree+0xca/0x310 [ 861.615576][T13505] dump_stack+0x15/0x1d [ 861.619722][T13505] should_fail+0x3c0/0x510 [ 861.624131][T13505] should_fail_usercopy+0x1a/0x20 [ 861.629144][T13505] _copy_from_user+0x20/0xd0 [ 861.633736][T13505] __copy_msghdr_from_user+0xaf/0x730 [ 861.639091][T13505] ? __import_iovec+0x343/0x3b0 [ 861.643913][T13505] ? __ia32_sys_shutdown+0x70/0x70 [ 861.648998][T13505] io_recvmsg_copy_hdr+0x1cf/0x7f0 [ 861.654128][T13505] ? io_poll_remove_one+0xf90/0xf90 [ 861.659336][T13505] ? arch_stack_walk+0xf8/0x140 [ 861.664161][T13505] io_issue_sqe+0x2ccf/0xfc10 [ 861.668811][T13505] ? __io_req_task_cancel+0x720/0x720 [ 861.674153][T13505] ? __rcu_read_lock+0x50/0x50 [ 861.678888][T13505] ? is_bpf_text_address+0x1a2/0x1c0 [ 861.684142][T13505] ? stack_trace_save+0x1e0/0x1e0 [ 861.689136][T13505] ? __kernel_text_address+0x9a/0x110 [ 861.694482][T13505] ? kmem_cache_free+0xaa/0x1e0 [ 861.699315][T13505] ? kmem_cache_free+0xaa/0x1e0 [ 861.704136][T13505] ? kasan_set_track+0x63/0x80 [ 861.708872][T13505] ? kasan_set_track+0x4c/0x80 [ 861.713645][T13505] ? kasan_set_free_info+0x23/0x40 [ 861.718725][T13505] ? ____kasan_slab_free+0x133/0x170 [ 861.723976][T13505] ? __kasan_slab_free+0x11/0x20 [ 861.728882][T13505] ? slab_free_freelist_hook+0xb2/0x180 [ 861.734396][T13505] ? kmem_cache_free+0xaa/0x1e0 [ 861.739218][T13505] ? __io_free_req+0x20e/0x380 [ 861.743967][T13505] ? io_req_complete+0xeb/0x610 [ 861.748788][T13505] ? __io_queue_sqe+0x1070/0x2fa0 [ 861.753782][T13505] ? io_queue_sqe+0x295/0x1180 [ 861.758513][T13505] ? io_submit_sqe+0x385/0xfd0 [ 861.763247][T13505] ? io_submit_sqes+0x1050/0x2da0 [ 861.768247][T13505] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 861.773941][T13505] ? __x64_sys_io_uring_enter+0xe5/0x100 [ 861.779542][T13505] ? do_syscall_64+0x31/0x70 [ 861.784221][T13505] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 861.790270][T13505] ? kmem_cache_free+0xaa/0x1e0 [ 861.795099][T13505] ? debug_smp_processor_id+0x1c/0x20 [ 861.800444][T13505] ? kmem_cache_free+0xaa/0x1e0 [ 861.805275][T13505] ? ____kasan_slab_free+0x13e/0x170 [ 861.810538][T13505] ? __kasan_slab_free+0x11/0x20 [ 861.815449][T13505] ? slab_free_freelist_hook+0xb2/0x180 [ 861.820964][T13505] ? __rcu_read_lock+0x50/0x50 [ 861.825698][T13505] ? io_req_prep+0x1906/0x51b0 [ 861.830434][T13505] ? io_queue_sqe+0x1180/0x1180 [ 861.835260][T13505] __io_queue_sqe+0x2cf/0x2fa0 [ 861.839993][T13505] io_queue_sqe+0x295/0x1180 [ 861.844553][T13505] io_submit_sqe+0x385/0xfd0 [ 861.849112][T13505] ? io_file_get+0x437/0x9c0 [ 861.853670][T13505] io_submit_sqes+0x1050/0x2da0 [ 861.858493][T13505] ? io_uring_add_task_file+0x290/0x290 [ 861.864010][T13505] ? security_file_permission+0xa8/0xc0 [ 861.869529][T13505] ? __kasan_check_write+0x14/0x20 [ 861.874609][T13505] ? mutex_lock+0xa6/0x110 [ 861.878996][T13505] ? io_uring_add_task_file+0x127/0x290 [ 861.884509][T13505] ? __fdget+0x1b5/0x240 [ 861.888727][T13505] __se_sys_io_uring_enter+0x322/0x12b0 [ 861.894264][T13505] ? __fget_files+0x26d/0x2c0 [ 861.898916][T13505] ? __kasan_check_write+0x14/0x20 [ 861.903997][T13505] ? fput_many+0x47/0x1a0 [ 861.908298][T13505] ? __x64_sys_io_uring_enter+0x100/0x100 [ 861.913986][T13505] ? __ia32_sys_read+0x90/0x90 [ 861.918719][T13505] ? debug_smp_processor_id+0x1c/0x20 [ 861.924057][T13505] __x64_sys_io_uring_enter+0xe5/0x100 [ 861.929487][T13505] do_syscall_64+0x31/0x70 [ 861.933873][T13505] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 861.939733][T13505] RIP: 0033:0x7f5fb5d49a39 [ 861.944121][T13505] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 861.963697][T13505] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 861.972082][T13505] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 861.980093][T13505] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 03:40:54 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0xffffffff, 0x0, 0x0, 0x0) 03:40:54 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x3800000000000000, 0x0, 0x0) 03:40:54 executing program 3: unshare(0x40000400) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x2, 0x4, 0x4, 0x1}, 0x40) bpf$MAP_LOOKUP_BATCH(0x9, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0}, 0x38) 03:40:54 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 30) [ 861.988037][T13505] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 [ 861.995980][T13505] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 862.003934][T13505] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:40:54 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x800300}, 0x0) 03:40:54 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x317d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0) write$tcp_congestion(0xffffffffffffffff, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) fallocate(0xffffffffffffffff, 0x0, 0x3, 0x10000) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x2f606557d6081b8a, 0x0) write$binfmt_aout(r0, &(0x7f0000000000)=ANY=[], 0xffffffca) close(r0) sendto$inet(0xffffffffffffffff, 0x0, 0x10b, 0x0, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000000c0)={[{@rlog_wakeup_cnt}]}) [ 862.059967][T13711] overlayfs: unrecognized mount option "fsmagic=0x0000000000001482" or missing value [ 862.129249][T13829] FAULT_INJECTION: forcing a failure. [ 862.129249][T13829] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 862.142960][T13829] CPU: 0 PID: 13829 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 862.154588][T13829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 862.164635][T13829] Call Trace: [ 862.167924][T13829] dump_stack_lvl+0x1e2/0x24b [ 862.172601][T13829] ? show_regs_print_info+0x18/0x18 03:40:54 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x1000000}, 0x0) [ 862.177796][T13829] dump_stack+0x15/0x1d [ 862.181957][T13829] should_fail+0x3c0/0x510 [ 862.186398][T13829] should_fail_usercopy+0x1a/0x20 [ 862.191409][T13829] _copy_from_user+0x20/0xd0 [ 862.195995][T13829] iovec_from_user+0xc7/0x310 [ 862.200672][T13829] ? __ia32_sys_shutdown+0x70/0x70 [ 862.205787][T13829] __import_iovec+0x72/0x3b0 [ 862.210366][T13829] io_recvmsg_copy_hdr+0x396/0x7f0 [ 862.215471][T13829] ? io_poll_remove_one+0xf90/0xf90 [ 862.220661][T13829] ? arch_stack_walk+0xf8/0x140 03:40:54 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x2000000}, 0x0) [ 862.225553][T13829] io_issue_sqe+0x2ccf/0xfc10 [ 862.230217][T13829] ? __io_req_task_cancel+0x720/0x720 [ 862.235579][T13829] ? __rcu_read_lock+0x50/0x50 [ 862.240348][T13829] ? __rcu_read_lock+0x50/0x50 [ 862.245107][T13829] ? is_bpf_text_address+0x1a2/0x1c0 [ 862.250386][T13829] ? stack_trace_save+0x1e0/0x1e0 [ 862.255399][T13829] ? __kernel_text_address+0x9a/0x110 [ 862.260756][T13829] ? unwind_get_return_address+0x4c/0x90 [ 862.266385][T13829] ? arch_stack_walk+0xf8/0x140 [ 862.271230][T13829] ? stack_trace_save+0x11b/0x1e0 03:40:55 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x3000000}, 0x0) [ 862.276250][T13829] ? stack_trace_snprint+0xe0/0xe0 [ 862.281352][T13829] ? __set_page_owner+0x2e2/0x300 [ 862.286367][T13829] ? __kasan_slab_alloc+0xc9/0xe0 [ 862.291369][T13829] ? __kasan_slab_alloc+0xb2/0xe0 [ 862.296375][T13829] ? kmem_cache_alloc_bulk+0x2d5/0x3f0 [ 862.301826][T13829] ? io_submit_sqes+0x6bf/0x2da0 [ 862.306770][T13829] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 862.312469][T13829] ? io_req_prep+0x1906/0x51b0 [ 862.317221][T13829] ? io_queue_sqe+0x1180/0x1180 [ 862.322062][T13829] __io_queue_sqe+0x2cf/0x2fa0 03:40:55 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x4000000}, 0x0) 03:40:55 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x5000000}, 0x0) [ 862.326805][T13829] io_queue_sqe+0x295/0x1180 [ 862.331482][T13829] io_submit_sqe+0x385/0xfd0 [ 862.336067][T13829] ? io_file_get+0x437/0x9c0 [ 862.340646][T13829] io_submit_sqes+0x1050/0x2da0 [ 862.345508][T13829] ? io_uring_add_task_file+0x290/0x290 [ 862.351039][T13829] ? __kasan_check_write+0x14/0x20 [ 862.356140][T13829] ? mutex_lock+0xa6/0x110 [ 862.360554][T13829] ? io_uring_add_task_file+0x127/0x290 [ 862.366098][T13829] ? __fdget+0x1b5/0x240 [ 862.370335][T13829] __se_sys_io_uring_enter+0x322/0x12b0 [ 862.375879][T13829] ? __fget_files+0x26d/0x2c0 03:40:55 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x6000000}, 0x0) [ 862.380544][T13829] ? __kasan_check_write+0x14/0x20 [ 862.385629][T13829] ? fput_many+0x47/0x1a0 [ 862.389941][T13829] ? __x64_sys_io_uring_enter+0x100/0x100 [ 862.395648][T13829] ? __ia32_sys_read+0x90/0x90 [ 862.400390][T13829] ? debug_smp_processor_id+0x1c/0x20 [ 862.405765][T13829] __x64_sys_io_uring_enter+0xe5/0x100 [ 862.411217][T13829] do_syscall_64+0x31/0x70 [ 862.415622][T13829] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 862.421503][T13829] RIP: 0033:0x7f5fb5d49a39 [ 862.425914][T13829] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 862.445513][T13829] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 862.453917][T13829] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 862.461884][T13829] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 [ 862.469840][T13829] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 03:40:55 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x2, 0x0, 0x0) 03:40:55 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x7000000}, 0x0) 03:40:55 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x4000000000000000, 0x0, 0x0) 03:40:55 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 31) 03:40:55 executing program 3: unshare(0x40000400) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x2, 0x4, 0x4, 0x1}, 0x40) bpf$MAP_LOOKUP_BATCH(0xa, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0}, 0x38) [ 862.477788][T13829] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 862.485734][T13829] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 [ 862.610723][T13996] FAULT_INJECTION: forcing a failure. [ 862.610723][T13996] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 862.626207][T13996] CPU: 1 PID: 13996 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 862.637831][T13996] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 862.647886][T13996] Call Trace: [ 862.651151][T13996] dump_stack_lvl+0x1e2/0x24b [ 862.655803][T13996] ? show_regs_print_info+0x18/0x18 [ 862.660969][T13996] dump_stack+0x15/0x1d [ 862.665137][T13996] should_fail+0x3c0/0x510 [ 862.669526][T13996] should_fail_usercopy+0x1a/0x20 [ 862.674519][T13996] _copy_from_user+0x20/0xd0 [ 862.679082][T13996] iovec_from_user+0xc7/0x310 [ 862.683734][T13996] ? __ia32_sys_shutdown+0x70/0x70 [ 862.688815][T13996] __import_iovec+0x72/0x3b0 [ 862.693378][T13996] io_recvmsg_copy_hdr+0x396/0x7f0 [ 862.698461][T13996] ? io_poll_remove_one+0xf90/0xf90 [ 862.703628][T13996] ? arch_stack_walk+0xf8/0x140 [ 862.708455][T13996] io_issue_sqe+0x2ccf/0xfc10 [ 862.713104][T13996] ? __io_req_task_cancel+0x720/0x720 [ 862.718448][T13996] ? __rcu_read_lock+0x50/0x50 [ 862.723187][T13996] ? __rcu_read_lock+0x50/0x50 [ 862.727922][T13996] ? is_bpf_text_address+0x1a2/0x1c0 [ 862.733176][T13996] ? stack_trace_save+0x1e0/0x1e0 [ 862.738171][T13996] ? __kernel_text_address+0x9a/0x110 [ 862.743517][T13996] ? unwind_get_return_address+0x4c/0x90 [ 862.749120][T13996] ? arch_stack_walk+0xf8/0x140 [ 862.753944][T13996] ? stack_trace_save+0x11b/0x1e0 [ 862.758943][T13996] ? stack_trace_snprint+0xe0/0xe0 [ 862.764287][T13996] ? __set_page_owner+0x2e2/0x300 [ 862.769286][T13996] ? __kasan_slab_alloc+0xc9/0xe0 [ 862.774284][T13996] ? __kasan_slab_alloc+0xb2/0xe0 [ 862.779278][T13996] ? kmem_cache_alloc_bulk+0x2d5/0x3f0 [ 862.784707][T13996] ? io_submit_sqes+0x6bf/0x2da0 [ 862.789613][T13996] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 862.795302][T13996] ? io_req_prep+0x1906/0x51b0 [ 862.800036][T13996] ? io_queue_sqe+0x1180/0x1180 [ 862.804858][T13996] __io_queue_sqe+0x2cf/0x2fa0 [ 862.809592][T13996] io_queue_sqe+0x295/0x1180 [ 862.814153][T13996] io_submit_sqe+0x385/0xfd0 [ 862.818714][T13996] ? io_file_get+0x437/0x9c0 [ 862.823276][T13996] io_submit_sqes+0x1050/0x2da0 [ 862.828107][T13996] ? io_uring_add_task_file+0x290/0x290 [ 862.833637][T13996] ? security_file_permission+0xa8/0xc0 [ 862.839159][T13996] ? __kasan_check_write+0x14/0x20 [ 862.844241][T13996] ? mutex_lock+0xa6/0x110 [ 862.848634][T13996] ? io_uring_add_task_file+0x127/0x290 [ 862.854149][T13996] ? __fdget+0x1b5/0x240 [ 862.858374][T13996] __se_sys_io_uring_enter+0x322/0x12b0 [ 862.863895][T13996] ? __fget_files+0x26d/0x2c0 [ 862.868547][T13996] ? __kasan_check_write+0x14/0x20 [ 862.873633][T13996] ? fput_many+0x47/0x1a0 [ 862.877937][T13996] ? __x64_sys_io_uring_enter+0x100/0x100 [ 862.883627][T13996] ? __ia32_sys_read+0x90/0x90 [ 862.888365][T13996] ? debug_smp_processor_id+0x1c/0x20 [ 862.893724][T13996] __x64_sys_io_uring_enter+0xe5/0x100 [ 862.899169][T13996] do_syscall_64+0x31/0x70 [ 862.903563][T13996] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 862.909433][T13996] RIP: 0033:0x7f5fb5d49a39 [ 862.913831][T13996] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 862.933421][T13996] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 862.941810][T13996] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 862.949756][T13996] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 03:40:55 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x110000, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './file0'}}, {@metacopy_on}, {@lowerdir={'lowerdir', 0x3d, './file0'}}], [{@uid_lt={'uid<', 0xffffffffffffffff}}, {@euid_lt={'euid<', 0xffffffffffffffff}}, {@defcontext={'defcontext', 0x3d, 'root'}}]}) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x10000, &(0x7f0000000180)={[], [{@fscontext={'fscontext', 0x3d, 'unconfined_u'}}, {@pcr}, {@subj_user={'subj_user', 0x3d, 'incremental-fs\x00'}}]}) lsetxattr$security_ima(&(0x7f0000000280)='./file0\x00', &(0x7f00000002c0), &(0x7f0000000300)=@sha1={0x1, "5638997333ea13ae4fd3dccafdf4414490498833"}, 0x15, 0x2) 03:40:55 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x9000000}, 0x0) 03:40:55 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x4041000000000000, 0x0, 0x0) 03:40:55 executing program 3: unshare(0x40000400) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x2, 0x4, 0x4, 0x1}, 0x40) bpf$MAP_LOOKUP_BATCH(0xb, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0}, 0x38) 03:40:55 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 32) 03:40:55 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x4, 0x0, 0x0) [ 862.957703][T13996] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 [ 862.965647][T13996] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 862.973593][T13996] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:40:55 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x81000000}, 0x0) 03:40:55 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x81ffffff}, 0x0) [ 863.081509][T14213] incfs: Options parsing error. -22 [ 863.094755][T14207] FAULT_INJECTION: forcing a failure. [ 863.094755][T14207] name failslab, interval 1, probability 0, space 0, times 0 03:40:55 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000000c0)={[{@rlog_wakeup_cnt}]}) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000008440), 0x0, 0x0) read$FUSE(r0, &(0x7f0000000040)={0x2020, 0x0, 0x0, 0x0}, 0x2020) setreuid(0xee00, r1) mount$fuse(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180), 0x8, &(0x7f00000001c0)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r1}, 0x2c, {'group_id', 0x3d, 0xee00}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x1ff}}, {@allow_other}, {@blksize}], [{@smackfstransmute={'smackfstransmute', 0x3d, '*'}}, {@uid_lt={'uid<', 0xee01}}]}}) 03:40:55 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x8000000000000000, 0x0, 0x0) 03:40:55 executing program 3: unshare(0x40000400) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x2, 0x4, 0x4, 0x1}, 0x40) bpf$MAP_LOOKUP_BATCH(0xc, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0}, 0x38) [ 863.132259][T14207] CPU: 1 PID: 14207 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 863.143899][T14207] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 863.153951][T14207] Call Trace: [ 863.157222][T14207] dump_stack_lvl+0x1e2/0x24b [ 863.161875][T14207] ? devkmsg_release+0x127/0x127 [ 863.166795][T14207] ? show_regs_print_info+0x18/0x18 [ 863.171976][T14207] dump_stack+0x15/0x1d [ 863.176106][T14207] should_fail+0x3c0/0x510 [ 863.180494][T14207] ? iovec_from_user+0x8a/0x310 [ 863.185318][T14207] __should_failslab+0x9f/0xe0 [ 863.190056][T14207] should_failslab+0x9/0x20 [ 863.194532][T14207] __kmalloc+0x68/0x3d0 [ 863.198664][T14207] ? _copy_from_user+0x93/0xd0 [ 863.203399][T14207] iovec_from_user+0x8a/0x310 [ 863.208053][T14207] ? __ia32_sys_shutdown+0x70/0x70 [ 863.213137][T14207] __import_iovec+0x72/0x3b0 [ 863.217702][T14207] io_recvmsg_copy_hdr+0x396/0x7f0 [ 863.222787][T14207] ? io_poll_remove_one+0xf90/0xf90 [ 863.227960][T14207] ? arch_stack_walk+0xf8/0x140 [ 863.232786][T14207] io_issue_sqe+0x2ccf/0xfc10 [ 863.237468][T14207] ? __io_req_task_cancel+0x720/0x720 [ 863.242825][T14207] ? __rcu_read_lock+0x50/0x50 [ 863.247562][T14207] ? is_bpf_text_address+0x1a2/0x1c0 [ 863.252820][T14207] ? stack_trace_save+0x1e0/0x1e0 [ 863.257821][T14207] ? __kernel_text_address+0x9a/0x110 [ 863.263169][T14207] ? kmem_cache_free+0xaa/0x1e0 [ 863.267996][T14207] ? kmem_cache_free+0xaa/0x1e0 [ 863.272822][T14207] ? kasan_set_track+0x63/0x80 [ 863.277567][T14207] ? kasan_set_track+0x4c/0x80 [ 863.282320][T14207] ? kasan_set_free_info+0x23/0x40 [ 863.287403][T14207] ? ____kasan_slab_free+0x133/0x170 [ 863.292711][T14207] ? __kasan_slab_free+0x11/0x20 [ 863.297622][T14207] ? slab_free_freelist_hook+0xb2/0x180 [ 863.303137][T14207] ? kmem_cache_free+0xaa/0x1e0 [ 863.308020][T14207] ? __io_free_req+0x20e/0x380 [ 863.312761][T14207] ? io_req_complete+0xeb/0x610 [ 863.317586][T14207] ? __io_queue_sqe+0x1070/0x2fa0 [ 863.322583][T14207] ? io_queue_sqe+0x295/0x1180 [ 863.327352][T14207] ? io_submit_sqe+0x385/0xfd0 [ 863.332090][T14207] ? io_submit_sqes+0x1050/0x2da0 [ 863.337088][T14207] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 863.342781][T14207] ? __x64_sys_io_uring_enter+0xe5/0x100 [ 863.348386][T14207] ? do_syscall_64+0x31/0x70 [ 863.352951][T14207] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 863.358993][T14207] ? kmem_cache_free+0xaa/0x1e0 [ 863.363829][T14207] ? debug_smp_processor_id+0x1c/0x20 [ 863.369172][T14207] ? __set_page_owner+0x2e2/0x300 [ 863.374169][T14207] ? kmem_cache_free+0xaa/0x1e0 [ 863.378996][T14207] ? ____kasan_slab_free+0x13e/0x170 [ 863.384252][T14207] ? __kasan_slab_free+0x11/0x20 [ 863.389164][T14207] ? slab_free_freelist_hook+0xb2/0x180 [ 863.394681][T14207] ? __rcu_read_lock+0x50/0x50 [ 863.399417][T14207] ? io_req_prep+0x1906/0x51b0 [ 863.404157][T14207] ? io_queue_sqe+0x1180/0x1180 [ 863.408980][T14207] __io_queue_sqe+0x2cf/0x2fa0 [ 863.413721][T14207] io_queue_sqe+0x295/0x1180 [ 863.418307][T14207] io_submit_sqe+0x385/0xfd0 [ 863.422873][T14207] ? io_file_get+0x437/0x9c0 [ 863.427442][T14207] io_submit_sqes+0x1050/0x2da0 [ 863.432271][T14207] ? io_uring_add_task_file+0x290/0x290 [ 863.437808][T14207] ? security_file_permission+0xa8/0xc0 [ 863.443332][T14207] ? __kasan_check_write+0x14/0x20 [ 863.448422][T14207] ? mutex_lock+0xa6/0x110 [ 863.452814][T14207] ? io_uring_add_task_file+0x127/0x290 [ 863.458333][T14207] ? __fdget+0x1b5/0x240 [ 863.462551][T14207] __se_sys_io_uring_enter+0x322/0x12b0 [ 863.468069][T14207] ? __fget_files+0x26d/0x2c0 [ 863.472720][T14207] ? __kasan_check_write+0x14/0x20 [ 863.477804][T14207] ? fput_many+0x47/0x1a0 [ 863.482108][T14207] ? __x64_sys_io_uring_enter+0x100/0x100 [ 863.487818][T14207] ? __ia32_sys_read+0x90/0x90 [ 863.492558][T14207] ? debug_smp_processor_id+0x1c/0x20 [ 863.497900][T14207] __x64_sys_io_uring_enter+0xe5/0x100 [ 863.503332][T14207] do_syscall_64+0x31/0x70 [ 863.507721][T14207] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 863.513598][T14207] RIP: 0033:0x7f5fb5d49a39 [ 863.517988][T14207] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 863.537569][T14207] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 863.545958][T14207] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 863.553928][T14207] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 [ 863.561872][T14207] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 [ 863.569821][T14207] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 03:40:56 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x8, 0x0, 0x0) 03:40:56 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x83000000}, 0x0) 03:40:56 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 33) [ 863.577777][T14207] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:40:56 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x9effffff}, 0x0) [ 863.668241][T14433] fuse: Bad value for 'fd' 03:40:56 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0xc, 0x0, 0x0) 03:40:56 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="726c6f675f77616b657570bd74085ffaae2d786e743d303030303000"/38]) accept4(0xffffffffffffffff, &(0x7f0000000180)=@ax25={{0x3, @rose}, [@netrom, @default, @netrom, @remote, @remote, @bcast, @null]}, &(0x7f0000000080)=0x80, 0x80800) 03:40:56 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x807e000000000000, 0x0, 0x0) 03:40:56 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0xa0028000}, 0x0) 03:40:56 executing program 3: unshare(0x40000400) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x2, 0x4, 0x4, 0x1}, 0x40) bpf$MAP_LOOKUP_BATCH(0xd, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0}, 0x38) [ 863.723319][T14487] FAULT_INJECTION: forcing a failure. [ 863.723319][T14487] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 863.739560][T14487] CPU: 1 PID: 14487 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 863.751201][T14487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 863.761254][T14487] Call Trace: [ 863.764529][T14487] dump_stack_lvl+0x1e2/0x24b [ 863.769182][T14487] ? show_regs_print_info+0x18/0x18 [ 863.774353][T14487] ? kfree+0xca/0x310 [ 863.778309][T14487] dump_stack+0x15/0x1d [ 863.782440][T14487] should_fail+0x3c0/0x510 [ 863.786833][T14487] should_fail_usercopy+0x1a/0x20 [ 863.791831][T14487] _copy_from_user+0x20/0xd0 [ 863.796397][T14487] __copy_msghdr_from_user+0xaf/0x730 [ 863.801753][T14487] ? __import_iovec+0x343/0x3b0 [ 863.806581][T14487] ? __ia32_sys_shutdown+0x70/0x70 [ 863.811672][T14487] io_recvmsg_copy_hdr+0x1cf/0x7f0 [ 863.816762][T14487] ? io_poll_remove_one+0xf90/0xf90 [ 863.821943][T14487] ? arch_stack_walk+0xf8/0x140 [ 863.826830][T14487] io_issue_sqe+0x2ccf/0xfc10 [ 863.831483][T14487] ? __io_req_task_cancel+0x720/0x720 [ 863.836835][T14487] ? __rcu_read_lock+0x50/0x50 [ 863.841570][T14487] ? is_bpf_text_address+0x1a2/0x1c0 [ 863.846830][T14487] ? stack_trace_save+0x1e0/0x1e0 [ 863.851945][T14487] ? __kernel_text_address+0x9a/0x110 [ 863.857298][T14487] ? kmem_cache_free+0xaa/0x1e0 [ 863.862128][T14487] ? kmem_cache_free+0xaa/0x1e0 [ 863.866957][T14487] ? kasan_set_track+0x63/0x80 [ 863.871697][T14487] ? kasan_set_track+0x4c/0x80 [ 863.876435][T14487] ? kasan_set_free_info+0x23/0x40 [ 863.881519][T14487] ? ____kasan_slab_free+0x133/0x170 [ 863.886779][T14487] ? __kasan_slab_free+0x11/0x20 [ 863.891688][T14487] ? slab_free_freelist_hook+0xb2/0x180 [ 863.897207][T14487] ? kmem_cache_free+0xaa/0x1e0 [ 863.902031][T14487] ? __io_free_req+0x20e/0x380 [ 863.906769][T14487] ? io_req_complete+0xeb/0x610 [ 863.911589][T14487] ? __io_queue_sqe+0x1070/0x2fa0 [ 863.916594][T14487] ? io_queue_sqe+0x295/0x1180 [ 863.921336][T14487] ? io_submit_sqe+0x385/0xfd0 [ 863.926078][T14487] ? io_submit_sqes+0x1050/0x2da0 [ 863.931080][T14487] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 863.936780][T14487] ? __x64_sys_io_uring_enter+0xe5/0x100 [ 863.942388][T14487] ? do_syscall_64+0x31/0x70 [ 863.946950][T14487] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 863.952993][T14487] ? kmem_cache_free+0xaa/0x1e0 [ 863.957824][T14487] ? debug_smp_processor_id+0x1c/0x20 [ 863.963168][T14487] ? __set_page_owner+0x2e2/0x300 [ 863.968166][T14487] ? kmem_cache_free+0xaa/0x1e0 [ 863.972988][T14487] ? ____kasan_slab_free+0x13e/0x170 [ 863.978248][T14487] ? __kasan_slab_free+0x11/0x20 [ 863.983159][T14487] ? slab_free_freelist_hook+0xb2/0x180 [ 863.988674][T14487] ? __rcu_read_lock+0x50/0x50 [ 863.993413][T14487] ? io_req_prep+0x1906/0x51b0 [ 863.998153][T14487] ? io_queue_sqe+0x1180/0x1180 [ 864.002976][T14487] __io_queue_sqe+0x2cf/0x2fa0 [ 864.007717][T14487] io_queue_sqe+0x295/0x1180 [ 864.012281][T14487] io_submit_sqe+0x385/0xfd0 [ 864.016842][T14487] ? io_file_get+0x437/0x9c0 [ 864.021407][T14487] io_submit_sqes+0x1050/0x2da0 [ 864.026236][T14487] ? io_uring_add_task_file+0x290/0x290 [ 864.031753][T14487] ? security_file_permission+0xa8/0xc0 [ 864.037276][T14487] ? __kasan_check_write+0x14/0x20 [ 864.042377][T14487] ? mutex_lock+0xa6/0x110 [ 864.046785][T14487] ? io_uring_add_task_file+0x127/0x290 [ 864.052310][T14487] ? __fdget+0x1b5/0x240 [ 864.056530][T14487] __se_sys_io_uring_enter+0x322/0x12b0 [ 864.062052][T14487] ? __fget_files+0x26d/0x2c0 [ 864.066705][T14487] ? __kasan_check_write+0x14/0x20 [ 864.071786][T14487] ? fput_many+0x47/0x1a0 [ 864.076139][T14487] ? __x64_sys_io_uring_enter+0x100/0x100 [ 864.081830][T14487] ? __ia32_sys_read+0x90/0x90 [ 864.086568][T14487] ? debug_smp_processor_id+0x1c/0x20 [ 864.091911][T14487] __x64_sys_io_uring_enter+0xe5/0x100 [ 864.097341][T14487] do_syscall_64+0x31/0x70 [ 864.101737][T14487] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 864.107602][T14487] RIP: 0033:0x7f5fb5d49a39 [ 864.111989][T14487] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 864.131568][T14487] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 864.139956][T14487] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 864.147902][T14487] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 [ 864.155852][T14487] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 [ 864.163798][T14487] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 03:40:56 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 34) [ 864.171747][T14487] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:40:56 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0xa0650000}, 0x0) [ 864.261720][T14745] FAULT_INJECTION: forcing a failure. [ 864.261720][T14745] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 864.267689][T14765] incfs: Options parsing error. -22 [ 864.282174][T14745] CPU: 1 PID: 14745 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 864.293281][T14765] incfs: Options parsing error. -22 [ 864.293796][T14745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 03:40:57 executing program 1: r0 = gettid() ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) gettid() waitid(0x0, r0, &(0x7f0000000240), 0x1, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file1\x00', &(0x7f0000000140), 0x2001410, &(0x7f00000000c0)=ANY=[@ANYBLOB="776fe0a5b3a3d6e036eb3957709cdc7f0074a977cb0c3d51731087df938725e2843aecff227da9b3d801cf0ac36f67f12a"]) mount$bpf(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000180), 0x20a2, &(0x7f00000001c0)={[{@mode={'mode', 0x3d, 0x1}}, {@mode={'mode', 0x3d, 0x7ff}}], [{@fsmagic={'fsmagic', 0x3d, 0x2}}, {@dont_measure}, {@dont_hash}]}) 03:40:57 executing program 3: unshare(0x40000400) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x2, 0x4, 0x4, 0x1}, 0x40) bpf$MAP_LOOKUP_BATCH(0xe, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0}, 0x38) [ 864.293802][T14745] Call Trace: [ 864.293818][T14745] dump_stack_lvl+0x1e2/0x24b [ 864.293836][T14745] ? show_regs_print_info+0x18/0x18 [ 864.322156][T14745] dump_stack+0x15/0x1d [ 864.326310][T14745] should_fail+0x3c0/0x510 [ 864.330713][T14745] should_fail_usercopy+0x1a/0x20 [ 864.335725][T14745] _copy_from_user+0x20/0xd0 [ 864.340310][T14745] iovec_from_user+0xc7/0x310 [ 864.344982][T14745] ? __ia32_sys_shutdown+0x70/0x70 [ 864.350096][T14745] __import_iovec+0x72/0x3b0 [ 864.354684][T14745] io_recvmsg_copy_hdr+0x396/0x7f0 [ 864.359803][T14745] ? io_poll_remove_one+0xf90/0xf90 [ 864.364975][T14745] ? arch_stack_walk+0xf8/0x140 [ 864.369798][T14745] io_issue_sqe+0x2ccf/0xfc10 [ 864.374448][T14745] ? __io_req_task_cancel+0x720/0x720 [ 864.379791][T14745] ? __rcu_read_lock+0x50/0x50 [ 864.384526][T14745] ? is_bpf_text_address+0x1a2/0x1c0 [ 864.389781][T14745] ? stack_trace_save+0x1e0/0x1e0 [ 864.394792][T14745] ? __kernel_text_address+0x9a/0x110 [ 864.400177][T14745] ? kmem_cache_free+0xaa/0x1e0 [ 864.405021][T14745] ? kmem_cache_free+0xaa/0x1e0 [ 864.409868][T14745] ? kasan_set_track+0x63/0x80 [ 864.414615][T14745] ? kasan_set_track+0x4c/0x80 [ 864.419351][T14745] ? kasan_set_free_info+0x23/0x40 [ 864.424431][T14745] ? ____kasan_slab_free+0x133/0x170 [ 864.429683][T14745] ? __kasan_slab_free+0x11/0x20 [ 864.434593][T14745] ? slab_free_freelist_hook+0xb2/0x180 [ 864.440109][T14745] ? kmem_cache_free+0xaa/0x1e0 [ 864.444930][T14745] ? __io_free_req+0x20e/0x380 [ 864.449664][T14745] ? io_req_complete+0xeb/0x610 [ 864.454490][T14745] ? kvm_sched_clock_read+0x19/0x40 [ 864.459659][T14745] ? sched_clock+0x3a/0x40 [ 864.464046][T14745] ? sched_clock_cpu+0x1b/0x3c0 [ 864.468867][T14745] ? sched_clock+0x3a/0x40 [ 864.473257][T14745] ? handle_fasteoi_nmi+0x350/0x350 [ 864.478440][T14745] ? __irq_exit_rcu+0x41/0x150 [ 864.483175][T14745] ? handle_fasteoi_nmi+0x350/0x350 [ 864.488341][T14745] ? irq_exit_rcu+0x9/0x10 [ 864.492729][T14745] ? common_interrupt+0x14e/0x1e0 [ 864.497727][T14745] ? asm_common_interrupt+0x1e/0x40 [ 864.502897][T14745] ? io_req_prep+0xb9/0x51b0 [ 864.507458][T14745] ? __sanitizer_cov_trace_switch+0xf4/0x100 [ 864.513409][T14745] ? io_req_prep+0x1906/0x51b0 [ 864.518147][T14745] ? io_queue_sqe+0x1180/0x1180 [ 864.522966][T14745] __io_queue_sqe+0x2cf/0x2fa0 [ 864.527704][T14745] io_queue_sqe+0x295/0x1180 [ 864.532266][T14745] io_submit_sqe+0x385/0xfd0 [ 864.536825][T14745] ? io_file_get+0x437/0x9c0 [ 864.541387][T14745] io_submit_sqes+0x1050/0x2da0 [ 864.546211][T14745] ? io_uring_add_task_file+0x290/0x290 [ 864.551731][T14745] ? security_file_permission+0xa8/0xc0 [ 864.557248][T14745] ? __kasan_check_write+0x14/0x20 [ 864.562328][T14745] ? mutex_lock+0xa6/0x110 [ 864.566715][T14745] ? io_uring_add_task_file+0x127/0x290 [ 864.572233][T14745] ? __fdget+0x1b5/0x240 [ 864.576446][T14745] __se_sys_io_uring_enter+0x322/0x12b0 [ 864.581963][T14745] ? __fget_files+0x26d/0x2c0 [ 864.586612][T14745] ? __kasan_check_write+0x14/0x20 [ 864.591691][T14745] ? fput_many+0x47/0x1a0 [ 864.595991][T14745] ? __x64_sys_io_uring_enter+0x100/0x100 [ 864.601683][T14745] ? __ia32_sys_read+0x90/0x90 [ 864.606418][T14745] ? debug_smp_processor_id+0x1c/0x20 [ 864.611758][T14745] __x64_sys_io_uring_enter+0xe5/0x100 [ 864.617185][T14745] do_syscall_64+0x31/0x70 [ 864.621575][T14745] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 864.627439][T14745] RIP: 0033:0x7f5fb5d49a39 [ 864.631833][T14745] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 864.651408][T14745] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa 03:40:57 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0xe0efff7f00000000, 0x0, 0x0) 03:40:57 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x38, 0x0, 0x0) 03:40:57 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 35) [ 864.659790][T14745] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 864.667734][T14745] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 [ 864.675677][T14745] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 [ 864.683623][T14745] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 864.691568][T14745] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:40:57 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0xeaffffff}, 0x0) 03:40:57 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) recvmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000380)=""/126, 0x7e}, {&(0x7f0000000400)=""/179, 0xb3}, {&(0x7f00000004c0)=""/28, 0x1c}, {&(0x7f0000000500)=""/91, 0x5b}, {&(0x7f0000000580)=""/38, 0x26}, {&(0x7f00000005c0)=""/205, 0xcd}, {&(0x7f00000006c0)=""/234, 0xea}, {&(0x7f00000007c0)=""/132, 0x84}], 0x8}, 0x40) stat(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB='rlog_wakeup_cnt=00000000000\x00\x00\x00\x0000000,\x00']) mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180), 0x48082, &(0x7f00000001c0)={[{@xino_on}, {@upperdir={'upperdir', 0x3d, './file0'}}], [{@dont_measure}, {@smackfsroot={'smackfsroot', 0x3d, 'rlog_wakeup_cnt'}}, {@obj_type={'obj_type', 0x3d, 'incremental-fs\x00'}}, {@mask={'mask', 0x3d, 'MAY_EXEC'}}, {@obj_role={'obj_role', 0x3d, 'incremental-fs\x00'}}, {@obj_role={'obj_role', 0x3d, 'incremental-fs\x00'}}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, 'incremental-fs\x00'}}]}) 03:40:57 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0xeffdffff00000000, 0x0, 0x0) [ 864.808969][T14972] FAULT_INJECTION: forcing a failure. [ 864.808969][T14972] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 864.832051][T14972] CPU: 1 PID: 14972 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 864.843685][T14972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 864.853716][T14972] Call Trace: [ 864.856988][T14972] dump_stack_lvl+0x1e2/0x24b [ 864.861639][T14972] ? show_regs_print_info+0x18/0x18 [ 864.866807][T14972] ? kfree+0xca/0x310 [ 864.870761][T14972] dump_stack+0x15/0x1d [ 864.874891][T14972] should_fail+0x3c0/0x510 [ 864.879278][T14972] should_fail_usercopy+0x1a/0x20 [ 864.884272][T14972] _copy_from_user+0x20/0xd0 [ 864.888834][T14972] __copy_msghdr_from_user+0xaf/0x730 [ 864.894178][T14972] ? __import_iovec+0x343/0x3b0 [ 864.899001][T14972] ? __ia32_sys_shutdown+0x70/0x70 [ 864.904085][T14972] io_recvmsg_copy_hdr+0x1cf/0x7f0 [ 864.909168][T14972] ? io_poll_remove_one+0xf90/0xf90 [ 864.914335][T14972] ? arch_stack_walk+0xf8/0x140 [ 864.919156][T14972] io_issue_sqe+0x2ccf/0xfc10 [ 864.923805][T14972] ? __io_req_task_cancel+0x720/0x720 [ 864.929148][T14972] ? __rcu_read_lock+0x50/0x50 [ 864.933882][T14972] ? is_bpf_text_address+0x1a2/0x1c0 [ 864.939139][T14972] ? stack_trace_save+0x1e0/0x1e0 [ 864.944134][T14972] ? __kernel_text_address+0x9a/0x110 [ 864.949485][T14972] ? kmem_cache_free+0xaa/0x1e0 [ 864.954305][T14972] ? kmem_cache_free+0xaa/0x1e0 [ 864.959126][T14972] ? kasan_set_track+0x63/0x80 [ 864.963859][T14972] ? kasan_set_track+0x4c/0x80 [ 864.968595][T14972] ? kasan_set_free_info+0x23/0x40 [ 864.973677][T14972] ? ____kasan_slab_free+0x133/0x170 [ 864.978932][T14972] ? __kasan_slab_free+0x11/0x20 [ 864.983840][T14972] ? slab_free_freelist_hook+0xb2/0x180 [ 864.989414][T14972] ? kmem_cache_free+0xaa/0x1e0 [ 864.994254][T14972] ? __io_free_req+0x20e/0x380 [ 864.998995][T14972] ? io_req_complete+0xeb/0x610 [ 865.003815][T14972] ? __io_queue_sqe+0x1070/0x2fa0 [ 865.008815][T14972] ? io_queue_sqe+0x295/0x1180 [ 865.013550][T14972] ? io_submit_sqe+0x385/0xfd0 [ 865.018287][T14972] ? io_submit_sqes+0x1050/0x2da0 [ 865.023280][T14972] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 865.028969][T14972] ? __x64_sys_io_uring_enter+0xe5/0x100 [ 865.034574][T14972] ? do_syscall_64+0x31/0x70 [ 865.039135][T14972] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 865.045184][T14972] ? kmem_cache_free+0xaa/0x1e0 [ 865.050002][T14972] ? debug_smp_processor_id+0x1c/0x20 [ 865.055343][T14972] ? update_load_avg+0x45c/0xa00 [ 865.060251][T14972] ? kmem_cache_free+0xaa/0x1e0 [ 865.065073][T14972] ? ____kasan_slab_free+0x13e/0x170 [ 865.070329][T14972] ? __kasan_slab_free+0x11/0x20 [ 865.075238][T14972] ? slab_free_freelist_hook+0xb2/0x180 [ 865.080754][T14972] ? __rcu_read_lock+0x50/0x50 [ 865.085490][T14972] ? io_req_prep+0x1906/0x51b0 [ 865.090227][T14972] ? io_queue_sqe+0x1180/0x1180 [ 865.095050][T14972] __io_queue_sqe+0x2cf/0x2fa0 [ 865.099786][T14972] io_queue_sqe+0x295/0x1180 [ 865.104347][T14972] io_submit_sqe+0x385/0xfd0 [ 865.108908][T14972] ? io_file_get+0x437/0x9c0 [ 865.113469][T14972] io_submit_sqes+0x1050/0x2da0 [ 865.118314][T14972] ? io_uring_add_task_file+0x290/0x290 [ 865.123847][T14972] ? __kasan_check_write+0x14/0x20 [ 865.128945][T14972] ? mutex_lock+0xa6/0x110 [ 865.133334][T14972] ? io_uring_add_task_file+0x127/0x290 [ 865.138849][T14972] ? __fdget+0x1b5/0x240 [ 865.143060][T14972] __se_sys_io_uring_enter+0x322/0x12b0 [ 865.148577][T14972] ? __fget_files+0x26d/0x2c0 [ 865.153226][T14972] ? __kasan_check_write+0x14/0x20 [ 865.158307][T14972] ? fput_many+0x47/0x1a0 [ 865.162610][T14972] ? __x64_sys_io_uring_enter+0x100/0x100 [ 865.168301][T14972] ? __ia32_sys_read+0x90/0x90 [ 865.173038][T14972] ? debug_smp_processor_id+0x1c/0x20 [ 865.178384][T14972] __x64_sys_io_uring_enter+0xe5/0x100 [ 865.183813][T14972] do_syscall_64+0x31/0x70 [ 865.188217][T14972] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 865.194083][T14972] RIP: 0033:0x7f5fb5d49a39 [ 865.198475][T14972] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 865.218050][T14972] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 865.226436][T14972] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 865.234378][T14972] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 [ 865.242321][T14972] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 [ 865.250264][T14972] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 03:40:57 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x118, 0x0, 0x0) 03:40:57 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0xefffffff}, 0x0) 03:40:58 executing program 3: unshare(0x40000400) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x2, 0x4, 0x4, 0x1}, 0x40) bpf$MAP_LOOKUP_BATCH(0xf, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0}, 0x38) 03:40:58 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 36) [ 865.258206][T14972] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:40:58 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0xf0ffffff}, 0x0) 03:40:58 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000000c0)={[{@rlog_wakeup_cnt}]}) chdir(&(0x7f0000000080)='./file0\x00') 03:40:58 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0xfeffffff}, 0x0) 03:40:58 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0xc00, 0x0, 0x0) 03:40:58 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0xffffff7f}, 0x0) [ 865.401462][T15197] FAULT_INJECTION: forcing a failure. [ 865.401462][T15197] name failslab, interval 1, probability 0, space 0, times 0 [ 865.446982][T15197] CPU: 0 PID: 15197 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 865.458621][T15197] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 865.468672][T15197] Call Trace: [ 865.471968][T15197] dump_stack_lvl+0x1e2/0x24b [ 865.476635][T15197] ? devkmsg_release+0x127/0x127 [ 865.481566][T15197] ? show_regs_print_info+0x18/0x18 [ 865.486753][T15197] dump_stack+0x15/0x1d [ 865.490903][T15197] should_fail+0x3c0/0x510 03:40:58 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0xf5ffffff00000000, 0x0, 0x0) 03:40:58 executing program 3: unshare(0x40000400) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x2, 0x4, 0x4, 0x1}, 0x40) bpf$MAP_LOOKUP_BATCH(0x10, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0}, 0x38) [ 865.495320][T15197] ? iovec_from_user+0x8a/0x310 [ 865.500167][T15197] __should_failslab+0x9f/0xe0 [ 865.504950][T15197] should_failslab+0x9/0x20 [ 865.509463][T15197] __kmalloc+0x68/0x3d0 [ 865.513605][T15197] ? _copy_from_user+0x93/0xd0 [ 865.518350][T15197] iovec_from_user+0x8a/0x310 [ 865.523004][T15197] ? __ia32_sys_shutdown+0x70/0x70 [ 865.528088][T15197] __import_iovec+0x72/0x3b0 [ 865.532677][T15197] io_recvmsg_copy_hdr+0x396/0x7f0 [ 865.537788][T15197] ? io_poll_remove_one+0xf90/0xf90 03:40:58 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x81804, &(0x7f00000000c0)={[{@no_bf_readahead}]}) [ 865.542984][T15197] ? arch_stack_walk+0xf8/0x140 [ 865.547835][T15197] io_issue_sqe+0x2ccf/0xfc10 [ 865.552509][T15197] ? __io_req_task_cancel+0x720/0x720 [ 865.557878][T15197] ? __rcu_read_lock+0x50/0x50 [ 865.562639][T15197] ? is_bpf_text_address+0x1a2/0x1c0 [ 865.567918][T15197] ? stack_trace_save+0x1e0/0x1e0 [ 865.572929][T15197] ? __kernel_text_address+0x9a/0x110 [ 865.578302][T15197] ? kmem_cache_free+0xaa/0x1e0 [ 865.583147][T15197] ? kmem_cache_free+0xaa/0x1e0 [ 865.587997][T15197] ? kasan_set_track+0x63/0x80 [ 865.592758][T15197] ? kasan_set_track+0x4c/0x80 03:40:58 executing program 3: unshare(0x40000400) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x2, 0x4, 0x4, 0x1}, 0x40) bpf$MAP_LOOKUP_BATCH(0x11, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0}, 0x38) [ 865.597522][T15197] ? kasan_set_free_info+0x23/0x40 [ 865.602629][T15197] ? ____kasan_slab_free+0x133/0x170 [ 865.607910][T15197] ? __kasan_slab_free+0x11/0x20 [ 865.612842][T15197] ? slab_free_freelist_hook+0xb2/0x180 [ 865.618380][T15197] ? kmem_cache_free+0xaa/0x1e0 [ 865.623227][T15197] ? __io_free_req+0x20e/0x380 [ 865.627985][T15197] ? io_req_complete+0xeb/0x610 [ 865.632833][T15197] ? __io_queue_sqe+0x1070/0x2fa0 [ 865.637854][T15197] ? io_queue_sqe+0x295/0x1180 [ 865.642617][T15197] ? io_submit_sqe+0x385/0xfd0 03:40:58 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x1801, 0x0, 0x0) [ 865.647381][T15197] ? io_submit_sqes+0x1050/0x2da0 [ 865.652401][T15197] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 865.658123][T15197] ? __x64_sys_io_uring_enter+0xe5/0x100 [ 865.663755][T15197] ? do_syscall_64+0x31/0x70 [ 865.668343][T15197] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 865.674412][T15197] ? kmem_cache_free+0xaa/0x1e0 [ 865.679267][T15197] ? debug_smp_processor_id+0x1c/0x20 [ 865.684626][T15197] ? kmem_cache_free+0xaa/0x1e0 [ 865.689471][T15197] ? ____kasan_slab_free+0x13e/0x170 [ 865.694745][T15197] ? __kasan_slab_free+0x11/0x20 [ 865.699660][T15197] ? slab_free_freelist_hook+0xb2/0x180 [ 865.705179][T15197] ? __rcu_read_lock+0x50/0x50 [ 865.709925][T15197] ? io_req_prep+0x1906/0x51b0 [ 865.714683][T15197] ? io_queue_sqe+0x1180/0x1180 [ 865.719539][T15197] __io_queue_sqe+0x2cf/0x2fa0 [ 865.724304][T15197] io_queue_sqe+0x295/0x1180 [ 865.728893][T15197] io_submit_sqe+0x385/0xfd0 [ 865.733484][T15197] ? io_file_get+0x437/0x9c0 [ 865.738073][T15197] io_submit_sqes+0x1050/0x2da0 [ 865.742927][T15197] ? io_uring_add_task_file+0x290/0x290 03:40:58 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0xffffff81}, 0x0) [ 865.748476][T15197] ? security_file_permission+0xa8/0xc0 [ 865.754027][T15197] ? __kasan_check_write+0x14/0x20 [ 865.759134][T15197] ? mutex_lock+0xa6/0x110 [ 865.763548][T15197] ? io_uring_add_task_file+0x127/0x290 [ 865.769092][T15197] ? __fdget+0x1b5/0x240 [ 865.773337][T15197] __se_sys_io_uring_enter+0x322/0x12b0 [ 865.778889][T15197] ? __fget_files+0x26d/0x2c0 [ 865.783564][T15197] ? __kasan_check_write+0x14/0x20 [ 865.788670][T15197] ? fput_many+0x47/0x1a0 [ 865.793002][T15197] ? __x64_sys_io_uring_enter+0x100/0x100 [ 865.798719][T15197] ? __ia32_sys_read+0x90/0x90 [ 865.803476][T15197] ? debug_smp_processor_id+0x1c/0x20 [ 865.808844][T15197] __x64_sys_io_uring_enter+0xe5/0x100 [ 865.814305][T15197] do_syscall_64+0x31/0x70 [ 865.818719][T15197] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 865.824608][T15197] RIP: 0033:0x7f5fb5d49a39 [ 865.829021][T15197] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 03:40:58 executing program 3: unshare(0x40000400) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x2, 0x4, 0x4, 0x1}, 0x40) bpf$MAP_LOOKUP_BATCH(0x12, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0}, 0x38) 03:40:58 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 37) 03:40:58 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0xffffff9e}, 0x0) 03:40:58 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x1f00, 0x0, 0x0) 03:40:58 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0xffffff7f00000000, 0x0, 0x0) [ 865.848709][T15197] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 865.857130][T15197] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 865.865092][T15197] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 [ 865.873115][T15197] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 [ 865.881080][T15197] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 865.889051][T15197] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:40:58 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0xffffffea}, 0x0) 03:40:58 executing program 3: unshare(0x40000400) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x2, 0x4, 0x4, 0x1}, 0x40) bpf$MAP_LOOKUP_BATCH(0x13, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0}, 0x38) 03:40:58 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x70818, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './file1'}}, {@index_on}, {@nfs_export_on}, {@index_on}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@nfs_export_off}], [{@seclabel}]}) mount$overlay(0x0, &(0x7f0000000280)='./file1/file0\x00', &(0x7f00000002c0), 0x2000000, &(0x7f0000000300)={[{@xino_on}, {@index_off}], [{@pcr={'pcr', 0x3d, 0x1}}]}) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000000c0)={[{@rlog_wakeup_cnt}]}) creat(&(0x7f0000000080)='./file0\x00', 0x50) 03:40:58 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x3800, 0x0, 0x0) 03:40:58 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0xffffffffa0028000, 0x0, 0x0) [ 866.013303][T15779] FAULT_INJECTION: forcing a failure. [ 866.013303][T15779] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 866.026573][T15779] CPU: 1 PID: 15779 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 866.038201][T15779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 866.048255][T15779] Call Trace: [ 866.051681][T15779] dump_stack_lvl+0x1e2/0x24b [ 866.056332][T15779] ? show_regs_print_info+0x18/0x18 [ 866.061504][T15779] dump_stack+0x15/0x1d [ 866.065631][T15779] should_fail+0x3c0/0x510 [ 866.070025][T15779] should_fail_usercopy+0x1a/0x20 [ 866.075058][T15779] _copy_from_user+0x20/0xd0 [ 866.079622][T15779] iovec_from_user+0xc7/0x310 [ 866.084274][T15779] ? __ia32_sys_shutdown+0x70/0x70 [ 866.089353][T15779] __import_iovec+0x72/0x3b0 [ 866.093927][T15779] io_recvmsg_copy_hdr+0x396/0x7f0 [ 866.099010][T15779] ? io_poll_remove_one+0xf90/0xf90 [ 866.104179][T15779] ? arch_stack_walk+0xf8/0x140 [ 866.109000][T15779] io_issue_sqe+0x2ccf/0xfc10 [ 866.113648][T15779] ? __io_req_task_cancel+0x720/0x720 [ 866.118991][T15779] ? __rcu_read_lock+0x50/0x50 [ 866.123765][T15779] ? is_bpf_text_address+0x1a2/0x1c0 [ 866.129052][T15779] ? stack_trace_save+0x1e0/0x1e0 [ 866.134052][T15779] ? __kernel_text_address+0x9a/0x110 [ 866.139401][T15779] ? kmem_cache_free+0xaa/0x1e0 [ 866.144224][T15779] ? kmem_cache_free+0xaa/0x1e0 [ 866.149045][T15779] ? kasan_set_track+0x63/0x80 [ 866.153782][T15779] ? kasan_set_track+0x4c/0x80 [ 866.158517][T15779] ? kasan_set_free_info+0x23/0x40 [ 866.163601][T15779] ? ____kasan_slab_free+0x133/0x170 [ 866.168854][T15779] ? __kasan_slab_free+0x11/0x20 [ 866.173764][T15779] ? slab_free_freelist_hook+0xb2/0x180 [ 866.179279][T15779] ? kmem_cache_free+0xaa/0x1e0 [ 866.184099][T15779] ? __io_free_req+0x20e/0x380 [ 866.188834][T15779] ? io_req_complete+0xeb/0x610 [ 866.193656][T15779] ? __io_queue_sqe+0x1070/0x2fa0 [ 866.198649][T15779] ? io_queue_sqe+0x295/0x1180 [ 866.203383][T15779] ? io_submit_sqe+0x385/0xfd0 [ 866.208125][T15779] ? io_submit_sqes+0x1050/0x2da0 [ 866.213122][T15779] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 866.218810][T15779] ? __x64_sys_io_uring_enter+0xe5/0x100 [ 866.224412][T15779] ? do_syscall_64+0x31/0x70 [ 866.228976][T15779] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 866.235018][T15779] ? kmem_cache_free+0xaa/0x1e0 [ 866.239842][T15779] ? debug_smp_processor_id+0x1c/0x20 [ 866.245201][T15779] ? kmem_cache_free+0xaa/0x1e0 [ 866.250024][T15779] ? ____kasan_slab_free+0x13e/0x170 [ 866.255286][T15779] ? __kasan_slab_free+0x11/0x20 [ 866.260197][T15779] ? slab_free_freelist_hook+0xb2/0x180 [ 866.265714][T15779] ? __rcu_read_lock+0x50/0x50 [ 866.270459][T15779] ? io_req_prep+0x1906/0x51b0 [ 866.275197][T15779] ? io_queue_sqe+0x1180/0x1180 [ 866.280020][T15779] __io_queue_sqe+0x2cf/0x2fa0 [ 866.284752][T15779] io_queue_sqe+0x295/0x1180 [ 866.289313][T15779] io_submit_sqe+0x385/0xfd0 [ 866.293871][T15779] ? io_file_get+0x437/0x9c0 [ 866.298432][T15779] io_submit_sqes+0x1050/0x2da0 [ 866.303258][T15779] ? io_uring_add_task_file+0x290/0x290 [ 866.308775][T15779] ? security_file_permission+0xa8/0xc0 [ 866.314292][T15779] ? __kasan_check_write+0x14/0x20 [ 866.319376][T15779] ? mutex_lock+0xa6/0x110 [ 866.323763][T15779] ? io_uring_add_task_file+0x127/0x290 [ 866.329279][T15779] ? __fdget+0x1b5/0x240 [ 866.333492][T15779] __se_sys_io_uring_enter+0x322/0x12b0 [ 866.339007][T15779] ? __fget_files+0x26d/0x2c0 [ 866.343698][T15779] ? __kasan_check_write+0x14/0x20 [ 866.348780][T15779] ? fput_many+0x47/0x1a0 [ 866.353081][T15779] ? __x64_sys_io_uring_enter+0x100/0x100 [ 866.358770][T15779] ? __ia32_sys_read+0x90/0x90 [ 866.363508][T15779] ? debug_smp_processor_id+0x1c/0x20 [ 866.368851][T15779] __x64_sys_io_uring_enter+0xe5/0x100 [ 866.374319][T15779] do_syscall_64+0x31/0x70 [ 866.378710][T15779] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 866.384609][T15779] RIP: 0033:0x7f5fb5d49a39 [ 866.388995][T15779] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 03:40:59 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 38) 03:40:59 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0xffffffef}, 0x0) [ 866.408570][T15779] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 866.416952][T15779] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 866.424895][T15779] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 [ 866.432847][T15779] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 [ 866.440790][T15779] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 866.448731][T15779] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:40:59 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x2) [ 866.551927][T15866] FAULT_INJECTION: forcing a failure. [ 866.551927][T15866] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 866.565220][T15866] CPU: 0 PID: 15866 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 866.576844][T15866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 866.586895][T15866] Call Trace: [ 866.590189][T15866] dump_stack_lvl+0x1e2/0x24b [ 866.594865][T15866] ? show_regs_print_info+0x18/0x18 [ 866.600052][T15866] ? kfree+0xca/0x310 [ 866.604014][T15866] dump_stack+0x15/0x1d [ 866.608149][T15866] should_fail+0x3c0/0x510 [ 866.612550][T15866] should_fail_usercopy+0x1a/0x20 [ 866.617555][T15866] _copy_from_user+0x20/0xd0 [ 866.622140][T15866] __copy_msghdr_from_user+0xaf/0x730 [ 866.627498][T15866] ? __import_iovec+0x343/0x3b0 [ 866.632334][T15866] ? __ia32_sys_shutdown+0x70/0x70 [ 866.637433][T15866] io_recvmsg_copy_hdr+0x1cf/0x7f0 [ 866.642521][T15866] ? io_poll_remove_one+0xf90/0xf90 [ 866.647702][T15866] ? arch_stack_walk+0xf8/0x140 03:40:59 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x4000, 0x0, 0x0) [ 866.652547][T15866] io_issue_sqe+0x2ccf/0xfc10 [ 866.657200][T15866] ? __io_req_task_cancel+0x720/0x720 [ 866.662560][T15866] ? __rcu_read_lock+0x50/0x50 [ 866.667312][T15866] ? is_bpf_text_address+0x1a2/0x1c0 [ 866.672583][T15866] ? stack_trace_save+0x1e0/0x1e0 [ 866.677597][T15866] ? __kernel_text_address+0x9a/0x110 [ 866.682969][T15866] ? kmem_cache_free+0xaa/0x1e0 [ 866.688201][T15866] ? kmem_cache_free+0xaa/0x1e0 [ 866.693049][T15866] ? kasan_set_track+0x63/0x80 [ 866.697810][T15866] ? kasan_set_track+0x4c/0x80 03:40:59 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x4) [ 866.702574][T15866] ? kasan_set_free_info+0x23/0x40 [ 866.707677][T15866] ? ____kasan_slab_free+0x133/0x170 [ 866.712961][T15866] ? __kasan_slab_free+0x11/0x20 [ 866.717890][T15866] ? slab_free_freelist_hook+0xb2/0x180 [ 866.723414][T15866] ? kmem_cache_free+0xaa/0x1e0 [ 866.728257][T15866] ? __io_free_req+0x20e/0x380 [ 866.733012][T15866] ? io_req_complete+0xeb/0x610 [ 866.737843][T15866] ? __io_queue_sqe+0x1070/0x2fa0 [ 866.742889][T15866] ? io_queue_sqe+0x295/0x1180 [ 866.747627][T15866] ? io_submit_sqe+0x385/0xfd0 03:40:59 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x4041, 0x0, 0x0) 03:40:59 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x8) [ 866.752394][T15866] ? io_submit_sqes+0x1050/0x2da0 [ 866.757424][T15866] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 866.763139][T15866] ? __x64_sys_io_uring_enter+0xe5/0x100 [ 866.768775][T15866] ? do_syscall_64+0x31/0x70 [ 866.773367][T15866] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 866.779444][T15866] ? kmem_cache_free+0xaa/0x1e0 [ 866.784292][T15866] ? debug_smp_processor_id+0x1c/0x20 [ 866.789661][T15866] ? kmem_cache_free+0xaa/0x1e0 [ 866.794510][T15866] ? ____kasan_slab_free+0x13e/0x170 [ 866.799813][T15866] ? __kasan_slab_free+0x11/0x20 [ 866.804748][T15866] ? slab_free_freelist_hook+0xb2/0x180 [ 866.810280][T15866] ? __rcu_read_lock+0x50/0x50 [ 866.815032][T15866] ? io_req_prep+0x1906/0x51b0 [ 866.819806][T15866] ? io_queue_sqe+0x1180/0x1180 [ 866.824660][T15866] __io_queue_sqe+0x2cf/0x2fa0 [ 866.829423][T15866] io_queue_sqe+0x295/0x1180 [ 866.834014][T15866] io_submit_sqe+0x385/0xfd0 [ 866.838604][T15866] ? io_file_get+0x437/0x9c0 [ 866.843178][T15866] io_submit_sqes+0x1050/0x2da0 03:40:59 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0xc) [ 866.848013][T15866] ? io_uring_add_task_file+0x290/0x290 [ 866.853536][T15866] ? security_file_permission+0xa8/0xc0 [ 866.859113][T15866] ? __kasan_check_write+0x14/0x20 [ 866.864222][T15866] ? mutex_lock+0xa6/0x110 [ 866.868641][T15866] ? io_uring_add_task_file+0x127/0x290 [ 866.874180][T15866] ? __fdget+0x1b5/0x240 [ 866.878418][T15866] __se_sys_io_uring_enter+0x322/0x12b0 [ 866.883959][T15866] ? __fget_files+0x26d/0x2c0 [ 866.888634][T15866] ? __kasan_check_write+0x14/0x20 [ 866.893742][T15866] ? fput_many+0x47/0x1a0 [ 866.898070][T15866] ? __x64_sys_io_uring_enter+0x100/0x100 [ 866.903789][T15866] ? __ia32_sys_read+0x90/0x90 [ 866.908558][T15866] ? debug_smp_processor_id+0x1c/0x20 [ 866.913929][T15866] __x64_sys_io_uring_enter+0xe5/0x100 [ 866.919392][T15866] do_syscall_64+0x31/0x70 [ 866.923810][T15866] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 866.929692][T15866] RIP: 0033:0x7f5fb5d49a39 [ 866.934095][T15866] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 03:40:59 executing program 3: unshare(0x40000400) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x2, 0x4, 0x4, 0x1}, 0x40) bpf$MAP_LOOKUP_BATCH(0x14, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0}, 0x38) [ 866.953696][T15866] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 866.962102][T15866] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 866.970074][T15866] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 [ 866.978047][T15866] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 [ 866.986025][T15866] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 866.993994][T15866] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:40:59 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x1000000, &(0x7f00000002c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file0'}}], [{@hash}]}) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000080), 0x1201004, &(0x7f0000000140)={[{@no_bf_cache={'no_bf_cache', 0x3d, 0x1}}]}) lsetxattr(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)=@known='trusted.syz\x00', &(0x7f0000000200)='incremental-fs\x00', 0xf, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') mount(&(0x7f0000000300)=@filename='./file0\x00', &(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='fuse\x00', 0x1, &(0x7f00000003c0)='lowerdir') 03:40:59 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x4140, 0x0, 0x0) 03:40:59 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x38) 03:40:59 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 39) 03:40:59 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0xfffffff0}, 0x0) 03:40:59 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0xfffffffe}, 0x0) 03:40:59 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x7e80, 0x0, 0x0) 03:40:59 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x118) 03:40:59 executing program 3: unshare(0x40000400) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x2, 0x4, 0x4, 0x1}, 0x40) bpf$MAP_LOOKUP_BATCH(0x15, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0}, 0x38) [ 867.146990][T16474] FAULT_INJECTION: forcing a failure. [ 867.146990][T16474] name failslab, interval 1, probability 0, space 0, times 0 [ 867.159688][T16474] CPU: 1 PID: 16474 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 867.171292][T16474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 867.181326][T16474] Call Trace: [ 867.184599][T16474] dump_stack_lvl+0x1e2/0x24b [ 867.189249][T16474] ? devkmsg_release+0x127/0x127 [ 867.194161][T16474] ? show_regs_print_info+0x18/0x18 [ 867.199336][T16474] dump_stack+0x15/0x1d [ 867.203465][T16474] should_fail+0x3c0/0x510 [ 867.207859][T16474] ? iovec_from_user+0x8a/0x310 [ 867.212682][T16474] __should_failslab+0x9f/0xe0 [ 867.217423][T16474] should_failslab+0x9/0x20 [ 867.221898][T16474] __kmalloc+0x68/0x3d0 [ 867.226025][T16474] ? _copy_from_user+0x93/0xd0 [ 867.230760][T16474] iovec_from_user+0x8a/0x310 [ 867.235417][T16474] ? __ia32_sys_shutdown+0x70/0x70 [ 867.240501][T16474] __import_iovec+0x72/0x3b0 [ 867.245073][T16474] io_recvmsg_copy_hdr+0x396/0x7f0 [ 867.250164][T16474] ? io_poll_remove_one+0xf90/0xf90 [ 867.255332][T16474] ? arch_stack_walk+0xf8/0x140 [ 867.260158][T16474] io_issue_sqe+0x2ccf/0xfc10 [ 867.264812][T16474] ? __io_req_task_cancel+0x720/0x720 [ 867.270157][T16474] ? __rcu_read_lock+0x50/0x50 [ 867.274898][T16474] ? is_bpf_text_address+0x1a2/0x1c0 [ 867.280154][T16474] ? stack_trace_save+0x1e0/0x1e0 [ 867.285151][T16474] ? __kernel_text_address+0x9a/0x110 [ 867.290504][T16474] ? kmem_cache_free+0xaa/0x1e0 [ 867.295338][T16474] ? kmem_cache_free+0xaa/0x1e0 [ 867.300160][T16474] ? kasan_set_track+0x63/0x80 [ 867.304897][T16474] ? kasan_set_track+0x4c/0x80 [ 867.309643][T16474] ? kasan_set_free_info+0x23/0x40 [ 867.314785][T16474] ? ____kasan_slab_free+0x133/0x170 [ 867.320061][T16474] ? __kasan_slab_free+0x11/0x20 [ 867.324977][T16474] ? slab_free_freelist_hook+0xb2/0x180 [ 867.330499][T16474] ? kmem_cache_free+0xaa/0x1e0 [ 867.335363][T16474] ? __io_free_req+0x20e/0x380 [ 867.340101][T16474] ? io_req_complete+0xeb/0x610 [ 867.344928][T16474] ? __io_queue_sqe+0x1070/0x2fa0 [ 867.349931][T16474] ? io_queue_sqe+0x295/0x1180 [ 867.354670][T16474] ? io_submit_sqe+0x385/0xfd0 [ 867.359408][T16474] ? io_submit_sqes+0x1050/0x2da0 [ 867.364403][T16474] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 867.370090][T16474] ? __x64_sys_io_uring_enter+0xe5/0x100 [ 867.375696][T16474] ? do_syscall_64+0x31/0x70 [ 867.380257][T16474] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 867.386299][T16474] ? kmem_cache_free+0xaa/0x1e0 [ 867.391124][T16474] ? debug_smp_processor_id+0x1c/0x20 [ 867.396466][T16474] ? kmem_cache_free+0xaa/0x1e0 [ 867.401288][T16474] ? ____kasan_slab_free+0x13e/0x170 [ 867.406543][T16474] ? __kasan_slab_free+0x11/0x20 [ 867.411454][T16474] ? slab_free_freelist_hook+0xb2/0x180 [ 867.416985][T16474] ? __rcu_read_lock+0x50/0x50 [ 867.421723][T16474] ? io_req_prep+0x1906/0x51b0 [ 867.426462][T16474] ? io_queue_sqe+0x1180/0x1180 [ 867.431285][T16474] __io_queue_sqe+0x2cf/0x2fa0 [ 867.436023][T16474] io_queue_sqe+0x295/0x1180 [ 867.440588][T16474] io_submit_sqe+0x385/0xfd0 [ 867.445146][T16474] ? io_file_get+0x437/0x9c0 [ 867.449709][T16474] io_submit_sqes+0x1050/0x2da0 [ 867.454538][T16474] ? io_uring_add_task_file+0x290/0x290 [ 867.460067][T16474] ? security_file_permission+0xa8/0xc0 [ 867.465596][T16474] ? __kasan_check_write+0x14/0x20 [ 867.470681][T16474] ? mutex_lock+0xa6/0x110 [ 867.475069][T16474] ? io_uring_add_task_file+0x127/0x290 [ 867.480585][T16474] ? __fdget+0x1b5/0x240 [ 867.484800][T16474] __se_sys_io_uring_enter+0x322/0x12b0 [ 867.490315][T16474] ? __fget_files+0x26d/0x2c0 [ 867.494967][T16474] ? __kasan_check_write+0x14/0x20 [ 867.500049][T16474] ? fput_many+0x47/0x1a0 [ 867.504350][T16474] ? __x64_sys_io_uring_enter+0x100/0x100 [ 867.510048][T16474] ? __ia32_sys_read+0x90/0x90 [ 867.514787][T16474] ? debug_smp_processor_id+0x1c/0x20 [ 867.520131][T16474] __x64_sys_io_uring_enter+0xe5/0x100 [ 867.525563][T16474] do_syscall_64+0x31/0x70 [ 867.529954][T16474] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 867.535818][T16474] RIP: 0033:0x7f5fb5d49a39 [ 867.540227][T16474] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 867.559804][T16474] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 867.568188][T16474] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 867.576134][T16474] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 [ 867.584080][T16474] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 03:41:00 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x8002a0ffffffff}, 0x0) 03:41:00 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 40) [ 867.592028][T16474] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 867.599976][T16474] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 [ 867.619106][T16483] overlayfs: unrecognized mount option "hash" or missing value [ 867.640330][T16483] overlayfs: unrecognized mount option "hash" or missing value 03:41:00 executing program 1: mkdir(&(0x7f0000000080)='./file0\x00', 0x2) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000000c0)={[{@rlog_wakeup_cnt}]}) stat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000180)) 03:41:00 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x807e, 0x0, 0x0) 03:41:00 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x80030000000000}, 0x0) 03:41:00 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0xc00) 03:41:00 executing program 3: unshare(0x40000400) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x2, 0x4, 0x4, 0x1}, 0x40) bpf$MAP_LOOKUP_BATCH(0x16, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0}, 0x38) [ 867.724464][T16704] FAULT_INJECTION: forcing a failure. [ 867.724464][T16704] name failslab, interval 1, probability 0, space 0, times 0 [ 867.739090][T16704] CPU: 1 PID: 16704 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 867.750719][T16704] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 867.760766][T16704] Call Trace: [ 867.764035][T16704] dump_stack_lvl+0x1e2/0x24b [ 867.768699][T16704] ? devkmsg_release+0x127/0x127 [ 867.773609][T16704] ? show_regs_print_info+0x18/0x18 [ 867.778780][T16704] dump_stack+0x15/0x1d [ 867.782911][T16704] should_fail+0x3c0/0x510 [ 867.787302][T16704] ? iovec_from_user+0x8a/0x310 [ 867.792122][T16704] __should_failslab+0x9f/0xe0 [ 867.796858][T16704] should_failslab+0x9/0x20 [ 867.801330][T16704] __kmalloc+0x68/0x3d0 [ 867.805455][T16704] ? _copy_from_user+0x93/0xd0 [ 867.810190][T16704] iovec_from_user+0x8a/0x310 [ 867.814842][T16704] ? __ia32_sys_shutdown+0x70/0x70 [ 867.819925][T16704] __import_iovec+0x72/0x3b0 [ 867.824503][T16704] io_recvmsg_copy_hdr+0x396/0x7f0 [ 867.829584][T16704] ? io_poll_remove_one+0xf90/0xf90 [ 867.834754][T16704] ? arch_stack_walk+0xf8/0x140 [ 867.839574][T16704] io_issue_sqe+0x2ccf/0xfc10 [ 867.844238][T16704] ? __io_req_task_cancel+0x720/0x720 [ 867.849595][T16704] ? __rcu_read_lock+0x50/0x50 [ 867.854332][T16704] ? is_bpf_text_address+0x1a2/0x1c0 [ 867.859600][T16704] ? stack_trace_save+0x1e0/0x1e0 [ 867.864599][T16704] ? __kernel_text_address+0x9a/0x110 [ 867.869946][T16704] ? kmem_cache_free+0xaa/0x1e0 [ 867.874767][T16704] ? kmem_cache_free+0xaa/0x1e0 [ 867.879588][T16704] ? kasan_set_track+0x63/0x80 [ 867.884341][T16704] ? kasan_set_track+0x4c/0x80 [ 867.889093][T16704] ? kasan_set_free_info+0x23/0x40 [ 867.894190][T16704] ? ____kasan_slab_free+0x133/0x170 [ 867.899450][T16704] ? __kasan_slab_free+0x11/0x20 [ 867.904358][T16704] ? slab_free_freelist_hook+0xb2/0x180 [ 867.909875][T16704] ? kmem_cache_free+0xaa/0x1e0 [ 867.914696][T16704] ? __io_free_req+0x20e/0x380 [ 867.919431][T16704] ? io_req_complete+0xeb/0x610 [ 867.924253][T16704] ? __io_queue_sqe+0x1070/0x2fa0 [ 867.929247][T16704] ? io_queue_sqe+0x295/0x1180 [ 867.934014][T16704] ? io_submit_sqe+0x385/0xfd0 [ 867.938752][T16704] ? io_submit_sqes+0x1050/0x2da0 [ 867.943748][T16704] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 867.949451][T16704] ? __x64_sys_io_uring_enter+0xe5/0x100 [ 867.955063][T16704] ? do_syscall_64+0x31/0x70 [ 867.959628][T16704] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 867.965678][T16704] ? kmem_cache_free+0xaa/0x1e0 [ 867.970504][T16704] ? debug_smp_processor_id+0x1c/0x20 [ 867.975851][T16704] ? __set_page_owner+0x2e2/0x300 [ 867.980850][T16704] ? kmem_cache_free+0xaa/0x1e0 [ 867.985673][T16704] ? ____kasan_slab_free+0x13e/0x170 [ 867.990932][T16704] ? __kasan_slab_free+0x11/0x20 [ 867.995840][T16704] ? slab_free_freelist_hook+0xb2/0x180 [ 868.001367][T16704] ? __rcu_read_lock+0x50/0x50 [ 868.006102][T16704] ? io_req_prep+0x1906/0x51b0 [ 868.010837][T16704] ? io_queue_sqe+0x1180/0x1180 [ 868.015661][T16704] __io_queue_sqe+0x2cf/0x2fa0 [ 868.020399][T16704] io_queue_sqe+0x295/0x1180 [ 868.024960][T16704] io_submit_sqe+0x385/0xfd0 [ 868.029521][T16704] ? io_file_get+0x437/0x9c0 [ 868.034082][T16704] io_submit_sqes+0x1050/0x2da0 [ 868.038905][T16704] ? io_uring_add_task_file+0x290/0x290 [ 868.044421][T16704] ? security_file_permission+0xa8/0xc0 [ 868.049940][T16704] ? __kasan_check_write+0x14/0x20 [ 868.055022][T16704] ? mutex_lock+0xa6/0x110 [ 868.059417][T16704] ? io_uring_add_task_file+0x127/0x290 [ 868.064935][T16704] ? __fdget+0x1b5/0x240 [ 868.069150][T16704] __se_sys_io_uring_enter+0x322/0x12b0 [ 868.074667][T16704] ? __fget_files+0x26d/0x2c0 [ 868.079315][T16704] ? __kasan_check_write+0x14/0x20 [ 868.084395][T16704] ? fput_many+0x47/0x1a0 [ 868.088696][T16704] ? __x64_sys_io_uring_enter+0x100/0x100 [ 868.094387][T16704] ? __ia32_sys_read+0x90/0x90 [ 868.099123][T16704] ? debug_smp_processor_id+0x1c/0x20 [ 868.104475][T16704] __x64_sys_io_uring_enter+0xe5/0x100 [ 868.109904][T16704] do_syscall_64+0x31/0x70 [ 868.114291][T16704] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 868.120154][T16704] RIP: 0033:0x7f5fb5d49a39 [ 868.124562][T16704] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 868.144139][T16704] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 868.152536][T16704] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 868.160481][T16704] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 [ 868.168440][T16704] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 03:41:00 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 41) [ 868.176402][T16704] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 868.184349][T16704] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:41:00 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x100000000000000}, 0x0) 03:41:00 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x20000, 0x0, 0x0) 03:41:01 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x200000000000000}, 0x0) 03:41:01 executing program 1: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x9, 0x11, &(0x7f0000000640)=ANY=[], &(0x7f0000000180)='syzkaller\x00', 0x2, 0x92, &(0x7f00000001c0)=""/146, 0x41100, 0x28, '\x00', 0x0, 0x33, 0xffffffffffffffff, 0x8, &(0x7f0000000280)={0x9, 0x2}, 0x8, 0x10, &(0x7f00000002c0)={0x1, 0x5, 0x7, 0x3}, 0x10}, 0x78) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r0, 0x400c6615, &(0x7f0000000380)={0x0, @aes128, 0x0, @desc4}) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000000c0)={[{@rlog_wakeup_cnt}]}) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000000)="fc0000001d000724ab09254ec100070007ab08001b000000f0ffff002100057e0000000000000e000039000000039815fad151ba0101099cecb94b46fe0000000a00020025", 0xffffff0c) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$EVIOCGSND(r1, 0x8040451a, &(0x7f0000000640)=""/82) sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000010d00)=ANY=[@ANYBLOB="900601002d000105", @ANYBLOB], 0x10690}}, 0x0) splice(r3, 0x0, r2, 0x0, 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x10, 0xa, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000042060000000000009000000095004cd3933cc2348300000000000018390000040000000000000000000000183a00000400000000000000000000001800000001000100000000000000000040"], &(0x7f0000000440)='syzkaller\x00', 0x0, 0x95, &(0x7f0000000480)=""/149, 0x41000, 0x4, '\x00', 0x0, 0x38, r2, 0x8, &(0x7f0000000540)={0x7, 0x3}, 0x8, 0x10, &(0x7f0000000580)={0x5, 0x10, 0x300000, 0x6}, 0x10}, 0x78) [ 868.289624][T16883] FAULT_INJECTION: forcing a failure. [ 868.289624][T16883] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 868.328171][T16883] CPU: 1 PID: 16883 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 03:41:01 executing program 3: unshare(0x40000400) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x2, 0x4, 0x4, 0x1}, 0x40) bpf$MAP_LOOKUP_BATCH(0x17, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0}, 0x38) [ 868.339822][T16883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 868.349873][T16883] Call Trace: [ 868.353166][T16883] dump_stack_lvl+0x1e2/0x24b [ 868.357830][T16883] ? show_regs_print_info+0x18/0x18 [ 868.363001][T16883] ? kfree+0xca/0x310 [ 868.366970][T16883] dump_stack+0x15/0x1d [ 868.371123][T16883] should_fail+0x3c0/0x510 [ 868.375537][T16883] should_fail_usercopy+0x1a/0x20 [ 868.380557][T16883] _copy_from_user+0x20/0xd0 [ 868.385134][T16883] __copy_msghdr_from_user+0xaf/0x730 [ 868.390479][T16883] ? __import_iovec+0x343/0x3b0 [ 868.395301][T16883] ? __ia32_sys_shutdown+0x70/0x70 [ 868.400384][T16883] io_recvmsg_copy_hdr+0x1cf/0x7f0 [ 868.405474][T16883] ? io_poll_remove_one+0xf90/0xf90 [ 868.410646][T16883] ? kvm_sched_clock_read+0x19/0x40 [ 868.415821][T16883] ? sched_clock_cpu+0x1b/0x3c0 [ 868.420643][T16883] io_issue_sqe+0x2ccf/0xfc10 [ 868.425292][T16883] ? __io_req_task_cancel+0x720/0x720 [ 868.430636][T16883] ? __rcu_read_lock+0x50/0x50 [ 868.435372][T16883] ? is_bpf_text_address+0x1a2/0x1c0 [ 868.440625][T16883] ? stack_trace_save+0x1e0/0x1e0 [ 868.445623][T16883] ? __kernel_text_address+0x9a/0x110 [ 868.450971][T16883] ? kmem_cache_free+0xaa/0x1e0 [ 868.455795][T16883] ? kmem_cache_free+0xaa/0x1e0 [ 868.460617][T16883] ? kasan_set_track+0x63/0x80 [ 868.465349][T16883] ? kasan_set_track+0x4c/0x80 [ 868.470083][T16883] ? kasan_set_free_info+0x23/0x40 [ 868.475165][T16883] ? ____kasan_slab_free+0x133/0x170 [ 868.480419][T16883] ? __kasan_slab_free+0x11/0x20 [ 868.485324][T16883] ? slab_free_freelist_hook+0xb2/0x180 [ 868.490839][T16883] ? kmem_cache_free+0xaa/0x1e0 [ 868.495660][T16883] ? __io_free_req+0x20e/0x380 [ 868.500394][T16883] ? io_req_complete+0xeb/0x610 [ 868.505214][T16883] ? __io_queue_sqe+0x1070/0x2fa0 [ 868.510210][T16883] ? io_queue_sqe+0x295/0x1180 [ 868.514943][T16883] ? io_submit_sqe+0x385/0xfd0 [ 868.519678][T16883] ? io_submit_sqes+0x1050/0x2da0 [ 868.524673][T16883] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 868.530361][T16883] ? __x64_sys_io_uring_enter+0xe5/0x100 [ 868.535965][T16883] ? do_syscall_64+0x31/0x70 [ 868.540524][T16883] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 868.546566][T16883] ? kmem_cache_free+0xaa/0x1e0 [ 868.551386][T16883] ? debug_smp_processor_id+0x1c/0x20 [ 868.556727][T16883] ? kmem_cache_free+0xaa/0x1e0 [ 868.561551][T16883] ? ____kasan_slab_free+0x13e/0x170 [ 868.566807][T16883] ? __kasan_slab_free+0x11/0x20 [ 868.571717][T16883] ? slab_free_freelist_hook+0xb2/0x180 [ 868.577233][T16883] ? __rcu_read_lock+0x50/0x50 [ 868.581966][T16883] ? io_req_prep+0x1906/0x51b0 [ 868.586701][T16883] ? io_queue_sqe+0x1180/0x1180 [ 868.591522][T16883] __io_queue_sqe+0x2cf/0x2fa0 [ 868.596257][T16883] io_queue_sqe+0x295/0x1180 [ 868.600816][T16883] io_submit_sqe+0x385/0xfd0 [ 868.605379][T16883] ? io_file_get+0x437/0x9c0 [ 868.609941][T16883] io_submit_sqes+0x1050/0x2da0 [ 868.614784][T16883] ? io_uring_add_task_file+0x290/0x290 [ 868.620303][T16883] ? security_file_permission+0xa8/0xc0 [ 868.625824][T16883] ? __kasan_check_write+0x14/0x20 [ 868.630907][T16883] ? mutex_lock+0xa6/0x110 [ 868.635296][T16883] ? io_uring_add_task_file+0x127/0x290 [ 868.640811][T16883] ? __fdget+0x1b5/0x240 [ 868.645037][T16883] __se_sys_io_uring_enter+0x322/0x12b0 [ 868.650551][T16883] ? __fget_files+0x26d/0x2c0 [ 868.655198][T16883] ? __kasan_check_write+0x14/0x20 [ 868.660277][T16883] ? fput_many+0x47/0x1a0 [ 868.664580][T16883] ? __x64_sys_io_uring_enter+0x100/0x100 [ 868.670284][T16883] ? __ia32_sys_read+0x90/0x90 [ 868.675020][T16883] ? debug_smp_processor_id+0x1c/0x20 [ 868.680362][T16883] __x64_sys_io_uring_enter+0xe5/0x100 [ 868.685793][T16883] do_syscall_64+0x31/0x70 [ 868.690179][T16883] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 868.696042][T16883] RIP: 0033:0x7f5fb5d49a39 [ 868.700431][T16883] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 868.720006][T16883] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 868.728388][T16883] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 03:41:01 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x1801) 03:41:01 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x40000, 0x0, 0x0) 03:41:01 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 42) 03:41:01 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x300000000000000}, 0x0) [ 868.736331][T16883] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 [ 868.744273][T16883] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 [ 868.752219][T16883] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 868.760163][T16883] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:41:01 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x8002a0, 0x0, 0x0) 03:41:01 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x400000000000000}, 0x0) [ 868.853980][T17129] FAULT_INJECTION: forcing a failure. [ 868.853980][T17129] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 868.890362][T17129] CPU: 0 PID: 17129 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 868.902008][T17129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 868.912074][T17129] Call Trace: [ 868.915375][T17129] dump_stack_lvl+0x1e2/0x24b [ 868.920061][T17129] ? show_regs_print_info+0x18/0x18 [ 868.925261][T17129] ? kfree+0xca/0x310 [ 868.929265][T17129] dump_stack+0x15/0x1d [ 868.933418][T17129] should_fail+0x3c0/0x510 [ 868.937818][T17129] should_fail_usercopy+0x1a/0x20 [ 868.942826][T17129] _copy_from_user+0x20/0xd0 [ 868.947395][T17129] __copy_msghdr_from_user+0xaf/0x730 03:41:01 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x500000000000000}, 0x0) 03:41:01 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x943577, 0x0, 0x0) [ 868.952762][T17129] ? __import_iovec+0x343/0x3b0 [ 868.957604][T17129] ? __ia32_sys_shutdown+0x70/0x70 [ 868.962698][T17129] io_recvmsg_copy_hdr+0x1cf/0x7f0 [ 868.967809][T17129] ? io_poll_remove_one+0xf90/0xf90 [ 868.973006][T17129] ? arch_stack_walk+0xf8/0x140 [ 868.977860][T17129] io_issue_sqe+0x2ccf/0xfc10 [ 868.982542][T17129] ? __io_req_task_cancel+0x720/0x720 [ 868.987919][T17129] ? __rcu_read_lock+0x50/0x50 [ 868.992686][T17129] ? is_bpf_text_address+0x1a2/0x1c0 [ 868.997974][T17129] ? stack_trace_save+0x1e0/0x1e0 03:41:01 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x600000000000000}, 0x0) [ 869.003002][T17129] ? __kernel_text_address+0x9a/0x110 [ 869.008391][T17129] ? kmem_cache_free+0xaa/0x1e0 [ 869.013244][T17129] ? kmem_cache_free+0xaa/0x1e0 [ 869.018084][T17129] ? kasan_set_track+0x63/0x80 [ 869.022835][T17129] ? kasan_set_track+0x4c/0x80 [ 869.027591][T17129] ? kasan_set_free_info+0x23/0x40 [ 869.032707][T17129] ? ____kasan_slab_free+0x133/0x170 [ 869.037985][T17129] ? __kasan_slab_free+0x11/0x20 [ 869.042907][T17129] ? slab_free_freelist_hook+0xb2/0x180 [ 869.048444][T17129] ? kmem_cache_free+0xaa/0x1e0 03:41:01 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x700000000000000}, 0x0) [ 869.053291][T17129] ? __io_free_req+0x20e/0x380 [ 869.058052][T17129] ? io_req_complete+0xeb/0x610 [ 869.062906][T17129] ? __io_queue_sqe+0x1070/0x2fa0 [ 869.067932][T17129] ? io_queue_sqe+0x295/0x1180 [ 869.072692][T17129] ? io_submit_sqe+0x385/0xfd0 [ 869.077453][T17129] ? io_submit_sqes+0x1050/0x2da0 [ 869.082477][T17129] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 869.088952][T17129] ? __x64_sys_io_uring_enter+0xe5/0x100 [ 869.094594][T17129] ? do_syscall_64+0x31/0x70 [ 869.099195][T17129] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 869.105271][T17129] ? kmem_cache_free+0xaa/0x1e0 [ 869.110127][T17129] ? debug_smp_processor_id+0x1c/0x20 [ 869.115498][T17129] ? __set_page_owner+0x2e2/0x300 [ 869.120519][T17129] ? kmem_cache_free+0xaa/0x1e0 [ 869.125369][T17129] ? ____kasan_slab_free+0x13e/0x170 [ 869.130660][T17129] ? __kasan_slab_free+0x11/0x20 [ 869.135590][T17129] ? slab_free_freelist_hook+0xb2/0x180 [ 869.141133][T17129] ? __rcu_read_lock+0x50/0x50 [ 869.145997][T17129] ? io_req_prep+0x1906/0x51b0 [ 869.150766][T17129] ? io_queue_sqe+0x1180/0x1180 [ 869.155627][T17129] __io_queue_sqe+0x2cf/0x2fa0 [ 869.160383][T17129] io_queue_sqe+0x295/0x1180 [ 869.164960][T17129] io_submit_sqe+0x385/0xfd0 [ 869.169547][T17129] ? io_file_get+0x437/0x9c0 [ 869.174134][T17129] io_submit_sqes+0x1050/0x2da0 [ 869.178988][T17129] ? io_uring_add_task_file+0x290/0x290 [ 869.184524][T17129] ? security_file_permission+0xa8/0xc0 [ 869.190063][T17129] ? __kasan_check_write+0x14/0x20 [ 869.195164][T17129] ? mutex_lock+0xa6/0x110 [ 869.199572][T17129] ? io_uring_add_task_file+0x127/0x290 [ 869.205108][T17129] ? __fdget+0x1b5/0x240 [ 869.209331][T17129] __se_sys_io_uring_enter+0x322/0x12b0 [ 869.214854][T17129] ? __fget_files+0x26d/0x2c0 [ 869.219510][T17129] ? __kasan_check_write+0x14/0x20 [ 869.224595][T17129] ? fput_many+0x47/0x1a0 [ 869.228905][T17129] ? __x64_sys_io_uring_enter+0x100/0x100 [ 869.234599][T17129] ? __ia32_sys_read+0x90/0x90 [ 869.239344][T17129] ? debug_smp_processor_id+0x1c/0x20 [ 869.244694][T17129] __x64_sys_io_uring_enter+0xe5/0x100 [ 869.250130][T17129] do_syscall_64+0x31/0x70 [ 869.254522][T17129] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 869.260388][T17129] RIP: 0033:0x7f5fb5d49a39 [ 869.264794][T17129] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 869.284402][T17129] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 869.292821][T17129] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 03:41:02 executing program 1: getrusage(0x0, &(0x7f0000000180)) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="726c6f675f77616b6575305f0200000030303030303030303030303030303030303030302c00086345f0c8733dbaf3f50b2ade1efe4870a338971aaf0b7b3c22bda7a41e58bee9ceba2bb483c5e5f271f6793045df26c0abba60b64fcba5e3b3b01dca56d9f9f53d847173afe7fdfa8fd02b48d40a77387eb82641e846de8ea15c54281480c6a0055a37848fc637581942e499a9d9c5cb17a56294e2ed6067b1035b7c1a8c01229d3febfa40ea5dff6a080dcf0b7230fd9abe35ce18028f1cc4cb3094550aebe3ee44c2c8fbf2639f78738c2ea227386fa8f45ac72044f1834d7aaa54e8885d27101a00c7dab86863da292f6c1e2fca2831b3fac241017e4fa46dfaff72dd0e8d1664d2550c58a9ff9f4e96d843198d5db00619d4af096113efc40aa2d87716baa03ffacf48d45d772c0c88f5f4fc847dad9f3439d7ab7f4521259aad6f82934e1f8d936cc76ee02ff28dffb2c8fd1f6c197f81666b6cea7f5359419c3f0e54f7608b8b2d1ce3bbc2"]) flistxattr(0xffffffffffffffff, &(0x7f0000000080)=""/4, 0x4) socket$inet_udplite(0x2, 0x2, 0x88) 03:41:02 executing program 3: unshare(0x40000400) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x2, 0x4, 0x4, 0x1}, 0x40) bpf$MAP_LOOKUP_BATCH(0x19, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0}, 0x38) 03:41:02 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x900000000000000}, 0x0) 03:41:02 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0xf0ff7f, 0x0, 0x0) 03:41:02 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x1f00) 03:41:02 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 43) [ 869.300779][T17129] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 [ 869.308728][T17129] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 [ 869.316678][T17129] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 869.324628][T17129] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:41:02 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x8000000000000000}, 0x0) 03:41:02 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0xfeffff, 0x0, 0x0) [ 869.422689][T17583] FAULT_INJECTION: forcing a failure. [ 869.422689][T17583] name failslab, interval 1, probability 0, space 0, times 0 [ 869.466985][T17645] incfs: Options parsing error. -22 [ 869.478792][T17583] CPU: 1 PID: 17583 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 869.490425][T17583] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 869.500474][T17583] Call Trace: [ 869.503754][T17583] dump_stack_lvl+0x1e2/0x24b [ 869.508416][T17583] ? devkmsg_release+0x127/0x127 03:41:02 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x3800) 03:41:02 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x8100000000000000}, 0x0) 03:41:02 executing program 3: unshare(0x40000400) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x2, 0x4, 0x4, 0x1}, 0x40) bpf$MAP_LOOKUP_BATCH(0x1a, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0}, 0x38) [ 869.513350][T17583] ? show_regs_print_info+0x18/0x18 [ 869.518543][T17583] dump_stack+0x15/0x1d [ 869.522692][T17583] should_fail+0x3c0/0x510 [ 869.527104][T17583] ? iovec_from_user+0x8a/0x310 [ 869.531940][T17583] __should_failslab+0x9f/0xe0 [ 869.536680][T17583] should_failslab+0x9/0x20 [ 869.541167][T17583] __kmalloc+0x68/0x3d0 [ 869.545296][T17583] ? _copy_from_user+0x93/0xd0 [ 869.550032][T17583] iovec_from_user+0x8a/0x310 [ 869.554680][T17583] ? __ia32_sys_shutdown+0x70/0x70 [ 869.559761][T17583] __import_iovec+0x72/0x3b0 [ 869.564323][T17583] io_recvmsg_copy_hdr+0x396/0x7f0 [ 869.569408][T17583] ? io_poll_remove_one+0xf90/0xf90 [ 869.574583][T17583] ? arch_stack_walk+0xf8/0x140 [ 869.579418][T17583] io_issue_sqe+0x2ccf/0xfc10 [ 869.584069][T17583] ? __io_req_task_cancel+0x720/0x720 [ 869.589415][T17583] ? __rcu_read_lock+0x50/0x50 [ 869.594192][T17583] ? is_bpf_text_address+0x1a2/0x1c0 [ 869.599449][T17583] ? stack_trace_save+0x1e0/0x1e0 [ 869.604449][T17583] ? __kernel_text_address+0x9a/0x110 [ 869.609795][T17583] ? kmem_cache_free+0xaa/0x1e0 [ 869.614622][T17583] ? kmem_cache_free+0xaa/0x1e0 [ 869.619451][T17583] ? kasan_set_track+0x63/0x80 [ 869.624184][T17583] ? kasan_set_track+0x4c/0x80 [ 869.628919][T17583] ? kasan_set_free_info+0x23/0x40 [ 869.634002][T17583] ? ____kasan_slab_free+0x133/0x170 [ 869.639260][T17583] ? __kasan_slab_free+0x11/0x20 [ 869.644183][T17583] ? slab_free_freelist_hook+0xb2/0x180 [ 869.649699][T17583] ? kmem_cache_free+0xaa/0x1e0 [ 869.654520][T17583] ? __io_free_req+0x20e/0x380 [ 869.659256][T17583] ? io_req_complete+0xeb/0x610 [ 869.664077][T17583] ? __io_queue_sqe+0x1070/0x2fa0 [ 869.669070][T17583] ? io_queue_sqe+0x295/0x1180 [ 869.673804][T17583] ? io_submit_sqe+0x385/0xfd0 [ 869.678539][T17583] ? io_submit_sqes+0x1050/0x2da0 [ 869.683536][T17583] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 869.689231][T17583] ? __x64_sys_io_uring_enter+0xe5/0x100 [ 869.694840][T17583] ? do_syscall_64+0x31/0x70 [ 869.699399][T17583] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 869.705450][T17583] ? kmem_cache_free+0xaa/0x1e0 [ 869.710276][T17583] ? debug_smp_processor_id+0x1c/0x20 [ 869.715622][T17583] ? kmem_cache_free+0xaa/0x1e0 [ 869.720444][T17583] ? ____kasan_slab_free+0x13e/0x170 [ 869.725704][T17583] ? __kasan_slab_free+0x11/0x20 [ 869.730612][T17583] ? slab_free_freelist_hook+0xb2/0x180 [ 869.736129][T17583] ? __rcu_read_lock+0x50/0x50 [ 869.740874][T17583] ? io_req_prep+0x1906/0x51b0 [ 869.745619][T17583] ? io_queue_sqe+0x1180/0x1180 [ 869.750440][T17583] __io_queue_sqe+0x2cf/0x2fa0 [ 869.755198][T17583] io_queue_sqe+0x295/0x1180 [ 869.759879][T17583] io_submit_sqe+0x385/0xfd0 [ 869.764449][T17583] ? io_file_get+0x437/0x9c0 [ 869.769018][T17583] io_submit_sqes+0x1050/0x2da0 [ 869.773846][T17583] ? io_uring_add_task_file+0x290/0x290 [ 869.779367][T17583] ? security_file_permission+0xa8/0xc0 [ 869.784893][T17583] ? __kasan_check_write+0x14/0x20 [ 869.789982][T17583] ? mutex_lock+0xa6/0x110 [ 869.794375][T17583] ? io_uring_add_task_file+0x127/0x290 [ 869.799893][T17583] ? __fdget+0x1b5/0x240 [ 869.804113][T17583] __se_sys_io_uring_enter+0x322/0x12b0 [ 869.809692][T17583] ? __fget_files+0x26d/0x2c0 [ 869.814353][T17583] ? __kasan_check_write+0x14/0x20 [ 869.819434][T17583] ? fput_many+0x47/0x1a0 [ 869.823738][T17583] ? __x64_sys_io_uring_enter+0x100/0x100 [ 869.829435][T17583] ? __ia32_sys_read+0x90/0x90 [ 869.834174][T17583] ? debug_smp_processor_id+0x1c/0x20 [ 869.839519][T17583] __x64_sys_io_uring_enter+0xe5/0x100 [ 869.844951][T17583] do_syscall_64+0x31/0x70 [ 869.849343][T17583] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 869.855206][T17583] RIP: 0033:0x7f5fb5d49a39 [ 869.859595][T17583] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 869.879178][T17583] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 869.887565][T17583] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 869.895515][T17583] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 [ 869.903463][T17583] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 03:41:02 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000000c0)={[{@rlog_wakeup_cnt}]}) rename(&(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='./file0\x00') 03:41:02 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 44) [ 869.911471][T17583] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 869.919424][T17583] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:41:02 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x81ffffff00000000}, 0x0) 03:41:02 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x1000000, 0x0, 0x0) 03:41:02 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mkdirat(0xffffffffffffffff, &(0x7f0000000080)='./file0/../file0\x00', 0x20) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000000c0)={[{@rlog_wakeup_cnt}]}) 03:41:02 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x8300000000000000}, 0x0) [ 870.068760][T17905] FAULT_INJECTION: forcing a failure. [ 870.068760][T17905] name failslab, interval 1, probability 0, space 0, times 0 [ 870.086113][T17905] CPU: 1 PID: 17905 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 870.097750][T17905] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 870.107787][T17905] Call Trace: [ 870.111062][T17905] dump_stack_lvl+0x1e2/0x24b [ 870.115745][T17905] ? devkmsg_release+0x127/0x127 [ 870.120665][T17905] ? show_regs_print_info+0x18/0x18 [ 870.125846][T17905] dump_stack+0x15/0x1d [ 870.129983][T17905] should_fail+0x3c0/0x510 [ 870.134379][T17905] ? iovec_from_user+0x8a/0x310 [ 870.139238][T17905] __should_failslab+0x9f/0xe0 [ 870.144001][T17905] should_failslab+0x9/0x20 [ 870.148486][T17905] __kmalloc+0x68/0x3d0 [ 870.152621][T17905] ? _copy_from_user+0x93/0xd0 [ 870.157363][T17905] iovec_from_user+0x8a/0x310 [ 870.162020][T17905] ? __ia32_sys_shutdown+0x70/0x70 [ 870.167111][T17905] __import_iovec+0x72/0x3b0 [ 870.171686][T17905] io_recvmsg_copy_hdr+0x396/0x7f0 [ 870.176783][T17905] ? io_poll_remove_one+0xf90/0xf90 [ 870.181958][T17905] ? arch_stack_walk+0xf8/0x140 [ 870.186789][T17905] io_issue_sqe+0x2ccf/0xfc10 [ 870.191450][T17905] ? __io_req_task_cancel+0x720/0x720 [ 870.196802][T17905] ? __rcu_read_lock+0x50/0x50 [ 870.201548][T17905] ? is_bpf_text_address+0x1a2/0x1c0 [ 870.206813][T17905] ? stack_trace_save+0x1e0/0x1e0 [ 870.211817][T17905] ? __kernel_text_address+0x9a/0x110 [ 870.217174][T17905] ? kmem_cache_free+0xaa/0x1e0 [ 870.222024][T17905] ? kmem_cache_free+0xaa/0x1e0 [ 870.226852][T17905] ? kasan_set_track+0x63/0x80 [ 870.231613][T17905] ? kasan_set_track+0x4c/0x80 [ 870.236356][T17905] ? kasan_set_free_info+0x23/0x40 [ 870.241446][T17905] ? ____kasan_slab_free+0x133/0x170 [ 870.246710][T17905] ? __kasan_slab_free+0x11/0x20 [ 870.251666][T17905] ? slab_free_freelist_hook+0xb2/0x180 [ 870.257188][T17905] ? kmem_cache_free+0xaa/0x1e0 [ 870.262022][T17905] ? __io_free_req+0x20e/0x380 [ 870.266764][T17905] ? io_req_complete+0xeb/0x610 [ 870.271590][T17905] ? __io_queue_sqe+0x1070/0x2fa0 [ 870.276594][T17905] ? io_queue_sqe+0x295/0x1180 [ 870.281341][T17905] ? io_submit_sqe+0x385/0xfd0 [ 870.286085][T17905] ? io_submit_sqes+0x1050/0x2da0 [ 870.291087][T17905] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 870.296785][T17905] ? __x64_sys_io_uring_enter+0xe5/0x100 [ 870.302396][T17905] ? do_syscall_64+0x31/0x70 [ 870.306966][T17905] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 870.313038][T17905] ? kmem_cache_free+0xaa/0x1e0 [ 870.317869][T17905] ? debug_smp_processor_id+0x1c/0x20 [ 870.323220][T17905] ? __set_page_owner+0x2e2/0x300 [ 870.328222][T17905] ? kmem_cache_free+0xaa/0x1e0 [ 870.333052][T17905] ? ____kasan_slab_free+0x13e/0x170 [ 870.338317][T17905] ? __kasan_slab_free+0x11/0x20 [ 870.343233][T17905] ? slab_free_freelist_hook+0xb2/0x180 [ 870.348757][T17905] ? __rcu_read_lock+0x50/0x50 [ 870.353504][T17905] ? io_req_prep+0x1906/0x51b0 [ 870.358251][T17905] ? io_queue_sqe+0x1180/0x1180 [ 870.363083][T17905] __io_queue_sqe+0x2cf/0x2fa0 [ 870.367831][T17905] io_queue_sqe+0x295/0x1180 [ 870.372401][T17905] io_submit_sqe+0x385/0xfd0 [ 870.376971][T17905] ? io_file_get+0x437/0x9c0 [ 870.381544][T17905] io_submit_sqes+0x1050/0x2da0 [ 870.386380][T17905] ? io_uring_add_task_file+0x290/0x290 [ 870.391908][T17905] ? security_file_permission+0xa8/0xc0 [ 870.397438][T17905] ? __kasan_check_write+0x14/0x20 [ 870.402530][T17905] ? mutex_lock+0xa6/0x110 [ 870.406925][T17905] ? io_uring_add_task_file+0x127/0x290 [ 870.412446][T17905] ? __fdget+0x1b5/0x240 [ 870.416668][T17905] __se_sys_io_uring_enter+0x322/0x12b0 [ 870.422193][T17905] ? __fget_files+0x26d/0x2c0 [ 870.426849][T17905] ? __kasan_check_write+0x14/0x20 [ 870.431934][T17905] ? fput_many+0x47/0x1a0 [ 870.436243][T17905] ? __x64_sys_io_uring_enter+0x100/0x100 [ 870.441958][T17905] ? __ia32_sys_read+0x90/0x90 [ 870.446712][T17905] ? debug_smp_processor_id+0x1c/0x20 [ 870.452072][T17905] __x64_sys_io_uring_enter+0xe5/0x100 [ 870.457523][T17905] do_syscall_64+0x31/0x70 [ 870.461929][T17905] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 870.467806][T17905] RIP: 0033:0x7f5fb5d49a39 [ 870.472205][T17905] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 870.491788][T17905] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 870.500202][T17905] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 870.508154][T17905] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 03:41:03 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x4000) [ 870.516107][T17905] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 [ 870.524059][T17905] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 870.532012][T17905] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:41:03 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 45) 03:41:03 executing program 3: unshare(0x40000400) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x2, 0x4, 0x4, 0x1}, 0x40) bpf$MAP_LOOKUP_BATCH(0x1b, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0}, 0x38) 03:41:03 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x9effffff00000000}, 0x0) 03:41:03 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x2000000, 0x0, 0x0) 03:41:03 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000000c0)={[{@rlog_wakeup_cnt}]}) mkdir(&(0x7f0000000080)='./file0\x00', 0x4) 03:41:03 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0xa065000000000000}, 0x0) 03:41:03 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x4041) [ 870.674945][T18208] FAULT_INJECTION: forcing a failure. [ 870.674945][T18208] name failslab, interval 1, probability 0, space 0, times 0 [ 870.712041][T18208] CPU: 0 PID: 18208 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 870.723685][T18208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 870.733742][T18208] Call Trace: [ 870.737037][T18208] dump_stack_lvl+0x1e2/0x24b [ 870.741717][T18208] ? devkmsg_release+0x127/0x127 [ 870.746658][T18208] ? show_regs_print_info+0x18/0x18 [ 870.751861][T18208] dump_stack+0x15/0x1d [ 870.756020][T18208] should_fail+0x3c0/0x510 [ 870.760438][T18208] ? iovec_from_user+0x8a/0x310 [ 870.765289][T18208] __should_failslab+0x9f/0xe0 [ 870.770062][T18208] should_failslab+0x9/0x20 [ 870.774566][T18208] __kmalloc+0x68/0x3d0 [ 870.778723][T18208] ? _copy_from_user+0x93/0xd0 [ 870.783478][T18208] iovec_from_user+0x8a/0x310 [ 870.788152][T18208] ? __ia32_sys_shutdown+0x70/0x70 [ 870.793263][T18208] __import_iovec+0x72/0x3b0 [ 870.797854][T18208] io_recvmsg_copy_hdr+0x396/0x7f0 [ 870.802964][T18208] ? io_poll_remove_one+0xf90/0xf90 [ 870.808158][T18208] ? arch_stack_walk+0xf8/0x140 [ 870.813007][T18208] io_issue_sqe+0x2ccf/0xfc10 [ 870.817690][T18208] ? __io_req_task_cancel+0x720/0x720 03:41:03 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) rename(&(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='./file0\x00') mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="726c6f665f77616bd080af2b4a7eb238263030303030303030703b273ac065dc783a8a2e27f250677b6a242c94726d41ac44a5d26a3b0df3e4a4772120a4bbe15c9d19fe21b06366e44da1fa9d000060655f02f2bf207b3a97a85906786a000000"]) setxattr(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)=@random={'security.', '\x00'}, &(0x7f0000000380)='autofs\x00', 0x7, 0x1) mount(&(0x7f00000001c0)=@loop={'/dev/loop', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='autofs\x00', 0x10002, &(0x7f0000000280)='rlog_wakeup_cnt') 03:41:03 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0xeaffffff00000000}, 0x0) 03:41:03 executing program 3: unshare(0x40000400) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x2, 0x4, 0x4, 0x1}, 0x40) bpf$MAP_LOOKUP_BATCH(0x1c, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0}, 0x38) 03:41:03 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x4000000, 0x0, 0x0) [ 870.823062][T18208] ? __rcu_read_lock+0x50/0x50 [ 870.827912][T18208] ? is_bpf_text_address+0x1a2/0x1c0 [ 870.833197][T18208] ? stack_trace_save+0x1e0/0x1e0 [ 870.838238][T18208] ? __kernel_text_address+0x9a/0x110 [ 870.843621][T18208] ? kmem_cache_free+0xaa/0x1e0 [ 870.848473][T18208] ? kmem_cache_free+0xaa/0x1e0 [ 870.853325][T18208] ? kasan_set_track+0x63/0x80 [ 870.858089][T18208] ? kasan_set_track+0x4c/0x80 [ 870.862850][T18208] ? kasan_set_free_info+0x23/0x40 [ 870.867960][T18208] ? ____kasan_slab_free+0x133/0x170 03:41:03 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x4140) [ 870.873242][T18208] ? __kasan_slab_free+0x11/0x20 [ 870.878182][T18208] ? slab_free_freelist_hook+0xb2/0x180 [ 870.883725][T18208] ? kmem_cache_free+0xaa/0x1e0 [ 870.888571][T18208] ? __io_free_req+0x20e/0x380 [ 870.893336][T18208] ? io_req_complete+0xeb/0x610 [ 870.898186][T18208] ? __io_queue_sqe+0x1070/0x2fa0 [ 870.903204][T18208] ? io_queue_sqe+0x295/0x1180 [ 870.907963][T18208] ? io_submit_sqe+0x385/0xfd0 [ 870.912720][T18208] ? io_submit_sqes+0x1050/0x2da0 [ 870.917740][T18208] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 870.923523][T18208] ? __x64_sys_io_uring_enter+0xe5/0x100 [ 870.929154][T18208] ? do_syscall_64+0x31/0x70 [ 870.933750][T18208] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 870.939827][T18208] ? kmem_cache_free+0xaa/0x1e0 [ 870.944677][T18208] ? debug_smp_processor_id+0x1c/0x20 [ 870.950032][T18208] ? kmem_cache_free+0xaa/0x1e0 [ 870.954873][T18208] ? ____kasan_slab_free+0x13e/0x170 [ 870.960167][T18208] ? __kasan_slab_free+0x11/0x20 [ 870.965106][T18208] ? slab_free_freelist_hook+0xb2/0x180 [ 870.970650][T18208] ? __rcu_read_lock+0x50/0x50 [ 870.975422][T18208] ? io_req_prep+0x1906/0x51b0 [ 870.980188][T18208] ? io_queue_sqe+0x1180/0x1180 [ 870.985040][T18208] __io_queue_sqe+0x2cf/0x2fa0 [ 870.989808][T18208] io_queue_sqe+0x295/0x1180 [ 870.994402][T18208] io_submit_sqe+0x385/0xfd0 [ 870.998991][T18208] ? io_file_get+0x437/0x9c0 [ 871.003583][T18208] io_submit_sqes+0x1050/0x2da0 [ 871.008439][T18208] ? io_uring_add_task_file+0x290/0x290 [ 871.013992][T18208] ? security_file_permission+0xa8/0xc0 [ 871.019554][T18208] ? __kasan_check_write+0x14/0x20 [ 871.024666][T18208] ? mutex_lock+0xa6/0x110 [ 871.029089][T18208] ? io_uring_add_task_file+0x127/0x290 [ 871.034636][T18208] ? __fdget+0x1b5/0x240 [ 871.038881][T18208] __se_sys_io_uring_enter+0x322/0x12b0 [ 871.044428][T18208] ? __fget_files+0x26d/0x2c0 [ 871.049108][T18208] ? __kasan_check_write+0x14/0x20 [ 871.054220][T18208] ? fput_many+0x47/0x1a0 [ 871.058571][T18208] ? __x64_sys_io_uring_enter+0x100/0x100 [ 871.064291][T18208] ? __ia32_sys_read+0x90/0x90 [ 871.069200][T18208] ? debug_smp_processor_id+0x1c/0x20 [ 871.074558][T18208] __x64_sys_io_uring_enter+0xe5/0x100 [ 871.079996][T18208] do_syscall_64+0x31/0x70 [ 871.084389][T18208] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 871.090261][T18208] RIP: 0033:0x7f5fb5d49a39 [ 871.094657][T18208] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 871.114257][T18208] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa 03:41:03 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 46) 03:41:03 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0xefffffff00000000}, 0x0) 03:41:03 executing program 3: unshare(0x40000400) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x2, 0x4, 0x4, 0x1}, 0x40) bpf$MAP_LOOKUP_BATCH(0x1d, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0}, 0x38) 03:41:03 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x8000000, 0x0, 0x0) 03:41:03 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x7e80) [ 871.122693][T18208] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 871.130643][T18208] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 [ 871.138589][T18208] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 [ 871.146536][T18208] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 871.154485][T18208] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:41:03 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0xf0ffffff00000000}, 0x0) [ 871.223448][T18585] incfs: Options parsing error. -22 03:41:03 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x14) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000000c0)={[{@rlog_wakeup_cnt}]}) 03:41:04 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x807e) 03:41:04 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0xfeffffff00000000}, 0x0) 03:41:04 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0xc000000, 0x0, 0x0) 03:41:04 executing program 3: unshare(0x40000400) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x2, 0x4, 0x4, 0x1}, 0x40) bpf$MAP_LOOKUP_BATCH(0x1e, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0}, 0x38) [ 871.283176][T18679] FAULT_INJECTION: forcing a failure. [ 871.283176][T18679] name failslab, interval 1, probability 0, space 0, times 0 [ 871.298151][T18679] CPU: 0 PID: 18679 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 871.309790][T18679] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 871.319845][T18679] Call Trace: [ 871.323141][T18679] dump_stack_lvl+0x1e2/0x24b [ 871.327822][T18679] ? devkmsg_release+0x127/0x127 [ 871.332751][T18679] ? show_regs_print_info+0x18/0x18 [ 871.337933][T18679] dump_stack+0x15/0x1d [ 871.342077][T18679] should_fail+0x3c0/0x510 [ 871.346485][T18679] ? iovec_from_user+0x8a/0x310 [ 871.351338][T18679] __should_failslab+0x9f/0xe0 [ 871.356095][T18679] should_failslab+0x9/0x20 [ 871.360639][T18679] __kmalloc+0x68/0x3d0 [ 871.364790][T18679] ? _copy_from_user+0x93/0xd0 [ 871.369545][T18679] iovec_from_user+0x8a/0x310 [ 871.374241][T18679] ? __ia32_sys_shutdown+0x70/0x70 [ 871.379357][T18679] __import_iovec+0x72/0x3b0 [ 871.383959][T18679] io_recvmsg_copy_hdr+0x396/0x7f0 [ 871.389078][T18679] ? io_poll_remove_one+0xf90/0xf90 [ 871.394277][T18679] ? arch_stack_walk+0xf8/0x140 [ 871.399123][T18679] io_issue_sqe+0x2ccf/0xfc10 [ 871.403793][T18679] ? __io_req_task_cancel+0x720/0x720 [ 871.409167][T18679] ? __rcu_read_lock+0x50/0x50 [ 871.413933][T18679] ? is_bpf_text_address+0x1a2/0x1c0 [ 871.419215][T18679] ? stack_trace_save+0x1e0/0x1e0 [ 871.424239][T18679] ? __kernel_text_address+0x9a/0x110 03:41:04 executing program 3: unshare(0x40000400) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x2, 0x4, 0x4, 0x1}, 0x40) bpf$MAP_LOOKUP_BATCH(0x21, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0}, 0x38) [ 871.429611][T18679] ? kmem_cache_free+0xaa/0x1e0 [ 871.434454][T18679] ? kmem_cache_free+0xaa/0x1e0 [ 871.439300][T18679] ? kasan_set_track+0x63/0x80 [ 871.444062][T18679] ? kasan_set_track+0x4c/0x80 [ 871.448831][T18679] ? kasan_set_free_info+0x23/0x40 [ 871.453994][T18679] ? ____kasan_slab_free+0x133/0x170 [ 871.459273][T18679] ? __kasan_slab_free+0x11/0x20 [ 871.464230][T18679] ? slab_free_freelist_hook+0xb2/0x180 [ 871.469768][T18679] ? kmem_cache_free+0xaa/0x1e0 [ 871.474608][T18679] ? __io_free_req+0x20e/0x380 [ 871.479358][T18679] ? io_req_complete+0xeb/0x610 [ 871.484204][T18679] ? __io_queue_sqe+0x1070/0x2fa0 [ 871.489221][T18679] ? io_queue_sqe+0x295/0x1180 [ 871.493982][T18679] ? io_submit_sqe+0x385/0xfd0 [ 871.498740][T18679] ? io_submit_sqes+0x1050/0x2da0 [ 871.503766][T18679] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 871.509482][T18679] ? __x64_sys_io_uring_enter+0xe5/0x100 [ 871.515112][T18679] ? do_syscall_64+0x31/0x70 [ 871.519697][T18679] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 871.525767][T18679] ? kmem_cache_free+0xaa/0x1e0 [ 871.530681][T18679] ? debug_smp_processor_id+0x1c/0x20 [ 871.536048][T18679] ? kmem_cache_free+0xaa/0x1e0 [ 871.540897][T18679] ? ____kasan_slab_free+0x13e/0x170 [ 871.546178][T18679] ? __kasan_slab_free+0x11/0x20 [ 871.551117][T18679] ? slab_free_freelist_hook+0xb2/0x180 [ 871.556662][T18679] ? __rcu_read_lock+0x50/0x50 [ 871.561426][T18679] ? io_req_prep+0x1906/0x51b0 [ 871.566191][T18679] ? io_queue_sqe+0x1180/0x1180 [ 871.571050][T18679] __io_queue_sqe+0x2cf/0x2fa0 [ 871.575815][T18679] io_queue_sqe+0x295/0x1180 [ 871.580403][T18679] io_submit_sqe+0x385/0xfd0 [ 871.584987][T18679] ? io_file_get+0x437/0x9c0 [ 871.589577][T18679] io_submit_sqes+0x1050/0x2da0 [ 871.594431][T18679] ? io_uring_add_task_file+0x290/0x290 [ 871.599971][T18679] ? security_file_permission+0xa8/0xc0 [ 871.605524][T18679] ? __kasan_check_write+0x14/0x20 [ 871.610640][T18679] ? mutex_lock+0xa6/0x110 [ 871.615056][T18679] ? io_uring_add_task_file+0x127/0x290 [ 871.620599][T18679] ? __fdget+0x1b5/0x240 [ 871.624842][T18679] __se_sys_io_uring_enter+0x322/0x12b0 [ 871.630382][T18679] ? __fget_files+0x26d/0x2c0 [ 871.635059][T18679] ? __kasan_check_write+0x14/0x20 [ 871.640160][T18679] ? fput_many+0x47/0x1a0 [ 871.644484][T18679] ? __x64_sys_io_uring_enter+0x100/0x100 [ 871.650231][T18679] ? __ia32_sys_read+0x90/0x90 [ 871.654990][T18679] ? debug_smp_processor_id+0x1c/0x20 [ 871.660337][T18679] __x64_sys_io_uring_enter+0xe5/0x100 [ 871.665772][T18679] do_syscall_64+0x31/0x70 [ 871.670171][T18679] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 871.676045][T18679] RIP: 0033:0x7f5fb5d49a39 [ 871.680454][T18679] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 871.700042][T18679] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 871.708436][T18679] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 871.716405][T18679] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 [ 871.724363][T18679] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 03:41:04 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 47) 03:41:04 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x20000) 03:41:04 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0xffffff7f00000000}, 0x0) 03:41:04 executing program 1: r0 = syz_open_dev$vcsn(&(0x7f0000000080), 0x10, 0x94000) recvmmsg$unix(r0, &(0x7f0000001680)=[{{&(0x7f0000000180), 0x6e, &(0x7f0000001400)=[{&(0x7f0000000200)=""/85, 0x55}, {&(0x7f0000000280)=""/4096, 0x1000}, {&(0x7f0000001280)=""/213, 0xd5}, {&(0x7f0000001380)=""/99, 0x63}], 0x4, &(0x7f0000001440)=[@cred={{0x1c}}], 0x20}}, {{&(0x7f0000001480)=@abs, 0x6e, &(0x7f0000001580)=[{&(0x7f0000001500)=""/87, 0x57}], 0x1, &(0x7f00000015c0)=[@cred={{0x1c}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0xb8}}], 0x2, 0x40010040, &(0x7f0000001700)) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB='rlog_wakeup_cn+vt=00000000000000000000']) 03:41:04 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x18010000, 0x0, 0x0) 03:41:04 executing program 3: unshare(0x40000400) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x2, 0x4, 0x4, 0x1}, 0x40) bpf$MAP_LOOKUP_BATCH(0x22, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0}, 0x38) [ 871.732341][T18679] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 871.740297][T18679] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:41:04 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0xffffffff00000000}, 0x0) [ 871.813906][T19049] incfs: Options parsing error. -22 03:41:04 executing program 3: unshare(0x40000400) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x2, 0x4, 0x4, 0x1}, 0x40) bpf$MAP_LOOKUP_BATCH(0x23, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0}, 0x38) 03:41:04 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x1f000000, 0x0, 0x0) 03:41:04 executing program 1: r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000080), 0x24401, 0x0) sendmsg$tipc(r0, &(0x7f0000000480)={&(0x7f0000000180)=@id={0x1e, 0x3, 0x1, {0x4e21, 0x2}}, 0x10, &(0x7f0000000340)=[{&(0x7f00000001c0)="8aec77464147e5c82d5ffe24f9878c11c6f9687d0bf7363ec6a3d1a53698172489a49d87937d1003f1f816d650f3394ecbe8c86aea082850785e8e487926f726b3e89d2136b383972e4088c476379efa3671f7f73b315b3c8cd483c94a848b478a7926b9552ced26901dca75882fd150818c325ccced5e4d241cd7fcb246cff460842267b4c1bfd9f5792e40a2", 0x8d}, {&(0x7f0000000280)="89879680ba3320dbd9feeb27c7df15f8c4c1445e717cf01ea628993786c1d6ec0ff54c32e26d5f284bf51038bcb5bac892f34d3edc0f8ccd14283c2d3cc4c903a513ffd034c2c7aff6f7895c04863bc67c1e43d26adfda255f5bb379d1a8aeb3db41f86c4558a9af3d0734dd6af869d1901029cb0b4d58be39ce7d8732086b50f46f391840df07b62892bc0017b8a8eb73bda4", 0x93}], 0x2, &(0x7f0000000380)="e6f052324ce0cd41702a010e75ca9974980bc96cdf55cb5ff1643e2e320d5cc0854ee23f186d98cfb4ab6c2b323e01c1777cd3b7aae51b1419105b3b52ee6ba307ada67feec48b526cb1ed5e6b2b1f019e296cb736e9327eedde8fe59ff376d5d44885fbc5aa042871f7f4c0f4403b55ff781704afa76fddc5bd2af0a9599c261093ad63da5534cde134268f81343f0a3847c0abdc812b226b18861cae9750be9f3538975f5fee6c5f188b29888d2253ac7789bb9fb6beaf77a212b76f94add24d8fdf953e6ebedb926d7d35bea702933e2117d4fd66b17f794726a6", 0xdc, 0xc0}, 0x2404005c) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000000)="fc0000001d000724ab09254ec100070007ab08001b000000f0ffff002100057e0000000000000e000039000000039815fad151ba0101099cecb94b46fe0000000a00020025", 0xffffff0c) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000010d00)=ANY=[@ANYBLOB="900601002d000105", @ANYBLOB], 0x10690}}, 0x0) splice(r2, 0x0, r1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000a40)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000a00)={&(0x7f0000000500)=@newtclass={0x4e8, 0x28, 0x400, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x0, 0x3}, {0xfff3, 0x9}, {0xc}}, [@TCA_RATE={0x6, 0x5, {0xe1, 0x4}}, @tclass_kind_options=@c_cbs={0x8}, @tclass_kind_options=@c_cbq={{0x8}, {0x490, 0x2, [@TCA_CBQ_RTAB={0x404, 0x6, [0x0, 0x0, 0x8, 0xa000, 0x101, 0x6, 0x133, 0x4, 0x4e1bd7e, 0x9, 0x2, 0x5, 0x7, 0x400, 0x7f, 0x2, 0x1, 0x3, 0x4, 0xfffffff8, 0xffff0000, 0x8, 0x2, 0x1c5, 0x1, 0x6, 0x1a4, 0x1, 0x7ff, 0x4, 0x4, 0x2, 0xfc34, 0x1ff, 0x6d, 0x6, 0xff, 0x1c00, 0x3, 0x5f, 0x7fc00, 0x5, 0x2, 0xb7, 0x2, 0x65ac20e2, 0xc0ac, 0x4, 0x4, 0x7, 0x2, 0x7fffffff, 0x401, 0x2, 0x0, 0x8, 0x8, 0x8, 0x1000, 0x9, 0x9, 0x1, 0x9, 0xfff, 0x7f, 0x2, 0x0, 0x9, 0x953, 0x1, 0x3, 0x1, 0x2, 0xffffffff, 0x389e776a, 0x6, 0x401, 0x2, 0x0, 0x8001, 0x2, 0x7fff0000, 0x9, 0x7fff, 0x3ff, 0x1f, 0xfffffffe, 0x1, 0x8, 0x8, 0x401, 0x7, 0x3f, 0x1ff, 0xffffffff, 0x3, 0x4e, 0x80000000, 0x9e42, 0xa05, 0xffff, 0x8, 0x81, 0x9, 0xc00, 0x6, 0x5, 0x10001, 0x2, 0x2, 0xee94, 0x101, 0x6, 0x6, 0x1f, 0x9, 0x8, 0x3ff, 0x2, 0x6, 0x3f, 0x9, 0x5, 0x8, 0x4, 0xe44a, 0x4, 0x2, 0x8f75cf1b, 0x101, 0xb806, 0x9, 0x6, 0x9, 0xfffffe1f, 0xda8, 0x401, 0x1000, 0x7f, 0x9, 0x9, 0x9, 0xffffffe1, 0x40, 0x1ff, 0x0, 0x6, 0x10000, 0xd537, 0x6, 0x3ee, 0x400, 0x3f, 0x5, 0x80000001, 0x80, 0x8, 0x7, 0xe0000000, 0xfff, 0x0, 0xe5b5, 0xcb, 0x3f, 0x1e0, 0xfffffc01, 0x6, 0xd32, 0x6, 0x7ff, 0x9, 0xffffffff, 0x18, 0xfffffffe, 0x6, 0x80000000, 0x2, 0x8, 0x6, 0x4, 0x2, 0xfffffe25, 0x3, 0x4, 0x6, 0x8000, 0xef, 0x5, 0x4, 0x5f, 0x1, 0x8, 0x81, 0x2, 0x2, 0x3, 0x6, 0x7, 0x6, 0x3, 0x3, 0x35d2, 0x1, 0xffffff01, 0x9, 0x7, 0x8, 0x7fff, 0x8, 0x0, 0x9, 0x0, 0x101, 0x5, 0x8, 0x1000, 0x7fffffff, 0xfffffe01, 0xfffffff8, 0x0, 0x80, 0x47, 0x9, 0xfff, 0x7fff, 0x1, 0x33, 0x7, 0x574e8d03, 0x3ff, 0x2, 0x4, 0x8, 0x7, 0x401, 0xffffb916, 0x7fff, 0x10000, 0x8, 0xdc50, 0xfffffff8, 0x8001, 0x3ff, 0x101, 0x7, 0x5, 0x10000, 0x2, 0xff, 0x8, 0x10001, 0xfffffffc, 0x100020, 0x101]}, @TCA_CBQ_FOPT={0x10, 0x3, {{0xa, 0xa}, 0x1, 0x1}}, @TCA_CBQ_WRROPT={0x10, 0x2, {0xb9, 0x2, 0x9, 0x9, 0xc6, 0x5}}, @TCA_CBQ_FOPT={0x10, 0x3, {{0xffff, 0xfff2}, 0x6, 0x3}}, @TCA_CBQ_LSSOPT={0x18, 0x1, {0x38, 0x3, 0x17, 0x0, 0x0, 0x8, 0xffffffff, 0xf8c}}, @TCA_CBQ_WRROPT={0x10, 0x2, {0x3, 0x6, 0x4, 0x6, 0x400, 0x9}}, @TCA_CBQ_RATE={0x10, 0x5, {0x1f, 0x0, 0x6, 0x8, 0x2, 0x5}}, @TCA_CBQ_WRROPT={0x10, 0x2, {0x20, 0x5, 0x3e, 0x80, 0x4, 0x7fffffff}}, @TCA_CBQ_RATE={0x10, 0x5, {0x8, 0x2, 0x5, 0xfff, 0x4, 0x80000000}}]}}, @TCA_RATE={0x6, 0x5, {0x51, 0x9}}, @tclass_kind_options=@c_drr={{0x8}, {0xc, 0x2, @TCA_DRR_QUANTUM={0x8, 0x1, 0xff}}}]}, 0x4e8}, 0x1, 0x0, 0x0, 0x2000c041}, 0x40000) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000000c0)={[{@rlog_wakeup_cnt}]}) [ 871.877768][T19143] FAULT_INJECTION: forcing a failure. [ 871.877768][T19143] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 871.897620][T19143] CPU: 0 PID: 19143 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 871.909263][T19143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 871.919319][T19143] Call Trace: [ 871.925356][T19143] dump_stack_lvl+0x1e2/0x24b [ 871.930044][T19143] ? show_regs_print_info+0x18/0x18 [ 871.935240][T19143] ? kfree+0xca/0x310 [ 871.939218][T19143] dump_stack+0x15/0x1d [ 871.943375][T19143] should_fail+0x3c0/0x510 [ 871.947798][T19143] should_fail_usercopy+0x1a/0x20 [ 871.952821][T19143] _copy_from_user+0x20/0xd0 [ 871.957405][T19143] __copy_msghdr_from_user+0xaf/0x730 [ 871.962774][T19143] ? __import_iovec+0x343/0x3b0 [ 871.967642][T19143] ? __ia32_sys_shutdown+0x70/0x70 [ 871.972781][T19143] io_recvmsg_copy_hdr+0x1cf/0x7f0 [ 871.977886][T19143] ? copy_fpregs_to_fpstate+0x140/0x1a0 [ 871.983433][T19143] ? io_poll_remove_one+0xf90/0xf90 [ 871.988632][T19143] ? __this_cpu_preempt_check+0x1c/0x20 [ 871.994203][T19143] ? __perf_event_task_sched_in+0xa5f/0xae0 [ 872.000098][T19143] io_issue_sqe+0x2ccf/0xfc10 [ 872.004775][T19143] ? __io_req_task_cancel+0x720/0x720 [ 872.010145][T19143] ? __rcu_read_lock+0x50/0x50 [ 872.014900][T19143] ? is_bpf_text_address+0x1a2/0x1c0 [ 872.020274][T19143] ? stack_trace_save+0x1e0/0x1e0 03:41:04 executing program 3: unshare(0x40000400) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x2, 0x4, 0x4, 0x1}, 0x40) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0}, 0x78) 03:41:04 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x38000000, 0x0, 0x0) [ 872.025301][T19143] ? __kernel_text_address+0x9a/0x110 [ 872.030677][T19143] ? kmem_cache_free+0xaa/0x1e0 [ 872.035528][T19143] ? kmem_cache_free+0xaa/0x1e0 [ 872.040380][T19143] ? kasan_set_track+0x63/0x80 [ 872.045144][T19143] ? kasan_set_track+0x4c/0x80 [ 872.049912][T19143] ? kasan_set_free_info+0x23/0x40 [ 872.055021][T19143] ? ____kasan_slab_free+0x133/0x170 [ 872.060305][T19143] ? __kasan_slab_free+0x11/0x20 [ 872.065243][T19143] ? slab_free_freelist_hook+0xb2/0x180 [ 872.070791][T19143] ? kmem_cache_free+0xaa/0x1e0 [ 872.075643][T19143] ? __io_free_req+0x20e/0x380 [ 872.080410][T19143] ? io_req_complete+0xeb/0x610 [ 872.085267][T19143] ? __io_queue_sqe+0x1070/0x2fa0 [ 872.090287][T19143] ? io_queue_sqe+0x295/0x1180 [ 872.095048][T19143] ? io_submit_sqe+0x385/0xfd0 [ 872.099809][T19143] ? io_submit_sqes+0x1050/0x2da0 [ 872.104831][T19143] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 872.110551][T19143] ? __x64_sys_io_uring_enter+0xe5/0x100 [ 872.116173][T19143] ? do_syscall_64+0x31/0x70 [ 872.120757][T19143] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 872.126809][T19143] ? kmem_cache_free+0xaa/0x1e0 [ 872.131652][T19143] ? debug_smp_processor_id+0x1c/0x20 [ 872.137017][T19143] ? kmem_cache_free+0xaa/0x1e0 [ 872.142107][T19143] ? ____kasan_slab_free+0x13e/0x170 [ 872.147374][T19143] ? __kasan_slab_free+0x11/0x20 [ 872.152335][T19143] ? slab_free_freelist_hook+0xb2/0x180 [ 872.157880][T19143] ? __rcu_read_lock+0x50/0x50 [ 872.162642][T19143] ? io_req_prep+0x1906/0x51b0 [ 872.167409][T19143] ? io_queue_sqe+0x1180/0x1180 [ 872.172261][T19143] __io_queue_sqe+0x2cf/0x2fa0 [ 872.177017][T19143] io_queue_sqe+0x295/0x1180 [ 872.181597][T19143] io_submit_sqe+0x385/0xfd0 [ 872.186183][T19143] ? io_file_get+0x437/0x9c0 [ 872.190773][T19143] io_submit_sqes+0x1050/0x2da0 [ 872.195636][T19143] ? io_uring_add_task_file+0x290/0x290 [ 872.201175][T19143] ? security_file_permission+0xa8/0xc0 [ 872.206717][T19143] ? __kasan_check_write+0x14/0x20 [ 872.211823][T19143] ? mutex_lock+0xa6/0x110 [ 872.216241][T19143] ? io_uring_add_task_file+0x127/0x290 [ 872.221782][T19143] ? __fdget+0x1b5/0x240 [ 872.226024][T19143] __se_sys_io_uring_enter+0x322/0x12b0 [ 872.231564][T19143] ? __fget_files+0x26d/0x2c0 [ 872.236235][T19143] ? __kasan_check_write+0x14/0x20 [ 872.241335][T19143] ? fput_many+0x47/0x1a0 [ 872.245656][T19143] ? __x64_sys_io_uring_enter+0x100/0x100 [ 872.251357][T19143] ? __ia32_sys_read+0x90/0x90 [ 872.256102][T19143] ? debug_smp_processor_id+0x1c/0x20 [ 872.261451][T19143] __x64_sys_io_uring_enter+0xe5/0x100 [ 872.266913][T19143] do_syscall_64+0x31/0x70 [ 872.271307][T19143] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 872.277172][T19143] RIP: 0033:0x7f5fb5d49a39 [ 872.281567][T19143] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 872.301171][T19143] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 872.309560][T19143] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 872.317515][T19143] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 03:41:05 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 48) 03:41:05 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x2108010, &(0x7f0000000200)={[{@read_timeout_ms={'read_timeout_ms', 0x3d, 0x100}}, {@no_bf_readahead={'no_bf_readahead', 0x3d, 0x1}}, {@readahead={'readahead', 0x3d, 0x1f}}, {@readahead={'readahead', 0x3d, 0x7}}, {@no_bf_cache}, {@no_bf_readahead={'no_bf_readahead', 0x3d, 0x1}}, {@readahead={'readahead', 0x3d, 0x2}}], [{@fsmagic={'fsmagic', 0x3d, 0x1000}}]}) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="726c6f675f00000800757030303030303047d597d66f775a52302c0000000000000000000000aac1497c34ac7fd0997306cd8acfc98c9ed117701787e23360c27a28b9b0777a9abf9daaf749857d0a23cf6c27b449a505a212388d9fab40a518df5f85d4806fe6e33db7"]) 03:41:05 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x40000000, 0x0, 0x0) 03:41:05 executing program 3: unshare(0x40000400) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x2, 0x4, 0x4, 0x1}, 0x40) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0}, 0x200011f8) 03:41:05 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x40000) 03:41:05 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0xffffffffa0028000}, 0x0) [ 872.325473][T19143] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 [ 872.333420][T19143] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 872.341368][T19143] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:41:05 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x2}, 0x0) [ 872.393905][T19593] incfs: Options parsing error. -22 03:41:05 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000000c0)={[{@rlog_wakeup_cnt}]}) lchown(&(0x7f0000000080)='./file0\x00', 0xee00, 0xee00) 03:41:05 executing program 3: unshare(0x40000400) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x2, 0x4, 0x4, 0x1, 0x608, 0xffffffffffffffff, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x5}, 0x40) unshare(0x40000000) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0}, 0x38) 03:41:05 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x3}, 0x0) [ 872.469234][T19785] FAULT_INJECTION: forcing a failure. [ 872.469234][T19785] name failslab, interval 1, probability 0, space 0, times 0 [ 872.491184][T19785] CPU: 0 PID: 19785 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 872.502828][T19785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 872.512865][T19785] Call Trace: [ 872.516141][T19785] dump_stack_lvl+0x1e2/0x24b [ 872.520799][T19785] ? devkmsg_release+0x127/0x127 [ 872.525714][T19785] ? show_regs_print_info+0x18/0x18 [ 872.530893][T19785] dump_stack+0x15/0x1d [ 872.535025][T19785] should_fail+0x3c0/0x510 [ 872.539419][T19785] ? iovec_from_user+0x8a/0x310 [ 872.544247][T19785] __should_failslab+0x9f/0xe0 [ 872.548987][T19785] should_failslab+0x9/0x20 [ 872.553467][T19785] __kmalloc+0x68/0x3d0 [ 872.557604][T19785] ? _copy_from_user+0x93/0xd0 [ 872.562346][T19785] iovec_from_user+0x8a/0x310 [ 872.567089][T19785] ? __ia32_sys_shutdown+0x70/0x70 [ 872.572192][T19785] __import_iovec+0x72/0x3b0 [ 872.576762][T19785] io_recvmsg_copy_hdr+0x396/0x7f0 [ 872.581848][T19785] ? io_poll_remove_one+0xf90/0xf90 [ 872.587022][T19785] ? arch_stack_walk+0xf8/0x140 [ 872.591855][T19785] io_issue_sqe+0x2ccf/0xfc10 [ 872.596546][T19785] ? __io_req_task_cancel+0x720/0x720 [ 872.601896][T19785] ? __rcu_read_lock+0x50/0x50 [ 872.606637][T19785] ? is_bpf_text_address+0x1a2/0x1c0 [ 872.611902][T19785] ? stack_trace_save+0x1e0/0x1e0 [ 872.616904][T19785] ? __kernel_text_address+0x9a/0x110 [ 872.622258][T19785] ? kmem_cache_free+0xaa/0x1e0 [ 872.627093][T19785] ? kmem_cache_free+0xaa/0x1e0 [ 872.631921][T19785] ? kasan_set_track+0x63/0x80 [ 872.636661][T19785] ? kasan_set_track+0x4c/0x80 [ 872.641403][T19785] ? kasan_set_free_info+0x23/0x40 [ 872.646494][T19785] ? ____kasan_slab_free+0x133/0x170 [ 872.651755][T19785] ? __kasan_slab_free+0x11/0x20 [ 872.656683][T19785] ? slab_free_freelist_hook+0xb2/0x180 [ 872.662212][T19785] ? kmem_cache_free+0xaa/0x1e0 [ 872.667039][T19785] ? __io_free_req+0x20e/0x380 [ 872.671778][T19785] ? io_req_complete+0xeb/0x610 [ 872.676604][T19785] ? __io_queue_sqe+0x1070/0x2fa0 [ 872.681602][T19785] ? io_queue_sqe+0x295/0x1180 [ 872.686343][T19785] ? io_submit_sqe+0x385/0xfd0 [ 872.691083][T19785] ? io_submit_sqes+0x1050/0x2da0 [ 872.696099][T19785] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 872.701794][T19785] ? __x64_sys_io_uring_enter+0xe5/0x100 [ 872.707414][T19785] ? do_syscall_64+0x31/0x70 [ 872.711995][T19785] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 872.718043][T19785] ? kmem_cache_free+0xaa/0x1e0 [ 872.722869][T19785] ? debug_smp_processor_id+0x1c/0x20 [ 872.728219][T19785] ? kmem_cache_free+0xaa/0x1e0 [ 872.733046][T19785] ? ____kasan_slab_free+0x13e/0x170 [ 872.738307][T19785] ? __kasan_slab_free+0x11/0x20 [ 872.743220][T19785] ? slab_free_freelist_hook+0xb2/0x180 [ 872.748757][T19785] ? __rcu_read_lock+0x50/0x50 [ 872.753524][T19785] ? io_req_prep+0x1906/0x51b0 [ 872.758283][T19785] ? io_queue_sqe+0x1180/0x1180 [ 872.763121][T19785] __io_queue_sqe+0x2cf/0x2fa0 [ 872.767865][T19785] io_queue_sqe+0x295/0x1180 [ 872.772441][T19785] io_submit_sqe+0x385/0xfd0 [ 872.777007][T19785] ? io_file_get+0x437/0x9c0 [ 872.781577][T19785] io_submit_sqes+0x1050/0x2da0 [ 872.786412][T19785] ? io_uring_add_task_file+0x290/0x290 [ 872.791935][T19785] ? security_file_permission+0xa8/0xc0 [ 872.797463][T19785] ? __kasan_check_write+0x14/0x20 [ 872.802556][T19785] ? mutex_lock+0xa6/0x110 [ 872.806955][T19785] ? io_uring_add_task_file+0x127/0x290 [ 872.812482][T19785] ? __fdget+0x1b5/0x240 [ 872.816704][T19785] __se_sys_io_uring_enter+0x322/0x12b0 [ 872.822231][T19785] ? __fget_files+0x26d/0x2c0 [ 872.826893][T19785] ? __kasan_check_write+0x14/0x20 [ 872.831997][T19785] ? fput_many+0x47/0x1a0 [ 872.836305][T19785] ? __x64_sys_io_uring_enter+0x100/0x100 [ 872.842006][T19785] ? __ia32_sys_read+0x90/0x90 [ 872.846750][T19785] ? debug_smp_processor_id+0x1c/0x20 [ 872.852099][T19785] __x64_sys_io_uring_enter+0xe5/0x100 [ 872.857552][T19785] do_syscall_64+0x31/0x70 [ 872.861948][T19785] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 872.867832][T19785] RIP: 0033:0x7f5fb5d49a39 [ 872.872227][T19785] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 872.891814][T19785] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 872.900206][T19785] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 872.908176][T19785] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 03:41:05 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x40410000, 0x0, 0x0) [ 872.916129][T19785] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 [ 872.924080][T19785] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 872.932031][T19785] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:41:05 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 49) 03:41:05 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x8002a0) 03:41:05 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x4}, 0x0) [ 873.046288][T19938] FAULT_INJECTION: forcing a failure. [ 873.046288][T19938] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 873.062718][T19938] CPU: 0 PID: 19938 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 873.074352][T19938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 873.084403][T19938] Call Trace: [ 873.087693][T19938] dump_stack_lvl+0x1e2/0x24b [ 873.092376][T19938] ? show_regs_print_info+0x18/0x18 [ 873.097577][T19938] dump_stack+0x15/0x1d [ 873.101722][T19938] should_fail+0x3c0/0x510 [ 873.106123][T19938] should_fail_usercopy+0x1a/0x20 [ 873.111130][T19938] _copy_from_user+0x20/0xd0 [ 873.115699][T19938] iovec_from_user+0xc7/0x310 [ 873.120356][T19938] ? __ia32_sys_shutdown+0x70/0x70 [ 873.125448][T19938] __import_iovec+0x72/0x3b0 [ 873.130022][T19938] io_recvmsg_copy_hdr+0x396/0x7f0 [ 873.135200][T19938] ? io_poll_remove_one+0xf90/0xf90 [ 873.140388][T19938] ? arch_stack_walk+0xf8/0x140 [ 873.145220][T19938] io_issue_sqe+0x2ccf/0xfc10 [ 873.149893][T19938] ? __io_req_task_cancel+0x720/0x720 [ 873.155246][T19938] ? __rcu_read_lock+0x50/0x50 [ 873.159988][T19938] ? is_bpf_text_address+0x1a2/0x1c0 [ 873.165256][T19938] ? stack_trace_save+0x1e0/0x1e0 [ 873.170261][T19938] ? __kernel_text_address+0x9a/0x110 [ 873.175616][T19938] ? kmem_cache_free+0xaa/0x1e0 [ 873.180441][T19938] ? kmem_cache_free+0xaa/0x1e0 [ 873.185268][T19938] ? kasan_set_track+0x63/0x80 [ 873.190013][T19938] ? kasan_set_track+0x4c/0x80 [ 873.194758][T19938] ? kasan_set_free_info+0x23/0x40 [ 873.199847][T19938] ? ____kasan_slab_free+0x133/0x170 [ 873.205111][T19938] ? __kasan_slab_free+0x11/0x20 [ 873.210028][T19938] ? slab_free_freelist_hook+0xb2/0x180 [ 873.215565][T19938] ? kmem_cache_free+0xaa/0x1e0 [ 873.220395][T19938] ? __io_free_req+0x20e/0x380 [ 873.225137][T19938] ? io_req_complete+0xeb/0x610 [ 873.229969][T19938] ? __io_queue_sqe+0x1070/0x2fa0 [ 873.234970][T19938] ? io_queue_sqe+0x295/0x1180 [ 873.239714][T19938] ? io_submit_sqe+0x385/0xfd0 [ 873.244455][T19938] ? io_submit_sqes+0x1050/0x2da0 [ 873.249458][T19938] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 873.255170][T19938] ? __x64_sys_io_uring_enter+0xe5/0x100 [ 873.260780][T19938] ? do_syscall_64+0x31/0x70 [ 873.265349][T19938] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 873.271395][T19938] ? kmem_cache_free+0xaa/0x1e0 [ 873.276227][T19938] ? debug_smp_processor_id+0x1c/0x20 [ 873.281575][T19938] ? kmem_cache_free+0xaa/0x1e0 [ 873.286403][T19938] ? ____kasan_slab_free+0x13e/0x170 [ 873.291665][T19938] ? __kasan_slab_free+0x11/0x20 [ 873.296581][T19938] ? slab_free_freelist_hook+0xb2/0x180 [ 873.302105][T19938] ? __rcu_read_lock+0x50/0x50 [ 873.306845][T19938] ? io_req_prep+0x1906/0x51b0 [ 873.311587][T19938] ? io_queue_sqe+0x1180/0x1180 [ 873.316416][T19938] __io_queue_sqe+0x2cf/0x2fa0 [ 873.321162][T19938] io_queue_sqe+0x295/0x1180 [ 873.325731][T19938] io_submit_sqe+0x385/0xfd0 [ 873.330300][T19938] ? io_file_get+0x437/0x9c0 [ 873.334868][T19938] io_submit_sqes+0x1050/0x2da0 [ 873.339745][T19938] ? io_uring_add_task_file+0x290/0x290 [ 873.345273][T19938] ? security_file_permission+0xa8/0xc0 [ 873.350802][T19938] ? __kasan_check_write+0x14/0x20 [ 873.355894][T19938] ? mutex_lock+0xa6/0x110 [ 873.360294][T19938] ? io_uring_add_task_file+0x127/0x290 [ 873.365837][T19938] ? __fdget+0x1b5/0x240 [ 873.370075][T19938] __se_sys_io_uring_enter+0x322/0x12b0 [ 873.375598][T19938] ? __fget_files+0x26d/0x2c0 [ 873.380269][T19938] ? __kasan_check_write+0x14/0x20 [ 873.385359][T19938] ? fput_many+0x47/0x1a0 [ 873.389667][T19938] ? __x64_sys_io_uring_enter+0x100/0x100 [ 873.395366][T19938] ? __ia32_sys_read+0x90/0x90 [ 873.400111][T19938] ? debug_smp_processor_id+0x1c/0x20 [ 873.405460][T19938] __x64_sys_io_uring_enter+0xe5/0x100 [ 873.410897][T19938] do_syscall_64+0x31/0x70 [ 873.415292][T19938] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 873.421163][T19938] RIP: 0033:0x7f5fb5d49a39 [ 873.425561][T19938] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 03:41:06 executing program 3: unshare(0x40000400) unshare(0x70060e00) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x2, 0x8040004, 0x81, 0x1}, 0x40) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0}, 0x38) [ 873.445142][T19938] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 873.453535][T19938] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 873.461920][T19938] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 [ 873.469887][T19938] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 [ 873.477837][T19938] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 873.485789][T19938] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:41:06 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x5}, 0x0) 03:41:06 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x77359400, 0x0, 0x0) 03:41:06 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 50) 03:41:06 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x943577) 03:41:06 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x6}, 0x0) 03:41:06 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) listen(r0, 0x12) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x23, &(0x7f0000000040)=0x3c, 0x4) unshare(0x40000400) unshare(0x8020980) r1 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x2, 0x4, 0x4, 0x1}, 0x40) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r1}, 0x38) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x1b, 0x8f50, 0xd2a, 0x400, 0x1, r1, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x5, 0x5}, 0x40) 03:41:06 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x7fffefe0, 0x0, 0x0) 03:41:06 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x7}, 0x0) 03:41:06 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x7ffff000, 0x0, 0x0) 03:41:06 executing program 3: unshare(0x40000400) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x2, 0x4, 0x4, 0x1}, 0x40) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0}, 0x38) unshare(0x800) unshare(0x6030000) r1 = syz_genetlink_get_family_id$fou(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="b0000000", @ANYRES16=r1, @ANYBLOB="00032bbd7000fedbdf25020000000400050006000a004e22000008000600ac1e0101050002000a000000"], 0x30}, 0x1, 0x0, 0x0, 0x10}, 0x40004) unshare(0x20000) 03:41:06 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0xf0ff7f) 03:41:06 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x9}, 0x0) [ 873.790285][T20199] FAULT_INJECTION: forcing a failure. [ 873.790285][T20199] name failslab, interval 1, probability 0, space 0, times 0 [ 873.804529][T20199] CPU: 1 PID: 20199 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 873.816163][T20199] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 873.826216][T20199] Call Trace: [ 873.829516][T20199] dump_stack_lvl+0x1e2/0x24b [ 873.834197][T20199] ? devkmsg_release+0x127/0x127 [ 873.839141][T20199] ? show_regs_print_info+0x18/0x18 [ 873.844346][T20199] dump_stack+0x15/0x1d [ 873.848502][T20199] should_fail+0x3c0/0x510 [ 873.852924][T20199] ? iovec_from_user+0x8a/0x310 [ 873.857791][T20199] __should_failslab+0x9f/0xe0 [ 873.862559][T20199] should_failslab+0x9/0x20 [ 873.867064][T20199] __kmalloc+0x68/0x3d0 [ 873.871220][T20199] ? _copy_from_user+0x93/0xd0 [ 873.875983][T20199] iovec_from_user+0x8a/0x310 [ 873.880659][T20199] ? __ia32_sys_shutdown+0x70/0x70 [ 873.885768][T20199] __import_iovec+0x72/0x3b0 [ 873.890365][T20199] io_recvmsg_copy_hdr+0x396/0x7f0 [ 873.895479][T20199] ? io_poll_remove_one+0xf90/0xf90 [ 873.900680][T20199] ? arch_stack_walk+0xf8/0x140 [ 873.905536][T20199] io_issue_sqe+0x2ccf/0xfc10 [ 873.910219][T20199] ? __io_req_task_cancel+0x720/0x720 [ 873.915595][T20199] ? __rcu_read_lock+0x50/0x50 [ 873.920361][T20199] ? is_bpf_text_address+0x1a2/0x1c0 [ 873.925650][T20199] ? stack_trace_save+0x1e0/0x1e0 [ 873.930676][T20199] ? __kernel_text_address+0x9a/0x110 [ 873.936094][T20199] ? kmem_cache_free+0xaa/0x1e0 [ 873.940951][T20199] ? kmem_cache_free+0xaa/0x1e0 [ 873.945807][T20199] ? kasan_set_track+0x63/0x80 [ 873.950578][T20199] ? kasan_set_track+0x4c/0x80 [ 873.955343][T20199] ? kasan_set_free_info+0x23/0x40 [ 873.960457][T20199] ? ____kasan_slab_free+0x133/0x170 [ 873.966006][T20199] ? __kasan_slab_free+0x11/0x20 [ 873.970944][T20199] ? slab_free_freelist_hook+0xb2/0x180 [ 873.976664][T20199] ? kmem_cache_free+0xaa/0x1e0 [ 873.981517][T20199] ? __io_free_req+0x20e/0x380 [ 873.986284][T20199] ? io_req_complete+0xeb/0x610 [ 873.991139][T20199] ? __io_queue_sqe+0x1070/0x2fa0 [ 873.996166][T20199] ? io_queue_sqe+0x295/0x1180 [ 874.000932][T20199] ? io_submit_sqe+0x385/0xfd0 [ 874.005700][T20199] ? io_submit_sqes+0x1050/0x2da0 [ 874.010726][T20199] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 874.016447][T20199] ? __x64_sys_io_uring_enter+0xe5/0x100 [ 874.022083][T20199] ? do_syscall_64+0x31/0x70 [ 874.026702][T20199] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 874.032779][T20199] ? kmem_cache_free+0xaa/0x1e0 [ 874.037638][T20199] ? debug_smp_processor_id+0x1c/0x20 [ 874.044498][T20199] ? __set_page_owner+0x2e2/0x300 [ 874.049529][T20199] ? kmem_cache_free+0xaa/0x1e0 [ 874.054468][T20199] ? ____kasan_slab_free+0x13e/0x170 [ 874.059767][T20199] ? __kasan_slab_free+0x11/0x20 [ 874.064712][T20199] ? slab_free_freelist_hook+0xb2/0x180 [ 874.070266][T20199] ? __rcu_read_lock+0x50/0x50 [ 874.075041][T20199] ? io_req_prep+0x1906/0x51b0 [ 874.079813][T20199] ? io_queue_sqe+0x1180/0x1180 [ 874.084671][T20199] __io_queue_sqe+0x2cf/0x2fa0 [ 874.089441][T20199] io_queue_sqe+0x295/0x1180 [ 874.094067][T20199] io_submit_sqe+0x385/0xfd0 [ 874.098660][T20199] ? io_file_get+0x437/0x9c0 [ 874.103254][T20199] io_submit_sqes+0x1050/0x2da0 [ 874.108113][T20199] ? io_uring_add_task_file+0x290/0x290 [ 874.113654][T20199] ? security_file_permission+0xa8/0xc0 [ 874.119201][T20199] ? __kasan_check_write+0x14/0x20 [ 874.124312][T20199] ? mutex_lock+0xa6/0x110 [ 874.128732][T20199] ? io_uring_add_task_file+0x127/0x290 [ 874.134277][T20199] ? __fdget+0x1b5/0x240 [ 874.138524][T20199] __se_sys_io_uring_enter+0x322/0x12b0 [ 874.144070][T20199] ? __fget_files+0x26d/0x2c0 [ 874.148752][T20199] ? __kasan_check_write+0x14/0x20 [ 874.153864][T20199] ? fput_many+0x47/0x1a0 [ 874.158193][T20199] ? __x64_sys_io_uring_enter+0x100/0x100 [ 874.163910][T20199] ? __ia32_sys_read+0x90/0x90 [ 874.168762][T20199] ? debug_smp_processor_id+0x1c/0x20 [ 874.174133][T20199] __x64_sys_io_uring_enter+0xe5/0x100 [ 874.179589][T20199] do_syscall_64+0x31/0x70 [ 874.184011][T20199] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 874.189898][T20199] RIP: 0033:0x7f5fb5d49a39 [ 874.194308][T20199] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 874.213910][T20199] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 874.222364][T20199] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 874.230336][T20199] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 [ 874.238307][T20199] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 [ 874.246279][T20199] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 874.254248][T20199] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:41:07 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 51) 03:41:07 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x83}, 0x0) 03:41:07 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x807e0000, 0x0, 0x0) 03:41:07 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x300}, 0x0) 03:41:07 executing program 3: unshare(0x40000400) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x2, 0x4, 0x4, 0x1}, 0x40) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x18, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x5d}, [@jmp={0x5, 0x0, 0xd, 0xb, 0x6, 0x10, 0x4}]}, &(0x7f0000000040)='GPL\x00', 0x4, 0x57, &(0x7f00000000c0)=""/87, 0x41100, 0x12, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000140)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000180)={0x2, 0x3, 0x4, 0x40}, 0x10}, 0x78) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0}, 0x38) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000003c0)={r0, &(0x7f0000000240)="815e3bb5b7ad597d0dcf6dd5decc6e4ec18f6588d165cd51f147af3dceaa5885bb1e047727baf13b0d50b7b4f9269d1fd70e8ceefeb4a4652a6316b251573ae9ec09f8f7679ad2cdb51ff4f4c6f2fe8ae230cfe7125759acca29731a8228b303141de17a41f6772c8489ecfb919fc9ac33b24d071663c29e3c4461cd84c25452633745d2316e6ad2370cc9053da92009ceeb2b0cedc66a57e978c7af2875090d3e4ad07da059b179a2d930af6ffa83d72c0f222d30af6e8fd43284995794e8d7ada0c127a0672e56914c2830baa0cfea67b42ca7a0c0cc12d9051d8301ce4eef7e54c2f407c7", &(0x7f0000000340)=""/106}, 0x20) [ 874.525832][T20436] FAULT_INJECTION: forcing a failure. [ 874.525832][T20436] name failslab, interval 1, probability 0, space 0, times 0 [ 874.539388][T20436] CPU: 1 PID: 20436 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 874.551123][T20436] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 874.561172][T20436] Call Trace: [ 874.564468][T20436] dump_stack_lvl+0x1e2/0x24b [ 874.569144][T20436] ? devkmsg_release+0x127/0x127 [ 874.574079][T20436] ? show_regs_print_info+0x18/0x18 [ 874.579279][T20436] ? __io_queue_sqe+0x1561/0x2fa0 [ 874.584308][T20436] dump_stack+0x15/0x1d [ 874.588463][T20436] should_fail+0x3c0/0x510 [ 874.592880][T20436] __should_failslab+0x9f/0xe0 [ 874.597646][T20436] should_failslab+0x9/0x20 [ 874.602146][T20436] kmem_cache_alloc_bulk+0x30/0x3f0 [ 874.607346][T20436] io_submit_sqes+0x6bf/0x2da0 [ 874.612118][T20436] ? io_uring_add_task_file+0x290/0x290 [ 874.617662][T20436] ? security_file_permission+0xa8/0xc0 [ 874.623207][T20436] ? __kasan_check_write+0x14/0x20 [ 874.628314][T20436] ? mutex_lock+0xa6/0x110 [ 874.632733][T20436] ? io_uring_add_task_file+0x127/0x290 [ 874.638271][T20436] ? __fdget+0x1b5/0x240 [ 874.642515][T20436] __se_sys_io_uring_enter+0x322/0x12b0 [ 874.648059][T20436] ? __fget_files+0x26d/0x2c0 [ 874.652737][T20436] ? __kasan_check_write+0x14/0x20 [ 874.657843][T20436] ? fput_many+0x47/0x1a0 [ 874.662176][T20436] ? __x64_sys_io_uring_enter+0x100/0x100 [ 874.667905][T20436] ? __ia32_sys_read+0x90/0x90 [ 874.672666][T20436] ? debug_smp_processor_id+0x1c/0x20 [ 874.678037][T20436] __x64_sys_io_uring_enter+0xe5/0x100 [ 874.683492][T20436] do_syscall_64+0x31/0x70 [ 874.687909][T20436] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 874.693795][T20436] RIP: 0033:0x7f5fb5d49a39 [ 874.698209][T20436] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 874.717812][T20436] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 874.726228][T20436] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 874.734201][T20436] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 [ 874.742172][T20436] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 [ 874.750142][T20436] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 874.758111][T20436] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:41:07 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0xfeffff) 03:41:07 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x500}, 0x0) 03:41:07 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x87c50000, 0x0, 0x0) 03:41:07 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 52) 03:41:07 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x600}, 0x0) 03:41:07 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x700}, 0x0) [ 874.918727][T20569] FAULT_INJECTION: forcing a failure. [ 874.918727][T20569] name failslab, interval 1, probability 0, space 0, times 0 [ 874.963634][T20569] CPU: 1 PID: 20569 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 874.975282][T20569] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 874.985335][T20569] Call Trace: [ 874.988629][T20569] dump_stack_lvl+0x1e2/0x24b [ 874.993310][T20569] ? devkmsg_release+0x127/0x127 [ 874.998250][T20569] ? show_regs_print_info+0x18/0x18 [ 875.003452][T20569] dump_stack+0x15/0x1d [ 875.007608][T20569] should_fail+0x3c0/0x510 [ 875.012023][T20569] ? iovec_from_user+0x8a/0x310 [ 875.016874][T20569] __should_failslab+0x9f/0xe0 [ 875.021647][T20569] should_failslab+0x9/0x20 [ 875.026169][T20569] __kmalloc+0x68/0x3d0 [ 875.030340][T20569] ? _copy_from_user+0x93/0xd0 [ 875.035121][T20569] iovec_from_user+0x8a/0x310 [ 875.039803][T20569] ? __ia32_sys_shutdown+0x70/0x70 [ 875.045099][T20569] __import_iovec+0x72/0x3b0 [ 875.049686][T20569] io_recvmsg_copy_hdr+0x396/0x7f0 [ 875.054795][T20569] ? io_poll_remove_one+0xf90/0xf90 [ 875.059987][T20569] ? arch_stack_walk+0xf8/0x140 [ 875.064840][T20569] io_issue_sqe+0x2ccf/0xfc10 [ 875.069512][T20569] ? __io_req_task_cancel+0x720/0x720 [ 875.074881][T20569] ? __rcu_read_lock+0x50/0x50 [ 875.079640][T20569] ? is_bpf_text_address+0x1a2/0x1c0 [ 875.084921][T20569] ? stack_trace_save+0x1e0/0x1e0 [ 875.089943][T20569] ? __kernel_text_address+0x9a/0x110 [ 875.095320][T20569] ? __rcu_read_lock+0x50/0x50 [ 875.100083][T20569] ? is_bpf_text_address+0x1a2/0x1c0 [ 875.105362][T20569] ? stack_trace_save+0x1e0/0x1e0 [ 875.110378][T20569] ? __kernel_text_address+0x9a/0x110 [ 875.115743][T20569] ? unwind_get_return_address+0x4c/0x90 [ 875.121380][T20569] ? arch_stack_walk+0xf8/0x140 [ 875.126225][T20569] ? stack_trace_save+0x11b/0x1e0 [ 875.131245][T20569] ? kmem_cache_free+0xaa/0x1e0 [ 875.136092][T20569] ? stack_trace_snprint+0xe0/0xe0 [ 875.141196][T20569] ? kmem_cache_free+0xaa/0x1e0 [ 875.146044][T20569] ? __kasan_slab_alloc+0xc9/0xe0 [ 875.151074][T20569] ? __kasan_slab_alloc+0xb2/0xe0 [ 875.156091][T20569] ? kmem_cache_alloc_bulk+0x2d5/0x3f0 [ 875.161546][T20569] ? io_submit_sqes+0x6bf/0x2da0 [ 875.166477][T20569] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 875.172193][T20569] ? io_req_prep+0x1906/0x51b0 [ 875.176952][T20569] ? io_queue_sqe+0x1180/0x1180 [ 875.181797][T20569] __io_queue_sqe+0x2cf/0x2fa0 [ 875.186555][T20569] io_queue_sqe+0x295/0x1180 [ 875.191145][T20569] io_submit_sqe+0x385/0xfd0 [ 875.195735][T20569] ? io_file_get+0x437/0x9c0 [ 875.200329][T20569] io_submit_sqes+0x1050/0x2da0 [ 875.205186][T20569] ? io_uring_add_task_file+0x290/0x290 [ 875.210726][T20569] ? security_file_permission+0xa8/0xc0 [ 875.216281][T20569] ? __kasan_check_write+0x14/0x20 [ 875.221387][T20569] ? mutex_lock+0xa6/0x110 [ 875.225799][T20569] ? io_uring_add_task_file+0x127/0x290 [ 875.231336][T20569] ? __fdget+0x1b5/0x240 [ 875.235577][T20569] __se_sys_io_uring_enter+0x322/0x12b0 [ 875.241118][T20569] ? __fget_files+0x26d/0x2c0 [ 875.245797][T20569] ? __kasan_check_write+0x14/0x20 [ 875.250906][T20569] ? fput_many+0x47/0x1a0 [ 875.255237][T20569] ? __x64_sys_io_uring_enter+0x100/0x100 [ 875.260954][T20569] ? __ia32_sys_read+0x90/0x90 [ 875.265718][T20569] ? debug_smp_processor_id+0x1c/0x20 [ 875.271090][T20569] __x64_sys_io_uring_enter+0xe5/0x100 [ 875.276549][T20569] do_syscall_64+0x31/0x70 [ 875.280976][T20569] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 875.286862][T20569] RIP: 0033:0x7f5fb5d49a39 [ 875.291275][T20569] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 03:41:07 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0xa0028000, 0x0, 0x0) 03:41:08 executing program 3: stat(&(0x7f0000000280)='./file0\x00', &(0x7f00000000c0)) unshare(0x40000400) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x2, 0x4, 0x4, 0x1}, 0x40) lremovexattr(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)=@known='trusted.overlay.redirect\x00') pipe(&(0x7f0000000200)={0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) splice(r1, 0x0, r2, 0x0, 0x4ffdc, 0x0) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000240)=0x14) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0}, 0x38) pipe(&(0x7f0000000200)={0xffffffffffffffff}) r4 = socket$inet_udp(0x2, 0x2, 0x0) close(r4) splice(r3, 0x0, r4, 0x0, 0x4ffdc, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x18, 0x1, 0xff, 0x1fc000, 0x1600, r0, 0x3f87, '\x00', 0x0, r3, 0x2, 0x0, 0x1}, 0x40) 03:41:08 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x900}, 0x0) [ 875.310879][T20569] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 875.319290][T20569] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 875.327264][T20569] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 [ 875.335237][T20569] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 [ 875.343204][T20569] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 875.351170][T20569] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:41:08 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 53) 03:41:08 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x1000000) 03:41:08 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x65a0}, 0x0) 03:41:08 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0xe0efff7f, 0x0, 0x0) 03:41:08 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x8100}, 0x0) 03:41:08 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x8300}, 0x0) [ 875.550775][T20720] FAULT_INJECTION: forcing a failure. [ 875.550775][T20720] name fail_usercopy, interval 1, probability 0, space 0, times 0 03:41:08 executing program 3: unshare(0x40000400) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x2, 0x4, 0x4, 0x1, 0x0, 0x1}, 0x40) unshare(0x2c000100) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000380), 0x8000, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000040)={r0, &(0x7f0000000000)="0843cf5b1244649c5103bc5600bd8428f5", &(0x7f00000000c0)=@tcp6=r1, 0x4}, 0x20) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0}, 0x38) ioctl$sock_ipv6_tunnel_SIOCDEL6RD(r1, 0x89fa, &(0x7f0000000300)={'ip6tnl0\x00', &(0x7f0000000280)={'ip6gre0\x00', 0x0, 0x29, 0x7, 0x6, 0xffffffff, 0x4, @private2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x7, 0x700, 0xfffffffa, 0x400}}) pipe(&(0x7f0000000200)={0xffffffffffffffff}) r4 = socket$inet_udp(0x2, 0x2, 0x0) close(r4) splice(r3, 0x0, r4, 0x0, 0x4ffdc, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0xf, 0x7, &(0x7f0000000480)=ANY=[@ANYBLOB="29002b00003562ae2d0000b700000000", @ANYRES32=r1, @ANYBLOB="00000000d20000000f954000100000008500000006000000ac340100d3f40cb29500000000000000"], &(0x7f0000000140)='syzkaller\x00', 0x403, 0xf4, &(0x7f0000000180)=""/244, 0x41100, 0x1b, '\x00', r2, 0x1, 0xffffffffffffffff, 0x8, &(0x7f0000000340)={0x4, 0x2}, 0x8, 0x10, &(0x7f00000003c0)={0x4, 0xd, 0x5, 0x200}, 0x10, 0x0, r3}, 0x78) 03:41:08 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0xa065}, 0x0) [ 875.603721][T20720] CPU: 0 PID: 20720 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 875.615411][T20720] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 875.625468][T20720] Call Trace: [ 875.628765][T20720] dump_stack_lvl+0x1e2/0x24b [ 875.633461][T20720] ? show_regs_print_info+0x18/0x18 [ 875.638662][T20720] dump_stack+0x15/0x1d [ 875.642814][T20720] should_fail+0x3c0/0x510 [ 875.647233][T20720] should_fail_usercopy+0x1a/0x20 [ 875.652258][T20720] _copy_from_user+0x20/0xd0 [ 875.656840][T20720] iovec_from_user+0xc7/0x310 [ 875.661514][T20720] ? __ia32_sys_shutdown+0x70/0x70 [ 875.666618][T20720] __import_iovec+0x72/0x3b0 [ 875.671197][T20720] io_recvmsg_copy_hdr+0x396/0x7f0 [ 875.676290][T20720] ? io_poll_remove_one+0xf90/0xf90 [ 875.681552][T20720] ? arch_stack_walk+0xf8/0x140 [ 875.686379][T20720] io_issue_sqe+0x2ccf/0xfc10 [ 875.691047][T20720] ? __io_req_task_cancel+0x720/0x720 [ 875.696397][T20720] ? __rcu_read_lock+0x50/0x50 [ 875.701139][T20720] ? is_bpf_text_address+0x1a2/0x1c0 [ 875.706398][T20720] ? stack_trace_save+0x1e0/0x1e0 [ 875.711485][T20720] ? __kernel_text_address+0x9a/0x110 [ 875.716838][T20720] ? __rcu_read_lock+0x50/0x50 [ 875.721575][T20720] ? is_bpf_text_address+0x1a2/0x1c0 [ 875.726834][T20720] ? stack_trace_save+0x1e0/0x1e0 [ 875.731847][T20720] ? __kernel_text_address+0x9a/0x110 [ 875.737206][T20720] ? unwind_get_return_address+0x4c/0x90 [ 875.742816][T20720] ? arch_stack_walk+0xf8/0x140 [ 875.747641][T20720] ? stack_trace_save+0x11b/0x1e0 [ 875.752639][T20720] ? kmem_cache_free+0xaa/0x1e0 [ 875.757464][T20720] ? stack_trace_snprint+0xe0/0xe0 [ 875.762550][T20720] ? kmem_cache_free+0xaa/0x1e0 [ 875.767379][T20720] ? __kasan_slab_alloc+0xc9/0xe0 [ 875.772380][T20720] ? __kasan_slab_alloc+0xb2/0xe0 [ 875.777382][T20720] ? kmem_cache_alloc_bulk+0x2d5/0x3f0 [ 875.782814][T20720] ? io_submit_sqes+0x6bf/0x2da0 [ 875.787733][T20720] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 875.793430][T20720] ? io_req_prep+0x1906/0x51b0 [ 875.798172][T20720] ? io_queue_sqe+0x1180/0x1180 [ 875.803012][T20720] __io_queue_sqe+0x2cf/0x2fa0 [ 875.807750][T20720] io_queue_sqe+0x295/0x1180 [ 875.812319][T20720] io_submit_sqe+0x385/0xfd0 [ 875.816882][T20720] ? io_file_get+0x437/0x9c0 [ 875.821447][T20720] io_submit_sqes+0x1050/0x2da0 [ 875.826279][T20720] ? io_uring_add_task_file+0x290/0x290 [ 875.831800][T20720] ? security_file_permission+0xa8/0xc0 [ 875.837324][T20720] ? __kasan_check_write+0x14/0x20 [ 875.842411][T20720] ? mutex_lock+0xa6/0x110 [ 875.846813][T20720] ? io_uring_add_task_file+0x127/0x290 [ 875.852336][T20720] ? __fdget+0x1b5/0x240 [ 875.856557][T20720] __se_sys_io_uring_enter+0x322/0x12b0 [ 875.862076][T20720] ? __fget_files+0x26d/0x2c0 [ 875.866730][T20720] ? __kasan_check_write+0x14/0x20 [ 875.871814][T20720] ? fput_many+0x47/0x1a0 [ 875.876119][T20720] ? __x64_sys_io_uring_enter+0x100/0x100 [ 875.881831][T20720] ? __ia32_sys_read+0x90/0x90 [ 875.886591][T20720] ? debug_smp_processor_id+0x1c/0x20 [ 875.891957][T20720] __x64_sys_io_uring_enter+0xe5/0x100 [ 875.897402][T20720] do_syscall_64+0x31/0x70 [ 875.901797][T20720] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 875.907667][T20720] RIP: 0033:0x7f5fb5d49a39 [ 875.912061][T20720] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 875.931639][T20720] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 875.940039][T20720] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 03:41:08 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x2000000) 03:41:08 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0xeffdffff, 0x0, 0x0) [ 875.947989][T20720] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 [ 875.955935][T20720] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 [ 875.963883][T20720] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 875.971830][T20720] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:41:08 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x38000}, 0x0) 03:41:08 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x8002a0}, 0x0) 03:41:08 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 54) 03:41:08 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0xf5ffffff, 0x0, 0x0) 03:41:08 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x800300}, 0x0) 03:41:08 executing program 3: unshare(0x40000400) bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x10, 0x4, 0x4, 0x1, 0x8}, 0x40) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) unshare(0x40020000) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x9, r1}, 0x38) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r1, 0x89f2, &(0x7f0000000040)={'syztnl2\x00', &(0x7f00000000c0)={'syztnl0\x00', 0x0, 0x8, 0x6325eef93d6cd1b4, 0x5, 0x1050e785, {{0x23, 0x4, 0x1, 0x15, 0x8c, 0x66, 0x0, 0xff, 0x29, 0x0, @loopback, @broadcast, {[@generic={0x44, 0xd, "91accfd0f80e885fc2e5d9"}, @timestamp={0x44, 0x14, 0x46, 0x0, 0xa, [0x8, 0x0, 0x1, 0x1]}, @timestamp={0x44, 0x8, 0x37, 0x0, 0x1, [0x9]}, @ssrr={0x89, 0xb, 0x75, [@multicast1, @multicast2]}, @cipso={0x86, 0x41, 0xfffffffffffffffc, [{0x5, 0x5, '(yx'}, {0x7, 0xc, "3f9ec43bcaf696e11bd4"}, {0x0, 0x3, "95"}, {0x5, 0xe, "a12d0881769af971cc3082be"}, {0x2, 0xe, "8a400d91a0dc78a8bf1c4135"}, {0x1, 0xb, "697d2a58804e1e69b0"}]}]}}}}}) sendmsg$xdp(r0, &(0x7f0000000300)={&(0x7f0000000180)={0x2c, 0x4, r2, 0x2d}, 0x10, &(0x7f00000002c0)=[{&(0x7f00000001c0)="549d7a9a2c9f2252ccf4c083224ce57bde2bfdfffc152245095024e7d929ca4287e34425063faff8efc786b3ec1d09a402a1884bcf73da9be895e97846790aa1dc80ca2fbad56a1cba83013e50c0a7b359acecd0dc19a8e643ec6463e3759a93d1c7827db1d67d67dc0cd7a2a14abccc7d4598ed207278b47217840e4fff2448c279159cb39f7f2d94255d44f9d2ee46216c00574066f7d9aa9b757f5b6344c0a15b437254dd90bcc388e8e3364ceee59e72a77f686ff41ceb94aabef8d788b4d40333cae7e59b122cf2b1", 0xcb}], 0x1, 0x0, 0x0, 0x4008045}, 0x1) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=@RTM_GETMDB={0x18, 0x56, 0x100, 0x70bd2b, 0x25dfdbfe, {0x7, r2}, ["", "", "", ""]}, 0x18}, 0x1, 0x0, 0x0, 0x2e9ad12d836d5937}, 0x20044090) 03:41:08 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x4000000) 03:41:08 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x1000000}, 0x0) 03:41:08 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0xfffffdef, 0x0, 0x0) [ 876.260120][T21090] FAULT_INJECTION: forcing a failure. [ 876.260120][T21090] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 876.296550][T21090] CPU: 1 PID: 21090 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 876.308190][T21090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 876.318240][T21090] Call Trace: [ 876.321548][T21090] dump_stack_lvl+0x1e2/0x24b [ 876.326223][T21090] ? show_regs_print_info+0x18/0x18 [ 876.331419][T21090] ? kfree+0xca/0x310 [ 876.335399][T21090] dump_stack+0x15/0x1d [ 876.339550][T21090] should_fail+0x3c0/0x510 [ 876.343958][T21090] should_fail_usercopy+0x1a/0x20 [ 876.348976][T21090] _copy_from_user+0x20/0xd0 [ 876.353566][T21090] __copy_msghdr_from_user+0xaf/0x730 [ 876.358931][T21090] ? __import_iovec+0x343/0x3b0 [ 876.363780][T21090] ? __ia32_sys_shutdown+0x70/0x70 [ 876.368890][T21090] io_recvmsg_copy_hdr+0x1cf/0x7f0 [ 876.374177][T21090] ? io_poll_remove_one+0xf90/0xf90 [ 876.379368][T21090] ? arch_stack_walk+0xf8/0x140 [ 876.384213][T21090] io_issue_sqe+0x2ccf/0xfc10 [ 876.388887][T21090] ? __io_req_task_cancel+0x720/0x720 [ 876.394257][T21090] ? __rcu_read_lock+0x50/0x50 [ 876.399014][T21090] ? is_bpf_text_address+0x1a2/0x1c0 [ 876.404320][T21090] ? stack_trace_save+0x1e0/0x1e0 [ 876.409339][T21090] ? __kernel_text_address+0x9a/0x110 [ 876.414740][T21090] ? kmem_cache_free+0xaa/0x1e0 [ 876.419583][T21090] ? kmem_cache_free+0xaa/0x1e0 [ 876.424425][T21090] ? kasan_set_track+0x63/0x80 [ 876.429188][T21090] ? kasan_set_track+0x4c/0x80 [ 876.433945][T21090] ? kasan_set_free_info+0x23/0x40 [ 876.439223][T21090] ? ____kasan_slab_free+0x133/0x170 [ 876.444497][T21090] ? __kasan_slab_free+0x11/0x20 [ 876.449425][T21090] ? slab_free_freelist_hook+0xb2/0x180 [ 876.454961][T21090] ? kmem_cache_free+0xaa/0x1e0 [ 876.459808][T21090] ? __io_free_req+0x20e/0x380 [ 876.464565][T21090] ? io_req_complete+0xeb/0x610 [ 876.469403][T21090] ? __io_queue_sqe+0x1070/0x2fa0 [ 876.474418][T21090] ? io_queue_sqe+0x295/0x1180 [ 876.479173][T21090] ? io_submit_sqe+0x385/0xfd0 [ 876.483929][T21090] ? io_submit_sqes+0x1050/0x2da0 [ 876.488943][T21090] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 876.494652][T21090] ? __x64_sys_io_uring_enter+0xe5/0x100 [ 876.500281][T21090] ? do_syscall_64+0x31/0x70 [ 876.504863][T21090] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 876.510927][T21090] ? kmem_cache_free+0xaa/0x1e0 [ 876.515863][T21090] ? debug_smp_processor_id+0x1c/0x20 [ 876.521229][T21090] ? kmem_cache_free+0xaa/0x1e0 [ 876.526074][T21090] ? ____kasan_slab_free+0x13e/0x170 [ 876.531350][T21090] ? __kasan_slab_free+0x11/0x20 [ 876.536279][T21090] ? slab_free_freelist_hook+0xb2/0x180 [ 876.541815][T21090] ? __rcu_read_lock+0x50/0x50 [ 876.546580][T21090] ? io_req_prep+0x1906/0x51b0 [ 876.551334][T21090] ? io_queue_sqe+0x1180/0x1180 [ 876.556180][T21090] __io_queue_sqe+0x2cf/0x2fa0 [ 876.560939][T21090] io_queue_sqe+0x295/0x1180 [ 876.565525][T21090] io_submit_sqe+0x385/0xfd0 [ 876.570102][T21090] ? io_file_get+0x437/0x9c0 [ 876.574686][T21090] io_submit_sqes+0x1050/0x2da0 [ 876.579534][T21090] ? io_uring_add_task_file+0x290/0x290 [ 876.585068][T21090] ? security_file_permission+0xa8/0xc0 [ 876.590610][T21090] ? __kasan_check_write+0x14/0x20 [ 876.595711][T21090] ? mutex_lock+0xa6/0x110 [ 876.600118][T21090] ? io_uring_add_task_file+0x127/0x290 [ 876.605658][T21090] ? __fdget+0x1b5/0x240 [ 876.609893][T21090] __se_sys_io_uring_enter+0x322/0x12b0 [ 876.615427][T21090] ? __fget_files+0x26d/0x2c0 [ 876.620095][T21090] ? __kasan_check_write+0x14/0x20 [ 876.625192][T21090] ? fput_many+0x47/0x1a0 [ 876.629514][T21090] ? __x64_sys_io_uring_enter+0x100/0x100 [ 876.635223][T21090] ? __ia32_sys_read+0x90/0x90 [ 876.639980][T21090] ? debug_smp_processor_id+0x1c/0x20 [ 876.645341][T21090] __x64_sys_io_uring_enter+0xe5/0x100 [ 876.650790][T21090] do_syscall_64+0x31/0x70 [ 876.655195][T21090] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 876.661079][T21090] RIP: 0033:0x7f5fb5d49a39 [ 876.665485][T21090] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 876.685080][T21090] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 876.693491][T21090] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 876.701453][T21090] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 03:41:09 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x2000000}, 0x0) 03:41:09 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0xfffffe00, 0x0, 0x0) [ 876.709419][T21090] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 [ 876.717384][T21090] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 876.725355][T21090] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:41:09 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x3000000}, 0x0) 03:41:09 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 55) 03:41:09 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x8000000) 03:41:09 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0xffffff7f, 0x0, 0x0) 03:41:09 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x4000000}, 0x0) 03:41:09 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x5000000}, 0x0) [ 876.935764][T21419] FAULT_INJECTION: forcing a failure. [ 876.935764][T21419] name failslab, interval 1, probability 0, space 0, times 0 [ 876.963457][T21419] CPU: 1 PID: 21419 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 876.975093][T21419] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 876.985143][T21419] Call Trace: [ 876.988430][T21419] dump_stack_lvl+0x1e2/0x24b [ 876.993107][T21419] ? devkmsg_release+0x127/0x127 [ 876.998041][T21419] ? show_regs_print_info+0x18/0x18 [ 877.003238][T21419] dump_stack+0x15/0x1d [ 877.007388][T21419] should_fail+0x3c0/0x510 [ 877.011799][T21419] ? iovec_from_user+0x8a/0x310 [ 877.016642][T21419] __should_failslab+0x9f/0xe0 [ 877.021406][T21419] should_failslab+0x9/0x20 [ 877.025904][T21419] __kmalloc+0x68/0x3d0 [ 877.030050][T21419] ? _copy_from_user+0x93/0xd0 [ 877.034805][T21419] iovec_from_user+0x8a/0x310 [ 877.039475][T21419] ? __ia32_sys_shutdown+0x70/0x70 [ 877.044583][T21419] __import_iovec+0x72/0x3b0 [ 877.049169][T21419] io_recvmsg_copy_hdr+0x396/0x7f0 [ 877.054279][T21419] ? io_poll_remove_one+0xf90/0xf90 [ 877.059468][T21419] ? arch_stack_walk+0xf8/0x140 [ 877.064317][T21419] io_issue_sqe+0x2ccf/0xfc10 [ 877.068989][T21419] ? __io_req_task_cancel+0x720/0x720 [ 877.074357][T21419] ? __rcu_read_lock+0x50/0x50 [ 877.079117][T21419] ? is_bpf_text_address+0x1a2/0x1c0 [ 877.084393][T21419] ? stack_trace_save+0x1e0/0x1e0 [ 877.089410][T21419] ? __kernel_text_address+0x9a/0x110 [ 877.094782][T21419] ? kmem_cache_free+0xaa/0x1e0 [ 877.099628][T21419] ? kmem_cache_free+0xaa/0x1e0 [ 877.104480][T21419] ? kasan_set_track+0x63/0x80 [ 877.109235][T21419] ? kasan_set_track+0x4c/0x80 [ 877.113994][T21419] ? kasan_set_free_info+0x23/0x40 [ 877.119095][T21419] ? ____kasan_slab_free+0x133/0x170 [ 877.124375][T21419] ? __kasan_slab_free+0x11/0x20 [ 877.129304][T21419] ? slab_free_freelist_hook+0xb2/0x180 [ 877.134843][T21419] ? kmem_cache_free+0xaa/0x1e0 [ 877.140032][T21419] ? __io_free_req+0x20e/0x380 [ 877.144827][T21419] ? io_req_complete+0xeb/0x610 [ 877.149672][T21419] ? __io_queue_sqe+0x1070/0x2fa0 [ 877.154689][T21419] ? io_queue_sqe+0x295/0x1180 [ 877.159446][T21419] ? io_submit_sqe+0x385/0xfd0 [ 877.164205][T21419] ? io_submit_sqes+0x1050/0x2da0 [ 877.169222][T21419] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 877.174933][T21419] ? __x64_sys_io_uring_enter+0xe5/0x100 [ 877.180556][T21419] ? do_syscall_64+0x31/0x70 [ 877.185137][T21419] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 877.191200][T21419] ? kmem_cache_free+0xaa/0x1e0 [ 877.196049][T21419] ? debug_smp_processor_id+0x1c/0x20 [ 877.201416][T21419] ? kmem_cache_free+0xaa/0x1e0 [ 877.206260][T21419] ? ____kasan_slab_free+0x13e/0x170 [ 877.211541][T21419] ? __kasan_slab_free+0x11/0x20 [ 877.216472][T21419] ? slab_free_freelist_hook+0xb2/0x180 [ 877.222011][T21419] ? __rcu_read_lock+0x50/0x50 [ 877.226772][T21419] ? io_req_prep+0x1906/0x51b0 [ 877.231532][T21419] ? io_queue_sqe+0x1180/0x1180 [ 877.236378][T21419] __io_queue_sqe+0x2cf/0x2fa0 [ 877.241135][T21419] io_queue_sqe+0x295/0x1180 [ 877.245723][T21419] io_submit_sqe+0x385/0xfd0 [ 877.250304][T21419] ? io_file_get+0x437/0x9c0 [ 877.254886][T21419] io_submit_sqes+0x1050/0x2da0 [ 877.259739][T21419] ? io_uring_add_task_file+0x290/0x290 [ 877.265276][T21419] ? security_file_permission+0xa8/0xc0 [ 877.270813][T21419] ? __kasan_check_write+0x14/0x20 [ 877.275919][T21419] ? mutex_lock+0xa6/0x110 [ 877.280334][T21419] ? io_uring_add_task_file+0x127/0x290 [ 877.285873][T21419] ? __fdget+0x1b5/0x240 [ 877.290122][T21419] __se_sys_io_uring_enter+0x322/0x12b0 [ 877.295747][T21419] ? __fget_files+0x26d/0x2c0 [ 877.300417][T21419] ? __kasan_check_write+0x14/0x20 [ 877.305522][T21419] ? fput_many+0x47/0x1a0 [ 877.309845][T21419] ? __x64_sys_io_uring_enter+0x100/0x100 [ 877.315557][T21419] ? __ia32_sys_read+0x90/0x90 [ 877.320317][T21419] ? debug_smp_processor_id+0x1c/0x20 [ 877.325684][T21419] __x64_sys_io_uring_enter+0xe5/0x100 [ 877.331135][T21419] do_syscall_64+0x31/0x70 [ 877.335549][T21419] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 877.341524][T21419] RIP: 0033:0x7f5fb5d49a39 [ 877.345933][T21419] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 877.365561][T21419] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 877.373999][T21419] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 877.381965][T21419] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 [ 877.389929][T21419] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 [ 877.397896][T21419] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 877.405863][T21419] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:41:10 executing program 3: unshare(0x40000400) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x2, 0x4, 0x4, 0x1}, 0x40) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0}, 0x38) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000001200)={&(0x7f0000000000), &(0x7f00000000c0)=""/206, &(0x7f0000000000)="a87c2d34bb1af2c1ed86e0eca5b26d4341585f4bd3dfdd0c3d543732b1e92ffe1335df81ffbc", &(0x7f00000001c0)="b06939089422514385640fd06e70e0e738933e8afcedb6f5924a0daa3cff41126ef039603e4e03167f6c5eac1ea74f064ba7ce8dc13b14318ea703fb2138db58b5d88f89b41a1ea0c7f64b012d10c6f47402b70ddbed6a6550b0d349307f198a23e12120e727289667c0599b7fe7f65f52596ae27111d4c31546b76abd9765ca5fb4d9bc86096487066ca0e712508d8e81c954a7fc2a43783ff4824a0205ff4fd7e02b144c9c3bb58d4a1cf0b3f470dc94776b3885062cfc497e550cccfe37160383954052390a3baf34e5512d3d48f9642b0c625ba1ce3547bd66ef690efb71589dba8325132e9414dbbcfc91a07ad0d0813f1bbf06f5d4792d31d03c38ca3eabc8c5cf7cb0ca249d855213aeb4645b6e635556123924f2cbd13482aa0a5975d0b1d9b7949dc936bfc204e31558bac514ac40fa08f1a7b0024f49775504eb3c6aae8a4328540cdcb40b59da798815e7305879da4581986339b417be7ae283dd788252b63223b0e47aec6473c95d133fe868daf30f2d489596be01c093589292d4d2b5cd2631b23007879b94fa795beeb343eb26ab6ba8d72f86d410db2f3c223840c12c30b1ff46ab0adb67e61431f2007e480b2251fa21a0ac5fcd616b0cca0817b73acdbed40f64921273fa946e7c6a6cf6a6653a7b3b10a0b154c3e7b7046b390097053f44feca25828ae3bebf4ffe68a4175ec4fe4ba983181674fb68c1b94963e4ad7525618efcb92276b25fd52b2bfdbda4931a312865127ff22aed36e681a08d7480d1cad04f046adbebefcc05609f21918c380ac61d315292f267b7e2e386cb11b06ed5e5be6a3b39438acb281060f88769ad6c28870b154f0c70c55169610efc96c41ec84985862f5acabc70b70d4fa3e819422e8897a0720b70812f22c919411244c801f56b1f67e25fdd39a25f76093b6340d70b83bdcdd6d211c643cca040c90c6fce7b870221a223b025ef4e9d199b164ff67f530be7009f55d3219f2f334be862e2fa47deb558ca5e2473f9284ca281e9561bfdcf0a605ece3144297cb0c9c282a7b187c4a4507639cdc0e1fdc248b783f24d70848fe30e9630297cf0b49a798c96c673cc0be4d8fd392482e8eada716edfe3088520adc86359c16b4ff6aececa650eb640bd3b235161f2e3fc2e42b61887363e6e78d75c4869bfe4c534bf204ce6821ac2f20cc2373821fe45d20684e803168ea77403813594eedfdca8528e4af17a9ab9c9b368df29a7c0734721898feffccc309089d09b6e4a6ea2ed6c1fd805336cadf82cd0842e6f1cd20ae9c246184b6dc023531fca8cc4e687ca1617174c30e5fc46e2be026a401d1221d92c4524e53a02e5a4809c3378a581c1ca7f913c5af21d68fa3f87beae15ae5d7be07f21e3badb3747ea9f30d941205afed28971f1b0f849664e12121c6ad4e758a1f1087cc163f3e172af798fec11aec18e638dcdb45698c1d50e1578359e42aebb1a38f694d53717afe014f05f4fa7bfe9d601f25703198f2932cf4f68d08a72eadf6a17627928743f8e8b628ae93b7341813d0ac0222d38275bb00ed74389330bcad0ff998ebe5bce7b819c05acbbf76813e4bc390459d3d9ad6191ab8370c383b6af04f98de4b7e94f60ca3534f418ec59dff466a81b7f55d5fb0d6c002e2577e5f63685fe9f60e4b267b53b2e8379bfa7058286a604ad1f47dbecbc6df178823f9f57463409b7a8106ccb4f1aa8e6f7f58faa6c695caf61f15340c74969da0dad19d3fb6528d97c6ea988c756c0a144e2758d0222be97242341904f4a5bbe3faa94f5af7ecf1b771555debdab9ef4c86f6c907ee2051691989ec82d06acc51185e2e1d89c563717a930b4a868e92a119e1480d5492d0276d3540e19abf229a93ff2fec26164785d5a77f9cb189a4cf49290f1db06ca9eae0d4e6c5f4d31f3f633cead8e50063bcf58842cfe8bdd03bfa29043cba5739658079f0385f0872d6648f7ed425ab22236336fcce1a1323e8de9c46644b7c807094b4244c76377aa31748f1e62df7f78c7bf95dfd2a0c04f725d6810f9770a61981dd466fb0d340861c2be9329faaa85e3b336bbc965bf7fc274b939110fe87296d2b72c3f963c3275e6f25bdafcf22d4acf3bc2e2b5b589b312e08581f491f85dabdec65bd24083e85c2de24e2575dd61b1e827181a6072d68bdb79f2f5618d1de25673f1de84ca3aec55a792638785b3c4104449eed02b564de0d5ff419695bfd657456306e4caaa3281cf5b0c9117a1a7ac952e73aac5b21b31a3f70cc8b28a6f77e1ceb3713c3efd0e5255cee73d4d279d3b7d0e0fc057840183042712db4ae4d1bacb403a981df898241903bc22776cf7ff532db07103673a4ef15be9db550682d79d6b141d1ef70026df6c2c089694aecd2d03d6b82b6f7e4f418f18a7d377ce6d225cd3cb19425c029fb8d3d9dd19b9da13b6049d1c467ef89883ce84334545e13f392842367178b3c7f5c6d2c1f69dec6034af298b55db5903f67c480345dca7c210da2d6fa9496583205476abc56119f4de4bff2beedeb48952d395253c9da5950a92e3b275e221aefcac0a9d89ada58e9ac57bc0c997c110ef12e9760605d88eb3c8ddd97020db3a271a1304695f1f9c24a828ac1fbf84f219a3b63be337fbe08a32e96f4610e122c62740c8e04e348c6ca739abab8d8d355ae579d5ecefca412ad420453a66d91f5b5f29857a997a22b56b4b3732786d6e460533f5cc7b10aa455659b1f666fdb055d44636cc004ef038b809afaee9db2daa0bda16e5000d1a5ef6cdecf91d0da047cbe7ff58a4ccf8ff60936da98628a7124f2be07d1d3fcb9ae36ae51434c0534aa505b7a31226837178b52bfad8bc6a8ffcd01d033b6450d8dee19d1a733d38836e43089824af48825f4c8ad7ba42dd8e82ec937f2b5c2729e6adc1ea8208af34d8b7485bf7670a548954576baff431976e43dc55b6ed3ccbcc3a62b22471bd031c5db8b2c8e78d433c7bf0b9f6a1cfcc1f77bfe230baf2dca79185da010da968f70567230b501641fc08754bc002d6835345221f543f131137e126015220f1bce0983ee63139b811562b6d250f651ab6f11f00ddc0fc80077f157eb802d47aff5ea7daa162a984550a0874e29a5d0979085fb5adaece016274f706be003eaa15e75802b3207e1c2a1e4d52ed7c2135b22315cbd0126f0d33987d8b06ce9f2b6434c698d87c716c7b0be7d22062251c3c26fa0b3a7baf92978e96ad2c21b82997989264cbd0696727900a501c6ab4cd502a42bbd605470c1b4e798ee7d959fbb1685f064c5a3e132bc603f43fe21a8b7db80bfc8d3c36a03397bfc6d01f77e9f8692f3a79421621ecf457903d0b28673a4b1fa2955a8bf86771ab24391f7ac22442cb3d20fc24983edbd37f638e8b5f7dfd1c4104c8a05aa825ae7e586d6ffe838df1cfd0c4e2d9d88cf7aabec2630f04a5569e43bebfec80ef2f9c8e014a8d35c9f5885ffc5c2029302c353d3cf4ee1eb59a8a129d4233b73e7a4f85c4bc2331b9d03f03e23a3aa99c1fa2944b3699908fbc45f27e61a9f14b6488b9c69c7d94dca88f644b3424797ecfb004733ce630972a9313e927b6c2d4bcdd381d137af0835cc60c886be74aa03e4597074f623471ae7765d9ebc85ef57c046e2a0afc99382a9a60a3fe476cafbc221510816c4adc48dc248c25d9f796ac1728003565308370ae0eb4c0a819e9c2ba9f8c8a06e5c8863375de93ef00cd9272047b44abd67e54b8c745a20d58b4fb83df7bfd094411d64b687c234e7feb9dbd016c3ebf37354577396cd3f5e3fd7d1a2e4c9e066cc66a4785bd00ada613efaacf2f80662b615e09672b4c0328fcdfe89230d117adad89d8b819ef39c7bbb506364be65ce5231cbe9562b48430c0b3c510879a3f7776dbef9343f54c718ac321f4b43df27928cda2762b3673ff1cb98a971ee1526eb3dc855060cc3ca48efd88b3d8ed3b45d872cbf5bd6d7cc1cb499f7896278c8250390a74da8ace5c41a7fc46d5b265498d736298e3f615e7ac476a80905fbd1fae03fbaccfb132e0ea3ac2f0b43be5a11075215995f8a0e4de68cc7a4d1d728b2b8faa2abe465837af97eedc57b6219f782c5203de45ba7f0a1eafddb94995d618392bbe0f51be5cd143e35d3977ae71a41722a5a7904f1583dfdd9f1cf8bc784332d3b46f0d068ca3c44d39a535966f9c00e48a9cdfeca2fea32cb6f797bab14b04f363f223b474d42018080cf2f55a78eaa9d4ddb22d159a3a1995c2aa64590164218636bc5ca9df3e0c3380861ecd6945abb4761dced9693581e358c34198d0c711613617b7622eb8488ce2ab171c633c3b82ad80f56cd0c43ac5a8c60bf0df62846938f024bb3b1bce6334b95846538f3decaf15336a7ce43b487c6f42f406d266e1f98de7614b3400311c0df499c83e6846e0f42ab0af9b3e362d9b6c7ccba4880a814bbb75a1bca1ea8dc80df5e8f19b3395a691f875f42ef62bb9ea924ef0922cefa7a4b0fc0e8cd9e8b5e2cd00b299cebc56bd6d18f358f3dea5c18aba813bafca8187e5c19a08ddd582293fe8f24187741826f04f5e63dac3ac1b5ff6cf76c31d8bdfba3471a8a8faa26e380604cb3806007c68705700940516370630c35226f82b3219b2583c85d381e2999f799e8d5a2ba05a27fa6d58d186f3e438b0cb69b523c3e2c81305b163beefa2f7d92f3cad3940b342174b785df958c4a53bf55572e648b121d7fa85ab04ab2f0c9df8e61dbc21e46f012b56fe7331ce21432380e2fb86be2d9dd9ef856ee86bc1a94991186c8c041ad6cc1f126f7ba8754e8ec9121d98b9ad384e172468e044ee97994577fd0d87bf403437111a4a5e2ff26675bd6402d3a0723b04a890027706b1887622058e50f7678f1c39a5d590d1fc5e697fee36a8a8dae40d2fc346d2ffdbdad1a76b65664e8d1455fa480e54ce931cffcecc4fd6873d3aba90e54c938c49d35509d70bead8e34e61f19079867231c2db8ac45c4dab54b4390bb387db1e5369fab64740b6f990f8597d8ff925cb732d0e9a61b8441f7434138d68f68fe51d3a6749a2c6c186f5c9fc481e703ba7ea3c216061ae14d45b20586b5354d1ae4e10d2089ffce3ec3a6cbd30105ead942d242fa37a6601237b34acdc1c419a14cdf7999db0d5f0f3af8031b3c607b832d30a7fa9cfcfbbbd6262aecb2a8bdee5b1d13b4a0889697de8fdf6dd2f59c0a67300d1369cb849a28da468f16a619eee6cdf168af0ce7eb7dbbab773eb84094a6c9282030a66d984f898ac292d3e9dcf39433f5daa9fe643e71111a89b40127688e55b1d63e10723ef77a21d083df64669c7b2a65fc5c5cbb53466747b789a841e76c2fcad8708f864bd3617d45e79390cff7f3148327541034892decc3e415c5a02337b3e2d0250016dcddba6cee2180cfba226c15107a3834ef8c0a9c7ed5f5ce058f2285cfb322e9dc49fb657763f72234222dcca1e6cd4ef256ea25a8494017408fe3bb8af3c28c03f3e12a9fe2632bb7e5a44d58dfb91d30632cf017a4bdf37adbd61929d03f960e4efa369fe91620fb8b9e98312d308dbbfa824ee301ada07432292b9aa40786ea9fb895f655d9f591e8e5781274acee4a2dc233883e111ecc11211aefc1b91cb3f255c5646b293feaaef8f0e80af5018ab1ba4d6b3eb5d02555cf6634d1e91fe357a89df2fa90fcd5d592aeaa048572789bd68666ce9acdf8416a833663706b9ddf777f37f4b0c9498c78afd7f6f8880f6dcec652f7697757f6e68f0db5026107756259e3e1d372caa", 0x400, r0}, 0x38) 03:41:10 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0xfffffff5, 0x0, 0x0) 03:41:10 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0xc000000) 03:41:10 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x6000000}, 0x0) 03:41:10 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 56) 03:41:10 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x7000000}, 0x0) [ 877.733986][T21563] FAULT_INJECTION: forcing a failure. [ 877.733986][T21563] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 877.751080][T21563] CPU: 1 PID: 21563 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 877.762713][T21563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 877.772765][T21563] Call Trace: [ 877.776059][T21563] dump_stack_lvl+0x1e2/0x24b [ 877.780743][T21563] ? show_regs_print_info+0x18/0x18 [ 877.785939][T21563] dump_stack+0x15/0x1d [ 877.790221][T21563] should_fail+0x3c0/0x510 [ 877.794636][T21563] should_fail_usercopy+0x1a/0x20 [ 877.799657][T21563] _copy_from_user+0x20/0xd0 [ 877.804243][T21563] iovec_from_user+0xc7/0x310 [ 877.808913][T21563] ? __ia32_sys_shutdown+0x70/0x70 [ 877.814020][T21563] __import_iovec+0x72/0x3b0 [ 877.818611][T21563] io_recvmsg_copy_hdr+0x396/0x7f0 [ 877.823719][T21563] ? io_poll_remove_one+0xf90/0xf90 [ 877.828915][T21563] ? arch_stack_walk+0xf8/0x140 03:41:10 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x18010000) [ 877.833764][T21563] io_issue_sqe+0x2ccf/0xfc10 [ 877.838455][T21563] ? __io_req_task_cancel+0x720/0x720 [ 877.843819][T21563] ? __rcu_read_lock+0x50/0x50 [ 877.848578][T21563] ? is_bpf_text_address+0x1a2/0x1c0 [ 877.853860][T21563] ? stack_trace_save+0x1e0/0x1e0 [ 877.858880][T21563] ? __kernel_text_address+0x9a/0x110 [ 877.864257][T21563] ? kmem_cache_free+0xaa/0x1e0 [ 877.869109][T21563] ? kmem_cache_free+0xaa/0x1e0 [ 877.873960][T21563] ? kasan_set_track+0x63/0x80 [ 877.878719][T21563] ? kasan_set_track+0x4c/0x80 [ 877.883481][T21563] ? kasan_set_free_info+0x23/0x40 [ 877.888587][T21563] ? ____kasan_slab_free+0x133/0x170 [ 877.893872][T21563] ? __kasan_slab_free+0x11/0x20 [ 877.898807][T21563] ? slab_free_freelist_hook+0xb2/0x180 [ 877.904353][T21563] ? kmem_cache_free+0xaa/0x1e0 [ 877.909201][T21563] ? __io_free_req+0x20e/0x380 [ 877.913963][T21563] ? io_req_complete+0xeb/0x610 [ 877.918818][T21563] ? __io_queue_sqe+0x1070/0x2fa0 [ 877.923842][T21563] ? io_queue_sqe+0x295/0x1180 [ 877.928606][T21563] ? io_submit_sqe+0x385/0xfd0 [ 877.933367][T21563] ? io_submit_sqes+0x1050/0x2da0 [ 877.938385][T21563] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 877.944107][T21563] ? __x64_sys_io_uring_enter+0xe5/0x100 [ 877.949743][T21563] ? do_syscall_64+0x31/0x70 [ 877.954340][T21563] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 877.960413][T21563] ? kmem_cache_free+0xaa/0x1e0 [ 877.965275][T21563] ? debug_smp_processor_id+0x1c/0x20 [ 877.970651][T21563] ? kmem_cache_free+0xaa/0x1e0 [ 877.975507][T21563] ? ____kasan_slab_free+0x13e/0x170 [ 877.980794][T21563] ? __kasan_slab_free+0x11/0x20 [ 877.985732][T21563] ? slab_free_freelist_hook+0xb2/0x180 [ 877.991280][T21563] ? __rcu_read_lock+0x50/0x50 [ 877.996112][T21563] ? io_req_prep+0x1906/0x51b0 [ 878.000880][T21563] ? io_queue_sqe+0x1180/0x1180 [ 878.005736][T21563] __io_queue_sqe+0x2cf/0x2fa0 [ 878.010500][T21563] io_queue_sqe+0x295/0x1180 [ 878.015090][T21563] io_submit_sqe+0x385/0xfd0 [ 878.019678][T21563] ? io_file_get+0x437/0x9c0 [ 878.024266][T21563] io_submit_sqes+0x1050/0x2da0 [ 878.029122][T21563] ? io_uring_add_task_file+0x290/0x290 [ 878.034668][T21563] ? security_file_permission+0xa8/0xc0 [ 878.040218][T21563] ? __kasan_check_write+0x14/0x20 [ 878.045334][T21563] ? mutex_lock+0xa6/0x110 [ 878.049752][T21563] ? io_uring_add_task_file+0x127/0x290 [ 878.055298][T21563] ? __fdget+0x1b5/0x240 [ 878.059541][T21563] __se_sys_io_uring_enter+0x322/0x12b0 [ 878.065082][T21563] ? __fget_files+0x26d/0x2c0 [ 878.069763][T21563] ? __kasan_check_write+0x14/0x20 [ 878.074873][T21563] ? fput_many+0x47/0x1a0 [ 878.079204][T21563] ? __x64_sys_io_uring_enter+0x100/0x100 [ 878.084923][T21563] ? __ia32_sys_read+0x90/0x90 [ 878.089687][T21563] ? debug_smp_processor_id+0x1c/0x20 [ 878.095061][T21563] __x64_sys_io_uring_enter+0xe5/0x100 [ 878.100523][T21563] do_syscall_64+0x31/0x70 [ 878.104938][T21563] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 878.110822][T21563] RIP: 0033:0x7f5fb5d49a39 [ 878.115415][T21563] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 03:41:10 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0xc0000000f, 0x0, 0x0) 03:41:10 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x9000000}, 0x0) [ 878.135023][T21563] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 878.143449][T21563] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 878.151424][T21563] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 [ 878.159396][T21563] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 [ 878.167370][T21563] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 878.175344][T21563] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:41:10 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 57) 03:41:10 executing program 3: ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000000)=0xc9e6) unshare(0x40000400) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x2, 0x4, 0x4, 0x1}, 0x40) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0}, 0x38) unshare(0x4000000) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4800) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000000)="fc0000001d000724ab09254ec100070007ab08001b000000f0ffff002100057e0000000000000e000039000000039815fad151ba0101099cecb94b46fe0000000a00020025", 0xffffff0c) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000010d00)=ANY=[@ANYBLOB="900601002d000105", @ANYBLOB], 0x10690}}, 0x0) splice(r3, 0x0, r2, 0x0, 0x1, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_ext={0x1c, 0xa, &(0x7f00000000c0)=@raw=[@map_val={0x18, 0x3, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0x8}, @map_val={0x18, 0x9, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0x5}, @map_val={0x18, 0x5, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x3}, @exit, @initr0={0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x9}, @call={0x85, 0x0, 0x0, 0x67}], &(0x7f0000000140)='syzkaller\x00', 0x5ccb, 0x7f, &(0x7f0000000180)=""/127, 0x41000, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000240)={0x1, 0x6, 0x9}, 0x10, 0xb5b7, r2}, 0x78) 03:41:10 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x81000000}, 0x0) 03:41:11 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x4000000000, 0x0, 0x0) 03:41:11 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x81ffffff}, 0x0) [ 878.287154][T21705] FAULT_INJECTION: forcing a failure. [ 878.287154][T21705] name failslab, interval 1, probability 0, space 0, times 0 03:41:11 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x1f000000) [ 878.349877][T21705] CPU: 0 PID: 21705 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 878.361523][T21705] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 878.371570][T21705] Call Trace: [ 878.374865][T21705] dump_stack_lvl+0x1e2/0x24b [ 878.379541][T21705] ? devkmsg_release+0x127/0x127 [ 878.384477][T21705] ? show_regs_print_info+0x18/0x18 [ 878.389678][T21705] dump_stack+0x15/0x1d [ 878.393834][T21705] should_fail+0x3c0/0x510 [ 878.398248][T21705] ? iovec_from_user+0x8a/0x310 [ 878.403094][T21705] __should_failslab+0x9f/0xe0 [ 878.407861][T21705] should_failslab+0x9/0x20 [ 878.412363][T21705] __kmalloc+0x68/0x3d0 [ 878.416518][T21705] ? _copy_from_user+0x93/0xd0 [ 878.421281][T21705] iovec_from_user+0x8a/0x310 [ 878.425958][T21705] ? __ia32_sys_shutdown+0x70/0x70 [ 878.431069][T21705] __import_iovec+0x72/0x3b0 [ 878.435659][T21705] io_recvmsg_copy_hdr+0x396/0x7f0 [ 878.440771][T21705] ? io_poll_remove_one+0xf90/0xf90 [ 878.445964][T21705] ? arch_stack_walk+0xf8/0x140 [ 878.450812][T21705] io_issue_sqe+0x2ccf/0xfc10 [ 878.455482][T21705] ? __io_req_task_cancel+0x720/0x720 [ 878.460853][T21705] ? __rcu_read_lock+0x50/0x50 [ 878.465610][T21705] ? is_bpf_text_address+0x1a2/0x1c0 [ 878.470888][T21705] ? stack_trace_save+0x1e0/0x1e0 [ 878.475908][T21705] ? __kernel_text_address+0x9a/0x110 [ 878.481278][T21705] ? kmem_cache_free+0xaa/0x1e0 [ 878.486120][T21705] ? kmem_cache_free+0xaa/0x1e0 [ 878.490964][T21705] ? kasan_set_track+0x63/0x80 [ 878.495718][T21705] ? kasan_set_track+0x4c/0x80 [ 878.500486][T21705] ? kasan_set_free_info+0x23/0x40 [ 878.505588][T21705] ? ____kasan_slab_free+0x133/0x170 [ 878.510866][T21705] ? __kasan_slab_free+0x11/0x20 [ 878.515796][T21705] ? slab_free_freelist_hook+0xb2/0x180 [ 878.521333][T21705] ? kmem_cache_free+0xaa/0x1e0 [ 878.526178][T21705] ? __io_free_req+0x20e/0x380 [ 878.530932][T21705] ? io_req_complete+0xeb/0x610 [ 878.535774][T21705] ? __io_queue_sqe+0x1070/0x2fa0 [ 878.540790][T21705] ? io_queue_sqe+0x295/0x1180 [ 878.545545][T21705] ? io_submit_sqe+0x385/0xfd0 [ 878.550303][T21705] ? io_submit_sqes+0x1050/0x2da0 [ 878.555320][T21705] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 878.561041][T21705] ? __x64_sys_io_uring_enter+0xe5/0x100 [ 878.566664][T21705] ? do_syscall_64+0x31/0x70 [ 878.571246][T21705] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 878.577312][T21705] ? kmem_cache_free+0xaa/0x1e0 [ 878.582162][T21705] ? debug_smp_processor_id+0x1c/0x20 [ 878.587533][T21705] ? __set_page_owner+0x2e2/0x300 [ 878.592553][T21705] ? kmem_cache_free+0xaa/0x1e0 [ 878.597397][T21705] ? ____kasan_slab_free+0x13e/0x170 [ 878.602679][T21705] ? __kasan_slab_free+0x11/0x20 [ 878.607610][T21705] ? slab_free_freelist_hook+0xb2/0x180 [ 878.613150][T21705] ? __rcu_read_lock+0x50/0x50 [ 878.617908][T21705] ? io_req_prep+0x1906/0x51b0 [ 878.622669][T21705] ? io_queue_sqe+0x1180/0x1180 [ 878.627515][T21705] __io_queue_sqe+0x2cf/0x2fa0 [ 878.632278][T21705] io_queue_sqe+0x295/0x1180 [ 878.636865][T21705] io_submit_sqe+0x385/0xfd0 [ 878.641447][T21705] ? io_file_get+0x437/0x9c0 [ 878.646036][T21705] io_submit_sqes+0x1050/0x2da0 [ 878.650888][T21705] ? io_uring_add_task_file+0x290/0x290 [ 878.656426][T21705] ? security_file_permission+0xa8/0xc0 [ 878.661979][T21705] ? __kasan_check_write+0x14/0x20 [ 878.667082][T21705] ? mutex_lock+0xa6/0x110 [ 878.671491][T21705] ? io_uring_add_task_file+0x127/0x290 [ 878.677033][T21705] ? __fdget+0x1b5/0x240 [ 878.681270][T21705] __se_sys_io_uring_enter+0x322/0x12b0 [ 878.686811][T21705] ? __fget_files+0x26d/0x2c0 [ 878.691489][T21705] ? __kasan_check_write+0x14/0x20 [ 878.696592][T21705] ? fput_many+0x47/0x1a0 [ 878.700916][T21705] ? __x64_sys_io_uring_enter+0x100/0x100 [ 878.706628][T21705] ? __ia32_sys_read+0x90/0x90 [ 878.711392][T21705] ? debug_smp_processor_id+0x1c/0x20 [ 878.716760][T21705] __x64_sys_io_uring_enter+0xe5/0x100 [ 878.722213][T21705] do_syscall_64+0x31/0x70 [ 878.726623][T21705] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 878.732502][T21705] RIP: 0033:0x7f5fb5d49a39 [ 878.736908][T21705] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 878.756505][T21705] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 878.764915][T21705] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 878.772884][T21705] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 [ 878.780854][T21705] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 [ 878.788824][T21705] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 03:41:11 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x10c00000104, 0x0, 0x0) [ 878.796791][T21705] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:41:11 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x83000000}, 0x0) 03:41:11 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 58) 03:41:11 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x9effffff}, 0x0) [ 878.866902][T21936] __nla_validate_parse: 4 callbacks suppressed [ 878.866912][T21936] netlink: 67180 bytes leftover after parsing attributes in process `syz-executor.3'. 03:41:11 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x11000000114, 0x0, 0x0) 03:41:11 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x38000000) 03:41:11 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0xa0028000}, 0x0) [ 879.145716][T22177] netlink: 67180 bytes leftover after parsing attributes in process `syz-executor.3'. 03:41:11 executing program 3: unshare(0x40000400) unshare(0x10000) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x2, 0x4, 0x4, 0x1}, 0x40) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0}, 0x38) 03:41:11 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0xa0650000}, 0x0) 03:41:11 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x40000000200, 0x0, 0x0) 03:41:11 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x40000000) 03:41:12 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0xeaffffff}, 0x0) 03:41:12 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0xefffffff}, 0x0) 03:41:12 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x7ffffffff000, 0x0, 0x0) [ 879.367025][T22204] FAULT_INJECTION: forcing a failure. [ 879.367025][T22204] name failslab, interval 1, probability 0, space 0, times 0 [ 879.416031][T22204] CPU: 0 PID: 22204 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 879.427671][T22204] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 879.437723][T22204] Call Trace: [ 879.441014][T22204] dump_stack_lvl+0x1e2/0x24b [ 879.445692][T22204] ? devkmsg_release+0x127/0x127 [ 879.450635][T22204] ? show_regs_print_info+0x18/0x18 [ 879.455833][T22204] dump_stack+0x15/0x1d [ 879.459990][T22204] should_fail+0x3c0/0x510 [ 879.464404][T22204] ? iovec_from_user+0x8a/0x310 [ 879.469258][T22204] __should_failslab+0x9f/0xe0 [ 879.474019][T22204] should_failslab+0x9/0x20 [ 879.478522][T22204] __kmalloc+0x68/0x3d0 [ 879.482671][T22204] ? _copy_from_user+0x93/0xd0 [ 879.487439][T22204] iovec_from_user+0x8a/0x310 [ 879.492114][T22204] ? __ia32_sys_shutdown+0x70/0x70 [ 879.497219][T22204] __import_iovec+0x72/0x3b0 [ 879.501810][T22204] io_recvmsg_copy_hdr+0x396/0x7f0 [ 879.506921][T22204] ? io_poll_remove_one+0xf90/0xf90 [ 879.512111][T22204] ? arch_stack_walk+0xf8/0x140 [ 879.516963][T22204] io_issue_sqe+0x2ccf/0xfc10 [ 879.521639][T22204] ? __io_req_task_cancel+0x720/0x720 [ 879.527007][T22204] ? __rcu_read_lock+0x50/0x50 [ 879.531773][T22204] ? is_bpf_text_address+0x1a2/0x1c0 [ 879.537061][T22204] ? stack_trace_save+0x1e0/0x1e0 [ 879.542084][T22204] ? __kernel_text_address+0x9a/0x110 [ 879.547456][T22204] ? kmem_cache_free+0xaa/0x1e0 [ 879.552298][T22204] ? kmem_cache_free+0xaa/0x1e0 [ 879.557144][T22204] ? kasan_set_track+0x63/0x80 [ 879.561901][T22204] ? kasan_set_track+0x4c/0x80 [ 879.566669][T22204] ? kasan_set_free_info+0x23/0x40 [ 879.571775][T22204] ? ____kasan_slab_free+0x133/0x170 [ 879.577053][T22204] ? __kasan_slab_free+0x11/0x20 [ 879.581986][T22204] ? slab_free_freelist_hook+0xb2/0x180 [ 879.587529][T22204] ? kmem_cache_free+0xaa/0x1e0 [ 879.592374][T22204] ? __io_free_req+0x20e/0x380 [ 879.597131][T22204] ? io_req_complete+0xeb/0x610 [ 879.601974][T22204] ? __io_queue_sqe+0x1070/0x2fa0 [ 879.606997][T22204] ? io_queue_sqe+0x295/0x1180 [ 879.611758][T22204] ? io_submit_sqe+0x385/0xfd0 [ 879.616520][T22204] ? io_submit_sqes+0x1050/0x2da0 [ 879.621544][T22204] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 879.627260][T22204] ? __x64_sys_io_uring_enter+0xe5/0x100 [ 879.632895][T22204] ? do_syscall_64+0x31/0x70 [ 879.637488][T22204] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 879.643560][T22204] ? kmem_cache_free+0xaa/0x1e0 [ 879.648412][T22204] ? debug_smp_processor_id+0x1c/0x20 [ 879.653781][T22204] ? kmem_cache_free+0xaa/0x1e0 [ 879.658627][T22204] ? ____kasan_slab_free+0x13e/0x170 [ 879.663913][T22204] ? __kasan_slab_free+0x11/0x20 [ 879.668844][T22204] ? slab_free_freelist_hook+0xb2/0x180 [ 879.674381][T22204] ? __rcu_read_lock+0x50/0x50 [ 879.679141][T22204] ? io_req_prep+0x1906/0x51b0 [ 879.683907][T22204] ? io_queue_sqe+0x1180/0x1180 [ 879.688755][T22204] __io_queue_sqe+0x2cf/0x2fa0 [ 879.693515][T22204] io_queue_sqe+0x295/0x1180 [ 879.698101][T22204] io_submit_sqe+0x385/0xfd0 [ 879.702688][T22204] ? io_file_get+0x437/0x9c0 [ 879.707276][T22204] io_submit_sqes+0x1050/0x2da0 [ 879.712130][T22204] ? io_uring_add_task_file+0x290/0x290 [ 879.717671][T22204] ? security_file_permission+0xa8/0xc0 [ 879.723218][T22204] ? __kasan_check_write+0x14/0x20 [ 879.728325][T22204] ? mutex_lock+0xa6/0x110 [ 879.732735][T22204] ? io_uring_add_task_file+0x127/0x290 [ 879.738277][T22204] ? __fdget+0x1b5/0x240 [ 879.742517][T22204] __se_sys_io_uring_enter+0x322/0x12b0 [ 879.748059][T22204] ? __fget_files+0x26d/0x2c0 [ 879.752737][T22204] ? __kasan_check_write+0x14/0x20 [ 879.757844][T22204] ? fput_many+0x47/0x1a0 [ 879.762172][T22204] ? __x64_sys_io_uring_enter+0x100/0x100 [ 879.767890][T22204] ? __ia32_sys_read+0x90/0x90 [ 879.772658][T22204] ? debug_smp_processor_id+0x1c/0x20 [ 879.778023][T22204] __x64_sys_io_uring_enter+0xe5/0x100 [ 879.783481][T22204] do_syscall_64+0x31/0x70 [ 879.787899][T22204] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 879.793786][T22204] RIP: 0033:0x7f5fb5d49a39 [ 879.798202][T22204] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 03:41:12 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 59) 03:41:12 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0xf0ffffff}, 0x0) 03:41:12 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x40410000) 03:41:12 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0xc58700000000, 0x0, 0x0) 03:41:12 executing program 3: unshare(0x40000400) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x2, 0x4, 0x4, 0x1, 0x91}, 0x40) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0}, 0x38) [ 879.817813][T22204] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 879.826232][T22204] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 879.834206][T22204] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 [ 879.842175][T22204] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 [ 879.850145][T22204] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 879.858115][T22204] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:41:12 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0xfeffffff}, 0x0) 03:41:12 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0xffffff7f}, 0x0) 03:41:12 executing program 3: unshare(0x40000400) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x2, 0x4, 0x4, 0x1}, 0x40) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0}, 0x38) r1 = syz_open_dev$vcsu(&(0x7f0000000000), 0xfffffffffffffffd, 0x22002) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040)={0x20000000}) 03:41:12 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0xffffff81}, 0x0) [ 880.004632][T22436] FAULT_INJECTION: forcing a failure. [ 880.004632][T22436] name fail_usercopy, interval 1, probability 0, space 0, times 0 03:41:12 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x2000000000000, 0x0, 0x0) [ 880.068160][T22436] CPU: 1 PID: 22436 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 880.079811][T22436] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 880.089870][T22436] Call Trace: [ 880.093173][T22436] dump_stack_lvl+0x1e2/0x24b [ 880.097860][T22436] ? show_regs_print_info+0x18/0x18 [ 880.103057][T22436] ? kfree+0xca/0x310 [ 880.107048][T22436] dump_stack+0x15/0x1d [ 880.111202][T22436] should_fail+0x3c0/0x510 [ 880.115617][T22436] should_fail_usercopy+0x1a/0x20 [ 880.120637][T22436] _copy_from_user+0x20/0xd0 [ 880.125229][T22436] __copy_msghdr_from_user+0xaf/0x730 [ 880.130604][T22436] ? __import_iovec+0x343/0x3b0 [ 880.135466][T22436] ? __ia32_sys_shutdown+0x70/0x70 [ 880.140582][T22436] io_recvmsg_copy_hdr+0x1cf/0x7f0 [ 880.145699][T22436] ? io_poll_remove_one+0xf90/0xf90 [ 880.151159][T22436] ? arch_stack_walk+0xf8/0x140 [ 880.156013][T22436] io_issue_sqe+0x2ccf/0xfc10 [ 880.160692][T22436] ? __io_req_task_cancel+0x720/0x720 [ 880.166065][T22436] ? __rcu_read_lock+0x50/0x50 [ 880.170827][T22436] ? is_bpf_text_address+0x1a2/0x1c0 [ 880.176110][T22436] ? stack_trace_save+0x1e0/0x1e0 [ 880.181132][T22436] ? __kernel_text_address+0x9a/0x110 [ 880.186508][T22436] ? kmem_cache_free+0xaa/0x1e0 [ 880.191355][T22436] ? kmem_cache_free+0xaa/0x1e0 [ 880.196204][T22436] ? kasan_set_track+0x63/0x80 [ 880.200966][T22436] ? kasan_set_track+0x4c/0x80 [ 880.205731][T22436] ? kasan_set_free_info+0x23/0x40 [ 880.210845][T22436] ? ____kasan_slab_free+0x133/0x170 [ 880.216130][T22436] ? __kasan_slab_free+0x11/0x20 [ 880.221065][T22436] ? slab_free_freelist_hook+0xb2/0x180 [ 880.226607][T22436] ? kmem_cache_free+0xaa/0x1e0 [ 880.231453][T22436] ? __io_free_req+0x20e/0x380 [ 880.236216][T22436] ? io_req_complete+0xeb/0x610 [ 880.241063][T22436] ? __io_queue_sqe+0x1070/0x2fa0 [ 880.246086][T22436] ? io_queue_sqe+0x295/0x1180 [ 880.250855][T22436] ? io_submit_sqe+0x385/0xfd0 [ 880.255615][T22436] ? io_submit_sqes+0x1050/0x2da0 [ 880.260635][T22436] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 880.266350][T22436] ? __x64_sys_io_uring_enter+0xe5/0x100 [ 880.271981][T22436] ? do_syscall_64+0x31/0x70 [ 880.276568][T22436] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 880.282640][T22436] ? kmem_cache_free+0xaa/0x1e0 [ 880.287498][T22436] ? debug_smp_processor_id+0x1c/0x20 [ 880.292868][T22436] ? __set_page_owner+0x2e2/0x300 [ 880.297889][T22436] ? kmem_cache_free+0xaa/0x1e0 [ 880.302737][T22436] ? ____kasan_slab_free+0x13e/0x170 [ 880.308025][T22436] ? __kasan_slab_free+0x11/0x20 [ 880.312960][T22436] ? slab_free_freelist_hook+0xb2/0x180 [ 880.318501][T22436] ? __rcu_read_lock+0x50/0x50 [ 880.323275][T22436] ? io_req_prep+0x1906/0x51b0 [ 880.328042][T22436] ? io_queue_sqe+0x1180/0x1180 [ 880.332894][T22436] __io_queue_sqe+0x2cf/0x2fa0 [ 880.337657][T22436] io_queue_sqe+0x295/0x1180 [ 880.342246][T22436] io_submit_sqe+0x385/0xfd0 [ 880.346833][T22436] ? io_file_get+0x437/0x9c0 [ 880.351426][T22436] io_submit_sqes+0x1050/0x2da0 [ 880.356285][T22436] ? io_uring_add_task_file+0x290/0x290 [ 880.361827][T22436] ? security_file_permission+0xa8/0xc0 [ 880.367378][T22436] ? __kasan_check_write+0x14/0x20 [ 880.372490][T22436] ? mutex_lock+0xa6/0x110 [ 880.376907][T22436] ? io_uring_add_task_file+0x127/0x290 [ 880.382448][T22436] ? __fdget+0x1b5/0x240 [ 880.386684][T22436] __se_sys_io_uring_enter+0x322/0x12b0 [ 880.392228][T22436] ? __fget_files+0x26d/0x2c0 [ 880.396910][T22436] ? __kasan_check_write+0x14/0x20 [ 880.402016][T22436] ? fput_many+0x47/0x1a0 [ 880.406344][T22436] ? __x64_sys_io_uring_enter+0x100/0x100 [ 880.412061][T22436] ? __ia32_sys_read+0x90/0x90 [ 880.416825][T22436] ? debug_smp_processor_id+0x1c/0x20 [ 880.422193][T22436] __x64_sys_io_uring_enter+0xe5/0x100 [ 880.427651][T22436] do_syscall_64+0x31/0x70 [ 880.432063][T22436] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 880.437947][T22436] RIP: 0033:0x7f5fb5d49a39 [ 880.442371][T22436] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 880.461976][T22436] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 880.470389][T22436] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 880.478365][T22436] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 [ 880.486338][T22436] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 [ 880.494304][T22436] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 880.502271][T22436] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:41:13 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x77359400) 03:41:13 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0xffffff9e}, 0x0) 03:41:13 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 60) 03:41:13 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0xffffffea}, 0x0) 03:41:13 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0xffffffef}, 0x0) [ 880.687028][T22572] FAULT_INJECTION: forcing a failure. [ 880.687028][T22572] name fail_usercopy, interval 1, probability 0, space 0, times 0 03:41:13 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x7fffefe0) 03:41:13 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x2000000040000, 0x0, 0x0) [ 880.728191][T22572] CPU: 0 PID: 22572 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 880.739832][T22572] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 880.749888][T22572] Call Trace: [ 880.753181][T22572] dump_stack_lvl+0x1e2/0x24b [ 880.757860][T22572] ? show_regs_print_info+0x18/0x18 [ 880.763057][T22572] ? kfree+0xca/0x310 [ 880.767036][T22572] dump_stack+0x15/0x1d [ 880.771187][T22572] should_fail+0x3c0/0x510 [ 880.775601][T22572] should_fail_usercopy+0x1a/0x20 [ 880.780619][T22572] _copy_from_user+0x20/0xd0 [ 880.785207][T22572] __copy_msghdr_from_user+0xaf/0x730 [ 880.790573][T22572] ? __import_iovec+0x343/0x3b0 [ 880.795423][T22572] ? __ia32_sys_shutdown+0x70/0x70 [ 880.800535][T22572] io_recvmsg_copy_hdr+0x1cf/0x7f0 [ 880.805641][T22572] ? io_poll_remove_one+0xf90/0xf90 [ 880.810848][T22572] ? arch_stack_walk+0xf8/0x140 [ 880.815698][T22572] io_issue_sqe+0x2ccf/0xfc10 [ 880.820376][T22572] ? __io_req_task_cancel+0x720/0x720 [ 880.825744][T22572] ? __rcu_read_lock+0x50/0x50 [ 880.830504][T22572] ? is_bpf_text_address+0x1a2/0x1c0 [ 880.835782][T22572] ? stack_trace_save+0x1e0/0x1e0 [ 880.840804][T22572] ? __kernel_text_address+0x9a/0x110 [ 880.846174][T22572] ? kmem_cache_free+0xaa/0x1e0 [ 880.851015][T22572] ? kmem_cache_free+0xaa/0x1e0 [ 880.855856][T22572] ? kasan_set_track+0x63/0x80 [ 880.860621][T22572] ? kasan_set_track+0x4c/0x80 [ 880.865379][T22572] ? kasan_set_free_info+0x23/0x40 [ 880.870489][T22572] ? ____kasan_slab_free+0x133/0x170 [ 880.875769][T22572] ? __kasan_slab_free+0x11/0x20 [ 880.880700][T22572] ? slab_free_freelist_hook+0xb2/0x180 [ 880.886238][T22572] ? kmem_cache_free+0xaa/0x1e0 [ 880.891082][T22572] ? __io_free_req+0x20e/0x380 [ 880.895843][T22572] ? io_req_complete+0xeb/0x610 [ 880.900697][T22572] ? __io_queue_sqe+0x1070/0x2fa0 [ 880.905711][T22572] ? io_queue_sqe+0x295/0x1180 [ 880.910466][T22572] ? io_submit_sqe+0x385/0xfd0 [ 880.915220][T22572] ? io_submit_sqes+0x1050/0x2da0 [ 880.920239][T22572] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 880.925953][T22572] ? __x64_sys_io_uring_enter+0xe5/0x100 [ 880.931581][T22572] ? do_syscall_64+0x31/0x70 [ 880.936184][T22572] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 880.942255][T22572] ? kmem_cache_free+0xaa/0x1e0 [ 880.947105][T22572] ? debug_smp_processor_id+0x1c/0x20 [ 880.952471][T22572] ? kmem_cache_free+0xaa/0x1e0 [ 880.957317][T22572] ? ____kasan_slab_free+0x13e/0x170 [ 880.962601][T22572] ? __kasan_slab_free+0x11/0x20 [ 880.967532][T22572] ? slab_free_freelist_hook+0xb2/0x180 [ 880.973075][T22572] ? __rcu_read_lock+0x50/0x50 [ 880.977836][T22572] ? io_req_prep+0x1906/0x51b0 [ 880.982605][T22572] ? io_queue_sqe+0x1180/0x1180 [ 880.987454][T22572] __io_queue_sqe+0x2cf/0x2fa0 [ 880.992219][T22572] io_queue_sqe+0x295/0x1180 [ 880.996804][T22572] io_submit_sqe+0x385/0xfd0 [ 881.001387][T22572] ? io_file_get+0x437/0x9c0 [ 881.005976][T22572] io_submit_sqes+0x1050/0x2da0 [ 881.010831][T22572] ? io_uring_add_task_file+0x290/0x290 [ 881.016374][T22572] ? security_file_permission+0xa8/0xc0 [ 881.021919][T22572] ? __kasan_check_write+0x14/0x20 [ 881.027023][T22572] ? mutex_lock+0xa6/0x110 [ 881.031437][T22572] ? io_uring_add_task_file+0x127/0x290 [ 881.036984][T22572] ? __fdget+0x1b5/0x240 [ 881.041223][T22572] __se_sys_io_uring_enter+0x322/0x12b0 [ 881.046766][T22572] ? __fget_files+0x26d/0x2c0 [ 881.051441][T22572] ? __kasan_check_write+0x14/0x20 [ 881.056546][T22572] ? fput_many+0x47/0x1a0 [ 881.060877][T22572] ? __x64_sys_io_uring_enter+0x100/0x100 [ 881.066594][T22572] ? __ia32_sys_read+0x90/0x90 [ 881.071358][T22572] ? debug_smp_processor_id+0x1c/0x20 [ 881.076726][T22572] __x64_sys_io_uring_enter+0xe5/0x100 [ 881.082182][T22572] do_syscall_64+0x31/0x70 [ 881.086593][T22572] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 881.092478][T22572] RIP: 0033:0x7f5fb5d49a39 [ 881.096887][T22572] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 881.116488][T22572] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa 03:41:13 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0xfffffff0}, 0x0) [ 881.124899][T22572] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 881.132871][T22572] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 [ 881.140845][T22572] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 [ 881.148814][T22572] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 881.156780][T22572] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:41:13 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0xfffffffe}, 0x0) 03:41:14 executing program 3: unshare(0x40000400) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x2, 0x4, 0x4, 0x1}, 0x40) unshare(0x20020000) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0}, 0x38) 03:41:14 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x8002a0ffffffff}, 0x0) 03:41:14 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x4000000000000, 0x0, 0x0) 03:41:14 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x7ffff000) 03:41:14 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x80030000000000}, 0x0) 03:41:14 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 61) 03:41:14 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x100000000000000}, 0x0) 03:41:14 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x8002a0ffffffff, 0x0, 0x0) 03:41:14 executing program 3: unshare(0x40000400) unshare(0x10300) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x16, 0x4, 0x4, 0x1, 0x0, 0x1}, 0x40) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x5, r0}, 0x38) 03:41:14 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x807e0000) 03:41:14 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x200000000000000}, 0x0) 03:41:14 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x300000000000000}, 0x0) 03:41:14 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x94357700000000, 0x0, 0x0) 03:41:14 executing program 3: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) ioctl$sock_inet_SIOCGIFADDR(r0, 0x8915, &(0x7f0000000000)={'ipvlan1\x00', {0x2, 0x0, @multicast1}}) unshare(0x40000400) r1 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x2, 0x4, 0x4, 0x1}, 0x40) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r1}, 0x38) 03:41:14 executing program 1: ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000046040)={0x79, [{}, {0x0, 0x0}, {}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0}, {0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0}, {0x0, 0x0}, {}, {0x0, 0x0}, {0x0, 0x0}, {0x0}, {0x0}, {0x0}, {0x0, 0x0}, {0x0, 0x0}, {}, {0x0, 0x0}, {0x0, 0x0}, {0x0}, {0x0, 0x0}, {0x0, 0x0}, {}, {0x0, 0x0}, {0x0}, {0x0, 0x0}, {0x0, 0x0}, {}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {}, {0x0, 0x0}, {0x0, 0x0}, {0x0}, {0x0, 0x0}, {}, {}, {0x0, 0x0}, {0x0}, {0x0, 0x0}, {0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {}, {0x0, 0x0}, {}, {}, {0x0, 0x0}, {0x0}, {0x0}, {0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0}, {}, {}, {}, {0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0}, {0x0, 0x0}, {}, {0x0, 0x0}, {0x0}, {0x0}, {}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0}, {0x0, 0x0}, {0x0}, {0x0, 0x0}, {0x0}, {}, {0x0, 0x0}, {0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {}, {0x0, 0x0}, {0x0}, {0x0, 0x0}, {0x0, 0x0}, {}, {0x0, 0x0}, {0x0, 0x0}, {}, {}, {0x0, 0x0}, {0x0}, {}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0}, {0x0, 0x0}, {}, {0x0, 0x0}, {0x0, 0x0}, {0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0}, {}, {}, {0x0, 0x0}, {0x0}, {0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0}, {0x0}, {0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0}, {}, {0x0, 0x0}, {0x0}, {0x0}, {}, {0x0, 0x0}, {}, {0x0, 0x0}, {}, {0x0, 0x0}, {0x0, 0x0}, {}, {0x0, 0x0}, {0x0, 0x0}, {}, {}, {0x0}, {0x0, 0x0}, {}, {}, {}, {0x0}, {}, {0x0, 0x0}, {0x0}, {0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0}, {}, {0x0, 0x0}, {0x0, 0x0}, {0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0}, {}, {0x0, 0x0}, {}, {0x0, 0x0}, {}, {}, {0x0, 0x0}, {0x0, 0x0}, {0x0}, {}, {0x0, 0x0}, {0x0}, {0x0, 0x0}, {0x0}, {0x0, 0x0}, {0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0}, {0x0, 0x0}, {0x0, 0x0}, {}, {0x0, 0x0}, {}, {0x0, 0x0}, {}, {}, {0x0}, {0x0, 0x0}, {}, {0x0, 0x0}, {0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0}, {}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {}, {0x0, 0x0}, {0x0, 0x0}, {}, {0x0, 0x0}, {}, {0x0}, {}, {0x0, 0x0}, {0x0}, {0x0, 0x0}, {0x0, 0x0}, {}, {0x0}, {0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0}, {0x0, 0x0}], 0x0, "9958e470d6ed51"}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f000004db80)={0x0, ""/256, 0x0, 0x0}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r0, 0xd000943d, &(0x7f0000000780)={0x83cd, [{r146, r161}, {r44, r224}, {r268, r291}, {r62, r49}, {0x0, r239}, {r67, r273}, {r87, r82}, {r9}, {r182, r227}, {r69}, {r256, r220}, {r1}, {r235, r126}, {r282, r2}, {r91, r97}, {r177, r103}, {r181, r53}, {r265, r280}, {r182, r200}, {r266, r143}, {r238, r95}, {r199, r78}, {r33, r267}, {r134, r183}, {r57, r185}, {r198, r10}, {r289, r234}, {r253, r270}, {r29, r66}, {r141, r59}, {r19, r48}, {r232, r213}, {r215, r23}, {r240, r55}, {r86, r173}, {r132, r8}, {r113, r34}, {r132}, {r242, r262}, {r138, r149}, {0x0, r23}, {0x0, r291}, {r138}, {r271, r184}, {r168}, {r158, r244}, {r195}, {r255, r30}, {r144, r61}, {r101, r206}, {r225, r137}, {r99}, {r277, r145}, {0x0, r39}, {r83, r68}, {r3, r98}, {r243, r51}, {r215, r139}, {r215, r43}, {r20, r11}, {r60, r172}, {r113, r89}, {r52, r231}, {r71, r276}, {0x0, r272}, {r131, r226}, {r42}, {r221, r254}, {r29, r105}, {r31, r111}, {r223, r64}, {r40, r205}, {r71, r118}, {r5, r36}, {r178, r205}, {r230, r77}, {r177, r194}, {r37, r272}, {r230, r157}, {r180, r241}, {r27, r121}, {0x0, r227}, {r17, r102}, {r7, r49}, {r115}, {0x0, r59}, {r65, r85}, {r140, r66}, {r37, r54}, {r247, r185}, {r182, r153}, {r236, r121}, {r201, r116}, {r247}, {r167}, {r101, r36}, {r212}, {0x0, r205}, {r174, r189}, {0x0, r278}, {r245, r30}, {r230, r262}, {r26, r170}, {r40}, {r71, r8}, {0x0, r120}, {r164, r105}, {0x0, r194}, {r259, r128}, {r63, r176}, {r188, r218}, {0x0, r216}, {r108, r59}, {r164, r283}, {0x0, r30}, {r266, r145}, {r209}, {r75, r200}, {r75, r92}, {}, {0x0, r16}, {r290, r284}, {r166, r21}, {r240, r109}, {r147, r213}, {r212, r163}, {r129, r43}, {r33, r47}, {r138, r284}, {r74, r58}, {}, {r261}, {r28, r270}, {r286, r18}, {r261, r76}, {r94, r206}, {r136, r148}, {r169, r260}, {0x0, r291}, {r195, r118}, {r46, r98}, {r197, r89}, {0x0, r130}, {r281, r229}, {r275, r184}, {r104, r210}, {r251, r165}, {r73, r111}, {r166, r194}, {r138, r208}, {r22, r278}, {r293, r175}, {r29, r139}, {r162, r43}, {r193, r172}, {r159, r133}, {r42, r226}, {r75, r262}, {r35, r284}, {r3, r125}, {r106, r102}, {r150, r216}, {r112, r100}, {r217, r208}, {0x0, r237}, {r228, r32}, {r203}, {r230, r239}, {r245, r105}, {r140, r257}, {r115, r252}, {r152, r25}, {0x0, r274}, {r233, r154}, {r42, r11}, {r124, r172}, {r150, r258}, {r119, r84}, {r110, r142}, {r122, r191}, {r50, r135}, {r119, r123}, {r101, r68}, {r60, r16}, {r33, r231}, {r292, r116}, {r178, r288}, {r63, r107}, {r171, r250}, {r207, r175}, {r207, r4}, {r242, r239}, {r22, r278}, {r96, r269}, {r117, r179}, {r265, r151}, {r156, r14}, {0x0, r88}, {r228, r97}, {0x0, r114}, {r240, r248}, {r40, r70}, {r285, r264}, {r13, r216}, {r166, r222}, {r94, r229}, {r96}, {r1, r125}, {r263, r252}, {r192, r260}, {r152, r105}, {r33, r6}, {0x0, r72}, {r190, r102}, {r38, r280}, {r63, r211}, {r242, r51}, {r112}, {r138, r294}, {r24, r82}, {r33, r210}, {r127, r59}, {r198}, {r215}, {r15, r196}, {r268}, {r261, r154}, {r12, r8}, {r169, r41}, {r104, r157}, {r166, r114}, {0x0, r64}, {r219, r155}, {r160}, {r204, r287}, {0x0, r93}, {r186, r187}, {r247, r202}, {r79, r161}, {r35, r200}, {r275, r288}, {r56, r126}, {r134}, {r214, r47}, {r177, r135}, {r90, r220}, {0x0, r145}, {r80, r45}, {0x0, r246}, {}, {r203, r272}, {r46, r85}, {r249, r270}, {r279, r252}, {r81, r8}], 0x6, "d7e496cbf574f7"}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f000004dc80)={0x0, ""/256, 0x0, 0x0}) ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0xd000943e, &(0x7f000004de80)={0x0, 0x0, "ae310fcf6ac9fbfeba7b7340017541e3876a57d3deac93112d5924193ce96809254d37739163d90feb06e61ec530d09c439504b631905a34e3db022aefde62e178c37fc1688c75bd1455fcc9f5b7c2032437b136a453d47745b01a2b445ee8cf6abce2a3dcbcac468431b2e4e741a700b4969bbd9c2c5dbadd03b7bfddac6f4efc0298ab5ad54f8770761c4beacceb18ac76b7c8b0728922b4e99b587ab35714d9f272c889e51eee313fcab90c1c716144931a815dc5b8e4458ecbb525226b69e24c8da4d371381a80de2391ce989901e4f6ee9538f5f839ccb0aabafd20c119351c544849140cbeb58afadc69f27757dd624b24aca2b2fc9fec94b433632410", "916048f8e7ac3858d3054b7626cedcdb0d1d11e425061d35dcb351da6243bce71423db70b1f096c40411ca0fa5b13966fa9bb0b2a0bad6737e0ba98808b7f4cf66cd2ca37cde8696206e0025aef68030d65ecd951c2190c894b4489614d15f6ee54ea6712ec2228b2072509d89222971daca24e174b99f1ca3097f521c3eba84d520ad54547b647b2e08edec0d453a844de249ed5e2725c543430b66265e1650d5b8c37a2824c1efa00e2784b5e318e44ad094718f5fd436e3cbf6887a506586ea457d45129e1c1d91771b8735c43f0cb571c8a7314ca45a6e5461b288ab620fa6e0c8a6d55a42d4ab536d53e6fead09a6b0c47fd5d8e9308f519e58aa114d22a10034e504ed9cea3c8de015e7626f23204465557e7324093a9e60731d45bc2b4f99f3e2dc090ad18ffad2e964685323c0678762d48d2453a25d4167a79f02dba4bf54bc58c6378ad5f9319dae63bd35991d1a22728500b3eaf12f49d4e005509a9f59cb509895d1ca0af52c1e7e28324d91e1b79e88e73cc80adb59c2d65a9d023ea433cc7ba0bde1d3da1c96b24270b6657ae2372f7e8e6b0d6bce65d1c4fcedda580702b324eebbfb050f8a5d104cf5298c3bbfd93eec34fff7f7ee71c5bbc1067cdaf6c012b81e2572f73c10ec222317a238231656dcfa3de76983375cea668bc15017a868f0453b3f795eff622bc01969eb5abef59b4e5faa822cd97076928bcfb2b015a2a33dabc2ff9c3e2cce7f67b9192a92b9520f5ff94af734ef14f7927c80d55d96b5d8d33862571433516345922dae8cb4c4cfafbbeb1e81bc9b6cd47445185f8700bc94d4994509ea27884772505b455aebbd381e42b62c9c4e95e11601cfaaded4b835685518b0bc136dac847ed26dcd71841be4586fdb663d56280292a7354ceb4d921a800afc3c5438b3f045eea3ee1fc88a5ce2d48a81a93ee309f6c0bdc69efd6b3319c4e6029b5aba6f7429927cb9a3039219e0e9ccf59b9b9abbfee2645f5f849c801918e29f86e5e8f19495dcb5c19d778f35f795c243d16bf6b3879285e4e82af5afbebcaacdb07920783d6eac3350a165d7754f38e48493920f1cae96a976e3606544bdba4626fd5e12844c866e34343d5002c51613fdacccb846b04aca2be62f0e3641a586bf39aecc7ab705093985c00db923da322cec6787f16060183d03a2e9cc8a624c30534a1e019017525aec7fab922b8c28bd2c763ef82f97799e4d05a42550bd93fa369475f3b4197219a9859ad4db0cac618e6088dc3e5d6c560549c0c3fe26a5dd8ad71fcb89ee488ffac11f0dd8e1148c70490c252dc318fa280a4591bf1bc758067b7cc071b1902cb507faca369d3bb386bf0cbe6346c39930b098091c1a867c533943e51e2d6a3add5f5673b5e5dd2b19b46d3553bd899cb90d4278684c27bdb3a3263116fd924fb68fc674baa98525b77bd49c2c29a738602bc3e8c2456170bf536c4e09e296a16dd2d12a007ec1c301f41f243d6aabe02b704e3c24e92eb535cfe30f23ab88b1946a666b21a83148105156356afd4049b3e4c070e5e4f39c1746267d8cafbfc3bf2f7c5a421cee1ce30360c0a4cdc3155a89bdd760abf3e1d65709f74b3ff773e8453a943a474f0f7b0cf10ca98cecaa7b0099ce263f513e8e3dec3ca10e0d274223ca7d5e6bfa1a23a336a7cc45831d283fcb0a34602886ddcc8e6711eafc363cde36e1e054fcde5ad5265b9429e6f882ceb7b6dda449bf32582dda30e862a8f19f8cff467242880ffb6f90d06cbf85bae85c93c8ee98ce7008575b541c48e57e8d98c422a62f31b47461edd01369c6697b75c80f1564f49ae00e5055cf2d3952401590dd5de1fc2cbd35d0ae6866332186eab4ca8764a9b49689fcdaff0723706067e3ff68ba99ace85775940893b2a744282215ef58aa68888ec5e19e4de2ae8a5a10a8c968872e2763d4133625a323247439148843ec7af587ac461301f752aa8b83ee74a89fae8f9dba41156adda2f77c7b39c10788be4786a912b3c5726b88babda8586b3da6152e4d9cb94b10ca2cf054e0ab9c4d6441a4c6be1fa0709cd3d1f7965c1e54fd1bc4beff8a894a3ce104879f734f3273d0c9da740743907d1da293c28a05d71fba356c379c3e67f1b2628a25ec50cd602fc7f87e19fbb946daf53574dc7b09177c2d851f6c1671efc31f57dfeaff35ac3134d29e60401fcd6445ab654ac9eab4a69f729619685deaea4932aa63da35356fa354fe19a2449378fa9f99a8b27d5d21cbdcba649bc131b2d9cf3026256e3cd31a6d7327574a416db8e3cc9b1510263c24baef89d6ae0e72731c550a3a28db9a766cb7aad79275f44f74b8d54b45e09a1ac517f2f32c68a0e7b06c1c29dd6f919ec165cac7ff4808629e236a0918d9147df1a652fc78572bf99fa19cf48384cc92bbfc5c7c0a3f46863271cfc78051c50249938234fafa5aab32a2893ef4ab07120ffdf6fd719076753fcfee83ca3e65dd736661b1be9017ebc8d214c993150bf6d67a45c4818bbc30c1f62006737096d6943e023623f912e429969c6359d5a6e33f701ca3534f26a5ffacdbc95a0bd38cc9fc8559c3ed851b2350ae0afb43e281cf5af8c15afd76ea90a4edece930a50073c0be9e5c2cef0bc28e32762385b57d1ff80349194fc977fc766058dae29dc0ea81dcedc1c6b635c8f93090aff1348c7a891cc328ee23025079360666e6106b25d41dddf9195fa81afb1d7f00db6a96f4c41f15648dcf84e61927b6d6c6c60732c9f97c6e43712b788d7b1572a068d95f90f435ab03b13ba1690a2323abe7a1a6f222ff9f2fb3809bbbb5bb4275d972495c947987a586dd99a74b29ec8449c2542568d4a0690cf1af00d7774112c50eef262cd31d474bd494213d526fa944589390c5558ead7b10106d936e6bb5155c95b3df72d3f7cb097a85b4f161749964e3caf966e03454ad4472fc0e3c2bd5ad00d03f15d6e08f18dead558629b6784eb96b995fb30d6001107df5ba4c18f79d7e8dbb78e5362125809f093b8ea0b33a9d8c0f7439dd6e2056e77696040b176f5f4bc1fcbb260b629b13c21b445690a62393f27aad133855acb3546b3cd689656a3e7761707114ff42c2ae9bdd22a647515860e14617679fb40d3f95f2a9e0347a592143bedcfc55f813a38c3bafc522c8e866a2431d76cd91aba333febe21545950cab575947f28397107fa9cdd8f9e893b50c1e1288c374ab6d129997e220a271fed671ca8cbaa151a0aef515690b7b54223a42a4940ea763116c1d63c3b0055f00cd095d434ad82df3513c030b75ff018e8da6c2ea2feac04c4a99c6887a962d9c86bf757aa937d33f6c74da10848146282fda6eecc58eaf276e89b35ac4ec8fe2f1aeb6f3d21f83084682be2ef8bdc81c4df71f71b4bbb1c0363103484f3aab93063c360826ecd32b0d1a1d798e06ce5a484e940412fb2491dbe5e26d75f001b554d7724fdc9fa99a03d9ce1d6fd2528dcd48e607dd78e7439d221929fc64054a279300f8e631615651978906acbb55747e2097411c54e29a3527d6f3b3face5ab8f916720c647c8b20a1a0f2a4729762ec4ced43d9a2456f007d507738462a851b44eb1ac7350716ca7ef5f8555d3219b5bab8ed44338912f7c8fb930ef47aa77cea8db84e2538154396cbedde2f277f0ac004955cf69379b778899a300bc85916f7ff30c3ca5f72eb02de62bdccfcaad68d40349599454ab37da13b0f76e4035a045f1c2617a2844e591df8e40de8e53bdc866804d8e8b9fef1e413f853ebbf397d63c0196d16f0d64d7aa9967bda4201097180ec7e0c941ecfc768599b1abfa7b6579581fdc07cf4674d67590cb997b085ad7250d47ef54ec56937f558ae1a0c20ab085fd7698b0c772d4cd3d534fc8dc579f30e54b8dab6a259000c9177653020915d7acd81144e8a90e165fd39e6058a3cabccd7a9b34eee0a4749485a0d89e35e2d4805dd3f2cd297c4ec4ddc28a97ccb55161808f075f51d093ffaff4655938a7e3cc57dc1d6a2b54dbf9d7ae4cbbec1ea9158df7b553f78e123633bd2c65417f728e407032385518372c3b0d4673970c2a56f27620c72e4ff152fbbc31ca119fae5e739e43fc8d6acb663992e560e985dc399290e91b22cddfe331eb5fe992fc14022dc49e5f20d5a12f9d279660c5793aad9b9518aacd5f53fb40850f176742ab8bfbd7918e8e04bf99fb34a9a06932d1431253f06b7c21253e8ffab4667897f91d3ecb5880cf461f5bd64ec011b926fb401a7afbc0fcf6c778f683b38c3cd90dfd17fb5e4d42bd716caebbfb3c424a4489f6f5cfa30f816e177b29ecd87da194b7671ad9d0cfb7a19abc627467feb3ba62f496a51360c9438f19803cbaa75a196876e5a880efbb9c4856f6d76fce496c32f6fa2e9bda679488de823ede220ce5f0dd4001cf6321d53cad6181fb3a7f1a96e53078073fc89d9ad58dc29425447f7ac85e1e1027b3a4c5749718dc58e5e3e7efa31bd2b6bd591210b1608d3c6d6730bbe7c956d9ffafd25b21975f32e7cb7d3ac83c27f8c3d55db52f961653d1b5e0a4c9464591f83b23c5edede31bb09c3fdfa60e6ba23ffc2eda30d4ee922c934b6b5638824a0a6104cce3b87ccdf8e488a8deba76c10fcb5e17cae6974ebabccdaf28dfd26b955d851c17934ba44ba1eec758e85ac4c7562217a93760b59b6a2191c53c437a841139b0f63246b0a2afdba6bb0730644e0c2c7b5c247f1783b031faa45e17e72e0696dfe15c935ad83f64f52250ce10ef85b3bfaaf8e185a6f645433ae3d8a9f1c768263fdbe1a9deda5f8c112fe173d8b55bdc86ffb7de0eff7769d7fea1848e8d7b5d5f248e4a77a50009cfbd6fe0bab353bad9f050843cb23ac30c0e472792b630c15d6c4dace583f527703ac1e4ec36e3908886d9dfa4760bee6c00914030f0116bfba22e227d28a856c5917495824b36dff7b8fe82c90f10de23a39cd56da536c0bf91bd736e6626db55725a502aee93ef2ccc4a78e2fa124c473edb4b633f6885ad2aac1189685762c8d3ac32bf909d0a2b2ffb8d50d69cc658e7775f83615256c04aa09387de7c748231b8649fc2a134655daadda9c0eea6fe3cd77683aae37a3c6edea513c3cbabf5655b0dafa6fd19926d996d68d55760536f928b815b346fbbe73b2bca2fec3a12def25917084291121758833d95417a65e2fe99157272bd51edfe6a9871f40d0fea5e6bc71da6fb9a1acce863df1ce6b250ad2a7c030a4a9149bf9af16ea835f1a7e9aebb1a95b3003c8e5a91d6613528409ee3ba29e4441284c058f93b5b3b66743f59ddcac69e2d8fc872a2f8f00774d5b8283a47c0cdf7d410e466b0feb3f9f5595a2e80b5e7214ccd2bda9e210da5ac4c5a00fd49b4878bff32435f35da886e"}) ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f000004ee80)={{0x0, 0x5, 0x2, 0x7fff, 0x0, 0xbf, 0x0, 0x4, 0x80, 0x1, 0x7fffffff, 0x9, 0x200, 0xc51, 0xd0}, 0x18, [0x0, 0x0, 0x0]}) r298 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r299 = ioctl$KVM_CREATE_VM(r298, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r299, 0xae60) ioctl$KVM_REGISTER_COALESCED_MMIO(r299, 0x4010ae67, 0x0) r300 = ioctl$KVM_CREATE_VCPU(r299, 0xae41, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f000004db80)={0x0, ""/256, 0x0, 0x0}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r300, 0xd000943d, &(0x7f0000000780)={0x83cd, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r302}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r301}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r303}], 0x6, "d7e496cbf574f7"}) ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f000004ef40)=ANY=[@ANYRES64=0x0, @ANYBLOB="0100008000000000010000000000000035f8000000000000fdffffffffffffffffff0000000000008772a3b860000000080000000e020000ba000000020000000010000000000000f10500000000000000000000000000000200"/104]) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f000004efc0)={0x20, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r294}, {0x0, r295}, {0x0, r296}, {r297, r303}, {r304}], 0x3, "cd6c2fa900e5f2"}) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) ioctl$KVM_SET_CPUID(r300, 0x4008ae8a, &(0x7f0000000080)={0x3, 0x0, [{0x80000001, 0x4, 0xb7e, 0xec, 0x5}, {0x6, 0x8, 0x9, 0x9, 0x66e}, {0x80000000, 0x7ff, 0x3, 0x7}]}) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000240)={[{@rlog_wakeup_cnt}], [{@uid_gt}, {@dont_appraise}, {@measure}, {@smackfstransmute={'smackfstransmute', 0x3d, 'incremental-fs\x00'}}, {@fowner_gt}, {@defcontext={'defcontext', 0x3d, 'sysadm_u'}}, {@smackfsfloor={'smackfsfloor', 0x3d, 'incremental-fs\x00'}}]}) 03:41:14 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x87c50000) 03:41:14 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x400000000000000}, 0x0) [ 881.740867][T23096] incfs: Options parsing error. -22 [ 881.764254][T23095] FAULT_INJECTION: forcing a failure. [ 881.764254][T23095] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 881.814049][T23095] CPU: 0 PID: 23095 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 881.825684][T23095] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 881.835733][T23095] Call Trace: [ 881.839025][T23095] dump_stack_lvl+0x1e2/0x24b [ 881.843696][T23095] ? show_regs_print_info+0x18/0x18 [ 881.848887][T23095] dump_stack+0x15/0x1d [ 881.853039][T23095] should_fail+0x3c0/0x510 [ 881.857455][T23095] should_fail_usercopy+0x1a/0x20 [ 881.862475][T23095] _copy_from_user+0x20/0xd0 [ 881.867053][T23095] iovec_from_user+0xc7/0x310 [ 881.871722][T23095] ? __ia32_sys_shutdown+0x70/0x70 [ 881.876830][T23095] __import_iovec+0x72/0x3b0 [ 881.881423][T23095] io_recvmsg_copy_hdr+0x396/0x7f0 [ 881.886527][T23095] ? io_poll_remove_one+0xf90/0xf90 [ 881.891700][T23095] ? arch_stack_walk+0xf8/0x140 [ 881.896528][T23095] io_issue_sqe+0x2ccf/0xfc10 [ 881.901179][T23095] ? __io_req_task_cancel+0x720/0x720 [ 881.906527][T23095] ? __rcu_read_lock+0x50/0x50 [ 881.911264][T23095] ? is_bpf_text_address+0x1a2/0x1c0 [ 881.916531][T23095] ? stack_trace_save+0x1e0/0x1e0 [ 881.921527][T23095] ? __kernel_text_address+0x9a/0x110 [ 881.926880][T23095] ? kmem_cache_free+0xaa/0x1e0 [ 881.931705][T23095] ? kmem_cache_free+0xaa/0x1e0 [ 881.936527][T23095] ? kasan_set_track+0x63/0x80 [ 881.941261][T23095] ? kasan_set_track+0x4c/0x80 [ 881.946009][T23095] ? kasan_set_free_info+0x23/0x40 [ 881.951093][T23095] ? ____kasan_slab_free+0x133/0x170 [ 881.956346][T23095] ? __kasan_slab_free+0x11/0x20 [ 881.961256][T23095] ? slab_free_freelist_hook+0xb2/0x180 [ 881.966876][T23095] ? kmem_cache_free+0xaa/0x1e0 [ 881.971701][T23095] ? __io_free_req+0x20e/0x380 [ 881.976436][T23095] ? io_req_complete+0xeb/0x610 [ 881.981258][T23095] ? __io_queue_sqe+0x1070/0x2fa0 [ 881.986255][T23095] ? io_queue_sqe+0x295/0x1180 [ 881.990991][T23095] ? io_submit_sqe+0x385/0xfd0 [ 881.995727][T23095] ? io_submit_sqes+0x1050/0x2da0 [ 882.000719][T23095] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 882.006410][T23095] ? __x64_sys_io_uring_enter+0xe5/0x100 [ 882.012016][T23095] ? do_syscall_64+0x31/0x70 [ 882.016587][T23095] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 882.022629][T23095] ? kmem_cache_free+0xaa/0x1e0 [ 882.027452][T23095] ? debug_smp_processor_id+0x1c/0x20 [ 882.032800][T23095] ? __set_page_owner+0x2e2/0x300 [ 882.037796][T23095] ? kmem_cache_free+0xaa/0x1e0 [ 882.042618][T23095] ? ____kasan_slab_free+0x13e/0x170 [ 882.047877][T23095] ? __kasan_slab_free+0x11/0x20 [ 882.052786][T23095] ? slab_free_freelist_hook+0xb2/0x180 [ 882.058304][T23095] ? __rcu_read_lock+0x50/0x50 [ 882.063040][T23095] ? io_req_prep+0x1906/0x51b0 [ 882.067778][T23095] ? io_queue_sqe+0x1180/0x1180 [ 882.072605][T23095] __io_queue_sqe+0x2cf/0x2fa0 [ 882.077343][T23095] io_queue_sqe+0x295/0x1180 [ 882.081904][T23095] io_submit_sqe+0x385/0xfd0 [ 882.086467][T23095] ? io_file_get+0x437/0x9c0 [ 882.091035][T23095] io_submit_sqes+0x1050/0x2da0 [ 882.095861][T23095] ? io_uring_add_task_file+0x290/0x290 [ 882.101380][T23095] ? security_file_permission+0xa8/0xc0 [ 882.106904][T23095] ? __kasan_check_write+0x14/0x20 [ 882.111986][T23095] ? mutex_lock+0xa6/0x110 [ 882.116374][T23095] ? io_uring_add_task_file+0x127/0x290 [ 882.121889][T23095] ? __fdget+0x1b5/0x240 [ 882.126105][T23095] __se_sys_io_uring_enter+0x322/0x12b0 [ 882.131621][T23095] ? __fget_files+0x26d/0x2c0 [ 882.136271][T23095] ? __kasan_check_write+0x14/0x20 [ 882.141351][T23095] ? fput_many+0x47/0x1a0 [ 882.145656][T23095] ? __x64_sys_io_uring_enter+0x100/0x100 [ 882.151346][T23095] ? __ia32_sys_read+0x90/0x90 [ 882.156096][T23095] ? debug_smp_processor_id+0x1c/0x20 [ 882.161472][T23095] __x64_sys_io_uring_enter+0xe5/0x100 [ 882.166918][T23095] do_syscall_64+0x31/0x70 [ 882.171319][T23095] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 882.177183][T23095] RIP: 0033:0x7f5fb5d49a39 [ 882.181569][T23095] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 882.201148][T23095] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa 03:41:14 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 62) 03:41:14 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="726c6f675f77616b65687a5f636e743d3038303030303030303030303030dd00"]) chdir(&(0x7f0000000080)='./file0\x00') 03:41:14 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x500000000000000}, 0x0) 03:41:14 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0xf0ff7f00000000, 0x0, 0x0) 03:41:14 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0xa0028000) 03:41:14 executing program 3: unshare(0x40000400) unshare(0x800) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x2, 0x4, 0x4, 0x1}, 0x40) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0}, 0x38) [ 882.209534][T23095] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 882.217479][T23095] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 [ 882.225436][T23095] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 [ 882.233387][T23095] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 882.241338][T23095] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:41:15 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x600000000000000}, 0x0) [ 882.296144][T23326] incfs: Options parsing error. -22 [ 882.305705][T23326] incfs: Options parsing error. -22 03:41:15 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1118486, &(0x7f00000001c0)={[{@xino_auto}, {@xino_off}, {@default_permissions}, {@metacopy_on}, {@nfs_export_on}, {@metacopy_off}, {@xino_auto}], [{@dont_hash}]}) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="726c6f675f7061e765733d30303030303030303030303030303030303030302c00"]) 03:41:15 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0xf0ffffff7f0000, 0x0, 0x0) 03:41:15 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x700000000000000}, 0x0) [ 882.369619][T23494] FAULT_INJECTION: forcing a failure. [ 882.369619][T23494] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 882.398337][T23494] CPU: 0 PID: 23494 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 882.409979][T23494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 03:41:15 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0xe0efff7f) [ 882.420026][T23494] Call Trace: [ 882.423316][T23494] dump_stack_lvl+0x1e2/0x24b [ 882.427999][T23494] ? show_regs_print_info+0x18/0x18 [ 882.433199][T23494] dump_stack+0x15/0x1d [ 882.437346][T23494] should_fail+0x3c0/0x510 [ 882.441752][T23494] should_fail_usercopy+0x1a/0x20 [ 882.446757][T23494] _copy_from_user+0x20/0xd0 [ 882.451337][T23494] iovec_from_user+0xc7/0x310 [ 882.456011][T23494] ? __ia32_sys_shutdown+0x70/0x70 [ 882.461117][T23494] __import_iovec+0x72/0x3b0 03:41:15 executing program 3: unshare(0x40000400) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000000)={0x2, 0x4, 0x4, 0x1}, 0x40) unshare(0x4000000) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0}, 0x38) [ 882.465704][T23494] io_recvmsg_copy_hdr+0x396/0x7f0 [ 882.470816][T23494] ? io_poll_remove_one+0xf90/0xf90 [ 882.476014][T23494] ? arch_stack_walk+0xf8/0x140 [ 882.480865][T23494] io_issue_sqe+0x2ccf/0xfc10 [ 882.485544][T23494] ? __io_req_task_cancel+0x720/0x720 [ 882.490918][T23494] ? __rcu_read_lock+0x50/0x50 [ 882.495682][T23494] ? is_bpf_text_address+0x1a2/0x1c0 [ 882.500964][T23494] ? stack_trace_save+0x1e0/0x1e0 [ 882.505987][T23494] ? __kernel_text_address+0x9a/0x110 [ 882.511359][T23494] ? kmem_cache_free+0xaa/0x1e0 [ 882.516202][T23494] ? kmem_cache_free+0xaa/0x1e0 [ 882.521048][T23494] ? kasan_set_track+0x63/0x80 [ 882.525806][T23494] ? kasan_set_track+0x4c/0x80 [ 882.530562][T23494] ? kasan_set_free_info+0x23/0x40 [ 882.535663][T23494] ? ____kasan_slab_free+0x133/0x170 [ 882.540942][T23494] ? __kasan_slab_free+0x11/0x20 [ 882.545872][T23494] ? slab_free_freelist_hook+0xb2/0x180 [ 882.551401][T23494] ? kmem_cache_free+0xaa/0x1e0 [ 882.556237][T23494] ? __io_free_req+0x20e/0x380 [ 882.560992][T23494] ? io_req_complete+0xeb/0x610 [ 882.565873][T23494] ? __io_queue_sqe+0x1070/0x2fa0 [ 882.570875][T23494] ? io_queue_sqe+0x295/0x1180 [ 882.575611][T23494] ? io_submit_sqe+0x385/0xfd0 [ 882.580360][T23494] ? io_submit_sqes+0x1050/0x2da0 [ 882.585381][T23494] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 882.591089][T23494] ? __x64_sys_io_uring_enter+0xe5/0x100 [ 882.596701][T23494] ? do_syscall_64+0x31/0x70 [ 882.601268][T23494] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 882.607311][T23494] ? kmem_cache_free+0xaa/0x1e0 [ 882.612133][T23494] ? debug_smp_processor_id+0x1c/0x20 [ 882.617481][T23494] ? __set_page_owner+0x2e2/0x300 [ 882.622489][T23494] ? kmem_cache_free+0xaa/0x1e0 [ 882.627336][T23494] ? ____kasan_slab_free+0x13e/0x170 [ 882.632153][T23573] incfs: Options parsing error. -22 [ 882.632611][T23494] ? __kasan_slab_free+0x11/0x20 [ 882.632623][T23494] ? slab_free_freelist_hook+0xb2/0x180 [ 882.632634][T23494] ? __rcu_read_lock+0x50/0x50 [ 882.632648][T23494] ? io_req_prep+0x1906/0x51b0 [ 882.632659][T23494] ? io_queue_sqe+0x1180/0x1180 [ 882.632676][T23494] __io_queue_sqe+0x2cf/0x2fa0 [ 882.667354][T23494] io_queue_sqe+0x295/0x1180 [ 882.671949][T23494] io_submit_sqe+0x385/0xfd0 [ 882.676546][T23494] ? io_file_get+0x437/0x9c0 [ 882.681130][T23494] io_submit_sqes+0x1050/0x2da0 [ 882.685984][T23494] ? io_uring_add_task_file+0x290/0x290 [ 882.691645][T23494] ? security_file_permission+0xa8/0xc0 [ 882.697192][T23494] ? __kasan_check_write+0x14/0x20 [ 882.702301][T23494] ? mutex_lock+0xa6/0x110 [ 882.706715][T23494] ? io_uring_add_task_file+0x127/0x290 [ 882.712253][T23494] ? __fdget+0x1b5/0x240 [ 882.716496][T23494] __se_sys_io_uring_enter+0x322/0x12b0 [ 882.722037][T23494] ? __fget_files+0x26d/0x2c0 [ 882.726704][T23494] ? __kasan_check_write+0x14/0x20 [ 882.731799][T23494] ? fput_many+0x47/0x1a0 [ 882.736126][T23494] ? __x64_sys_io_uring_enter+0x100/0x100 [ 882.741835][T23494] ? __ia32_sys_read+0x90/0x90 [ 882.746576][T23494] ? debug_smp_processor_id+0x1c/0x20 [ 882.751923][T23494] __x64_sys_io_uring_enter+0xe5/0x100 [ 882.757357][T23494] do_syscall_64+0x31/0x70 [ 882.761748][T23494] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 882.767612][T23494] RIP: 0033:0x7f5fb5d49a39 [ 882.772001][T23494] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 882.791584][T23494] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 882.799974][T23494] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 882.807920][T23494] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 03:41:15 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 63) 03:41:15 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="726c6f675f77616b6575705f636e743d30303030303030303030303010303030303030302c00"]) 03:41:15 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0xeffdffff) 03:41:15 executing program 3: unshare(0x40000400) unshare(0x10000) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x2, 0x4, 0x4, 0x1}, 0x40) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0}, 0x38) 03:41:15 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x900000000000000}, 0x0) 03:41:15 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0xfeffff00000000, 0x0, 0x0) [ 882.815871][T23494] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 [ 882.823816][T23494] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 882.831768][T23494] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:41:15 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x8000000000000000}, 0x0) 03:41:15 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000000c0)={[{@rlog_wakeup_cnt={'rlog_wakeup_cnt', 0x3d, 0x4}}]}) stat(&(0x7f0000000080)='./file0\x00', &(0x7f0000000180)) [ 882.885970][T23797] incfs: Options parsing error. -22 03:41:15 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x8100000000000000}, 0x0) 03:41:15 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0xf5ffffff) 03:41:15 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x100000000000000, 0x0, 0x0) [ 882.977545][T23809] FAULT_INJECTION: forcing a failure. [ 882.977545][T23809] name failslab, interval 1, probability 0, space 0, times 0 [ 882.999781][T23809] CPU: 0 PID: 23809 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 883.011429][T23809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 883.021485][T23809] Call Trace: [ 883.024781][T23809] dump_stack_lvl+0x1e2/0x24b [ 883.029461][T23809] ? devkmsg_release+0x127/0x127 [ 883.034404][T23809] ? show_regs_print_info+0x18/0x18 [ 883.039595][T23809] dump_stack+0x15/0x1d [ 883.043819][T23809] should_fail+0x3c0/0x510 [ 883.048219][T23809] ? iovec_from_user+0x8a/0x310 [ 883.053058][T23809] __should_failslab+0x9f/0xe0 [ 883.057819][T23809] should_failslab+0x9/0x20 [ 883.062314][T23809] __kmalloc+0x68/0x3d0 [ 883.066456][T23809] ? _copy_from_user+0x93/0xd0 [ 883.071202][T23809] iovec_from_user+0x8a/0x310 [ 883.075857][T23809] ? __ia32_sys_shutdown+0x70/0x70 [ 883.080939][T23809] __import_iovec+0x72/0x3b0 [ 883.085517][T23809] io_recvmsg_copy_hdr+0x396/0x7f0 [ 883.090623][T23809] ? io_poll_remove_one+0xf90/0xf90 [ 883.095807][T23809] ? arch_stack_walk+0xf8/0x140 [ 883.100645][T23809] io_issue_sqe+0x2ccf/0xfc10 [ 883.105307][T23809] ? __io_req_task_cancel+0x720/0x720 [ 883.110662][T23809] ? __rcu_read_lock+0x50/0x50 [ 883.115411][T23809] ? is_bpf_text_address+0x1a2/0x1c0 [ 883.120670][T23809] ? stack_trace_save+0x1e0/0x1e0 03:41:15 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x81ffffff00000000}, 0x0) [ 883.125691][T23809] ? __kernel_text_address+0x9a/0x110 [ 883.131064][T23809] ? kmem_cache_free+0xaa/0x1e0 [ 883.135908][T23809] ? kmem_cache_free+0xaa/0x1e0 [ 883.140757][T23809] ? kasan_set_track+0x63/0x80 [ 883.145518][T23809] ? kasan_set_track+0x4c/0x80 [ 883.150290][T23809] ? kasan_set_free_info+0x23/0x40 [ 883.155407][T23809] ? ____kasan_slab_free+0x133/0x170 [ 883.160695][T23809] ? __kasan_slab_free+0x11/0x20 [ 883.165635][T23809] ? slab_free_freelist_hook+0xb2/0x180 [ 883.171181][T23809] ? kmem_cache_free+0xaa/0x1e0 [ 883.176030][T23809] ? __io_free_req+0x20e/0x380 [ 883.180798][T23809] ? io_req_complete+0xeb/0x610 [ 883.185645][T23809] ? __io_queue_sqe+0x1070/0x2fa0 [ 883.190686][T23809] ? io_queue_sqe+0x295/0x1180 [ 883.195450][T23809] ? io_submit_sqe+0x385/0xfd0 [ 883.200209][T23809] ? io_submit_sqes+0x1050/0x2da0 [ 883.205230][T23809] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 883.210930][T23809] ? __x64_sys_io_uring_enter+0xe5/0x100 [ 883.216542][T23809] ? do_syscall_64+0x31/0x70 [ 883.221117][T23809] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 883.227172][T23809] ? kmem_cache_free+0xaa/0x1e0 [ 883.232007][T23809] ? debug_smp_processor_id+0x1c/0x20 [ 883.237357][T23809] ? __set_page_owner+0x2e2/0x300 [ 883.242356][T23809] ? kmem_cache_free+0xaa/0x1e0 [ 883.247181][T23809] ? ____kasan_slab_free+0x13e/0x170 [ 883.252438][T23809] ? __kasan_slab_free+0x11/0x20 [ 883.257345][T23809] ? slab_free_freelist_hook+0xb2/0x180 [ 883.262862][T23809] ? __rcu_read_lock+0x50/0x50 [ 883.267597][T23809] ? io_req_prep+0x1906/0x51b0 [ 883.272335][T23809] ? io_queue_sqe+0x1180/0x1180 [ 883.277158][T23809] __io_queue_sqe+0x2cf/0x2fa0 [ 883.281902][T23809] io_queue_sqe+0x295/0x1180 [ 883.286471][T23809] io_submit_sqe+0x385/0xfd0 [ 883.291032][T23809] ? io_file_get+0x437/0x9c0 [ 883.295612][T23809] io_submit_sqes+0x1050/0x2da0 [ 883.300445][T23809] ? io_uring_add_task_file+0x290/0x290 [ 883.305962][T23809] ? security_file_permission+0xa8/0xc0 [ 883.311492][T23809] ? __kasan_check_write+0x14/0x20 [ 883.316594][T23809] ? mutex_lock+0xa6/0x110 [ 883.320992][T23809] ? io_uring_add_task_file+0x127/0x290 [ 883.326514][T23809] ? __fdget+0x1b5/0x240 [ 883.330731][T23809] __se_sys_io_uring_enter+0x322/0x12b0 [ 883.336252][T23809] ? __fget_files+0x26d/0x2c0 [ 883.340906][T23809] ? __kasan_check_write+0x14/0x20 [ 883.346053][T23809] ? fput_many+0x47/0x1a0 [ 883.350356][T23809] ? __x64_sys_io_uring_enter+0x100/0x100 [ 883.356050][T23809] ? __ia32_sys_read+0x90/0x90 [ 883.360787][T23809] ? debug_smp_processor_id+0x1c/0x20 [ 883.366136][T23809] __x64_sys_io_uring_enter+0xe5/0x100 [ 883.371608][T23809] do_syscall_64+0x31/0x70 [ 883.376072][T23809] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 883.381938][T23809] RIP: 0033:0x7f5fb5d49a39 [ 883.386328][T23809] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 883.405910][T23809] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 883.414297][T23809] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 03:41:16 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 64) 03:41:16 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180), 0x260000, &(0x7f00000004c0)={[{@upperdir={'upperdir', 0x3d, './file0/file0'}}]}) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="726c6f675f77616b65757030303030000030303030303030724f11277ad9e36230c524ad87a2bc43c65cd8ca3d3030303030302c00939fbfad3d248992c3c0f328d6a18d338d139cb5e8e8fe70b6c4efe35d5eaa2cf3333225ede81d807ac1ebfb9ccbf67e5b6283c100000000002b7b1bda6452b4e3d07a13920452cd406b09eab348c5eac1b00b729ec41d252dd3345bd4a57aad0518267778dfc7697579f4851e98f2c25aa9e0084888d7d241c5f047d0956921ec7a8d5a0cfa7da1f048bcf68fe7d2c718b25708d2b0e728cf8111ad24265a1bde97fe9ba06dcde85a04d69cdc"]) recvfrom$unix(0xffffffffffffffff, &(0x7f00000002c0)=""/218, 0xda, 0x0, &(0x7f00000001c0)=@abs={0x1, 0x0, 0x4e20}, 0x6e) 03:41:16 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x200000000000000, 0x0, 0x0) 03:41:16 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0xfffffdef) 03:41:16 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x8300000000000000}, 0x0) 03:41:16 executing program 3: unshare(0x40000400) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x8, 0x4, 0x4, 0x1}, 0x40) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0}, 0x38) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000340)={&(0x7f00000000c0)="5484d986d20c39df9d895384d410395cb4433e7019cf59cf26f784bacc7df77f3e829cf67b297ea90ccdb16c8c2d7d5a9d63c1f283ef719a5ea28f8db5b2358256f2a1ab0f6fa46e6b03e0f25ddbaa04300345f4fa3a6510346b70e810839701ab6fb49e4ccbab1527ed7768a0f7f2ddda7c0ae0818f05622798f8e97bb28788bd3ccfd61a", &(0x7f0000000180)=""/154, &(0x7f0000000240)="f98db3893059278288a080ddbf863aca669c6d228978d6da499219a958162cf7bceb4db5374e672d0b2d6b5f6d7434bbd62814384381d25249ac43363dc57f392948769f56619331ab0bbc4b351fdd04a90a9ca8ceb9f67bbdeb9aa1268ff481a4c47c0d0e76f82c49c2c2403a7c84c6d3af0e59d151d3df187800b1f2edda3b33a02888d17f7d14d71395883480b50a4a1d283ce8e5e8caca91182ca61b37646895e22f7c6e488c2540aeec82b93d1efd3e5b15f67de7e80211b46f063bce87f217593c825eab01b089e556567499b923395d2815103ec0e2c0c00c", &(0x7f0000000000)="2c26ab1f9c8b38d346377c29bf6f30d7bb8093f6f2b5b76b68dcdf935459260f59abcf11a0231b960991681bc055ad64f72db8bd76a733d5710057e453a20310cfd1517043f53ebd1018bad752e9889d1a9c054540620aa52cbc81482797cbfad35c140263cfc504fc9f381b47c2c49952e300c881ab59c431065c02", 0xfff, r0}, 0x38) [ 883.422245][T23809] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 [ 883.430203][T23809] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 [ 883.438151][T23809] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 883.446098][T23809] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:41:16 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x9effffff00000000}, 0x0) [ 883.523111][T24264] incfs: Options parsing error. -22 03:41:16 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0xa065000000000000}, 0x0) 03:41:16 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="726c6f675f77616b566b450fcb51936575705f636e743d303030303030303030303030303030"]) [ 883.570441][T24318] FAULT_INJECTION: forcing a failure. [ 883.570441][T24318] name fail_usercopy, interval 1, probability 0, space 0, times 0 03:41:16 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x400000000000000, 0x0, 0x0) 03:41:16 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0xfffffe00) [ 883.615775][T24318] CPU: 0 PID: 24318 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 883.627535][T24318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 883.630296][T24489] incfs: Options parsing error. -22 [ 883.637583][T24318] Call Trace: [ 883.637604][T24318] dump_stack_lvl+0x1e2/0x24b [ 883.637616][T24318] ? show_regs_print_info+0x18/0x18 [ 883.637638][T24318] dump_stack+0x15/0x1d [ 883.637649][T24318] should_fail+0x3c0/0x510 03:41:16 executing program 1: mkdir(&(0x7f0000000080)='./file1\x00', 0x0) mount(&(0x7f0000000040)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000180)='./file1\x00', &(0x7f00000001c0)='gfs2meta\x00', 0x808e0, &(0x7f0000000200)='\x00') mkdir(&(0x7f0000000000)='./file1\x00', 0x16b) [ 883.637661][T24318] should_fail_usercopy+0x1a/0x20 [ 883.637671][T24318] _copy_from_user+0x20/0xd0 [ 883.637690][T24318] iovec_from_user+0xc7/0x310 [ 883.678714][T24318] ? __ia32_sys_shutdown+0x70/0x70 [ 883.683827][T24318] __import_iovec+0x72/0x3b0 [ 883.688420][T24318] io_recvmsg_copy_hdr+0x396/0x7f0 [ 883.693525][T24318] ? io_poll_remove_one+0xf90/0xf90 [ 883.698711][T24318] ? arch_stack_walk+0xf8/0x140 [ 883.703553][T24318] io_issue_sqe+0x2ccf/0xfc10 [ 883.708232][T24318] ? __io_req_task_cancel+0x720/0x720 [ 883.713588][T24318] ? __rcu_read_lock+0x50/0x50 [ 883.718355][T24318] ? is_bpf_text_address+0x1a2/0x1c0 [ 883.723636][T24318] ? stack_trace_save+0x1e0/0x1e0 [ 883.728657][T24318] ? __kernel_text_address+0x9a/0x110 [ 883.734028][T24318] ? kmem_cache_free+0xaa/0x1e0 [ 883.738863][T24318] ? kmem_cache_free+0xaa/0x1e0 [ 883.743701][T24318] ? kasan_set_track+0x63/0x80 [ 883.748460][T24318] ? kasan_set_track+0x4c/0x80 [ 883.753220][T24318] ? kasan_set_free_info+0x23/0x40 [ 883.758404][T24318] ? ____kasan_slab_free+0x133/0x170 [ 883.763677][T24318] ? __kasan_slab_free+0x11/0x20 [ 883.768610][T24318] ? slab_free_freelist_hook+0xb2/0x180 [ 883.774150][T24318] ? kmem_cache_free+0xaa/0x1e0 [ 883.778992][T24318] ? __io_free_req+0x20e/0x380 [ 883.783755][T24318] ? io_req_complete+0xeb/0x610 [ 883.788596][T24318] ? __io_queue_sqe+0x1070/0x2fa0 [ 883.793612][T24318] ? io_queue_sqe+0x295/0x1180 [ 883.798372][T24318] ? io_submit_sqe+0x385/0xfd0 [ 883.803131][T24318] ? io_submit_sqes+0x1050/0x2da0 [ 883.808152][T24318] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 883.813865][T24318] ? __x64_sys_io_uring_enter+0xe5/0x100 [ 883.819495][T24318] ? do_syscall_64+0x31/0x70 [ 883.824091][T24318] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 883.830151][T24318] ? kmem_cache_free+0xaa/0x1e0 [ 883.834998][T24318] ? debug_smp_processor_id+0x1c/0x20 [ 883.840364][T24318] ? kmem_cache_free+0xaa/0x1e0 [ 883.845208][T24318] ? ____kasan_slab_free+0x13e/0x170 [ 883.850487][T24318] ? __kasan_slab_free+0x11/0x20 [ 883.855416][T24318] ? slab_free_freelist_hook+0xb2/0x180 [ 883.860955][T24318] ? __rcu_read_lock+0x50/0x50 [ 883.865714][T24318] ? io_req_prep+0x1906/0x51b0 [ 883.870473][T24318] ? io_queue_sqe+0x1180/0x1180 [ 883.875312][T24318] __io_queue_sqe+0x2cf/0x2fa0 [ 883.880064][T24318] io_queue_sqe+0x295/0x1180 [ 883.884642][T24318] io_submit_sqe+0x385/0xfd0 [ 883.889225][T24318] ? io_file_get+0x437/0x9c0 [ 883.893804][T24318] io_submit_sqes+0x1050/0x2da0 [ 883.898633][T24318] ? io_uring_add_task_file+0x290/0x290 [ 883.904150][T24318] ? security_file_permission+0xa8/0xc0 [ 883.909671][T24318] ? __kasan_check_write+0x14/0x20 [ 883.914758][T24318] ? mutex_lock+0xa6/0x110 [ 883.919188][T24318] ? io_uring_add_task_file+0x127/0x290 [ 883.924743][T24318] ? __fdget+0x1b5/0x240 [ 883.928960][T24318] __se_sys_io_uring_enter+0x322/0x12b0 [ 883.934476][T24318] ? __fget_files+0x26d/0x2c0 [ 883.939126][T24318] ? __kasan_check_write+0x14/0x20 [ 883.944247][T24318] ? fput_many+0x47/0x1a0 [ 883.948549][T24318] ? __x64_sys_io_uring_enter+0x100/0x100 [ 883.954240][T24318] ? __ia32_sys_read+0x90/0x90 [ 883.958975][T24318] ? debug_smp_processor_id+0x1c/0x20 [ 883.964317][T24318] __x64_sys_io_uring_enter+0xe5/0x100 [ 883.969783][T24318] do_syscall_64+0x31/0x70 [ 883.974171][T24318] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 883.980044][T24318] RIP: 0033:0x7f5fb5d49a39 [ 883.984433][T24318] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 884.004009][T24318] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa 03:41:16 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 65) 03:41:16 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0xeaffffff00000000}, 0x0) 03:41:16 executing program 3: r0 = socket(0x27, 0x5e721feca0e1fe0a, 0x3) pipe(&(0x7f0000000200)={0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) splice(r1, 0x0, r2, 0x0, 0x4ffdc, 0x0) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000200)=0x14) unshare(0x40000400) r3 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000000)={0x2, 0x4, 0x4, 0x0, 0x0, 0xffffffffffffffff, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x8000000}, 0x40) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r3}, 0x38) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000080), &(0x7f0000000180)=0xc) sendmsg$NL80211_CMD_GET_WIPHY(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40}, 0x62, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="20003df0edff4c4a7e5a0100000008000100580000000c009900010100087c000000"], 0x28}, 0x1, 0x0, 0x0, 0x4001}, 0x4000) unshare(0x18000000) 03:41:16 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x40100000c010000, 0x0, 0x0) 03:41:16 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="726c90675f77616b657505000000744130303030303030303cd7303030303030303030302c00c8543ab99f55f2a5d891b4772ff7bdfefcfaaffeaf141f6157d64dd92d08dc2ef27e51c2c746a8b304df6c7fbf6710752a8fc0a8d08eeb6eb54267b2b9ffd38021e681993cc144756a707f5e9428f01cf41f854650aafbc986ae24e4aefcc141d2cbce3c28ef8a2887cfae96d3fdd9603c04c1b211d85d348f9e733940e9cd5c8f805a3deb6d14b85b73211b651565fb20ae45672343107e50b6d65aae25e3094bc285429456c025bf6f"]) 03:41:16 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0xffffff7f) [ 884.012410][T24318] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 884.020362][T24318] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 [ 884.028354][T24318] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 [ 884.036303][T24318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 884.044249][T24318] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:41:16 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0xefffffff00000000}, 0x0) 03:41:16 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000000c0)={[{@rlog_wakeup_cnt}]}) [ 884.093828][T24722] incfs: Options parsing error. -22 03:41:16 executing program 3: unshare(0x40000400) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x2, 0x4, 0x4, 0x1}, 0x40) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0}, 0x38) unshare(0x20800) [ 884.150003][T24736] FAULT_INJECTION: forcing a failure. [ 884.150003][T24736] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 884.165417][T24736] CPU: 1 PID: 24736 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 884.177057][T24736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 884.187104][T24736] Call Trace: [ 884.190391][T24736] dump_stack_lvl+0x1e2/0x24b [ 884.195076][T24736] ? show_regs_print_info+0x18/0x18 [ 884.200274][T24736] ? kfree+0xca/0x310 [ 884.204254][T24736] dump_stack+0x15/0x1d [ 884.208394][T24736] should_fail+0x3c0/0x510 [ 884.212788][T24736] should_fail_usercopy+0x1a/0x20 [ 884.217785][T24736] _copy_from_user+0x20/0xd0 [ 884.222351][T24736] __copy_msghdr_from_user+0xaf/0x730 [ 884.227695][T24736] ? __import_iovec+0x343/0x3b0 [ 884.232518][T24736] ? __ia32_sys_shutdown+0x70/0x70 [ 884.237657][T24736] io_recvmsg_copy_hdr+0x1cf/0x7f0 [ 884.242742][T24736] ? io_poll_remove_one+0xf90/0xf90 [ 884.247911][T24736] ? arch_stack_walk+0xf8/0x140 [ 884.252732][T24736] io_issue_sqe+0x2ccf/0xfc10 [ 884.257380][T24736] ? __io_req_task_cancel+0x720/0x720 [ 884.262723][T24736] ? __rcu_read_lock+0x50/0x50 [ 884.267459][T24736] ? is_bpf_text_address+0x1a2/0x1c0 [ 884.272735][T24736] ? stack_trace_save+0x1e0/0x1e0 [ 884.277734][T24736] ? __kernel_text_address+0x9a/0x110 [ 884.283081][T24736] ? kmem_cache_free+0xaa/0x1e0 [ 884.287914][T24736] ? kmem_cache_free+0xaa/0x1e0 [ 884.292736][T24736] ? kasan_set_track+0x63/0x80 [ 884.297467][T24736] ? kasan_set_track+0x4c/0x80 [ 884.302202][T24736] ? kasan_set_free_info+0x23/0x40 [ 884.307300][T24736] ? ____kasan_slab_free+0x133/0x170 [ 884.312556][T24736] ? __kasan_slab_free+0x11/0x20 [ 884.317463][T24736] ? slab_free_freelist_hook+0xb2/0x180 [ 884.322978][T24736] ? kmem_cache_free+0xaa/0x1e0 [ 884.327803][T24736] ? __io_free_req+0x20e/0x380 [ 884.332539][T24736] ? io_req_complete+0xeb/0x610 [ 884.337360][T24736] ? __io_queue_sqe+0x1070/0x2fa0 [ 884.342354][T24736] ? io_queue_sqe+0x295/0x1180 [ 884.347090][T24736] ? io_submit_sqe+0x385/0xfd0 [ 884.351824][T24736] ? io_submit_sqes+0x1050/0x2da0 [ 884.356821][T24736] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 884.362510][T24736] ? __x64_sys_io_uring_enter+0xe5/0x100 [ 884.368119][T24736] ? do_syscall_64+0x31/0x70 [ 884.372699][T24736] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 884.378743][T24736] ? kmem_cache_free+0xaa/0x1e0 [ 884.383565][T24736] ? debug_smp_processor_id+0x1c/0x20 [ 884.388907][T24736] ? __set_page_owner+0x2e2/0x300 [ 884.393904][T24736] ? kmem_cache_free+0xaa/0x1e0 [ 884.398726][T24736] ? ____kasan_slab_free+0x13e/0x170 [ 884.403981][T24736] ? __kasan_slab_free+0x11/0x20 [ 884.408892][T24736] ? slab_free_freelist_hook+0xb2/0x180 [ 884.414409][T24736] ? __rcu_read_lock+0x50/0x50 [ 884.419147][T24736] ? io_req_prep+0x1906/0x51b0 [ 884.423881][T24736] ? io_queue_sqe+0x1180/0x1180 [ 884.428703][T24736] __io_queue_sqe+0x2cf/0x2fa0 [ 884.433440][T24736] io_queue_sqe+0x295/0x1180 [ 884.438002][T24736] io_submit_sqe+0x385/0xfd0 [ 884.442564][T24736] ? io_file_get+0x437/0x9c0 [ 884.447140][T24736] io_submit_sqes+0x1050/0x2da0 [ 884.451964][T24736] ? io_uring_add_task_file+0x290/0x290 [ 884.457480][T24736] ? security_file_permission+0xa8/0xc0 [ 884.462999][T24736] ? __kasan_check_write+0x14/0x20 [ 884.468100][T24736] ? mutex_lock+0xa6/0x110 [ 884.472512][T24736] ? io_uring_add_task_file+0x127/0x290 [ 884.478028][T24736] ? __fdget+0x1b5/0x240 [ 884.482242][T24736] __se_sys_io_uring_enter+0x322/0x12b0 [ 884.487759][T24736] ? __fget_files+0x26d/0x2c0 [ 884.492409][T24736] ? __kasan_check_write+0x14/0x20 [ 884.497490][T24736] ? fput_many+0x47/0x1a0 [ 884.501811][T24736] ? __x64_sys_io_uring_enter+0x100/0x100 [ 884.507499][T24736] ? __ia32_sys_read+0x90/0x90 [ 884.512236][T24736] ? debug_smp_processor_id+0x1c/0x20 [ 884.517580][T24736] __x64_sys_io_uring_enter+0xe5/0x100 [ 884.523010][T24736] do_syscall_64+0x31/0x70 [ 884.527399][T24736] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 884.533261][T24736] RIP: 0033:0x7f5fb5d49a39 [ 884.537649][T24736] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 884.557226][T24736] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 884.565612][T24736] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 884.573561][T24736] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 [ 884.581512][T24736] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 [ 884.589463][T24736] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 03:41:17 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0xfffffff5) 03:41:17 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x800000000000000, 0x0, 0x0) 03:41:17 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 66) [ 884.597410][T24736] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:41:17 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0xf0ffffff00000000}, 0x0) 03:41:17 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="726c6f67df77616b6575ccd60925743d302b303032c6b712a8bfccc528303030303030302c003d246f998ac34ca3bf3fb5555e1899ddd9f1b3321121c645bec789eeb709f19cdd91e2e5046ceedc7ff9c4e05ae02ce9090b929f79fa31d08000c0b3f5062c1259d411f8c5c738128fff0199987f284b0a1f12c3eeb8e7a090426fe8f51add0ed885e62dc48037eca36f88114607dff3d4da5a7414a9b4886a6f586b7e8634bd9b56b52e299112086facdf534a279dbacf6b1b7395ce895a8522d60ed8d6b3e1596fe2b4c4ce551e80cbf82fee27254572ea553786c32cb70d6eeb7199ccb9e0ec872dc5c367b68ad5f5ee164da4caf13998b730bd51b03f44b308844bd418b8dd350a5971aaaa87539b02e10d59d6e751b741dec1deeaa3291f8ccdc6861879b9c42d5f5f81e4db70659f5de296571902623ce6a218f0"]) mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x1000010, &(0x7f0000000180)={[{@xino_auto}], [{@defcontext={'defcontext', 0x3d, 'staff_u'}}]}) 03:41:17 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0xfeffffff00000000}, 0x0) [ 884.719495][T24871] FAULT_INJECTION: forcing a failure. [ 884.719495][T24871] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 884.733931][T24871] CPU: 0 PID: 24871 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 884.745571][T24871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 884.755621][T24871] Call Trace: [ 884.758914][T24871] dump_stack_lvl+0x1e2/0x24b [ 884.763587][T24871] ? show_regs_print_info+0x18/0x18 [ 884.768779][T24871] dump_stack+0x15/0x1d [ 884.772930][T24871] should_fail+0x3c0/0x510 [ 884.777347][T24871] should_fail_usercopy+0x1a/0x20 [ 884.782373][T24871] _copy_from_user+0x20/0xd0 [ 884.786957][T24871] iovec_from_user+0xc7/0x310 [ 884.791627][T24871] ? __ia32_sys_shutdown+0x70/0x70 [ 884.792749][T24892] incfs: Options parsing error. -22 [ 884.796721][T24871] __import_iovec+0x72/0x3b0 [ 884.796737][T24871] io_recvmsg_copy_hdr+0x396/0x7f0 [ 884.796749][T24871] ? io_poll_remove_one+0xf90/0xf90 03:41:17 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0xffffff7f00000000}, 0x0) [ 884.796762][T24871] ? arch_stack_walk+0xf8/0x140 [ 884.796775][T24871] io_issue_sqe+0x2ccf/0xfc10 [ 884.796788][T24871] ? __io_req_task_cancel+0x720/0x720 [ 884.796801][T24871] ? __rcu_read_lock+0x50/0x50 [ 884.796819][T24871] ? is_bpf_text_address+0x1a2/0x1c0 [ 884.807840][T24892] overlayfs: missing 'lowerdir' [ 884.811654][T24871] ? stack_trace_save+0x1e0/0x1e0 [ 884.811667][T24871] ? __kernel_text_address+0x9a/0x110 [ 884.811686][T24871] ? kmem_cache_free+0xaa/0x1e0 [ 884.811695][T24871] ? kmem_cache_free+0xaa/0x1e0 03:41:17 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0xffffffff00000000}, 0x0) [ 884.811706][T24871] ? kasan_set_track+0x63/0x80 [ 884.811715][T24871] ? kasan_set_track+0x4c/0x80 [ 884.811734][T24871] ? kasan_set_free_info+0x23/0x40 [ 884.881251][T24871] ? ____kasan_slab_free+0x133/0x170 [ 884.886516][T24871] ? __kasan_slab_free+0x11/0x20 [ 884.891432][T24871] ? slab_free_freelist_hook+0xb2/0x180 [ 884.896961][T24871] ? kmem_cache_free+0xaa/0x1e0 [ 884.901809][T24871] ? __io_free_req+0x20e/0x380 [ 884.906564][T24871] ? io_req_complete+0xeb/0x610 [ 884.911401][T24871] ? __io_queue_sqe+0x1070/0x2fa0 03:41:17 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0xffffffffa0028000}, 0x0) [ 884.916414][T24871] ? io_queue_sqe+0x295/0x1180 [ 884.921164][T24871] ? io_submit_sqe+0x385/0xfd0 [ 884.925916][T24871] ? io_submit_sqes+0x1050/0x2da0 [ 884.930923][T24871] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 884.936625][T24871] ? __x64_sys_io_uring_enter+0xe5/0x100 [ 884.942243][T24871] ? do_syscall_64+0x31/0x70 [ 884.946810][T24871] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 884.952867][T24871] ? kmem_cache_free+0xaa/0x1e0 [ 884.957713][T24871] ? debug_smp_processor_id+0x1c/0x20 [ 884.963074][T24871] ? __set_page_owner+0x2e2/0x300 03:41:17 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}}, 0x0) [ 884.968085][T24871] ? kmem_cache_free+0xaa/0x1e0 [ 884.973044][T24871] ? ____kasan_slab_free+0x13e/0x170 [ 884.978331][T24871] ? __kasan_slab_free+0x11/0x20 [ 884.983256][T24871] ? slab_free_freelist_hook+0xb2/0x180 [ 884.988792][T24871] ? __rcu_read_lock+0x50/0x50 [ 884.993558][T24871] ? io_req_prep+0x1906/0x51b0 [ 884.998315][T24871] ? io_queue_sqe+0x1180/0x1180 [ 885.003151][T24871] __io_queue_sqe+0x2cf/0x2fa0 [ 885.007903][T24871] io_queue_sqe+0x295/0x1180 [ 885.012494][T24871] io_submit_sqe+0x385/0xfd0 03:41:17 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x0, 0x2}, 0x0) [ 885.017075][T24871] ? io_file_get+0x437/0x9c0 [ 885.021655][T24871] io_submit_sqes+0x1050/0x2da0 [ 885.026512][T24871] ? io_uring_add_task_file+0x290/0x290 [ 885.032061][T24871] ? security_file_permission+0xa8/0xc0 [ 885.037603][T24871] ? __kasan_check_write+0x14/0x20 [ 885.042694][T24871] ? mutex_lock+0xa6/0x110 [ 885.047104][T24871] ? io_uring_add_task_file+0x127/0x290 [ 885.052640][T24871] ? __fdget+0x1b5/0x240 [ 885.056874][T24871] __se_sys_io_uring_enter+0x322/0x12b0 [ 885.062417][T24871] ? __fget_files+0x26d/0x2c0 [ 885.067094][T24871] ? __kasan_check_write+0x14/0x20 [ 885.072226][T24871] ? fput_many+0x47/0x1a0 [ 885.076562][T24871] ? __x64_sys_io_uring_enter+0x100/0x100 [ 885.082288][T24871] ? __ia32_sys_read+0x90/0x90 [ 885.087038][T24871] ? debug_smp_processor_id+0x1c/0x20 [ 885.092385][T24871] __x64_sys_io_uring_enter+0xe5/0x100 [ 885.097823][T24871] do_syscall_64+0x31/0x70 [ 885.102215][T24871] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 885.108082][T24871] RIP: 0033:0x7f5fb5d49a39 [ 885.112480][T24871] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 885.132060][T24871] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 885.140444][T24871] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 885.148396][T24871] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 [ 885.156343][T24871] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 03:41:17 executing program 3: setsockopt$inet6_IPV6_HOPOPTS(0xffffffffffffffff, 0x29, 0x36, &(0x7f0000000000)={0x32, 0x3, '\x00', [@padn={0x1, 0x3, [0x0, 0x0, 0x0]}, @ra={0x5, 0x2, 0xff01}, @padn={0x1, 0x5, [0x0, 0x0, 0x0, 0x0, 0x0]}, @enc_lim={0x4, 0x1, 0x3}, @jumbo]}, 0x28) unshare(0x40000400) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x2, 0x4, 0x4, 0x1, 0x6c0}, 0x40) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0}, 0x38) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_DEFRAG(r1, 0x50009402, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r0, &(0x7f0000000040)="8e708c2c46cb03e4796fbc31d6f22e1e3c2e7863f07b6831a4146d567c49579cce7242", &(0x7f00000000c0)=@tcp, 0x1}, 0x20) 03:41:17 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x0, 0x3}, 0x0) 03:41:17 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0xc0000000f) 03:41:17 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 67) 03:41:17 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0xc00000000000000, 0x0, 0x0) [ 885.164290][T24871] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 885.172236][T24871] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 [ 885.190200][T24892] incfs: Options parsing error. -22 03:41:17 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x0, 0x4}, 0x0) 03:41:17 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(&(0x7f0000000080)=@loop={'/dev/loop', 0x0}, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='devpts\x00', 0x4001, 0x0) ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000280)=0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000008440), 0x0, 0x0) read$FUSE(r1, &(0x7f0000000040)={0x2020, 0x0, 0x0, 0x0}, 0x2020) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000008440), 0x0, 0x0) read$FUSE(r3, &(0x7f0000000040)={0x2020, 0x0, 0x0, 0x0}, 0x2020) setreuid(0xee00, r4) lstat(&(0x7f0000003380)='./file1\x00', &(0x7f00000033c0)={0x0, 0x0, 0x0, 0x0, 0x0}) setreuid(r5, r2) stat(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0}) recvmmsg$unix(0xffffffffffffffff, &(0x7f0000003180)=[{{0x0, 0x0, &(0x7f00000026c0)=[{&(0x7f0000000440)=""/87, 0x57}, {&(0x7f00000004c0)=""/95, 0x5f}, {&(0x7f0000000540)=""/101, 0x65}, {&(0x7f00000005c0)=""/4096, 0x1000}, {&(0x7f00000015c0)=""/4096, 0x1000}, {&(0x7f00000025c0)=""/104, 0x68}, {&(0x7f0000002640)=""/67, 0x43}], 0x7, &(0x7f0000002740)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0x0}}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0xa0}}, {{0x0, 0x0, &(0x7f0000002ac0)=[{&(0x7f0000002800)=""/43, 0x2b}, {&(0x7f0000002840)=""/44, 0x2c}, {&(0x7f0000002880)=""/15, 0xf}, {&(0x7f00000028c0)=""/28, 0x1c}, {&(0x7f0000002900)=""/56, 0x38}, {&(0x7f0000002940)=""/191, 0xbf}, {&(0x7f0000002a00)=""/139, 0x8b}], 0x7, &(0x7f0000002b40)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0x70}}, {{&(0x7f0000002bc0)=@abs, 0x6e, &(0x7f0000002f00)=[{&(0x7f0000002c40)=""/215, 0xd7}, {&(0x7f0000002d40)=""/64, 0x40}, {&(0x7f0000002d80)=""/122, 0x7a}, {&(0x7f0000002e00)=""/89, 0x59}, {&(0x7f0000002e80)=""/68, 0x44}], 0x5, &(0x7f0000002f80)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}], 0x30}}, {{&(0x7f0000002fc0)=@abs, 0x6e, &(0x7f0000003140)=[{&(0x7f0000003040)=""/243, 0xf3}], 0x1}}], 0x4, 0x0, &(0x7f0000003280)={0x77359400}) lsetxattr$system_posix_acl(&(0x7f0000000200)='./file1\x00', &(0x7f0000000240)='system.posix_acl_access\x00', &(0x7f00000032c0)={{}, {0x1, 0x5}, [{0x2, 0x4, r0}, {0x2, 0x7, 0xee00}, {0x2, 0x3, 0xffffffffffffffff}, {0x2, 0x6, 0xee01}, {0x2, 0x0, r2}, {0x2, 0x5, r6}, {0x2, 0x2, 0xee01}], {0x4, 0x3}, [{0x8, 0x4, 0xee01}, {0x8, 0x0, 0xee00}, {0x8, 0x2}, {0x8, 0x3, 0xee00}, {0x8, 0x1, 0xee00}, {0x8, 0x4, r7}, {0x8, 0x6}, {0x8, 0x5, 0xee00}], {0x10, 0x1}, {0x20, 0x2}}, 0x9c, 0x1) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000000c0)={[{@rlog_wakeup_cnt}]}) 03:41:18 executing program 3: unshare(0x40000400) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x2, 0x4, 0x4, 0x1}, 0x40) r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0xb, 0x82400) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r0, &(0x7f0000000000)="caed97ae0ff14bfc2ac36662124e89b0f8be27cbec185866b1b3f1d4275e3526c2fd3ac6b927f512d396c2437b1c10a46ca72f9b505dbc8a90d2ab755c8f088cab23abeeaf085429218446d0dcd6dd0b18f008155ef381d5e10244c892da1bb46c664df82dd2ccbf779010a07bdf0e23bf1b0ee1b340b5", &(0x7f0000000100)=@tcp=r1, 0x2}, 0x20) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0}, 0x38) [ 885.294608][T25111] FAULT_INJECTION: forcing a failure. [ 885.294608][T25111] name failslab, interval 1, probability 0, space 0, times 0 [ 885.308442][T25111] CPU: 0 PID: 25111 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 885.320073][T25111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 885.330122][T25111] Call Trace: [ 885.333414][T25111] dump_stack_lvl+0x1e2/0x24b [ 885.338094][T25111] ? devkmsg_release+0x127/0x127 03:41:18 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x4000000000) [ 885.343031][T25111] ? show_regs_print_info+0x18/0x18 [ 885.348226][T25111] dump_stack+0x15/0x1d [ 885.352384][T25111] should_fail+0x3c0/0x510 [ 885.356671][T25132] incfs: Can't find or create .index dir in ./file0 [ 885.356797][T25111] ? iovec_from_user+0x8a/0x310 [ 885.363422][ T23] audit: type=1400 audit(2000000478.049:611): avc: denied { mounton } for pid=25124 comm="syz-executor.1" path="/root/syzkaller-testdir342210909/syzkaller.ig4ckE/2670/file0" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:devpts_t tclass=dir permissive=1 [ 885.368181][T25111] __should_failslab+0x9f/0xe0 [ 885.368194][T25111] should_failslab+0x9/0x20 [ 885.368204][T25111] __kmalloc+0x68/0x3d0 [ 885.368222][T25111] ? _copy_from_user+0x93/0xd0 [ 885.413022][T25111] iovec_from_user+0x8a/0x310 [ 885.417697][T25111] ? __ia32_sys_shutdown+0x70/0x70 [ 885.422800][T25111] __import_iovec+0x72/0x3b0 [ 885.427386][T25111] io_recvmsg_copy_hdr+0x396/0x7f0 [ 885.432493][T25111] ? io_poll_remove_one+0xf90/0xf90 [ 885.437681][T25111] ? arch_stack_walk+0xf8/0x140 [ 885.442532][T25111] io_issue_sqe+0x2ccf/0xfc10 [ 885.447214][T25111] ? __io_req_task_cancel+0x720/0x720 [ 885.452583][T25111] ? __rcu_read_lock+0x50/0x50 [ 885.457334][T25111] ? is_bpf_text_address+0x1a2/0x1c0 [ 885.462599][T25111] ? stack_trace_save+0x1e0/0x1e0 [ 885.467610][T25111] ? __kernel_text_address+0x9a/0x110 [ 885.472978][T25111] ? kmem_cache_free+0xaa/0x1e0 [ 885.477821][T25111] ? kmem_cache_free+0xaa/0x1e0 [ 885.482664][T25111] ? kasan_set_track+0x63/0x80 [ 885.487422][T25111] ? kasan_set_track+0x4c/0x80 03:41:18 executing program 3: unshare(0x40000400) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x2, 0x4, 0x4, 0x1}, 0x40) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000140)={r0, &(0x7f0000000000)="921dd1add9d8245541e8bee392f7cafd21d5fd6f11206cc7ed8cbbba0f52ab218c5eb81b71b1f81598ed67958ca1ce5b5810009ec0c472159d2822d18fcefae0a3510f2167054b91", &(0x7f00000000c0)=""/71}, 0x20) unshare(0x2000080) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0}, 0x38) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) listen(r1, 0x12) pipe(&(0x7f0000000200)={0xffffffffffffffff}) r3 = socket$inet_udp(0x2, 0x2, 0x0) close(r3) splice(r2, 0x0, r3, 0x0, 0x4ffdc, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000300)={r2, &(0x7f0000000180)="b178811227b02aac922aadf6baf903cfa5ba52f8e6c1cb61c47d44bf344fdb187a50b135795eea25078ff970810b42a2b662c50ff99d7051b179d0631cb34d78922b1aec06bb773a58f1feb5e4e7822f039aa94dc27b68694a146408df3aece9437ab35d66409571c35ec33e4d5f9d0a55c8702626c7e7e37b30a08543080bee8a9c0320aeb50221438dbbd48b55a276aa3fab", &(0x7f0000000240)=""/188, 0x4}, 0x20) ioctl$BTRFS_IOC_SYNC(r1, 0x9408, 0x0) 03:41:18 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x10c00000104) [ 885.492181][T25111] ? kasan_set_free_info+0x23/0x40 [ 885.497290][T25111] ? ____kasan_slab_free+0x133/0x170 [ 885.502569][T25111] ? __kasan_slab_free+0x11/0x20 [ 885.507498][T25111] ? slab_free_freelist_hook+0xb2/0x180 [ 885.513038][T25111] ? kmem_cache_free+0xaa/0x1e0 [ 885.517886][T25111] ? __io_free_req+0x20e/0x380 [ 885.522642][T25111] ? io_req_complete+0xeb/0x610 [ 885.527485][T25111] ? __io_queue_sqe+0x1070/0x2fa0 [ 885.532500][T25111] ? io_queue_sqe+0x295/0x1180 [ 885.537258][T25111] ? io_submit_sqe+0x385/0xfd0 [ 885.542015][T25111] ? io_submit_sqes+0x1050/0x2da0 [ 885.547032][T25111] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 885.552742][T25111] ? __x64_sys_io_uring_enter+0xe5/0x100 [ 885.558369][T25111] ? do_syscall_64+0x31/0x70 [ 885.562950][T25111] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 885.569014][T25111] ? kmem_cache_free+0xaa/0x1e0 [ 885.573861][T25111] ? debug_smp_processor_id+0x1c/0x20 [ 885.579240][T25111] ? __set_page_owner+0x2e2/0x300 [ 885.584258][T25111] ? kmem_cache_free+0xaa/0x1e0 [ 885.589102][T25111] ? ____kasan_slab_free+0x13e/0x170 03:41:18 executing program 3: unshare(0x40000400) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) splice(r1, 0x0, r2, 0x0, 0x4ffdc, 0xb) r3 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x2, 0x4, 0x4, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r0, 0x10, 0xffffffff}, 0x40) ioctl$int_in(r1, 0x5452, &(0x7f0000000040)=0x4) unshare(0x40000700) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r3}, 0x38) [ 885.594379][T25111] ? __kasan_slab_free+0x11/0x20 [ 885.599294][T25111] ? slab_free_freelist_hook+0xb2/0x180 [ 885.604835][T25111] ? __rcu_read_lock+0x50/0x50 [ 885.609592][T25111] ? io_req_prep+0x1906/0x51b0 [ 885.614350][T25111] ? io_queue_sqe+0x1180/0x1180 [ 885.619198][T25111] __io_queue_sqe+0x2cf/0x2fa0 [ 885.623957][T25111] io_queue_sqe+0x295/0x1180 [ 885.628548][T25111] io_submit_sqe+0x385/0xfd0 [ 885.633132][T25111] ? io_file_get+0x437/0x9c0 [ 885.637733][T25111] io_submit_sqes+0x1050/0x2da0 03:41:18 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x11000000114) [ 885.642591][T25111] ? io_uring_add_task_file+0x290/0x290 [ 885.648131][T25111] ? security_file_permission+0xa8/0xc0 [ 885.653676][T25111] ? __kasan_check_write+0x14/0x20 [ 885.658784][T25111] ? mutex_lock+0xa6/0x110 [ 885.663195][T25111] ? io_uring_add_task_file+0x127/0x290 [ 885.668735][T25111] ? __fdget+0x1b5/0x240 [ 885.672969][T25111] __se_sys_io_uring_enter+0x322/0x12b0 [ 885.678501][T25111] ? __fget_files+0x26d/0x2c0 [ 885.683164][T25111] ? __kasan_check_write+0x14/0x20 [ 885.688264][T25111] ? fput_many+0x47/0x1a0 [ 885.692596][T25111] ? __x64_sys_io_uring_enter+0x100/0x100 [ 885.698311][T25111] ? __ia32_sys_read+0x90/0x90 [ 885.703051][T25111] ? debug_smp_processor_id+0x1c/0x20 [ 885.708397][T25111] __x64_sys_io_uring_enter+0xe5/0x100 [ 885.713828][T25111] do_syscall_64+0x31/0x70 [ 885.718228][T25111] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 885.724104][T25111] RIP: 0033:0x7f5fb5d49a39 03:41:18 executing program 3: unshare(0x40000400) unshare(0x12010400) unshare(0x20600) unshare(0xa00) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x2, 0x4, 0x4, 0x1, 0xa99}, 0x40) unshare(0x50000) pipe(&(0x7f0000000200)={0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) unshare(0x70050980) splice(r1, 0x0, r2, 0x0, 0x4ffdc, 0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) connect$inet6(r3, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c) pipe(&(0x7f0000000200)={0xffffffffffffffff}) r5 = socket$inet_udp(0x2, 0x2, 0x0) close(r5) splice(r4, 0x0, r5, 0x0, 0x4ffdc, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000040)={r1, &(0x7f00000000c0)="2c57a1edc60bb76a3a2bd3fea2db3920e8a04163aeb1ce1f7ecaa2ce614e6cc55f2bb666bb5ec59821390e2c7fbc08197c60846bdf06d3c8a4b91fa4cae565afa22d09e9ff64297aea9f4f084b45271852029157a07ed03e112018d50cb80ff8d318488c0ccab944aa18c8d37f18df90ef907a967b2d5546dbef389f7cac4bacfe2dbe05cd400d9a74c69bdeab9830b27e39e67c7ddd2036346b38b775e0a46a36725c1c249cc826627bc1854a1f807af8247128fa3ebe32d46c58b3f3be760d50b2d8b308da6ac1ce0c414f84fd1976", &(0x7f0000000000)=@tcp6=r4, 0x4}, 0x20) unshare(0x14020400) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0}, 0x38) 03:41:18 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0xf0000000c000000, 0x0, 0x0) 03:41:18 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x0, 0x5}, 0x0) [ 885.728508][T25111] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 885.748109][T25111] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 885.756523][T25111] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 885.764496][T25111] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 [ 885.772465][T25111] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 [ 885.780444][T25111] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 885.788417][T25111] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:41:18 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 68) 03:41:18 executing program 1: mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB='rlog_wakeup_cnt=00000000000F00000000,\x00']) 03:41:18 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x40000000200) [ 885.823417][ T1316] BUG: Dentry ffff888119adf770{i=0,n=.index} still in use (1) [unmount of devpts devpts] [ 885.833406][ T1316] ------------[ cut here ]------------ [ 885.839007][ T1316] WARNING: CPU: 0 PID: 1316 at fs/dcache.c:1616 umount_check+0x18d/0x1d0 [ 885.847404][ T1316] Modules linked in: [ 885.851565][ T1316] CPU: 0 PID: 1316 Comm: syz-executor.1 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 885.863126][ T1316] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 885.873212][ T1316] RIP: 0010:umount_check+0x18d/0x1d0 [ 885.878551][ T1316] Code: 8b 0b 49 81 c6 f8 03 00 00 48 c7 c7 40 43 2e 85 4c 89 e6 48 8b 55 d0 4c 89 e1 45 89 f8 31 c0 41 56 e8 ae d9 9e ff 48 83 c4 08 <0f> 0b e9 f1 fe ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c c9 fe ff [ 885.898178][ T1316] RSP: 0018:ffffc90005c67c68 EFLAGS: 00010282 [ 885.904285][ T1316] RAX: 0000000000000057 RBX: ffffffff866730c0 RCX: ea9e27bc433c3400 [ 885.912322][ T1316] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000 03:41:18 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x0, 0x6}, 0x0) [ 885.920319][ T1316] RBP: ffffc90005c67c98 R08: ffffffff81545368 R09: ffffed103ee095d8 [ 885.928354][ T1316] R10: ffffed103ee095d8 R11: 0000000000000000 R12: ffff888119adf770 [ 885.936321][ T1316] R13: dffffc0000000000 R14: ffff88810c24e3f8 R15: 0000000000000001 [ 885.944325][ T1316] FS: 00005555558d2400(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 885.953278][ T1316] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 885.959895][ T1316] CR2: 00007f25d126e343 CR3: 0000000150cda000 CR4: 00000000003506b0 [ 885.967877][ T1316] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 885.974780][T25391] FAULT_INJECTION: forcing a failure. [ 885.974780][T25391] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 885.975913][ T1316] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 885.988932][T25391] CPU: 1 PID: 25391 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 885.996830][ T1316] Call Trace: [ 886.008425][T25391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 886.008429][T25391] Call Trace: [ 886.008448][T25391] dump_stack_lvl+0x1e2/0x24b [ 886.008466][T25391] ? show_regs_print_info+0x18/0x18 [ 886.011731][ T1316] d_walk+0x309/0x540 [ 886.021750][T25391] dump_stack+0x15/0x1d [ 886.021760][T25391] should_fail+0x3c0/0x510 [ 886.021776][T25391] should_fail_usercopy+0x1a/0x20 [ 886.025032][ T1316] ? __d_free+0x30/0x30 [ 886.029675][T25391] _copy_from_user+0x20/0xd0 [ 886.029692][T25391] iovec_from_user+0xc7/0x310 [ 886.034864][ T1316] shrink_dcache_for_umount+0x8e/0x1b0 [ 886.038813][T25391] ? __ia32_sys_shutdown+0x70/0x70 [ 886.038829][T25391] __import_iovec+0x72/0x3b0 [ 886.042958][ T1316] generic_shutdown_super+0x66/0x2c0 [ 886.047347][T25391] io_recvmsg_copy_hdr+0x396/0x7f0 [ 886.052352][ T1316] kill_litter_super+0x75/0xa0 [ 886.056479][T25391] ? io_poll_remove_one+0xf90/0xf90 [ 886.061048][ T1316] devpts_kill_sb+0x61/0x70 [ 886.065687][T25391] ? arch_stack_walk+0xf8/0x140 [ 886.071116][ T1316] deactivate_locked_super+0xb0/0x100 [ 886.076189][T25391] io_issue_sqe+0x2ccf/0xfc10 [ 886.080754][ T1316] deactivate_super+0xa5/0xd0 [ 886.086003][T25391] ? __io_req_task_cancel+0x720/0x720 [ 886.091087][ T1316] cleanup_mnt+0x45f/0x510 [ 886.095816][T25391] ? __rcu_read_lock+0x50/0x50 [ 886.100986][ T1316] __cleanup_mnt+0x19/0x20 [ 886.105476][T25391] ? is_bpf_text_address+0x1a2/0x1c0 [ 886.110301][ T1316] task_work_run+0x147/0x1b0 [ 886.115634][T25391] ? stack_trace_save+0x1e0/0x1e0 [ 886.120286][ T1316] exit_to_user_mode_prepare+0xc3/0xe0 [ 886.124927][T25391] ? __kernel_text_address+0x9a/0x110 [ 886.130273][ T1316] syscall_exit_to_user_mode+0x24/0x40 [ 886.134653][T25391] ? kmem_cache_free+0xaa/0x1e0 [ 886.139389][ T1316] do_syscall_64+0x3d/0x70 [ 886.143770][T25391] ? kmem_cache_free+0xaa/0x1e0 [ 886.149029][ T1316] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 886.153583][T25391] ? kasan_set_track+0x63/0x80 [ 886.158585][ T1316] RIP: 0033:0x7fb6d2042ea7 [ 886.164008][T25391] ? kasan_set_track+0x4c/0x80 [ 886.169358][ T1316] Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 886.174781][T25391] ? kasan_set_free_info+0x23/0x40 [ 886.179603][ T1316] RSP: 002b:00007ffdf3bcca48 EFLAGS: 00000206 [ 886.183987][T25391] ? ____kasan_slab_free+0x133/0x170 [ 886.188811][ T1316] ORIG_RAX: 00000000000000a6 [ 886.194669][T25391] ? __kasan_slab_free+0x11/0x20 [ 886.199405][ T1316] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fb6d2042ea7 [ 886.203787][T25391] ? slab_free_freelist_hook+0xb2/0x180 [ 886.208520][ T1316] RDX: 00007ffdf3bccb1c RSI: 0000000000000002 RDI: 00007ffdf3bccb10 [ 886.228088][T25391] ? kmem_cache_free+0xaa/0x1e0 [ 886.228097][T25391] ? __io_free_req+0x20e/0x380 [ 886.228112][T25391] ? io_req_complete+0xeb/0x610 [ 886.233191][ T1316] RBP: 00007ffdf3bccb10 R08: 00000000ffffffff R09: 00007ffdf3bcc8e0 [ 886.239254][T25391] ? __io_queue_sqe+0x1070/0x2fa0 [ 886.239263][T25391] ? io_queue_sqe+0x295/0x1180 [ 886.239279][T25391] ? io_submit_sqe+0x385/0xfd0 [ 886.244534][ T1316] R10: 00005555558d3b83 R11: 0000000000000206 R12: 00007fb6d209b035 [ 886.249176][T25391] ? io_submit_sqes+0x1050/0x2da0 [ 886.249192][T25391] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 886.254097][ T1316] R13: 00007ffdf3bcdbd0 R14: 00005555558d3b00 R15: 00007ffdf3bcdc10 [ 886.262039][T25391] ? __x64_sys_io_uring_enter+0xe5/0x100 [ 886.262049][T25391] ? do_syscall_64+0x31/0x70 [ 886.262066][T25391] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 886.267575][ T1316] ---[ end trace 0c697c6dbf6663d5 ]--- [ 886.275520][T25391] ? kmem_cache_free+0xaa/0x1e0 [ 886.275536][T25391] ? debug_smp_processor_id+0x1c/0x20 [ 886.281023][ T1316] VFS: Busy inodes after unmount of devpts. Self-destruct in 5 seconds. Have a nice day... [ 886.285090][T25391] ? kmem_cache_free+0xaa/0x1e0 [ 886.285101][T25391] ? ____kasan_slab_free+0x13e/0x170 [ 886.285117][T25391] ? __kasan_slab_free+0x11/0x20 [ 886.395751][T25391] ? slab_free_freelist_hook+0xb2/0x180 [ 886.401273][T25391] ? __rcu_read_lock+0x50/0x50 [ 886.406011][T25391] ? io_req_prep+0x1906/0x51b0 [ 886.410745][T25391] ? io_queue_sqe+0x1180/0x1180 [ 886.415568][T25391] __io_queue_sqe+0x2cf/0x2fa0 [ 886.420313][T25391] io_queue_sqe+0x295/0x1180 [ 886.424886][T25391] io_submit_sqe+0x385/0xfd0 [ 886.429446][T25391] ? io_file_get+0x437/0x9c0 [ 886.434007][T25391] io_submit_sqes+0x1050/0x2da0 [ 886.438847][T25391] ? io_uring_add_task_file+0x290/0x290 [ 886.444376][T25391] ? security_file_permission+0xa8/0xc0 [ 886.449899][T25391] ? __kasan_check_write+0x14/0x20 [ 886.454982][T25391] ? mutex_lock+0xa6/0x110 [ 886.459372][T25391] ? io_uring_add_task_file+0x127/0x290 [ 886.464888][T25391] ? __fdget+0x1b5/0x240 [ 886.469105][T25391] __se_sys_io_uring_enter+0x322/0x12b0 [ 886.474622][T25391] ? __fget_files+0x26d/0x2c0 [ 886.479276][T25391] ? __kasan_check_write+0x14/0x20 [ 886.484359][T25391] ? fput_many+0x47/0x1a0 [ 886.488663][T25391] ? __x64_sys_io_uring_enter+0x100/0x100 [ 886.494362][T25391] ? __ia32_sys_read+0x90/0x90 [ 886.499108][T25391] ? debug_smp_processor_id+0x1c/0x20 [ 886.504455][T25391] __x64_sys_io_uring_enter+0xe5/0x100 [ 886.509885][T25391] do_syscall_64+0x31/0x70 [ 886.514274][T25391] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 886.520140][T25391] RIP: 0033:0x7f5fb5d49a39 [ 886.524531][T25391] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 886.544128][T25391] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 886.552514][T25391] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 886.560459][T25391] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 [ 886.568435][T25391] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 03:41:19 executing program 3: unshare(0x40000400) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x2, 0x4, 0x4, 0x1}, 0x40) pipe(&(0x7f0000000200)={0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) splice(r1, 0x0, r2, 0x0, 0x4ffdc, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='blkio.bfq.time_recursive\x00', 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x0, 0x200, 0xf550, 0x200, 0x100, r1, 0x7ff, '\x00', 0x0, r3, 0x3, 0x2, 0x3}, 0x40) r4 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r4, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) listen(r4, 0x12) getsockopt$inet_int(r4, 0x0, 0xf, &(0x7f00000000c0), &(0x7f0000000100)=0x4) unshare(0x10000800) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0}, 0x38) 03:41:19 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 69) [ 886.576391][T25391] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 886.584349][T25391] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:41:19 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x7ffffffff000) 03:41:19 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x1401000010010000, 0x0, 0x0) 03:41:19 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x0, 0x7}, 0x0) 03:41:19 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="726c6f675f77fb986575705f636e743d30303030303030303030303030303030302c00000000"]) 03:41:19 executing program 3: unshare(0x40000400) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x2, 0x4, 0x4, 0x1}, 0x40) unshare(0x0) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0}, 0x38) [ 886.705596][T25521] FAULT_INJECTION: forcing a failure. [ 886.705596][T25521] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 886.718869][T25521] CPU: 1 PID: 25521 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 886.730476][T25521] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 886.740517][T25521] Call Trace: [ 886.743786][T25521] dump_stack_lvl+0x1e2/0x24b [ 886.748439][T25521] ? show_regs_print_info+0x18/0x18 [ 886.753627][T25521] ? kfree+0xca/0x310 [ 886.757583][T25521] dump_stack+0x15/0x1d [ 886.761716][T25521] should_fail+0x3c0/0x510 [ 886.766106][T25521] should_fail_usercopy+0x1a/0x20 [ 886.771106][T25521] _copy_from_user+0x20/0xd0 [ 886.775688][T25521] __copy_msghdr_from_user+0xaf/0x730 [ 886.781032][T25521] ? __import_iovec+0x343/0x3b0 [ 886.785862][T25521] ? __ia32_sys_shutdown+0x70/0x70 [ 886.790950][T25521] io_recvmsg_copy_hdr+0x1cf/0x7f0 [ 886.796053][T25521] ? io_poll_remove_one+0xf90/0xf90 [ 886.801228][T25521] ? arch_stack_walk+0xf8/0x140 [ 886.806054][T25521] io_issue_sqe+0x2ccf/0xfc10 [ 886.810707][T25521] ? __io_req_task_cancel+0x720/0x720 [ 886.816060][T25521] ? __rcu_read_lock+0x50/0x50 [ 886.820796][T25521] ? is_bpf_text_address+0x1a2/0x1c0 [ 886.826054][T25521] ? stack_trace_save+0x1e0/0x1e0 [ 886.831052][T25521] ? __kernel_text_address+0x9a/0x110 [ 886.836399][T25521] ? kmem_cache_free+0xaa/0x1e0 [ 886.841221][T25521] ? kmem_cache_free+0xaa/0x1e0 [ 886.846045][T25521] ? kasan_set_track+0x63/0x80 [ 886.850778][T25521] ? kasan_set_track+0x4c/0x80 [ 886.855525][T25521] ? kasan_set_free_info+0x23/0x40 [ 886.860606][T25521] ? ____kasan_slab_free+0x133/0x170 [ 886.865862][T25521] ? __kasan_slab_free+0x11/0x20 [ 886.870769][T25521] ? slab_free_freelist_hook+0xb2/0x180 [ 886.876718][T25521] ? kmem_cache_free+0xaa/0x1e0 [ 886.881554][T25521] ? __io_free_req+0x20e/0x380 [ 886.886308][T25521] ? io_req_complete+0xeb/0x610 [ 886.891134][T25521] ? __io_queue_sqe+0x1070/0x2fa0 [ 886.896131][T25521] ? io_queue_sqe+0x295/0x1180 [ 886.900866][T25521] ? io_submit_sqe+0x385/0xfd0 [ 886.905603][T25521] ? io_submit_sqes+0x1050/0x2da0 [ 886.910600][T25521] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 886.916299][T25521] ? __x64_sys_io_uring_enter+0xe5/0x100 [ 886.921912][T25521] ? do_syscall_64+0x31/0x70 [ 886.926474][T25521] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 886.932523][T25521] ? kmem_cache_free+0xaa/0x1e0 [ 886.937348][T25521] ? debug_smp_processor_id+0x1c/0x20 [ 886.942694][T25521] ? kmem_cache_free+0xaa/0x1e0 [ 886.947519][T25521] ? ____kasan_slab_free+0x13e/0x170 [ 886.952777][T25521] ? __kasan_slab_free+0x11/0x20 [ 886.957686][T25521] ? slab_free_freelist_hook+0xb2/0x180 [ 886.963206][T25521] ? __rcu_read_lock+0x50/0x50 [ 886.967947][T25521] ? io_req_prep+0x1906/0x51b0 [ 886.972683][T25521] ? io_queue_sqe+0x1180/0x1180 [ 886.977507][T25521] __io_queue_sqe+0x2cf/0x2fa0 [ 886.982247][T25521] io_queue_sqe+0x295/0x1180 [ 886.986826][T25521] io_submit_sqe+0x385/0xfd0 [ 886.991390][T25521] ? io_file_get+0x437/0x9c0 [ 886.995955][T25521] io_submit_sqes+0x1050/0x2da0 [ 887.000782][T25521] ? io_uring_add_task_file+0x290/0x290 [ 887.006300][T25521] ? security_file_permission+0xa8/0xc0 [ 887.011821][T25521] ? __kasan_check_write+0x14/0x20 [ 887.016927][T25521] ? mutex_lock+0xa6/0x110 [ 887.021326][T25521] ? io_uring_add_task_file+0x127/0x290 [ 887.026851][T25521] ? __fdget+0x1b5/0x240 [ 887.031074][T25521] __se_sys_io_uring_enter+0x322/0x12b0 [ 887.036605][T25521] ? __fget_files+0x26d/0x2c0 [ 887.041262][T25521] ? __kasan_check_write+0x14/0x20 [ 887.046349][T25521] ? fput_many+0x47/0x1a0 [ 887.050659][T25521] ? __x64_sys_io_uring_enter+0x100/0x100 [ 887.056355][T25521] ? __ia32_sys_read+0x90/0x90 [ 887.061107][T25521] ? debug_smp_processor_id+0x1c/0x20 [ 887.066461][T25521] __x64_sys_io_uring_enter+0xe5/0x100 [ 887.071898][T25521] do_syscall_64+0x31/0x70 [ 887.076573][T25521] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 887.082442][T25521] RIP: 0033:0x7f5fb5d49a39 [ 887.086833][T25521] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 887.106451][T25521] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 887.114841][T25521] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 887.122886][T25521] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 [ 887.130835][T25521] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 [ 887.138783][T25521] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 887.146727][T25521] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:41:19 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 70) 03:41:19 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x0, 0x9}, 0x0) 03:41:19 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0xc58700000000) [ 887.186392][T25538] incfs: Options parsing error. -22 03:41:19 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="726c6f675f77616b6575705f636e743d30303030303030303030303030303030303030302c009b3c25460c4bdd9c88c49bf5fc5ae7e72f16da3eee51c461e52166ddf8fb7702fc624a9c54adb56fa99126084edb85e8df1a098c1bdcb0327288bb4432c9e1cb"]) 03:41:19 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x1801000000000000, 0x0, 0x0) 03:41:20 executing program 3: unshare(0x40000400) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, &(0x7f0000000000)="fc0000001d000724ab09254ec100070007ab08001b000000f0ffff002100057e0000000000000e000039000000039815fad151ba0101099cecb94b46fe0000000a00020025", 0xffffff0c) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="900601002d000105", @ANYBLOB="0e19750f5b738dba76f868b6a5234b73e107fdd49002ef9864696308125a2979edc0321be8e1f0b7b07794ccd6fd557cf997335311679122805bea7f6aae8f7ded2b98d0b35d14c2067ef250ab50d046e94d481c41348210c141d7712f6e74da3801b02f2aa264ced1889ce640211ceda04f896c9b794498027355f00a818e0e9883305f789bb871564c15a4c1e25725f206a3cb83daaff8e22f2b5a8d06d2fd171e46da64409ba376a9a52f4cf25cf23d23e3fbc7d6315815101348b5e69199e819dd7f6eb95cbd94ce9cba345470a85e00000000"], 0x10690}}, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='wchan\x00') splice(r1, 0x0, r2, 0x0, 0x1, 0x4a5c8699372fa58) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ftruncate(r3, 0x1) r4 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x2, 0x4, 0x4, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r0}, 0x40) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r4}, 0x38) [ 887.265555][T25633] FAULT_INJECTION: forcing a failure. [ 887.265555][T25633] name failslab, interval 1, probability 0, space 0, times 0 [ 887.280516][T25633] CPU: 1 PID: 25633 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 887.292145][T25633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 887.302194][T25633] Call Trace: [ 887.305467][T25633] dump_stack_lvl+0x1e2/0x24b [ 887.310123][T25633] ? devkmsg_release+0x127/0x127 [ 887.315033][T25633] ? show_regs_print_info+0x18/0x18 [ 887.320206][T25633] dump_stack+0x15/0x1d [ 887.324340][T25633] should_fail+0x3c0/0x510 [ 887.328733][T25633] ? iovec_from_user+0x8a/0x310 [ 887.333558][T25633] __should_failslab+0x9f/0xe0 [ 887.338296][T25633] should_failslab+0x9/0x20 [ 887.342773][T25633] __kmalloc+0x68/0x3d0 [ 887.346905][T25633] ? _copy_from_user+0x93/0xd0 [ 887.351639][T25633] iovec_from_user+0x8a/0x310 [ 887.356289][T25633] ? __ia32_sys_shutdown+0x70/0x70 [ 887.361372][T25633] __import_iovec+0x72/0x3b0 [ 887.365936][T25633] io_recvmsg_copy_hdr+0x396/0x7f0 [ 887.371020][T25633] ? io_poll_remove_one+0xf90/0xf90 [ 887.376190][T25633] ? arch_stack_walk+0xf8/0x140 [ 887.381018][T25633] io_issue_sqe+0x2ccf/0xfc10 [ 887.385669][T25633] ? __io_req_task_cancel+0x720/0x720 [ 887.391014][T25633] ? __rcu_read_lock+0x50/0x50 [ 887.395802][T25633] ? is_bpf_text_address+0x1a2/0x1c0 [ 887.401063][T25633] ? stack_trace_save+0x1e0/0x1e0 [ 887.406059][T25633] ? __kernel_text_address+0x9a/0x110 [ 887.411405][T25633] ? kmem_cache_free+0xaa/0x1e0 [ 887.416265][T25633] ? kmem_cache_free+0xaa/0x1e0 [ 887.421091][T25633] ? kasan_set_track+0x63/0x80 [ 887.425825][T25633] ? kasan_set_track+0x4c/0x80 [ 887.430560][T25633] ? kasan_set_free_info+0x23/0x40 [ 887.435641][T25633] ? ____kasan_slab_free+0x133/0x170 [ 887.440899][T25633] ? __kasan_slab_free+0x11/0x20 [ 887.445806][T25633] ? slab_free_freelist_hook+0xb2/0x180 [ 887.451319][T25633] ? kmem_cache_free+0xaa/0x1e0 [ 887.456144][T25633] ? __io_free_req+0x20e/0x380 [ 887.460885][T25633] ? io_req_complete+0xeb/0x610 [ 887.465704][T25633] ? __io_queue_sqe+0x1070/0x2fa0 [ 887.470699][T25633] ? io_queue_sqe+0x295/0x1180 [ 887.475437][T25633] ? io_submit_sqe+0x385/0xfd0 [ 887.480172][T25633] ? io_submit_sqes+0x1050/0x2da0 [ 887.485164][T25633] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 887.490853][T25633] ? __x64_sys_io_uring_enter+0xe5/0x100 [ 887.496468][T25633] ? do_syscall_64+0x31/0x70 [ 887.501044][T25633] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 887.507088][T25633] ? kmem_cache_free+0xaa/0x1e0 [ 887.511912][T25633] ? debug_smp_processor_id+0x1c/0x20 [ 887.517255][T25633] ? kmem_cache_free+0xaa/0x1e0 [ 887.522080][T25633] ? ____kasan_slab_free+0x13e/0x170 [ 887.527335][T25633] ? __kasan_slab_free+0x11/0x20 [ 887.532242][T25633] ? slab_free_freelist_hook+0xb2/0x180 [ 887.537758][T25633] ? __rcu_read_lock+0x50/0x50 [ 887.542496][T25633] ? io_req_prep+0x1906/0x51b0 [ 887.547235][T25633] ? io_queue_sqe+0x1180/0x1180 [ 887.552061][T25633] __io_queue_sqe+0x2cf/0x2fa0 [ 887.556800][T25633] io_queue_sqe+0x295/0x1180 [ 887.561364][T25633] io_submit_sqe+0x385/0xfd0 [ 887.565925][T25633] ? io_file_get+0x437/0x9c0 [ 887.570489][T25633] io_submit_sqes+0x1050/0x2da0 [ 887.575313][T25633] ? io_uring_add_task_file+0x290/0x290 [ 887.580832][T25633] ? security_file_permission+0xa8/0xc0 [ 887.586360][T25633] ? __kasan_check_write+0x14/0x20 [ 887.591445][T25633] ? mutex_lock+0xa6/0x110 [ 887.595834][T25633] ? io_uring_add_task_file+0x127/0x290 [ 887.601350][T25633] ? __fdget+0x1b5/0x240 [ 887.605575][T25633] __se_sys_io_uring_enter+0x322/0x12b0 [ 887.611094][T25633] ? __fget_files+0x26d/0x2c0 [ 887.615743][T25633] ? __kasan_check_write+0x14/0x20 [ 887.620826][T25633] ? fput_many+0x47/0x1a0 [ 887.625129][T25633] ? __x64_sys_io_uring_enter+0x100/0x100 [ 887.630824][T25633] ? __ia32_sys_read+0x90/0x90 [ 887.635564][T25633] ? debug_smp_processor_id+0x1c/0x20 [ 887.640917][T25633] __x64_sys_io_uring_enter+0xe5/0x100 [ 887.646348][T25633] do_syscall_64+0x31/0x70 [ 887.650737][T25633] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 887.656603][T25633] RIP: 0033:0x7f5fb5d49a39 [ 887.660996][T25633] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 887.681272][T25633] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 887.689679][T25633] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 887.697624][T25633] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 [ 887.705569][T25633] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 03:41:20 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x0, 0x83}, 0x0) 03:41:20 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 71) [ 887.713511][T25633] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 887.721456][T25633] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:41:20 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0xf2) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB='rlog_wake_cnt=00000000000000000000,\x00']) 03:41:20 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x0, 0x300}, 0x0) 03:41:20 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x2000000000000) [ 887.848879][T25686] FAULT_INJECTION: forcing a failure. [ 887.848879][T25686] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 887.862467][T25686] CPU: 0 PID: 25686 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 887.874094][T25686] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 887.884139][T25686] Call Trace: [ 887.887434][T25686] dump_stack_lvl+0x1e2/0x24b [ 887.892109][T25686] ? show_regs_print_info+0x18/0x18 03:41:20 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x0, 0x500}, 0x0) [ 887.897315][T25686] dump_stack+0x15/0x1d [ 887.901473][T25686] should_fail+0x3c0/0x510 [ 887.905987][T25686] should_fail_usercopy+0x1a/0x20 [ 887.911016][T25686] _copy_from_user+0x20/0xd0 [ 887.915610][T25686] iovec_from_user+0xc7/0x310 [ 887.920303][T25686] ? __ia32_sys_shutdown+0x70/0x70 [ 887.925424][T25686] __import_iovec+0x72/0x3b0 [ 887.930020][T25686] io_recvmsg_copy_hdr+0x396/0x7f0 [ 887.935138][T25686] ? io_poll_remove_one+0xf90/0xf90 [ 887.940343][T25686] ? arch_stack_walk+0xf8/0x140 03:41:20 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x0, 0x600}, 0x0) [ 887.945189][T25686] io_issue_sqe+0x2ccf/0xfc10 [ 887.949862][T25686] ? __io_req_task_cancel+0x720/0x720 [ 887.955241][T25686] ? __rcu_read_lock+0x50/0x50 [ 887.960009][T25686] ? is_bpf_text_address+0x1a2/0x1c0 [ 887.965296][T25686] ? stack_trace_save+0x1e0/0x1e0 [ 887.970322][T25686] ? __kernel_text_address+0x9a/0x110 [ 887.972812][T25807] incfs: Options parsing error. -22 [ 887.975696][T25686] ? kmem_cache_free+0xaa/0x1e0 [ 887.975715][T25686] ? kmem_cache_free+0xaa/0x1e0 [ 887.990552][T25686] ? kasan_set_track+0x63/0x80 03:41:20 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x2000, &(0x7f00000000c0)=ANY=[@ANYBLOB="726cff675f77616b6475705f63bbf3252d9680165d30303030303030302c00"]) 03:41:20 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x2000000040000) [ 887.995326][T25686] ? kasan_set_track+0x4c/0x80 [ 888.000098][T25686] ? kasan_set_free_info+0x23/0x40 [ 888.005206][T25686] ? ____kasan_slab_free+0x133/0x170 [ 888.010496][T25686] ? __kasan_slab_free+0x11/0x20 [ 888.015450][T25686] ? slab_free_freelist_hook+0xb2/0x180 [ 888.020991][T25686] ? kmem_cache_free+0xaa/0x1e0 [ 888.025840][T25686] ? __io_free_req+0x20e/0x380 [ 888.030601][T25686] ? io_req_complete+0xeb/0x610 [ 888.035468][T25686] ? __io_queue_sqe+0x1070/0x2fa0 [ 888.040495][T25686] ? io_queue_sqe+0x295/0x1180 03:41:20 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x0, 0x700}, 0x0) [ 888.045347][T25686] ? io_submit_sqe+0x385/0xfd0 [ 888.050113][T25686] ? io_submit_sqes+0x1050/0x2da0 [ 888.055137][T25686] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 888.060855][T25686] ? __x64_sys_io_uring_enter+0xe5/0x100 [ 888.066470][T25686] ? do_syscall_64+0x31/0x70 [ 888.071045][T25686] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 888.077112][T25686] ? kmem_cache_free+0xaa/0x1e0 [ 888.081966][T25686] ? debug_smp_processor_id+0x1c/0x20 [ 888.087336][T25686] ? __set_page_owner+0x2e2/0x300 [ 888.092355][T25686] ? kmem_cache_free+0xaa/0x1e0 [ 888.097202][T25686] ? ____kasan_slab_free+0x13e/0x170 [ 888.102489][T25686] ? __kasan_slab_free+0x11/0x20 [ 888.107427][T25686] ? slab_free_freelist_hook+0xb2/0x180 [ 888.112959][T25686] ? __rcu_read_lock+0x50/0x50 [ 888.117713][T25686] ? io_req_prep+0x1906/0x51b0 [ 888.122480][T25686] ? io_queue_sqe+0x1180/0x1180 [ 888.127329][T25686] __io_queue_sqe+0x2cf/0x2fa0 [ 888.132172][T25686] io_queue_sqe+0x295/0x1180 [ 888.136755][T25686] io_submit_sqe+0x385/0xfd0 [ 888.141367][T25686] ? io_file_get+0x437/0x9c0 [ 888.145946][T25686] io_submit_sqes+0x1050/0x2da0 [ 888.150790][T25686] ? io_uring_add_task_file+0x290/0x290 [ 888.156327][T25686] ? security_file_permission+0xa8/0xc0 [ 888.161884][T25686] ? __kasan_check_write+0x14/0x20 [ 888.166992][T25686] ? mutex_lock+0xa6/0x110 [ 888.171410][T25686] ? io_uring_add_task_file+0x127/0x290 [ 888.177426][T25686] ? __fdget+0x1b5/0x240 [ 888.181670][T25686] __se_sys_io_uring_enter+0x322/0x12b0 [ 888.187213][T25686] ? __fget_files+0x26d/0x2c0 [ 888.191890][T25686] ? __kasan_check_write+0x14/0x20 [ 888.196998][T25686] ? fput_many+0x47/0x1a0 [ 888.201330][T25686] ? __x64_sys_io_uring_enter+0x100/0x100 [ 888.207037][T25686] ? __ia32_sys_read+0x90/0x90 [ 888.211804][T25686] ? debug_smp_processor_id+0x1c/0x20 [ 888.217172][T25686] __x64_sys_io_uring_enter+0xe5/0x100 [ 888.222631][T25686] do_syscall_64+0x31/0x70 [ 888.227178][T25686] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 888.233046][T25686] RIP: 0033:0x7f5fb5d49a39 [ 888.237446][T25686] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 888.257049][T25686] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 888.265444][T25686] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 888.273433][T25686] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 [ 888.281383][T25686] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 [ 888.289373][T25686] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 03:41:21 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x1f00000000000000, 0x0, 0x0) [ 888.297320][T25686] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:41:21 executing program 3: write$P9_RUNLINKAT(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x4d, 0x2}, 0x7) unshare(0x40000400) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x2, 0x4, 0x4, 0x1}, 0x40) r1 = syz_open_dev$vcsn(&(0x7f0000000040), 0x7ff, 0x0) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/module/haltpoll', 0x501000, 0xc8) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000200), 0xa0400, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000001c0)={r1, &(0x7f00000000c0)="4a6bd881e84ba6bf1764b051239a2b72d0a8bdf9d0dd704b87ec045b1f268149c92b201c40e1283a1baf6a25ee0a92b64fbe970fd860d647ae53789c5793bb5fd758da0d640c4f29975b638f73faeee9f703585bac3d768fb84e176e", &(0x7f0000000180)=@udp=r2, 0x4}, 0x20) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0}, 0x38) 03:41:21 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x0, 0x900}, 0x0) 03:41:21 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000000c0)={[{@rlog_wakeup_cnt}]}) unlink(&(0x7f0000000080)='./file0\x00') 03:41:21 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x4000000000000) 03:41:21 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 72) 03:41:21 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x3800000000000000, 0x0, 0x0) 03:41:21 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x0, 0x65a0}, 0x0) 03:41:21 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x0, 0x8100}, 0x0) [ 888.688777][T26049] FAULT_INJECTION: forcing a failure. [ 888.688777][T26049] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 888.704280][T26049] CPU: 0 PID: 26049 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 888.715911][T26049] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 888.725962][T26049] Call Trace: [ 888.729250][T26049] dump_stack_lvl+0x1e2/0x24b [ 888.733926][T26049] ? show_regs_print_info+0x18/0x18 [ 888.739120][T26049] ? kfree+0xca/0x310 [ 888.743187][T26049] dump_stack+0x15/0x1d [ 888.747345][T26049] should_fail+0x3c0/0x510 [ 888.751768][T26049] should_fail_usercopy+0x1a/0x20 [ 888.756800][T26049] _copy_from_user+0x20/0xd0 [ 888.761389][T26049] __copy_msghdr_from_user+0xaf/0x730 [ 888.766757][T26049] ? __import_iovec+0x343/0x3b0 [ 888.771609][T26049] ? __ia32_sys_shutdown+0x70/0x70 [ 888.776721][T26049] io_recvmsg_copy_hdr+0x1cf/0x7f0 [ 888.781829][T26049] ? io_poll_remove_one+0xf90/0xf90 [ 888.787022][T26049] ? arch_stack_walk+0xf8/0x140 [ 888.791872][T26049] io_issue_sqe+0x2ccf/0xfc10 [ 888.796546][T26049] ? __io_req_task_cancel+0x720/0x720 [ 888.801917][T26049] ? __rcu_read_lock+0x50/0x50 [ 888.806674][T26049] ? is_bpf_text_address+0x1a2/0x1c0 [ 888.811950][T26049] ? stack_trace_save+0x1e0/0x1e0 [ 888.816968][T26049] ? __kernel_text_address+0x9a/0x110 [ 888.822350][T26049] ? kmem_cache_free+0xaa/0x1e0 [ 888.827193][T26049] ? kmem_cache_free+0xaa/0x1e0 [ 888.832041][T26049] ? kasan_set_track+0x63/0x80 03:41:21 executing program 3: io_uring_setup(0x1b5c, &(0x7f0000000000)={0x0, 0x7e15, 0x10, 0x1, 0x22a}) unshare(0x50008200) unshare(0x40000200) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x2, 0x4, 0x4, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x5}, 0x40) unshare(0x10040000) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0}, 0x38) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000000)="fc0000001d000724ab09254ec100070007ab08001b000000f0ffff002100057e0000000000000e000039000000039815fad151ba0101099cecb94b46fe0000000a00020025", 0xffffff0c) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="900601002d000105", @ANYBLOB="af23c538255a8c9075c0c731cf4a9a3d7b65cfab0a3b443740cc948d99868ee7f8c93f820c584832b2b436fc532ce289abaa35470a9514f82d1f2ad45a6c9cccb356ea7e0aef5b5595b14b691a2868047f331d44dbe7baf55b46b6de8a713faf72018ff9f3ad7f818485a894f9699f2fa97496dd69d299ee40439598a7796e8dd82418d636da62edd507bb32780b98c048038130934c7df7049405714ee58e752a5035af7790c035762d6a2cb9867385999378952550bd53181bc071e26782"], 0x10690}}, 0x0) splice(r3, 0x0, r2, 0x0, 0x1, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r4, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) listen(r4, 0x12) r5 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r5, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) listen(r5, 0x12) sendmsg$nl_route_sched(r2, &(0x7f0000000d40)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000d00)={&(0x7f0000002980)=ANY=[@ANYBLOB="601700006500000825bd7000ffdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="f3ff030007000e000b00f3ff0800010062706600341702000409010090001e000b00010073616d706c65000064000280080005000101000018000200050000000001000004000000010000000000000008000400000000000800040000000001080005000001000018000200da8e00000100000006000000010000000500000008000500010000000800050007000000040006000c00070001000000000000000c000800030000000100000008010a000d000100636f6e6e6d61726b00000000ac0002801c00010000e0cc060008000003000000b6c8000001000000800000001c0001000000000004000000030000000000000006000000030000001c0001000200000000000000070000000800000002000000040000001c00010040aa000000000100070000000500000000000000080000001c0001000400000001000000000000200900000004000000000000001c000100be1200000000000006000000fcffffff9affffff010000002f000600df4dafcdc3f4d85871244ec0e04ed8948b3f96231ca6efa3acaf90762ba515c1a71037e4deea460a072e19000c00070001000000010000000c000800010000000300000080011600080001006e617400cc00028028000100040000000700000008000000080000000900000000000000e00000010000000000000000280001003f000000070000000500000001000100ff0f0000ac1414bbac1e0101ffffffff000000002800010006000000ff7f00000000001002000000529700000000000064010101ffffffff010000002800010004000000b5000000000000100800000004000000ac1414bbffffffffffffff000000000028000100080000001f00000003000000a883000006000000e0000001ac1414aaffffff0000000000900006000c968f04ee8bf3f3fc97b2bd469a1f434f1e2e195e284e262a3e7bb8b33e7eac2bb411499bfb0ca6ecd8501c97aa0a3e3a60c52494beee17bd20449757712339773f428e65a26ab8892b6e196d6ffa9ede3372cbbe09d7bea6247f920c99204d0b58788b4e99bfc459f06afb7fdc55da9a96ec792318cb41a7fabb23f6a1f93a04e26d3e04c259b52fa0d95b0c00070000000000010000000c0008000200000001000000c4000700090001006373756d00000000200002801c0001000200000005000000040000008c72000003000000330000007900060045822f336a07029bd667450f96d950d6b2f6cc861cb0a2de2c489ce22ec67152a9fdac73f9e64fa4f00e737a5665a021ce9b11a79ae3a043624ebdc6c55811c53e504307386d3546a9d10c0ea283eba3c596391ba46944994ab5a5ae5d4b830bebbba54dcc5ae268010c00494ee323f50307ebe2270000000c00070001000000010000000c0008000100000003000000d40100000b0001006d697272656400000401028020000200ff0700000800000008000000a8fe00000800000004000000", @ANYRES32=0x0, @ANYBLOB="20000200d3030000eb0fffff01000000000000000400000002000000", @ANYRES32=0x0, @ANYBLOB="200002000000000001000000010000003f0000000300000004000000", @ANYRES32=0x0, @ANYBLOB="20000200010000000400000000000010f8ffffff0040000002000000", @ANYRES32=0x0, @ANYBLOB="200002000700000001000000000000007c4c3b2d0000000002000000", @ANYRES32=0x0, @ANYBLOB="2000020001000000030000000d000000f60700000800000004000000", @ANYRES32=0x0, @ANYBLOB="2000020008000000ff0f000002000000f60000002000000002000000", @ANYRES32=0x0, @ANYBLOB="20000200b30200adb0649d00ff01000000000000000000800510000004000000", @ANYRES32=0x0, @ANYBLOB="a700060042e54fed03fa3e8600f18050a27e54fca40042d5b321b314a060356d1f0b08a0b2668d3953538d5efb86a86bfe3917093535d5b3585ebab7b20b92ea3c205f2b211a280d6e26eae58ba4ed319905c1225a8a4052ce9877b670f4d98982e005772b93d43774b598883539a0b8ed604a69878d632bb6d157b3c556ef8822ebc4d4e81a4d917718859ae8ebaa54d84b601a7f1b894b383b9bc025e594e0b85cc31b3736c7000c00070000000000010000000c000800010000000200000078010b000b0001006d69727265640000640002802000020002000000b3010000040000000002000033ed000000000000", @ANYRES32=0x0, @ANYBLOB="20000200ff7f0000090000000000001004000000410e000001000000", @ANYRES32=0x0, @ANYBLOB="2000020001ffffff8000000008000000010000000600000002000000", @ANYRES32=0x0, @ANYBLOB="ec000600ae391312f4cb845ba3a771a22fde380a579ab2276b40f63f715e4245f4f2a3bb8b0d6ef9ee9f71f8c61a553c9544b688b275d8ef62b2586fa3dc749988c34e5386ac586b415228330c7a73039c58502718c86211994c8f119549e80f3e68a34c8005d8eab255aa41d0d0eb44c70d0d3ffc0924fff7f887596134d1fa3278db47c3128da271a1f40b93bd8d8bedc3a10fc0fa07b5d930c3cf76f8f87bb327f5915ec1b5c09e19fd8e52dba1e18b244a13e7f89c13d4399c5528842fad8c95fb9c783a31e70a0f0db4553ece99deb587f959a3cb4de90a33d0a95ccde767675e3f023cf8cee77aeb780c00070001000000000000000c0008000100000002000000b8000c00070001006374000038000280140007005e42525bfb5ad495329f6fae4b9271f708000600c230000006000d004e20000006000d004e23000008000600010000805b000600e02c49ac0101cacd768d8c2c3508215fe3fb3ffd1afa3a9abbe75a4031e43769e45a776f7e0c1c0bb873dc62d1516e36fed825431b615554a510cca09a29f57c44219898ccce36a18ac0459d6dc7e8fc7c3f251c4f8e55000c00070000000000000000000c00080003000000020000002001050007000100637400001c00028018000100010000000100000006000000827e0000760c0000de0006000183b673ed4a4a69c0f3e76bad8ddc52f87a2f0fd84dd0f02556c4cdcd43f7bf320c3824efbe180354988128e7422f508ffdcf4e1616795b21d3cf9c0c51dcbfe7f299ad498b49bc5ad80f75f96172b3969a38be2c301b1a033e6168dc98c32122881e5f4310c1693047b742771a4d826c38c4354f7730009ee3f2a6bd26cc96b3e6125a81b5947cc22fe97da9da785100585095d459f0fd60f3b9628b061690b1aa2d15b745dff263911e73a0d3aed2e967ec207a99e4c13652519f4971e9e509d40e60e3136673396e3a3a5fb4f7cff793dea7513c7d14593600000c00070001000000010000000c000800000000000000000008000600", @ANYRES32=r2, @ANYBLOB="08000600", @ANYRES32=r1, @ANYBLOB="0800090000000000080003000e000900e4050100cc000f000f00010074756e6e656c5f6b6579000020000280060009004e24000014000500fc0200000000000000000000000000007e00060048c689bfab2ff3be7bf61e51ffb3be0dfca23f2ce5ff711911355d82a28d7a0a80da64e1ed8a07d1fc0b4485e590b084ddfd1538fb90ecb6e61613de81102424082f1d2aba6b32603db2abf8e32ed36c1e989a3fd283ceedcf036127ba35813f02683688082ecc615587e12a6c9b8743d60abfa9705e8c1d131200000c00070001000000010000000c0008000000000001000000ac011f000b0001006d69727265640000840002802000020000010000fcffffff0a000000010000000200000003000000", @ANYRES32=0x0, @ANYBLOB="200002000101000000000100ffffffff050000000800000004000000", @ANYRES32=0x0, @ANYBLOB="20000200000800000008000003000000060000000180000003000000", @ANYRES32=0x0, @ANYBLOB="20000200060000000900000004000000000000000700000004000000", @ANYRES32=0x0, @ANYBLOB="ff000600a8f8cb5c8b06321c146c8127577ecdd13266a25740cc6c06293c544c601270f38a738501264aa045dac67779f743ad9edc005c03290d5af32d1598d1265ec1ea6bab14574216cc19dc937c04b2132693bd39073ad4d61a03c8ceafaa43ace2b897152609f9c376ae51c5cb4558facd5c871774edeb2a4328b53c074b07ac11a3c6b293a6f302c110cb3a17708415db3e19f5b6fa88d6fc7eb6a6c18b8bedc8f39084f44788f883f970a096a3894129dbb110fddd5b98115603861bc12e79123da9f3d290f4f2a6178c1e14e6bf47dabf45ae2609e06a5b269d8ded5c58b88d97b4ca42149a079277a110910868b275c3124d5c8ce6b42e126d08d1000c00070000000000010000000c0008000600000001000000b00012000b0001006d69727265640000240002802000020000100000000000000800000005000000ffffffff07000000", @ANYRES32=0x0, @ANYBLOB="6300060057cbd9af0d554edfefe773442856a0029883153822966925e78082422de616dc08bb6615bc285ad95811701a70d661cd51f7f4f8aef727b4d30771f909c5c8a56b564518fdf7409be1e1ba9692f23df4f1b678c850c706d9736875555a8fe2000c00070001000000000000000c000800020000000000000010011b000b0001006374696e666f00005c00028008000500800000000800060003000000180003007f0000000500000005000000000000007600000008000500050000000800050002000000080007001f0000001800030005000000050000000500000004000000018000008c00060045fd40e9d179eedb6b786499d3d0f53217d38624428ea1e2324618846d2b94e4d23ec4acb8dd4aa298c8d3e016321489031c187b8fc6c3d6ff96c629108edc355bfbafad2e19280027d46e319a273c344d6addd1030a1b8b6b312fefa7dd8cfdd2947750ae0227d1950d66a5dba53045e4b808394ab04525d7de7ac75e92b87d10cbeaa47724e5c10c00070001000000000000000c00080002000000020000005c000d0008000100627066000c00028008000500", @ANYRES32=r3, @ANYBLOB="2b00060089db0c3db9cc2c5e34b9876ef5de8719116966d01879f8f7fa4d12108ad52b295c0469198733f2000c00070000000000010000000c00080003000000010000004c01090008000100627066009000028006000300060000004c00040000023f1c960000006c0008095a0000000400ff000000000000007f20090000000700030506000000000401150000000000800205400000000900010909000000070009ff0700000008000500", @ANYRES32, @ANYBLOB="06000300040000000c0006002e2f66696c65300008000500", @ANYRES32=r4, @ANYBLOB="0c0006002e2f66696c65300008000500", @ANYRES32=r5, @ANYBLOB="96000600adcf17e119861c35d975837e8988684599b7b2156c6cb63d2376ac6f1fa885faaedf824c4062c1f0a9b460b79ced44e83e303743ee49ec156095cc36bd43e386adda82e1dc225b1624c83c75cd59cb04375541fe5c4e6ec3b199c3c37082c23e1275cbaf9832e491a60f294a617d7fe620e5b25dfaffcc3f9c1063c0605b7a031682bc2b1383ff5b3e1d5cf3aaccb8188d4b00000c00070001000000000000000c00080001000000000000000c0007002e2f66696c6530001408020004040200fffbffff0800000000100000b900000020000000020000000010000006000000ec0f0000cb0200000000000064eae3520700000099a0000001000000030000007f00000060020000810000000000008002000000ff070000ffffff7f060000000000008000040000060000003f000000400000000000000005000000030000000700000001000000070000004500000000000000010100001f000000040000000400000006000000030000000100ffff0010000005000000000000000600000008000000040000004763c84b0300000081bb0000090000000100008020000000ffffffff0200000000000000200000006e0d0000cd000000040000002c000000030000000100010006000000070000008e0700000400000008000000310000004b090000e8080000ac000000ffff000003000000ff7f000001040000030000000400000000000000ff0700000200000005000000db060000030000003f0000000200000076000000050000000000ffff08000000060000000800000081000000e1fffffffcffffff0010000004000000050000000800000001040000090000000001000004000000080000000400000063060000b5000000370000001f00000000000000ffffffffff000000050000000200000001000000000000000700000037ebffff0100008000008000620d0000370000002000000003000000ce0000000010000012d90000010000003c050000cf020000010000800500000007000000f2000000ffffff7f0101000005000000050000000000000001000000010000004000000009000000020000004606000008000000040000000400000001000000498f000001000100040000000300000009000000ff03000001000080feffffff05000000ff0700003f000000010000000800000000000000ff01000001000080040000000300000007000000ff7f000007000000ff00000002000000040000000080000006000000080000004000000069ffffffff00000002000000000000000300000006000000080000000900000003000000050000000b08000002000000ff000000ef5100000200000000000000000000004000000001000000ff030000000000000000008003000000ff010000040000000600000097000000ff070000080000000700000001000000070000006a6e0000060000000000000075000000000000002000000001000000000400003700000033f2507a0100000001000000070000001600000001000000010000800300000002000000be7dffffff03000000000000ba00000009000000bc0a00000600000003000000fbffffff001000008003000005000000430000000004000002000000a4000000ff0f000000000000060000000300000007000000ffffffff070000000180000005000000fe0c0000080004006abe0000040403000300000004000000020000000700000001000100ff7f00000700000009000000000000000700000000000000ffffffffff0700000500000002000000010000004754d09f05000000ffffffff00000000090000000700000000fcffff040000000000010005000000ffff000000020000e79d6d4c030000000500000011060000060000000008000040000000abc4000000000000008000008b000000ffffffff0600000005000000020000000500000000000010c36e00000100000000000000ff0f0000f8000000ffffffff000000000500000001000000faffffffffff000081000000070000000600000000000000cb000000f9ffffff02000000010001000b0a000001000080060000000700000094cf0000b50000000500000000020000ffffff7f070000000010000000000000090000003f0000007f000000ec0d00000000000000020000000000000002000000000000020000004859000081000000008000000600000005000000030000000300000008000000010000000100000001000080f4e8000003000000ff0f0000f9ffffff04000000000100002355000004000000feffffff0700000003000000040000000100ffffffffffff080000007f000000e50700008a0d0000ff0f0000dc20000040000000ffffffff090000000000000007000000af0000000004000002000000747a0000080000000000010005000000030000001e00000006000000000000803f00000008000000400a0000090000008a00000002000000f6050000000200000700000000020000ff0f00000200000009000000090000000080000003000000020000005f0000000500000009000000400000004300000081ffffff04000000040000000000000007000000010000000400000080000000040000000800000002000000e0bac69c0800000000000000050000000600000009000000400000000100008002000000ffff000008000000000069000200000000000000060000000200000000000000ff030000090000007c0300000200000007000000000000000600000007000000010000000900000005000000060000007a600000ff0300006b9e000076000000750000000300000001040000e500000006000000030000008000000002000000ff0100000400000000000000020000000800000003000000000001000200000001010000001000000900000001feffff0300000008000000050000000100000000040000030000002900000038000000c8ffffff0100000003000000efc80000050000000200000006000000ff0100000400000008000000ff01000001800000ff000000f9ffffffffffff7f0000000207000000040000000900000001800000681800003f0000000100000002000000510c0000df0000000600000000000018080000000800090000000000"], 0x1760}, 0x1, 0x0, 0x0, 0x8000}, 0x4001) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={&(0x7f00000000c0)="afe7f1ea213ef1f9c8093ef80605", &(0x7f0000000100)=""/77, &(0x7f0000000180)="c1c2211130164eb33ac4cb34d3444c759ce1bf8750f925889d125c55cd010cfd68a3acf6385808a944684f658809399cabcda39639eef7de067737833589d210565ac43fa8e35860b976356231e61416fd1a992b78b2e4c856afcc2bc96e75813556600e479796ece7d013b716b0097360ada52b7acd111f0c3e5e08f4320ed86e21eba0c8086f5d95bd7ef429679ef357b7df5f02d1860f305efe74a19b9bc82aa09694908b4b81ae6810", &(0x7f0000000240)="76ccc613801e7977e7d6822458ff0668d40bd91c7346c13de862beaf04b4e7fddcd62ae1f16c2e85a0bf461f00ee3863d3881467d2541e92e54a730a128ebd7e36947e22ca62e0b3a548b5219590ca284878bb02a700a404fd0aced5616da42583d9f767823876e068714e66369bdc903e1c520d2d4673555444af1e5b2680ee1e4ddf90ddc7a5a37df7b3d61e9e23201812fc821552eab28a4f72c1d70edc1097371ca5845c9b0b73cc5ba75f2c668941c15374aa51798f2088b0d244cc8797ac76c95dbe307a0a9cde1e5fb9cd6745c05dd25ee420a0287410bad701928eefe3a7bb55a3dcf286f662b848f682d913092b86b031", 0x8, r2, 0x4}, 0x38) unshare(0x10680) [ 888.836974][T26049] ? kasan_set_track+0x4c/0x80 [ 888.841733][T26049] ? kasan_set_free_info+0x23/0x40 [ 888.846834][T26049] ? ____kasan_slab_free+0x133/0x170 [ 888.852114][T26049] ? __kasan_slab_free+0x11/0x20 [ 888.857046][T26049] ? slab_free_freelist_hook+0xb2/0x180 [ 888.862584][T26049] ? kmem_cache_free+0xaa/0x1e0 [ 888.867433][T26049] ? __io_free_req+0x20e/0x380 [ 888.872190][T26049] ? io_req_complete+0xeb/0x610 [ 888.877038][T26049] ? __io_queue_sqe+0x1070/0x2fa0 [ 888.882666][T26049] ? io_queue_sqe+0x295/0x1180 03:41:21 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x0, 0x8300}, 0x0) [ 888.887427][T26049] ? io_submit_sqe+0x385/0xfd0 [ 888.892185][T26049] ? io_submit_sqes+0x1050/0x2da0 [ 888.897203][T26049] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 888.902911][T26049] ? __x64_sys_io_uring_enter+0xe5/0x100 [ 888.908538][T26049] ? do_syscall_64+0x31/0x70 [ 888.913124][T26049] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 888.919191][T26049] ? kmem_cache_free+0xaa/0x1e0 [ 888.924043][T26049] ? debug_smp_processor_id+0x1c/0x20 [ 888.929495][T26049] ? kmem_cache_free+0xaa/0x1e0 [ 888.934330][T26049] ? ____kasan_slab_free+0x13e/0x170 03:41:21 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x0, 0xa065}, 0x0) [ 888.939603][T26049] ? __kasan_slab_free+0x11/0x20 [ 888.944532][T26049] ? slab_free_freelist_hook+0xb2/0x180 [ 888.950076][T26049] ? __rcu_read_lock+0x50/0x50 [ 888.954840][T26049] ? io_req_prep+0x1906/0x51b0 [ 888.959593][T26049] ? io_queue_sqe+0x1180/0x1180 [ 888.964431][T26049] __io_queue_sqe+0x2cf/0x2fa0 [ 888.969195][T26049] io_queue_sqe+0x295/0x1180 [ 888.973780][T26049] io_submit_sqe+0x385/0xfd0 [ 888.978348][T26049] ? io_file_get+0x437/0x9c0 [ 888.982923][T26049] io_submit_sqes+0x1050/0x2da0 03:41:21 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x0, 0x38000}, 0x0) [ 888.987779][T26049] ? io_uring_add_task_file+0x290/0x290 [ 888.993315][T26049] ? security_file_permission+0xa8/0xc0 [ 888.998860][T26049] ? __kasan_check_write+0x14/0x20 [ 889.003958][T26049] ? mutex_lock+0xa6/0x110 [ 889.008356][T26049] ? io_uring_add_task_file+0x127/0x290 [ 889.013939][T26049] ? __fdget+0x1b5/0x240 [ 889.018175][T26049] __se_sys_io_uring_enter+0x322/0x12b0 [ 889.023712][T26049] ? __fget_files+0x26d/0x2c0 [ 889.028380][T26049] ? __kasan_check_write+0x14/0x20 [ 889.033490][T26049] ? fput_many+0x47/0x1a0 03:41:21 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x0, 0x8002a0}, 0x0) [ 889.037800][T26049] ? __x64_sys_io_uring_enter+0x100/0x100 [ 889.043509][T26049] ? __ia32_sys_read+0x90/0x90 [ 889.048277][T26049] ? debug_smp_processor_id+0x1c/0x20 [ 889.050674][T26296] netlink: 32720 bytes leftover after parsing attributes in process `syz-executor.3'. [ 889.053639][T26049] __x64_sys_io_uring_enter+0xe5/0x100 [ 889.053661][T26049] do_syscall_64+0x31/0x70 [ 889.073055][T26049] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 889.078936][T26049] RIP: 0033:0x7f5fb5d49a39 [ 889.083343][T26049] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 889.102949][T26049] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 889.111385][T26049] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 889.119347][T26049] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 [ 889.127301][T26049] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 03:41:21 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x0, 0x800300}, 0x0) 03:41:21 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000000c0)={[{@rlog_wakeup_cnt}]}) pipe(&(0x7f0000000200)={0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) splice(r0, 0x0, r1, 0x0, 0x4ffdc, 0x0) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) futimesat(r0, &(0x7f0000000080)='./file0\x00', &(0x7f00000001c0)={{r2, r3/1000+10000}, {0x77359400}}) 03:41:21 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x8002a0ffffffff) 03:41:21 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 73) 03:41:21 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x4000000000000000, 0x0, 0x0) [ 889.135265][T26049] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 889.143233][T26049] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:41:21 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x0, 0x1000000}, 0x0) 03:41:21 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)='./file0/file0\x00', &(0x7f0000000140), 0x800, &(0x7f00000000c0)={[{@rlog_wakeup_cnt}]}) [ 889.246327][T26410] FAULT_INJECTION: forcing a failure. [ 889.246327][T26410] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 889.280729][T26410] CPU: 0 PID: 26410 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 889.292374][T26410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 889.302428][T26410] Call Trace: [ 889.305724][T26410] dump_stack_lvl+0x1e2/0x24b [ 889.310400][T26410] ? show_regs_print_info+0x18/0x18 [ 889.315598][T26410] dump_stack+0x15/0x1d [ 889.319742][T26410] should_fail+0x3c0/0x510 [ 889.324133][T26410] should_fail_usercopy+0x1a/0x20 [ 889.329139][T26410] _copy_from_user+0x20/0xd0 [ 889.333726][T26410] iovec_from_user+0xc7/0x310 [ 889.338398][T26410] ? __ia32_sys_shutdown+0x70/0x70 [ 889.343508][T26410] __import_iovec+0x72/0x3b0 [ 889.348099][T26410] io_recvmsg_copy_hdr+0x396/0x7f0 [ 889.353208][T26410] ? io_poll_remove_one+0xf90/0xf90 [ 889.358396][T26410] ? arch_stack_walk+0xf8/0x140 [ 889.363223][T26410] io_issue_sqe+0x2ccf/0xfc10 [ 889.367880][T26410] ? __io_req_task_cancel+0x720/0x720 [ 889.373251][T26410] ? __rcu_read_lock+0x50/0x50 [ 889.378006][T26410] ? is_bpf_text_address+0x1a2/0x1c0 [ 889.383287][T26410] ? stack_trace_save+0x1e0/0x1e0 [ 889.388316][T26410] ? __kernel_text_address+0x9a/0x110 [ 889.393687][T26410] ? kmem_cache_free+0xaa/0x1e0 [ 889.398537][T26410] ? kmem_cache_free+0xaa/0x1e0 [ 889.403432][T26410] ? kasan_set_track+0x63/0x80 [ 889.408169][T26410] ? kasan_set_track+0x4c/0x80 [ 889.412912][T26410] ? kasan_set_free_info+0x23/0x40 [ 889.418005][T26410] ? ____kasan_slab_free+0x133/0x170 [ 889.423262][T26410] ? __kasan_slab_free+0x11/0x20 [ 889.428173][T26410] ? slab_free_freelist_hook+0xb2/0x180 [ 889.433688][T26410] ? kmem_cache_free+0xaa/0x1e0 [ 889.438511][T26410] ? __io_free_req+0x20e/0x380 [ 889.443245][T26410] ? io_req_complete+0xeb/0x610 [ 889.448066][T26410] ? __io_queue_sqe+0x1070/0x2fa0 [ 889.453061][T26410] ? io_queue_sqe+0x295/0x1180 [ 889.457801][T26410] ? io_submit_sqe+0x385/0xfd0 [ 889.462537][T26410] ? io_submit_sqes+0x1050/0x2da0 [ 889.467531][T26410] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 889.473219][T26410] ? __x64_sys_io_uring_enter+0xe5/0x100 [ 889.478823][T26410] ? do_syscall_64+0x31/0x70 [ 889.483439][T26410] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 889.489483][T26410] ? kmem_cache_free+0xaa/0x1e0 [ 889.494310][T26410] ? debug_smp_processor_id+0x1c/0x20 [ 889.499655][T26410] ? __set_page_owner+0x2e2/0x300 [ 889.504672][T26410] ? kmem_cache_free+0xaa/0x1e0 [ 889.509497][T26410] ? ____kasan_slab_free+0x13e/0x170 [ 889.514755][T26410] ? __kasan_slab_free+0x11/0x20 [ 889.519669][T26410] ? slab_free_freelist_hook+0xb2/0x180 [ 889.525186][T26410] ? __rcu_read_lock+0x50/0x50 [ 889.529921][T26410] ? io_req_prep+0x1906/0x51b0 [ 889.534664][T26410] ? io_queue_sqe+0x1180/0x1180 [ 889.539498][T26410] __io_queue_sqe+0x2cf/0x2fa0 [ 889.544233][T26410] io_queue_sqe+0x295/0x1180 [ 889.548803][T26410] io_submit_sqe+0x385/0xfd0 [ 889.553370][T26410] ? io_file_get+0x437/0x9c0 [ 889.557932][T26410] io_submit_sqes+0x1050/0x2da0 [ 889.562756][T26410] ? io_uring_add_task_file+0x290/0x290 [ 889.568272][T26410] ? security_file_permission+0xa8/0xc0 [ 889.573803][T26410] ? __kasan_check_write+0x14/0x20 [ 889.578905][T26410] ? mutex_lock+0xa6/0x110 [ 889.583299][T26410] ? io_uring_add_task_file+0x127/0x290 [ 889.588818][T26410] ? __fdget+0x1b5/0x240 [ 889.593034][T26410] __se_sys_io_uring_enter+0x322/0x12b0 [ 889.598551][T26410] ? __fget_files+0x26d/0x2c0 [ 889.603197][T26410] ? __kasan_check_write+0x14/0x20 [ 889.608279][T26410] ? fput_many+0x47/0x1a0 [ 889.612584][T26410] ? __x64_sys_io_uring_enter+0x100/0x100 [ 889.618304][T26410] ? __ia32_sys_read+0x90/0x90 [ 889.623052][T26410] ? debug_smp_processor_id+0x1c/0x20 [ 889.628401][T26410] __x64_sys_io_uring_enter+0xe5/0x100 [ 889.633834][T26410] do_syscall_64+0x31/0x70 [ 889.638227][T26410] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 889.644091][T26410] RIP: 0033:0x7f5fb5d49a39 [ 889.648478][T26410] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 889.668054][T26410] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 889.676444][T26410] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 889.684392][T26410] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 03:41:22 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x94357700000000) 03:41:22 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x0, 0x2000000}, 0x0) 03:41:22 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x4041000000000000, 0x0, 0x0) 03:41:22 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) lremovexattr(&(0x7f00000000c0)='./file0\x00', &(0x7f00000001c0)=@known='system.advise\x00') mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000180), 0xea33ac6fce57a632, &(0x7f0000000140)={[{@rlog_wakeup_cnt}]}) chdir(&(0x7f0000000080)='./file0\x00') 03:41:22 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 74) [ 889.692340][T26410] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 [ 889.700290][T26410] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 889.708352][T26410] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:41:22 executing program 3: pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000840)=ANY=[@ANYBLOB="15000000c2ffff"], 0x15) mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@msize={'msize', 0x3d, 0x49ff}}]}}) write$P9_RRENAMEAT(r1, &(0x7f00000003c0)={0x7, 0x4b, 0x2}, 0x7) unshare(0x40000400) unshare(0x4000400) r2 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x2, 0x4, 0x4, 0x1, 0x20}, 0x40) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r2}, 0x38) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x200000, 0x0) r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000000c0), 0x400, 0x0) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x9, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6cf, 0x0, 0x0, 0x0, 0xffffffa6}, [@jmp={0x5, 0x0, 0x0, 0x3, 0xf, 0x8, 0x1}, @ldst={0x0, 0x1, 0x3, 0x2, 0x5, 0x0, 0x4}, @map={0x18, 0x4, 0x1, 0x0, r4}, @map_val={0x18, 0x5, 0x2, 0x0, r3, 0x0, 0x0, 0x0, 0x9}]}, &(0x7f0000000180)='GPL\x00', 0x6, 0xf5, &(0x7f00000001c0)=""/245, 0x41100, 0x0, '\x00', 0x0, 0x0, r3, 0x8, &(0x7f00000002c0)={0x9, 0x2}, 0x8, 0x10, &(0x7f0000000300)={0x5, 0xd, 0x1, 0x1ff}, 0x10}, 0x78) bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x3, 0x1, 0x6, 0x3, 0x60, r2, 0x2, '\x00', 0x0, r3, 0x2, 0x5, 0x5}, 0x40) fcntl$getownex(r5, 0x10, &(0x7f0000000600)={0x0, 0x0}) getsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f0000000a40)={{{@in6=@remote, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{}, 0x0, @in6=@remote}}, &(0x7f0000000b40)=0xe8) r8 = gettid() rt_sigqueueinfo(r8, 0x3c, &(0x7f0000000040)) r9 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000008440), 0x0, 0x0) read$FUSE(r9, &(0x7f0000000040)={0x2020, 0x0, 0x0, 0x0}, 0x2020) setreuid(0xee00, r10) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000400)="19f148abcb14543d1388355c818bf74378348b1ce60ee00b103de31c2241d343dadd4a9eacb19d88829c443260a0593d389fdbba69c43e7c66edeb71090015a48c7c2ebf54d28df83a796a1ea6750011637dc9edecccc2848a682f5e677215f99e9c0cb2b3581cd4e694f2cf4ab5", 0x6e}], 0x1, &(0x7f0000000b80)=[@cred={{0x1c}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, r1, 0xffffffffffffffff, r5, 0xffffffffffffffff, 0xffffffffffffffff, r2, r0]}}, @cred={{0x1c, 0x1, 0x2, {r6, r7, 0xee01}}}, @rights={{0x18, 0x1, 0x1, [r2, r2]}}, @cred={{0x1c, 0x1, 0x2, {r8, r10}}}, @rights={{0x14, 0x1, 0x1, [r5]}}], 0xc0}, 0x20008010) 03:41:22 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x0, 0x3000000}, 0x0) 03:41:22 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000000c0)={[{@no_bf_readahead={'no_bf_readahead', 0x3d, 0x1}}]}) 03:41:22 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x8000000000000000, 0x0, 0x0) 03:41:22 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0xf0ff7f00000000) [ 889.802540][T26683] FAULT_INJECTION: forcing a failure. [ 889.802540][T26683] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 889.817212][T26683] CPU: 1 PID: 26683 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 889.828843][T26683] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 889.838899][T26683] Call Trace: [ 889.842205][T26683] dump_stack_lvl+0x1e2/0x24b [ 889.846946][T26683] ? show_regs_print_info+0x18/0x18 [ 889.852125][T26683] dump_stack+0x15/0x1d [ 889.856265][T26683] should_fail+0x3c0/0x510 [ 889.860672][T26683] should_fail_usercopy+0x1a/0x20 [ 889.865672][T26683] _copy_from_user+0x20/0xd0 [ 889.870242][T26683] iovec_from_user+0xc7/0x310 [ 889.874930][T26683] ? __ia32_sys_shutdown+0x70/0x70 [ 889.880016][T26683] __import_iovec+0x72/0x3b0 [ 889.884614][T26683] io_recvmsg_copy_hdr+0x396/0x7f0 [ 889.889699][T26683] ? io_poll_remove_one+0xf90/0xf90 [ 889.894877][T26683] ? arch_stack_walk+0xf8/0x140 [ 889.899860][T26683] io_issue_sqe+0x2ccf/0xfc10 [ 889.904631][T26683] ? __io_req_task_cancel+0x720/0x720 [ 889.909981][T26683] ? __rcu_read_lock+0x50/0x50 [ 889.914733][T26683] ? is_bpf_text_address+0x1a2/0x1c0 [ 889.920009][T26683] ? stack_trace_save+0x1e0/0x1e0 [ 889.925033][T26683] ? __kernel_text_address+0x9a/0x110 [ 889.930381][T26683] ? kmem_cache_free+0xaa/0x1e0 [ 889.935205][T26683] ? kmem_cache_free+0xaa/0x1e0 [ 889.940035][T26683] ? kasan_set_track+0x63/0x80 [ 889.944781][T26683] ? kasan_set_track+0x4c/0x80 [ 889.949516][T26683] ? kasan_set_free_info+0x23/0x40 [ 889.954602][T26683] ? ____kasan_slab_free+0x133/0x170 [ 889.959861][T26683] ? __kasan_slab_free+0x11/0x20 [ 889.964771][T26683] ? slab_free_freelist_hook+0xb2/0x180 [ 889.970287][T26683] ? kmem_cache_free+0xaa/0x1e0 [ 889.975111][T26683] ? __io_free_req+0x20e/0x380 [ 889.979851][T26683] ? io_req_complete+0xeb/0x610 [ 889.984684][T26683] ? __io_queue_sqe+0x1070/0x2fa0 [ 889.989681][T26683] ? io_queue_sqe+0x295/0x1180 [ 889.994427][T26683] ? io_submit_sqe+0x385/0xfd0 [ 889.999178][T26683] ? io_submit_sqes+0x1050/0x2da0 [ 890.004175][T26683] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 890.009956][T26683] ? __x64_sys_io_uring_enter+0xe5/0x100 [ 890.015563][T26683] ? do_syscall_64+0x31/0x70 [ 890.020124][T26683] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 890.026167][T26683] ? kmem_cache_free+0xaa/0x1e0 [ 890.030992][T26683] ? debug_smp_processor_id+0x1c/0x20 [ 890.036335][T26683] ? __set_page_owner+0x2e2/0x300 [ 890.041330][T26683] ? kmem_cache_free+0xaa/0x1e0 [ 890.046241][T26683] ? ____kasan_slab_free+0x13e/0x170 [ 890.051500][T26683] ? __kasan_slab_free+0x11/0x20 [ 890.056407][T26683] ? slab_free_freelist_hook+0xb2/0x180 [ 890.061924][T26683] ? __rcu_read_lock+0x50/0x50 [ 890.066661][T26683] ? io_req_prep+0x1906/0x51b0 [ 890.071396][T26683] ? io_queue_sqe+0x1180/0x1180 [ 890.076217][T26683] __io_queue_sqe+0x2cf/0x2fa0 [ 890.080952][T26683] io_queue_sqe+0x295/0x1180 [ 890.085516][T26683] io_submit_sqe+0x385/0xfd0 [ 890.090078][T26683] ? io_file_get+0x437/0x9c0 [ 890.094641][T26683] io_submit_sqes+0x1050/0x2da0 [ 890.099480][T26683] ? io_uring_add_task_file+0x290/0x290 [ 890.105002][T26683] ? security_file_permission+0xa8/0xc0 [ 890.110517][T26683] ? __kasan_check_write+0x14/0x20 [ 890.115597][T26683] ? mutex_lock+0xa6/0x110 [ 890.119989][T26683] ? io_uring_add_task_file+0x127/0x290 [ 890.125509][T26683] ? __fdget+0x1b5/0x240 [ 890.129724][T26683] __se_sys_io_uring_enter+0x322/0x12b0 [ 890.135244][T26683] ? __fget_files+0x26d/0x2c0 [ 890.139894][T26683] ? __kasan_check_write+0x14/0x20 [ 890.144982][T26683] ? fput_many+0x47/0x1a0 [ 890.149319][T26683] ? __x64_sys_io_uring_enter+0x100/0x100 [ 890.155021][T26683] ? __ia32_sys_read+0x90/0x90 [ 890.159761][T26683] ? debug_smp_processor_id+0x1c/0x20 [ 890.165116][T26683] __x64_sys_io_uring_enter+0xe5/0x100 [ 890.170563][T26683] do_syscall_64+0x31/0x70 [ 890.174951][T26683] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 890.180815][T26683] RIP: 0033:0x7f5fb5d49a39 [ 890.185207][T26683] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 890.204784][T26683] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 890.213170][T26683] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 890.221130][T26683] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 [ 890.229075][T26683] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 [ 890.237018][T26683] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 890.244962][T26683] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:41:22 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 75) 03:41:23 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) 03:41:23 executing program 3: unshare(0x40000400) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x2, 0x4, 0x4, 0x1}, 0x40) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000140)={{{@in6=@remote, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@private0}, 0x0, @in=@multicast1}}, &(0x7f0000000240)=0xe8) r2 = open(&(0x7f0000000280)='./file0\x00', 0x400001, 0xb0) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xd, 0x5, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0xffffffff}, [@map={0x18, 0x0, 0x1, 0x0, r0}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x61, &(0x7f00000000c0)=""/97, 0x40f00, 0x4, '\x00', r1, 0x5, r2, 0x8, &(0x7f00000002c0)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000300)={0x0, 0x10, 0x4, 0x5}, 0x10}, 0x78) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0}, 0x38) 03:41:23 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x807e000000000000, 0x0, 0x0) 03:41:23 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x0, 0x5000000}, 0x0) 03:41:23 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) pivot_root(&(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000180)='./file0\x00') mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000000c0)={[{@no_bf_cache={'no_bf_cache', 0x3d, 0x1}}]}) 03:41:23 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0xf0ffffff7f0000) [ 890.331331][T26891] incfs: Options parsing error. -22 [ 890.339261][T26891] incfs: Options parsing error. -22 [ 890.390443][T26993] FAULT_INJECTION: forcing a failure. [ 890.390443][T26993] name failslab, interval 1, probability 0, space 0, times 0 [ 890.403291][T26993] CPU: 1 PID: 26993 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 890.414908][T26993] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 890.425014][T26993] Call Trace: [ 890.428283][T26993] dump_stack_lvl+0x1e2/0x24b [ 890.432937][T26993] ? devkmsg_release+0x127/0x127 [ 890.437847][T26993] ? show_regs_print_info+0x18/0x18 [ 890.443018][T26993] ? __io_queue_sqe+0x1561/0x2fa0 [ 890.448043][T26993] dump_stack+0x15/0x1d [ 890.452171][T26993] should_fail+0x3c0/0x510 [ 890.456557][T26993] __should_failslab+0x9f/0xe0 [ 890.461292][T26993] should_failslab+0x9/0x20 [ 890.465766][T26993] kmem_cache_alloc_bulk+0x30/0x3f0 [ 890.470937][T26993] io_submit_sqes+0x6bf/0x2da0 [ 890.475676][T26993] ? io_uring_add_task_file+0x290/0x290 [ 890.481193][T26993] ? security_file_permission+0xa8/0xc0 [ 890.486710][T26993] ? __kasan_check_write+0x14/0x20 [ 890.491792][T26993] ? mutex_lock+0xa6/0x110 [ 890.496177][T26993] ? io_uring_add_task_file+0x127/0x290 [ 890.501695][T26993] ? __fdget+0x1b5/0x240 [ 890.505908][T26993] __se_sys_io_uring_enter+0x322/0x12b0 [ 890.511421][T26993] ? __fget_files+0x26d/0x2c0 [ 890.516071][T26993] ? __kasan_check_write+0x14/0x20 [ 890.521150][T26993] ? fput_many+0x47/0x1a0 [ 890.525452][T26993] ? __x64_sys_io_uring_enter+0x100/0x100 [ 890.531141][T26993] ? __ia32_sys_read+0x90/0x90 [ 890.535878][T26993] ? debug_smp_processor_id+0x1c/0x20 [ 890.541217][T26993] __x64_sys_io_uring_enter+0xe5/0x100 [ 890.546644][T26993] do_syscall_64+0x31/0x70 [ 890.551033][T26993] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 890.557152][T26993] RIP: 0033:0x7f5fb5d49a39 [ 890.561545][T26993] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 890.581120][T26993] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa 03:41:23 executing program 3: unshare(0x40000400) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x13, 0x3, 0x6, 0x1, 0x0, 0xffffffffffffffff, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x2}, 0x40) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0}, 0x38) 03:41:23 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 76) [ 890.589501][T26993] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 890.597459][T26993] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 [ 890.605401][T26993] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 [ 890.613345][T26993] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 890.621288][T26993] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:41:23 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x0, 0x6000000}, 0x0) [ 890.680651][T27013] incfs: Options parsing error. -22 03:41:23 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0xe0efff7f00000000, 0x0, 0x0) 03:41:23 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0xfeffff00000000) 03:41:23 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x0, 0x7000000}, 0x0) 03:41:23 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="026c6f67344d248a64d98b4e33a2740800000000000000103030303030030d0000000000000085ee44d4df3edc4213d78517358b895237db2805a48b8942431791d81fc78969f3be382f46e87350fb1844573b23a2b89f8faca29a03c2"]) [ 890.748731][T27094] FAULT_INJECTION: forcing a failure. [ 890.748731][T27094] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 890.762413][T27094] CPU: 0 PID: 27094 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 890.774057][T27094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 890.784090][T27094] Call Trace: [ 890.787366][T27094] dump_stack_lvl+0x1e2/0x24b [ 890.792021][T27094] ? show_regs_print_info+0x18/0x18 [ 890.797197][T27094] dump_stack+0x15/0x1d [ 890.801334][T27094] should_fail+0x3c0/0x510 [ 890.805726][T27094] should_fail_usercopy+0x1a/0x20 [ 890.810728][T27094] _copy_from_user+0x20/0xd0 [ 890.815311][T27094] iovec_from_user+0xc7/0x310 [ 890.819968][T27094] ? __ia32_sys_shutdown+0x70/0x70 [ 890.825057][T27094] __import_iovec+0x72/0x3b0 [ 890.829624][T27094] io_recvmsg_copy_hdr+0x396/0x7f0 [ 890.834711][T27094] ? io_poll_remove_one+0xf90/0xf90 [ 890.839882][T27094] ? arch_stack_walk+0xf8/0x140 [ 890.844714][T27094] io_issue_sqe+0x2ccf/0xfc10 [ 890.849368][T27094] ? __io_req_task_cancel+0x720/0x720 [ 890.854718][T27094] ? __rcu_read_lock+0x50/0x50 [ 890.859466][T27094] ? is_bpf_text_address+0x1a2/0x1c0 [ 890.864737][T27094] ? stack_trace_save+0x1e0/0x1e0 [ 890.869738][T27094] ? __kernel_text_address+0x9a/0x110 [ 890.875101][T27094] ? kmem_cache_free+0xaa/0x1e0 [ 890.879940][T27094] ? kmem_cache_free+0xaa/0x1e0 [ 890.884765][T27094] ? kasan_set_track+0x63/0x80 [ 890.889501][T27094] ? kasan_set_track+0x4c/0x80 [ 890.894241][T27094] ? kasan_set_free_info+0x23/0x40 [ 890.899331][T27094] ? ____kasan_slab_free+0x133/0x170 [ 890.904588][T27094] ? __kasan_slab_free+0x11/0x20 [ 890.909499][T27094] ? slab_free_freelist_hook+0xb2/0x180 [ 890.915018][T27094] ? kmem_cache_free+0xaa/0x1e0 [ 890.919846][T27094] ? __io_free_req+0x20e/0x380 [ 890.924582][T27094] ? io_req_complete+0xeb/0x610 [ 890.929406][T27094] ? __io_queue_sqe+0x1070/0x2fa0 [ 890.934416][T27094] ? io_queue_sqe+0x295/0x1180 [ 890.939155][T27094] ? io_submit_sqe+0x385/0xfd0 [ 890.943893][T27094] ? io_submit_sqes+0x1050/0x2da0 [ 890.948893][T27094] ? __se_sys_io_uring_enter+0x322/0x12b0 [ 890.954586][T27094] ? __x64_sys_io_uring_enter+0xe5/0x100 [ 890.960204][T27094] ? do_syscall_64+0x31/0x70 [ 890.964779][T27094] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 890.970824][T27094] ? kmem_cache_free+0xaa/0x1e0 [ 890.975653][T27094] ? debug_smp_processor_id+0x1c/0x20 [ 890.980996][T27094] ? kmem_cache_free+0xaa/0x1e0 [ 890.985832][T27094] ? ____kasan_slab_free+0x13e/0x170 [ 890.991089][T27094] ? __kasan_slab_free+0x11/0x20 [ 890.996000][T27094] ? slab_free_freelist_hook+0xb2/0x180 [ 891.001522][T27094] ? __rcu_read_lock+0x50/0x50 [ 891.006263][T27094] ? io_req_prep+0x1906/0x51b0 [ 891.011004][T27094] ? io_queue_sqe+0x1180/0x1180 [ 891.015830][T27094] __io_queue_sqe+0x2cf/0x2fa0 [ 891.020572][T27094] io_queue_sqe+0x295/0x1180 [ 891.025137][T27094] io_submit_sqe+0x385/0xfd0 [ 891.029700][T27094] ? io_file_get+0x437/0x9c0 [ 891.034267][T27094] io_submit_sqes+0x1050/0x2da0 [ 891.039102][T27094] ? io_uring_add_task_file+0x290/0x290 [ 891.044627][T27094] ? __kasan_check_write+0x14/0x20 [ 891.049713][T27094] ? mutex_lock+0xa6/0x110 [ 891.054120][T27094] ? io_uring_add_task_file+0x127/0x290 [ 891.059652][T27094] ? __fdget+0x1b5/0x240 [ 891.063871][T27094] __se_sys_io_uring_enter+0x322/0x12b0 [ 891.069394][T27094] ? __x64_sys_io_uring_enter+0x100/0x100 [ 891.075090][T27094] ? debug_smp_processor_id+0x1c/0x20 [ 891.080434][T27094] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 891.086474][T27094] __x64_sys_io_uring_enter+0xe5/0x100 [ 891.091907][T27094] do_syscall_64+0x31/0x70 [ 891.096298][T27094] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 891.102182][T27094] RIP: 0033:0x7f5fb5d49a39 [ 891.106572][T27094] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 891.126163][T27094] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 891.134553][T27094] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 891.142500][T27094] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 03:41:23 executing program 3: unshare(0x40000400) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x2, 0xd0, 0xab, 0x1, 0x84, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0xfffffffc, 0x5}, 0x40) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0}, 0x38) 03:41:23 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 77) [ 891.150457][T27094] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 [ 891.158405][T27094] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 891.166353][T27094] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:41:23 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x0, 0x9000000}, 0x0) 03:41:23 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="726c6f675f77616b6575705f636e743d3030303030303030301e303030303030303030302c00"]) 03:41:23 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0xeffdffff00000000, 0x0, 0x0) [ 891.247464][T27308] incfs: Options parsing error. -22 03:41:24 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x100000000000000) [ 891.294147][T27361] FAULT_INJECTION: forcing a failure. [ 891.294147][T27361] name failslab, interval 1, probability 0, space 0, times 0 [ 891.308686][T27361] CPU: 0 PID: 27361 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 891.320316][T27361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 891.330363][T27361] Call Trace: [ 891.333651][T27361] dump_stack_lvl+0x1e2/0x24b [ 891.338328][T27361] ? devkmsg_release+0x127/0x127 03:41:24 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x0, 0x81000000}, 0x0) 03:41:24 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) setxattr$incfs_metadata(&(0x7f0000000080)='./file0\x00', &(0x7f0000000180), &(0x7f00000001c0)="afd51c15b026d8baba3659c62c7cee4650bbd253e076791eb5ddaf5ef8c3849b1d353ea8c73fd6141db2b0837282324b9d2cf5635a889b3a8b83b85cc62576de89771676cf60fcb040b534d6a4eae414be88edb83b21addf64398373464965e9a3330c81cc3d132652a4c2591db403d189f3397af4b484f62048f0cdab132a925bf9ab8df9cbaa6a0dc38874f8b53bbfb676581610fcd71553e47015", 0x9c, 0x1) creat(&(0x7f0000000100)='./file0\x00', 0x40) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140), 0x2000001, &(0x7f0000000380)={[{@rlog_wakeup_cnt}, {@rlog_pages={'rlog_pages', 0x3d, 0x3}}]}) mount(&(0x7f0000000280)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00'], &(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)='omfs\x00', 0x40022, &(0x7f0000000340)='incremental-fs\x00') [ 891.343263][T27361] ? show_regs_print_info+0x18/0x18 [ 891.348457][T27361] dump_stack+0x15/0x1d [ 891.352607][T27361] should_fail+0x3c0/0x510 [ 891.356659][T27371] incfs: Options parsing error. -22 [ 891.357013][T27361] ? iovec_from_user+0x8a/0x310 [ 891.357026][T27361] __should_failslab+0x9f/0xe0 [ 891.357039][T27361] should_failslab+0x9/0x20 [ 891.357049][T27361] __kmalloc+0x68/0x3d0 [ 891.357060][T27361] ? _copy_from_user+0x93/0xd0 [ 891.357070][T27361] iovec_from_user+0x8a/0x310 03:41:24 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x0, 0x81ffffff}, 0x0) [ 891.357088][T27361] ? __ia32_sys_shutdown+0x70/0x70 [ 891.394942][T27361] __import_iovec+0x72/0x3b0 [ 891.399538][T27361] io_recvmsg_copy_hdr+0x396/0x7f0 [ 891.404649][T27361] ? io_poll_remove_one+0xf90/0xf90 [ 891.409847][T27361] ? arch_stack_walk+0xf8/0x140 [ 891.414702][T27361] io_issue_sqe+0x2ccf/0xfc10 [ 891.419382][T27361] ? __io_req_task_cancel+0x720/0x720 [ 891.424753][T27361] ? __rcu_read_lock+0x50/0x50 [ 891.429514][T27361] ? is_bpf_text_address+0x1a2/0x1c0 [ 891.434803][T27361] ? stack_trace_save+0x1e0/0x1e0 03:41:24 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0xf5ffffff00000000, 0x0, 0x0) 03:41:24 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x200000000000000) [ 891.439911][T27361] ? __kernel_text_address+0x9a/0x110 [ 891.445284][T27361] ? __rcu_read_lock+0x50/0x50 [ 891.450054][T27361] ? is_bpf_text_address+0x1a2/0x1c0 [ 891.455334][T27361] ? stack_trace_save+0x1e0/0x1e0 [ 891.460355][T27361] ? __kernel_text_address+0x9a/0x110 [ 891.465722][T27361] ? unwind_get_return_address+0x4c/0x90 [ 891.471350][T27361] ? arch_stack_walk+0xf8/0x140 [ 891.476197][T27361] ? stack_trace_save+0x11b/0x1e0 [ 891.481215][T27361] ? kmem_cache_free+0xaa/0x1e0 [ 891.486056][T27361] ? stack_trace_snprint+0xe0/0xe0 [ 891.491160][T27361] ? kmem_cache_free+0xaa/0x1e0 [ 891.496006][T27361] ? __kasan_slab_alloc+0xc9/0xe0 [ 891.500382][ T23] audit: type=1400 audit(2000000484.199:612): avc: denied { remount } for pid=27387 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 891.501019][T27361] ? __kasan_slab_alloc+0xb2/0xe0 [ 891.501028][T27361] ? kmem_cache_alloc_bulk+0x2d5/0x3f0 [ 891.501047][T27361] ? io_submit_sqes+0x6bf/0x2da0 [ 891.536759][T27361] ? __se_sys_io_uring_enter+0x322/0x12b0 03:41:24 executing program 1: mkdir(&(0x7f0000000040)='./file0/file0\x00', 0x0) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000000c0)={[{@rlog_wakeup_cnt}]}) mount(&(0x7f0000000080)=@sg0, &(0x7f0000000180)='./file1\x00', &(0x7f00000001c0)='zonefs\x00', 0x108000, &(0x7f0000000200)='{%\xe3}\x00') [ 891.542477][T27361] ? io_req_prep+0x1906/0x51b0 [ 891.547405][T27361] ? io_queue_sqe+0x1180/0x1180 [ 891.552258][T27361] __io_queue_sqe+0x2cf/0x2fa0 [ 891.557012][T27361] io_queue_sqe+0x295/0x1180 [ 891.561595][T27361] io_submit_sqe+0x385/0xfd0 [ 891.566177][T27361] ? io_file_get+0x437/0x9c0 [ 891.570753][T27361] io_submit_sqes+0x1050/0x2da0 [ 891.575600][T27361] ? io_uring_add_task_file+0x290/0x290 [ 891.581136][T27361] ? security_file_permission+0xa8/0xc0 [ 891.586672][T27361] ? __kasan_check_write+0x14/0x20 [ 891.591768][T27361] ? mutex_lock+0xa6/0x110 [ 891.596177][T27361] ? io_uring_add_task_file+0x127/0x290 [ 891.601701][T27361] ? __fdget+0x1b5/0x240 [ 891.606012][T27361] __se_sys_io_uring_enter+0x322/0x12b0 [ 891.611547][T27361] ? __fget_files+0x26d/0x2c0 [ 891.616227][T27361] ? __kasan_check_write+0x14/0x20 [ 891.621328][T27361] ? fput_many+0x47/0x1a0 [ 891.625654][T27361] ? __x64_sys_io_uring_enter+0x100/0x100 [ 891.631366][T27361] ? __ia32_sys_read+0x90/0x90 [ 891.636128][T27361] ? debug_smp_processor_id+0x1c/0x20 [ 891.641504][T27361] __x64_sys_io_uring_enter+0xe5/0x100 [ 891.646959][T27361] do_syscall_64+0x31/0x70 [ 891.651366][T27361] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 891.657247][T27361] RIP: 0033:0x7f5fb5d49a39 [ 891.661755][T27361] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 891.681356][T27361] RSP: 002b:00007f5fb3ac0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa 03:41:24 executing program 3: unshare(0x40000400) unshare(0x10100) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x2, 0x4, 0x4, 0x1}, 0x40) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0}, 0x38) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000000)="fc254ec100070007ab08001b000000f0ffff002100057e0000000000003000003900b94b09000000000a00020025", 0x2e) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000010d00)=ANY=[@ANYBLOB="900601002d000105", @ANYBLOB], 0x10690}}, 0x0) splice(r2, 0x0, r1, 0x0, 0x1, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'batadv0\x00', 0x0}) setsockopt$packet_add_memb(r1, 0x107, 0x1, &(0x7f0000000040)={r3, 0x1, 0x6, @broadcast}, 0x10) 03:41:24 executing program 2: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x0) (fail_nth: 78) 03:41:24 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x0, 0x83000000}, 0x0) 03:41:24 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0xffffff7f00000000, 0x0, 0x0) 03:41:24 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x400000000000000) [ 891.689785][T27361] RAX: ffffffffffffffda RBX: 00007f5fb5e4cf60 RCX: 00007f5fb5d49a39 [ 891.697752][T27361] RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 [ 891.705704][T27361] RBP: 00007f5fb3ac01d0 R08: 0000000000000000 R09: 0000000000000000 [ 891.713655][T27361] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 891.721605][T27361] R13: 00007ffe58f87f2f R14: 00007f5fb3ac0300 R15: 0000000000022000 03:41:24 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x0, 0x9effffff}, 0x0) 03:41:24 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x0, 0xa0028000}, 0x0) [ 891.820715][T27833] netlink: 67180 bytes leftover after parsing attributes in process `syz-executor.3'. 03:41:24 executing program 4: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0xffffffffa0028000, 0x0, 0x0) 03:41:24 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="726c6f5e5f77616b6575705f636e743d30303030303030303030303030303030303030302c004c883af1bb00ac3621511a242fb1ae93aba93e634421f4a6cd19ea89eefa8eb6aa902ca9ca3792ed6407af0b8ff7c498a15df48a7afda42e26eb"]) [ 891.865926][T27978] FAULT_INJECTION: forcing a failure. [ 891.865926][T27978] name failslab, interval 1, probability 0, space 0, times 0 [ 891.879973][T27833] netlink: 67180 bytes leftover after parsing attributes in process `syz-executor.3'. [ 891.891193][T27978] CPU: 0 PID: 27978 Comm: syz-executor.2 Tainted: G W 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 891.902821][T27978] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 891.912876][T27978] Call Trace: 03:41:24 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000006c00050700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006c6f00000000000000000000000000002c003480"], 0x60}, 0x1, 0x0, 0x0, 0xa0650000}, 0x0) 03:41:24 executing program 5: r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0xc587}) syz_io_uring_setup(0x5e58, &(0x7f0000000080), &(0x7f000060c000/0x1000)=nil, &(0x7f0000146000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000003c0)) r4 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000214010a1f0200050c1008000800014004000000", 0x24}], 0x1}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0, 0x80000042}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x77359400}}, 0x0) io_uring_enter(r0, 0x45f5, 0x0, 0x0, 0x0, 0x40100000c010000) [ 891.916166][T27978] dump_stack_lvl+0x1e2/0x24b [ 891.920878][T27978] ? devkmsg_release+0x127/0x127 [ 891.925818][T27978] ? show_regs_print_info+0x18/0x18 [ 891.931019][T27978] dump_stack+0x15/0x1d [ 891.935176][T27978] should_fail+0x3c0/0x510 [ 891.939580][T27978] ? iovec_from_user+0x8a/0x310 [ 891.944425][T27978] __should_failslab+0x9f/0xe0 [ 891.946192][T28061] incfs: Options parsing error. -22 [ 891.949208][T27978] should_failslab+0x9/0x20 [ 891.949221][T27978] __kmalloc+0x68/0x3d0 03:41:24 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file1\x00', &(0x7f0000000140), 0x481, &(0x7f0000000080)=ANY=[@ANYBLOB="02bffc7b31ef9bef40f45fac0123ef57354bd5c311dc58de3aa544a55ef6a97a46715a9858417855082c57b1e7915267962a2f44bdcaff33fa4f0d6b2497e1d5f6222d24d6cfbf3424d98c3bd2", @ANYRES64, @ANYRES16, @ANYRES64=0x0, @ANYRES64]) creat(&(0x7f00000019c0)='./file1\x00', 0x1) syz_mount_image$msdos(&(0x7f0000000180), &(0x7f00000001c0)='\x00', 0x8, 0x9, &(0x7f0000001800)=[{&(0x7f0000000200)="eb75169794c62b6e8cb0f01afffb1a1a0641bd399729bbcd54eaf011c8fa482af480defb5808eb479b23017cdb841057d5b2ceb340e89eb68e6c8e553c1101cbdcf706a53df9210d36e16eac1cf13932d042b920405695c76e6886b41a3ee57ad3e1e62d9d431fb720825b5f41575b1585b95d0b77da842cfbc0d87948d151147d758bda42cc73c29198fb06594bf5f2e98d6cbc3751e919d7ef7f97aee731199447b80dbe147cd789fa9de3fe30136bf336c06d4970fcbe2645eb16b4b5effaa91c5b927d380fa73ae5300d7bae3d9de18e3b40daa5f566d66f0a3d60b35a6191744c96", 0xe4, 0x3}, {&(0x7f0000000300)="29c2a419d7c8b464ab3b1b8f29a4bcd7af8982502b522b7364e675a7b4f57e72f132dce5ddcb8c95d8e31d011d298d5c273c51153f49b8f051e440671e1275df96dfe1e4d119ee0f95a6e9359511d2b5efe0e3331be7cc7766549edc28318c10bc7c2732cb7766c7435bb2d0973e9a6b11b026fba4d9b6f472c50ed595c0f9214f1ecded24a55b6299e548d611b88bb18d4cb29318d325d4a0720399391d618d01eac2d5314b74a39246ee6a1d1a5cb03e08edd8cd96be438b0a58df3966709afd85aa52723ae226c732b1747c03ccdccc84a6457ab600eab4800af334420d5295cba514bd954d3f13ae1fdbb865e336796c0ddaa7c36f6d884399a17097c60afa7d54130762b463a4cb4e9adabd0c1a4f6367e9be35bf5ddef2ad752882e6352db8b5da0212e47ddafa10a4ec71c07ea5ec82ea5002626e6bce064a25f4f94c914b15dd501259ced868032fefe74039084a2ec70c6d2e3b420eaa971642ae933c16bfde98ab6de584eec2a7e4de3ee5ad97310b1d408efe5b0a87205c472fb56b0cca4001e697f08b9b80dc2980b00be94966f7e1a5